Enterprise Security Policy, standards and procedures are the cornerstone of an effective organization. They provide direction that every person in the organization can use in a variety of ways.

Policies and procedures must be updated and modified as business, regulatory and enforcement events dictate; and they must be maintained in compliance with record-keeping requirements including the time period each policy was in effect. Periodic testing of policies is essential to ensure they are effective.

We help in analyzing your company’s existing policies, procedures and standards and provide recommendation to improve them by comparing them to the best practices in the industry to strengthen your defense.

As a Managed IT and Services Provider of your company we offer 24/7 monitoring, managing and/or problem resolution for all the IT systems within the business.

Our services as an MSP include but are not limited to:

• Provisioning new devices and new accounts when needed.
• Account management
• Vendor Security Management
• Service availability monitoring
• Standard hardened configurations
• Managing the DNS records
• Backup Monitoring
• Keep IT Asset Inventory up-to-date
• Software Licensing
• Incident Response as needed
• Help Desk tickets resolution

What is DFARS? DFARS stands for (the) Defense Federal Acquisition Regulation Supplement. This defines a set of cybersecurity regulations and standards required by the Department of Defense. Cybersecurity has always been a concern for contractors. The concern is much stronger for contractors with sensitive information known as “Controlled Unclassified Information” or CUI. Lack of DFARS compliance will result in loss of current and future contracts. This can also hurt the company’s reputation. CMMC stands for the Cybersecurity Maturity Model Certification and is designed for non-government computer systems to protect CUI data. This protects CUI with 110 controls in 14 groups, called families. CMMC contains 5 levels of certification, which will give the contractor a score that will determine your ability to bid on certain contracts and requires a third-party audit. Kimmell Cybersecurity is able to audit your company to make sure its compliant with all of the stringent controls and standards.

We help organizations that handle protected health information by reviewing the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, we can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing electronic health information data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.

We perform an independent, enterprise wide assessment of corporate security to understand existing information security and process controls.

• Enterprise Wide Policy – We will assess your IT and related policies and procedures
• Enterprise Security Staffing – We review current security staffing for adequacy
• IT Asset Management – Analyze the life of IT Assets in your organization
• Personnel Security – From Onboarding to Access
• Physical Security – How well are your organization’s assets protected
• VOIP and Mobile – Communication mediums can be a weak point
• Network Security – This is a high-risk area that involves overall network design and detail network device configuration assessments.
• Application Security – Applications and especially custom applications can contain high risk vulnerabilities.
• Business Continuity and Disaster Recovery
• Cybersecurity Awareness Training Program
• Incident Response Plan
• Information Systems Core Security
• Internet Connectivity and Operations
• Cloud Computing
• Regulatory and Compliance and more!

Companies involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). We help your company comply with the latest PCI DSS 3.0 standards to ensure a more secure environment which the organization and the customers can trust on for processing the credit card transactions.

Make sure your company has regular penetration tests and vulnerability scans performed by external experts to identify any weaknesses in your security program. Avoid using internal teams that might have a biased perspective. Protect your organization from the insider threat – consider using ethical hacking teams who have wide ranging experience and an up-to-date view of what vulnerabilities exist in other organizations. Our vulnerability assessment offers an effective and efficient way to manage the vulnerabilities of your organization’s computer systems and network. The automated process of proactively identifying vulnerabilities of IT systems in a network to determine if and how a system can be exploited. Vulnerability scanning employs software that seeks out operating system and application flaws based on a database of known issues, testing systems for these flaws and generating a report of the findings that an organization can use to improve security.

Claims of fraud, financial tampering, computer crime, employee misconduct, and other wrongdoing require corporations, law firms, and government agencies to follow digital trails to piece together facts that lead to the truth. Kimmell’s digital forensics experts help ensure no digital evidence is overlooked and assist at any stage of a digital forensics investigation or litigation, regardless of the number or location of data sources. Trust Kroll computer forensics experts to assist you with your most complex and sensitive investigative or litigation matters involving electronic evidence or data preservation.