KRM developed the ENTISAS™ program successfully for the DOD (Department of Defense)TMA (TriCare Management Activity).  This program was delivered 5/31/2007.

ENTISAS (Enterprise Information Security Assessment System) is an Enterprise-wide Information Security repository useful for analyzing security risks, threats and vulnerabilities as well as mitigation plans and protections profiles and other information security elements across multiple organizations and organizational elements.

KRM modified the Enterprise Information Security Analysis System (ENTISAS™) system, based on the Risk Database system originally developed for OCTAVE. KRM has also developed a web-enabled front-end and enhanced security for the ENTISAS™ repository. Additionally, KRM has modified the product to accept data feeds from various vulnerability scanning systems.

Click Here to learn more about ENTISAS™.

This product has been DITSCAP certified.

KRM provided 24/7 support for the Security Operations Center for VA.  KRM provided support to monitor computer and network traffic, and analyzed network traffic activity and systems logs to determine causes of problems and security breaches.   Additionally, KRM personnel reported and tracked network and system problems, resolved simple computer and hardware problems independently, and coordinated with other IT groups to resolve complex problems and issues.

KRM provided support for the Veteran's Administration Health Information Security Division in Martinsburg, West Virginia.  The scope of this project included:

An overall goal to establish and operate a world-class HISD that would develop, implement, and evaluate security solutions addressing health data and health information systems, including security standards, access control, and access to health data by external groups.

The VA and other CHIS user organizations established a documented, repeatable, on-going process to measurably improve the security of their sensitive data, and demonstrated its value to its user community by:

• Raising awareness of healthcare specific information systems, to include risks, vulnerabilities, and protection requirements for new and emerging technologies.
• Examining and analyzing vulnerabilities and devising techniques for the cost-effective security and protection of private health information maintained on VHA sensitive system.
• Developing standards, metrics, tests, and validation programs to:
  • Promote, measure, and validate security in systems and services.
  • Provide system-specific role-based access to staff members.
  • Establish minimum security requirements for healthcare systems.
• Developing guidance to ensure security is included in the system planning, implementation, management, and operational phases of the system life cycle.
• Assisting VHA in planning and implementing best security practices.

KRM utilized extensive experience in healthcare information technology, information security and web development to design and support the implementation of a web-portal for information sharing. The goal of the HIISAAC was to provide the V.A. a medium for enterprise wide sharing of analysis and assessment results to improve decision-making regarding the security risks of medical information systems.

KRM provided subcontract support to the Advanced Technology Institute (ATI) in the execution of the Defense Healthcare Information Assurance Program (DHIAP), sponsored by the Telemedicine and advanced Technology Research Center (TATRC) for the U.S. Army Medical Research and Material Command at Ft. Detrick, MD. This program consisted of identifying potential risks and vulnerabilities in the protection of military medical healthcare information, providing recommendations for operational improvements and designing and delivering practical solutions. KRM focused on the development of methodology and metrics for performing technical business case analysis for information assurance technologies and solutions relating both tangible and intangible costs and benefits. KRM efforts involved technologies related to identification, authentication, encryption, auditability and related information security approaches. KRM designed and developed the original data analysis system for Risk Analysis utilizing web-based technology and a Coldfusion front end to an Oracle Database.

KRM performed an analysis of the application of the U.S. Army Medical Research and Material Command (USAMRMC), Telemedicine and Advanced Technology Research Center (TATRC) developed Organizationally Critical Threat and Vulnerability Evaluation (OCTAVE) process for application to the VA healthcare system. The analysis included a review of lessons learned within DOD healthcare and comparison of the environment and challenges within DOD to those applicable to the VA environment. Also included analysis of the Risk Information Management Resources (RIMR) and the Risk Database (RDB) system that stores information on multiple OCTAVES. This technology is based on an Oracle database and supports analysis of multiple solutions designed for data gathering.

KRM was contracted by the WV Healthcare Authority to develop healthcare information sharing policies, procedures, and systems for HCA's data sharing efforts pertaining to the private sector. This effort compliments the current public sector healthcare information that HCA has compiled and will provide more comprehensive information. This effort is intended to result in the establishment of a pilot project with the participants being the organizations sharing the data.