TWM Associates, Inc. (TWM) is a Cybersecurity, IT Audit, and Information Assurance (IA) consulting and engineering firm that has been serving our customers for over 30 years.
In that time, TWM has performed hundreds of application reviews and assessments for a variety of federal and private sector clients. These reviews have been based on the yellow book, silver book, Federal Information System Controls Audit Manual (FISCAM), Federal Information Security Modernization Act (FISMA) in support of Offices of Inspector General (OIGs), on CobIT in support of General Auditors, or on a variety of laws, regulations, and good business practices.
TWM has performed traditional applications reviews focusing on the inputs, processing, and outputs as well as applications reviews that are focused on breaking web-based applications.
Based on the application security documentation and TWM’s understanding of common exploits and/or control weaknesses, a detailed assessment plan is developed to perform the application review within the context of the contracted activities. This can include input controls to the application. Web-based edits and weaknesses if Web-based; balancing and edit controls if non-Web-based, processing controls, and output controls.
The assessment plan also identifies the tools to be used during the context of the testing to satisfy the detailed steps of the assessment plan. TWM also utilizes our own host-based assessment tools which are developed based on federal policies and guidance and best business practices. To date these tools have been used to evaluate hundreds of platforms throughout the world.