Risk Assessment and Mitigation
ZRA has 25 years of experience in assisting the federal government and critical infrastructure stakeholders in assessing and managing security risks. Since the 9/11 attacks, methodologies have been developed to categorize, quantify, and facilitate informed decisions throughout the systems engineering life cycle. Our approach relies on government and industry best practices, data collection, scenario design, and functional methodologies. We produce Risk Blueprints®, which reflect capital assets, high-value functions, and essential services, providing a long-term foundation for risk assessment and continuous refinement.
Threat & TTP Assessments
ZRA offers a structured methodology for evaluating risks by considering attacker tactics, techniques, and procedures (TTPs) within the FCEB IT and stakeholder communities. The analysis considers the origin of threat actors and focuses on “threat surfaces,” such as attacks across the ATT&CK map and clients’ IT processes. This approach aims to pinpoint where, how, and why threats matter to organizations.
Vulnerability Frameworks & Mapping
ZRA has been conducting vulnerability assessments for over 25 years, utilizing best practices and risk management tools. We perform endpoint detection & response and vulnerability mapping against high-value assets and national critical functions. ZRA has a history of supporting compliance with Office of Management & Budget Memorandum 21–31, aiming to enhance the Federal Government’s investigative and remediation capabilities. We focus on event log management, aligning with the Continuous Diagnostics and Mitigation Program, and delivering security data as part of the National Cyberspace Protection System.
HVA Blueprints®
ZRA provides functional blueprints for clients’ risk assessments, offering essential cybersecurity information such as data storage, IT infrastructure, and internal business interactions. These blueprints are customized for high-value assets, essential customer services, and critical infrastructure assurance, enabling senior leaders, managers, and decision-makers to make well-informed risk decisions.
Baseline Security Metrics
ZRA has a history of assisting clients in designing and implementing Baseline Security Metrics, derived from new risk assessments or leadership requirements. Program managers can incorporate these metrics into Zero Trust Maturity Models and adhere to OMB and CISA directives, such as Binding Operational Directives, security log reporting, and portfolio risk calculations.
Customized Scenario Library
ZRA is a prominent provider of scenario libraries for the Federal Civilian Executive Branch (FCEB) entities, specializing in national security, critical infrastructure, and cybersecurity scenarios. With over 25 years of experience, they have developed a comprehensive set of assumptions and risk data, enabling FCEB clients to conduct thorough portfolio risk analysis and generate valuable data. Our methodology is based on best practices from the federal government, industry, and professional associations, aiming to address FCEB risk-related needs.
Leadership Decision Briefs & Memorandum
ZRA assists managers in preparing decision briefs and memoranda, helping government leaders understand the implications of significant decisions. Our teams understand the multifaceted nature of these decisions, including financial, operational, managerial, and compliance considerations. We employ a diverse team to effectively communicate complex variables to CISA and DHS leadership. Our offer and value proposition emphasize clearly articulating these factors, relying on a deep understanding of past programs, areas for improvement, and leadership needs.
