cybersecurity
Security is more than technology, policy, processes and compliance. The first step is knowing what needs to be protected. With that knowledge, strategies can then be created to identify threats and vulnerabilities, understand risks and create incident response plans. Your organization’s security posture should balancing regulatory requirements while ensuring business objectives are met. Educating every member of an organization about the value of incorporating security practices into business operations allows security to become a part of the company’s culture. At KS Information Services we are passionate about understanding a business’ goals and helping to create and implement a security plan that provides the structure to manage risk and the flexibility to remain innovative.
Service Offerings
information security officer
Independent Officer overseeing your organization’s information security strategies including IT business continuity and incident response planning and implementation to ensure compliance with industry and regulatory requirements. This service is provide as a fractional service on a retainer basis.
business continuity planning
Create systems and processes to prevent and recover from threats that may cause disruption to business-critical applications or networks including plans for data breach response and recover.
Soc 2 preparation
Identify the scope and reporting period of the audit, review controls and processes with process owners, perform a gap analysis and implement necessary changes.
iso 27001 PREPARATION
Review legal, regulatory and business requirements to establish a reference for minimum security controls. Evaluate threats and business’ risk tolerance in relation to the Information Security Management System (ISMS). Review processes with process owners, perform a gap analysis and implement necessary changes.
cybersecurity awareness training
Tailored cybersecurity awareness training for your organization. Review concepts of data privacy vs. data security, create awareness of application and network threats and risks, email inbox awareness, safe browsing techniques, communicating a potential or identified incidents and employee responsibilities related to company policies including acceptable use, data breach response, clean desk, password and email.
incident response/tabletop exercises
Tailored incident response exercises for your business or industry. A review of company incident response policy and processes followed by role play and multiple scenarios for small or large groups to explore and discuss the impacts of choices during the response phase of an incident.
system security plan and nist framework review, draft and Implementation
Using the framework designed by the National Institute of Standards and Technology system security plans that align to the organizations requirements and objectives can be reviewed, drafted and implemented to provide the structure for your organization’s security posture.
notice and policy review, draft and implementation
Review or draft policies considering legal, regulatory and business requirements as well as System Security Plan. Identify gaps in policies with process owners and implement necessary changes. Ex. Data Breach Policy, Vendor Management Policy, Information Security Policy and Data Encryption Policy.
The document provided is an overview of the State Data Breach Law. It is not a substitute for advice from an attorney, but meant to be used as a business tool to help bridge the gap between business, IT and council. I hope you find it helpful. Please let me know if you have any questions or comments.