data-cables-ecbe1d
it-professionals

About Kimmell Cybersecurity & Forensic Services

What is the Kimmell difference?

We manage IT systems with Confidentiality, Integrity & Availability of data equally considered. 

Best in Industry Response & Resolution Times

Around-the-clock support, even on the weekends

0 K+

End Points Secured

0 +

Breaches Prevented

0 K+

Firewall Rules Reviewed

What can Kimmell Cybersecurity do for you?

OUR SERVICES

CMMC LEVEL 2 COMPLIANT MANAGED SECURITY SERVICES

Kimmell managed security services help organizations protect their information systems, be compliant with CMMC/NIST 800-171 and protect data from cyber threats.
  1. 24/7 Monitoring: Continuous surveillance of networks and systems for potential security breaches.
  2. Threat Detection and Response: Identifying and responding to security incidents in real time.
  3. Vulnerability Management: Regular scanning and assessment of systems to identify and remediate vulnerabilities.
  4. Incident Management: Developing and executing response plans for security incidents.
  5. Firewall and Intrusion Prevention Management: Configuring and managing firewalls and intrusion detection/prevention systems.
  6. Security Information and Event Management (SIEM): Collecting and analyzing security data from various sources to detect and respond to threats.
  7. Compliance Management: Ensuring that the organization meets relevant regulatory and compliance standards.
  8. Threat Intelligence: Providing insights and analysis on emerging threats and vulnerabilities.
  9. Cybersecurity Training: Educating all staff on the risks associated with Internet access.
By utilizing MSS, organizations can enhance their security posture, reduce risks, and free up internal resources to focus on core business functions.

CMMC LEVEL 2 COMPLIANT MANAGED SERVICES

As a Managed IT and Services Provider of your company we offer 24/7 availability monitoring, management and problem resolution for all the IT systems within the business. Our services as a CMMC Level 2 compliant MSP include but are not limited to:
  • Provisioning new devices
  • Provisioning  new accounts
  • Change management
  • Account management
  • Service availability monitoring
  • Standard hardened configurations
  • Managing the DNS records
  • FIPS 140-2 Compliant Backups and Backup Monitoring
  • IT Asset and User  Inventory
  • Software Licensing
  • Cloud Service Management and Migrations
  • Help Desk tickets resolution

CMMC Certified Third Party Assessor Organization (C3PAO) Assessments

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to ensure that contractors and subcontractors implement adequate cybersecurity practices. A CMMC assessment is conducted by Kimmell Cybersecurity, a C3PAO.

Key Points About CMMC C3PAO Assessment:

  1. Purpose: The assessment evaluates an organization’s compliance with CMMC standards, which range from basic cybersecurity hygiene (Level 1) to advanced practices (Level 3).
  2. Levels: There are three maturity levels in the CMMC framework:
    • Level 1 (Foundational): For organizations that only work with Federal Contract Information (FCI)
    • Level 2 (Advanced): For organizations that work with Controlled Unclassified Information (CUI) and must comply with the 110 security controls in NIST 800-171
    • Level 3 (Expert): For organizations that work with CUI and are subject to Advanced Persistent Threats (APTs) and must comply with NIST 800-172
  3. Assessment Process:
    • Pre-Assessment: Organizations may conduct a self-assessment to identify gaps.
    • Documentation Review: C3PAOs review policies, procedures, and other documentation.
    • Interviews and Observations: Assessors interview staff and observe practices to verify implementation of security controls.
    • Scoring: Organizations are scored based on their adherence to the CMMC practices associated with their target level.
  4. Results: The assessment results in a certification level, which determines the organization’s eligibility to bid on DoD contracts that require CMMC compliance.
  5. Recertification: CMMC certifications are not permanent. Organizations need to undergo re-assessment every three years to maintain their certification level.
  6. Importance: Achieving CMMC certification can enhance an organization’s credibility and competitiveness in the defense contracting space.
Organizations aiming for CMMC certification should engage with Kimmell Cybersecurity early in the process to understand the specific requirements and prepare adequately for the assessment.

