Do you know what security compliance regimes you should follow and how to achieve compliance?
Kaliber helps companies implement a comprehensive Information Security Program which provides the dual benefit of improving our clients’ security posture while positioning them to meet the compliance guidelines of:
SOC
ISO
PCI
GDPR
While we are knowledgeable in the control requirements of the compliance regimes, the first step when working with our clients is to fully understand their businesses and the services that they offer. Only after we define the scope of the information assets (of their organizations, their employees and their customers) can we build a relevant, risk-based approach to protecting those assets.
Once the assets, processes and systems are established, the next step is to pinpoint key controls and, even more importantly, any control gaps – controls that are not in-place (and should be) or controls that are ineffective.
Kaliber then works with our customers to build an effective program:
Once controls are in place and audit trails can be produced, then our clients can feel confident that their data, and that of their employees and customers, is well protected and that those protections will be validated by outside auditors trained to validate their controls.
Do you know how to perform a Cyber Risk Assessment?
All effective information security programs begin with a candid risk assessment. This is underscored by the fact that all compliance regimes generally establish risk assessment as the first step towards certification. Risk assessments are used to identify, estimate, and prioritize risks to an organization’s mission, assets, functions, employees, partners, and reputation resulting from the operation and use of information systems.
If you are a financial services firm, risk assessments are mandated by the SEC and require the use of the NIST Cybersecurity Framework. If you are a firm that stores medical information and are subject to HIPAA, likewise, a risk assessment is required.
So, what are the steps to performing a risk assessment and how does Kaliber help?
Step 1 – Identify relevant Threats to your organization
Step 2 – Identify how your organization could be Vulnerable to those threats
Step 3 – Assign a value to the Impact that a successful attack would incur
Step 4 – Establish the Likelihood of the attack being successful
Step 5 – Review Controls that might be put in place to limit the success of an attack
Step 6 – Decide if the cost of the controls is consistent with the level of risk and decide to accept risks that do not meet organizational thresholds
Step 7 – Repeat annually:
a) Have the controls been implemented?
b) Are they working as intended?
c) What new threats and vulnerabilities need to be evaluated?
d) Re-assess
Kaliber has worked with many organizations to help them identify threats and vulnerabilities, assign impacts and likelihoods and develop controls to limit a firm’s risk.
Do you know how to properly report a Data Breach?
A data breach is any instance in which there is an unauthorized release or access of confidential information not suitable for public release. This definition applies regardless of whether an organization stores and manages its data directly or through a contractor, such as a cloud service provider. Data breaches can take many forms including:
In some cases, an organization may discover that control over personally identifiable information, medical information, or other sensitive information has been lost for an unspecified period of time, but there is no evidence that data has been compromised. In such an instance, unless applicable federal, State, or local data breach notification laws would define this as constituting a breach, it would be up to the organization to determine whether to treat the incident as a full-scale breach or as inadequate security practice requiring immediate correction.
Kaliber can you help you construct a relevant, usable, compliant Data Breach Response Plan as part of a comprehensive Information Security Management System. Further, Kaliber can work with your team to perform a “table top test” to simulate the required actions in case of a real data breach. In this way, your organization will know how to react properly given the circumstances of the breach.
In an article in Computer Reseller News, Kaliber’s President, Ken Leeser, said, “People want sunshine and insist that the breached organization shed light with clear and concise information about the matter. People accept the bad things that happen, but it’s how you respond that ultimately determines public opinion in the marketplace.”
Virtual, shared services have proliferated in the last few years. Many organizations use a Managed Service Provider (MSP) to support their IT installation, configuration and support needs. Many use CFO and HR for hire services to get higher qualified individuals at a more affordable price. Similarly, many of these same organizations are now outsourcing their CISO.
A Chief Information Security Officer (CISO) establishes and maintains an enterprise’s security vision, strategy, and programs. The role ensures that information assets and technologies are appropriately protected.
Kaliber Virtual CISO services are designed to provide expert security guidance through:
A Virtual CISO from Kaliber will work to understand your business environment, culture and objectives.
Among the projects we can help with include:
We help newly-minted CISOs embrace their organization’s strategic vision, enable products and services, build executive presence and define the steps necessary to improve Cybersecurity across the organization.
Additionally, we work with companies to review their organizational structure, data protection needs and compliance requirements to establish proper Cybersecurity leadership. We have successfully guided organizations to define the commitment, clarity and accountability required of an effective CISO and the cybersecurity program he or she is charged with leading.
50 Franklin St.
3rd Floor
Boston, MA 02110