“The best way to get management excited about a disaster plan is to burn down the building across the street.” — Dan Erwin, Security Officer, Dow Chemical Co.
The typical cybersecurity company will provide you a list of vulnerabilities, but they won’t help you fix them. The reality is that most cybersecurity consultants simply run software programs which scan your network and generate reports. They want to find problems, but not do the dirty work of patching, segmenting your network, or configuring better backups.
The cyber-security triad is defined as Integrity – your data and systems stay intact (think backups); Confidentiality – restricting access to sensitive data and systems (think firewalls); and Availability – your systems work (think fail-over). Why do people only look at confidentiality when they think about security? That is only 1/3rd of cyber-security. Kieri Solutions fills the gap by focusing on Integrity and Availability.
Kieri Solutions believes that cybersecurity should be a holistic part of everyday systems administration, not a separate department. Read on for our areas of emphasis.
A Certified Information Systems Security Professional (CISSP) will compare your network, firewalls, hardware, and software against best practices for your industry. We stand ready to assist your IT department in implementing the fixes.
Secure design includes…
- Ensuring that high availability, failover, and the ability to continue operations are at the core of your network design.
- Implementing two-factor authentication and separation of duties
- Firewall tightening to reduce risk of outside attacks
- Encryption of sensitive data and sensitive backups
- Controlling user access to the Internet and dangerous sites
- Redundant systems to quickly recover from failures and reduce maintenance downtime
- Network segmentation to protect critical internal systems
- Ensuring you have a backup strategy for server and user data.
- Antivirus and intrusion detection systems
We are experienced in writing policy and helping companies through compliance reviews.
Medium and large organizations should be able to prove compliance with one or more of these security frameworks:
- U.S. Privacy Shield – An internationally-recognized framework for the protection of personal data held by your company.
- Global Data Protection Regulation (GDPR) – Required for companies that deal with E.U. citizen data. Stringent laws for protection, accountability, and use of personal information. GDPR is enforced by extreme fines and penalties.
- ISO 27001:2013 – Information Security Management and Controls, applicable to all organizations.
- NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations.
If you aren’t ready to start the huge task of building a security framework, you should still consider starting some key policies and procedures now.
- Configuration Management – Know what exists in your environment, what versions are installed, how they are configured, and current issues. This is normally the first database an IT department should develop.
- Computer Use Policy and Information Security Awareness Training – Basics for your non-technical users.
- Disaster Recovery Plan – Have a plan to get the business running again after hardware or software failure, or natural disaster.
- Incident Management Plan – Escalation and notification steps in case of outage, security breach, or other adverse events.
- Change Management Plan – Policy, procedures, and database to plan, approve, and track changes. Doing this reduces accidental downtime, provides a history of changes, and proves you are in control.
Every company should have trained cybersecurity professionals on their side, no matter the size. We will set up, monitor, and maintain your security systems. Many small and medium businesses request weekly or monthly reviews to identify and respond to changes in baseline.
- Intrusion Detection System
- User activity reports
- Virus and malware protection
- Vulnerability scans and remediation
So you are thinking about adopting a new software product for your organization. You worry about whether it is secure, whether it will work in your network environment, and whether it will be accepted by your users. If you are a large enterprise, you cannot afford downtime because of your new IT system. These are all excellent reasons for independent testing.
Intelligent Test Design
Kieri Solutions has a formal test design and verification process to make sure that your new system is put through its paces. We have industry experience testing mission-critical applications such as healthcare systems and highly secure networks.
Our distinguishing characteristic: We understand the underlying design of software: as a result, we know the common mistakes and shortcuts that developers make. We include a survey for common mistakes and shortcuts in our test plans – this identifies major issues that most testing misses.
The Test Process
- Identify the objectives and requirements for the system.
- Design test environments and connected systems for realistic use.
- Design tests that validate functionality, stability, and security.
- Perform testing, documenting issues and troubleshooting steps.
- Coordinate with vendor to report and solve problems.
- Formal documentation of findings with analysis and way forward.
We will take the time to understand the subject so that your staff can do their own jobs. The first step is reviewing the system and working with your technical team to identify the best solution. Then our writer will create the document you need and thoroughly test it the same way your audience will use it. No more incomprehensible manuals. No more missing steps.
We have created manuals that have step-by-step procedures to solve the most common technical issues at a company. These manuals were used by help-desk and by users to solve problems themselves, rather than needing escalation.
We have also written procedures and scripts for complicated, repeating tasks like on-boarding new users, performing daily system checks, or administrating a new system.
Most IT professionals hate documentation. Give them a break and get a fresh viewpoint at the same time.
Proven templates for:
- Security Policy such as Encryption policy, Patching policy, Firewall policy, User Onboarding and Offboarding.
- Concept of Operations (CONOPS)
- Quality Management and Team Manuals
- Administrator’s Guide
- User’s Manual
- Business Continuity Plan, Disaster Recovery Plan, Continuity Of Operations Plan (COOP)
- Requirements Mapping
- Configuration Management Database