We help organizations that handle protected health information by reviewing the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, we can uncover potential weaknesses in their security policies, processes and systems.

Risk assessments also help providers address vulnerabilities, potentially preventing electronic health information data breaches or other adverse security events. A vigorous risk assessment process supports improved security of patient health data.

 

We perform an independent, enterprise wide assessment of corporate security to understand existing information security and process controls.

  • Enterprise Wide Policy – We will assess your IT and related policies and procedures
  • Enterprise Security Staffing – We review current security staffing for adequacy
  • IT Asset Management – Analyze the life of IT Assets in your organization
  • Personnel Security – From Onboarding to Access
  • Physical Security – How well are your organization’s assets protected
  • VOIP and Mobile – Communication mediums can be a weak point
  • Network Security- This is a high-risk area that involves overall network design and detail network device configuration assessments.
  • Application Security- Applications and especially custom applications can contain high risk vulnerabilities.
  • Business Continuity and Disaster Recovery
  • Cybersecurity Awareness Training Program
  • Incident Response Plan
  • Information Systems Core Security
  • Internet Connectivity and Operations
  • Cloud Computing
  • Regulatory and Compliance
  • and more!

Make sure your company has regular penetration tests and vulnerability scans performed by external experts to identify any weaknesses in your security program. Avoid using internal teams that might have a biased perspective. Protect your organization from the insider threat – consider using ethical hacking teams who have wide ranging experience and an up-to-date view of what vulnerabilities exist in other organizations.

Our vulnerability assessment offers an effective and efficient way to manage the vulnerabilities of your organization’s computer systems and network.

The automated process of proactively identifying vulnerabilities of IT systems in a network to determine if and how a system can be exploited.

Vulnerability scanning employs software that seeks out operating system and application flaws based on a database of known issues, testing systems for these flaws and generating a report of the findings that an organization can use to improve security.

Our Team

Meet the Kimmell Team

Brett Kimmell

Principal & Cybersecurity Consultant

Brett Kimmell
is a member of the AICPA and ISACA and has served as a board member of Torchbearers and West Hill Neighborhood Organization. Brett is a member of Leadership Akron’s class Twenty Three and active in the alumni group.

He has a Masters in Accounting Information Systems and holds multiple IT Security Certs: CCA, CCP, CISSP, CISA, CISM, CPA, CITP.
Abdullah Al

Partner & Senior Cybersecurity Consultant

Abdullah Alkhulaiwi
holds a Masters in Digital Science and multiple security certifications. Abdullah graduated with honors and was recognized by the Ohio House of Representatives for excellence and outstanding academic achievement.

His experience includes ethical hacking, complex network design and information security assessments. RP, Security +

Client Testimonials

CFO of Insurance Co

Cleveland, Ohio
Kimmell Cybersecurity has been helping us improve our IT infrastructure and security for the past year. Kimmell Cybersecurity has provide us with efficient and cost effective solutions for our IT issues.

We are appreciative of their technical expertise and reliable service. Kimmell Cybersecurity has truly become our partners in IT.

United Way - VP

Akron, Ohio
We recently contacted Kimmell Cybersecurity to perform a Web Application Code Assessment on our proprietary IPledge™ software. Not only was the bid we received reasonable and cost effective, the attention to detail and implementation of the ”programmatic fixes” was carried out quickly and during off hours so the needs of the business did not suffer.

The company also worked with our IT team to test the fixes and ensure that the software retained its integrity and functionality. Their response time as almost instantaneous and we were very pleased with their work.”

B2B Co - CFO & Partner

Cleveland, Ohio
My client was facing a growing information system environment. As a multi-division organization, it faced internal control requirements over several software applications including retail point of sale, payment card information and personally identifiable information.

Kimmell Cybersecurity was brought in and efficiently and cost effectively assessed our enterprise information systems to strengthen controls and reduce potential exposure. Their report was timely and included priority action steps.

What's Up

Recent News