“The best way to get management excited about a disaster plan is to burn down the building across the street.” — Dan Erwin, Security Officer, Dow Chemical Co.
The typical cybersecurity company will provide you a list of vulnerabilities, but they won’t help you fix them. The reality is that most cybersecurity consultants simply run software programs which scan your network and generate reports. They don’t investigate how permissions are set on your files, which admin accounts are legitimate, or your ability to recover from an outage. And they definitely don’t know how to fix the problems that are found.
Kieri Solutions believes that cybersecurity should be a holistic part of everyday systems administration, not a separate department. Read on for our areas of emphasis.
A Certified Information Systems Security Professional (CISSP) will compare your network, firewalls, hardware, and software against best practices for your industry. We stand ready to assist your IT department in implementing the fixes.
Secure design includes…
- Ensuring that high availability, failover, and the ability to continue operations are at the core of your network design.
- Implementing two-factor authentication and separation of duties
- Firewall tightening to reduce risk of outside attacks
- Encryption of sensitive data and sensitive backups
- Controlling user access to the Internet and dangerous sites
- Redundant systems to quickly recover from failures and reduce maintenance downtime
- Network segmentation to protect critical internal systems
- Ensuring you have a backup strategy for server and user data.
- Antivirus and intrusion detection systems
We are experienced in writing policy and helping companies through compliance reviews.
Medium and large organizations should be able to prove compliance with one or more of these security frameworks:
- U.S. Privacy Shield – An internationally-recognized framework for the protection of personal data held by your company.
- Global Data Protection Regulation (GDPR) – Required for companies that deal with E.U. citizen data. Stringent laws for protection, accountability, and use of personal information. GDPR is enforced by extreme fines and penalties.
- ISO 27001:2013 – Information Security Management and Controls, applicable to all organizations.
- NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations.
If you aren’t ready to start the huge task of building a security framework, you should still consider starting some key policies and procedures now.
- Configuration Management – Know what exists in your environment, what versions are installed, how they are configured, and current issues. This is normally the first database an IT department should develop.
- Computer Use Policy and Information Security Awareness Training – Basics for your non-technical users.
- Disaster Recovery Plan – Have a plan to get the business running again after hardware or software failure, or natural disaster.
- Incident Management Plan – Escalation and notification steps in case of outage, security breach, or other adverse events.
- Change Management Plan – Policy, procedures, and database to plan, approve, and track changes. Doing this reduces accidental downtime, provides a history of changes, and proves you are in control.
Every company should have trained cybersecurity professionals on their side, no matter the size. We will set up, monitor, and maintain your security systems. Many small and medium businesses request weekly or monthly reviews to identify and respond to changes in baseline.
- Intrusion Detection System
- User activity reports
- Virus and malware protection
- Vulnerability scans and remediation