2. Table of Contents
Summary of Offerings .........................................................................................................3
Cyber Security Consultancy & Advisory Services ................................................................3
Compliance and Governance .................................................................................3
Business Continuity Planning (BCP)........................................................................6
Cybersecurity Assurance & Secure Infrastructure ..............................................................7
Azure/Office 365 Security ......................................................................................7
Data Protection Assessments.................................................................................7
Firewalls (UTMs, NGFWs, etc.)...............................................................................8
Network Intrusion Detection Systems & Host Intrusion Detection Systems.........8
Virtual Private Networks ........................................................................................8
Security Event Management (SIEM).......................................................................9
System Hardening ..................................................................................................9
Identity access management (IAM)........................................................................9
Wireless Security....................................................................................................9
User Security Awareness & Training ......................................................................9
Penetration Testing............................................................................................. 10
Managed Security Services............................................................................................... 11
Incident Response ............................................................................................... 11
3. Summary of Offerings
Kmicro partners with organizations to create and establish effective cybersecurity programs.
From our state-of-the-art Security Operations Center (SOC), we help protect data, and critical IT
infrastructure while ensuring compliance with industry and government regulations. With our
expert security assessments that provide insight into weak points and compromises on your
network. We support organizations to develop tailored security programs backed by on-call
expertise and continuous monitoring. We work to attain visibility into our clients Cybersecurity
programs and protection assurance controls across the entire attack surface including IT
services, connected devices, assets in the cloud and through security focused third-party and
vendor management.
Security Solutions
• Data Protection & Data Leakage Prevention (DLP)
• Cybersecurity Framework & InfoSec Development
• Vulnerability Scanning & Penetration Testing
Cloud Security Assurance
• Office 365 & Azure Security Benchmarking
• Identity & Access Management
• Secure Cloud Data Management
Managed Security Services
• Security Information & Event Management (SIEM)
• Advanced Threat Protection
• Mobile Device Management
Governance & Compliance
• Risk Analysis and Management (CIS/NIST/PCI/HIPAA/HITECH)
• Compliance and Audit Preparedness
• Incident & Privacy Breach Response
Cyber Security Consultancy & Advisory Services
The products and services to be included within KMicro’s Cybersecurity offering are described in
greater detail below.
Compliance and Governance
Many organizations facing the current cybersecurity environment are overwhelmed by what we
call the “Fog of More”—a constant stream of new information and problems. They are
challenged by competing expert opinions, a noisy and fast-changing marketplace of potential
solutions, and unclear or overwhelming regulatory and compliance requirements. KMicro works
with clients to establish both CIS & NIST Cybersecurity Frameworks and Controls.
The CIS Controls are a prioritized set of actions to defend against pervasive cyber threats and is
the framework we propose to small to medium sized business to help establish Cybersecurity
Program within their organization. The CIS Controls are developed by a global expert community
4. based on their first-hand experience of the threat environment to identify the most high-value
practices to secure networks. Their in-depth understanding of the current threat landscape
drives the priority order and focus of the CIS Controls. Further, CIS routinely incorporates
feedback from the user community and ensures the best practices are vendor-neutral. Trusted
by security leaders in both the private and public sector, the CIS Controls:
• Leverage the battle-tested expertise of the global IT community to defeat over 85% of
common attacks that focuses on proven best practices, not on any one vendor’s solution
• Offer the perfect on-ramp to execute compliance programs with mappings to PCI, NIST,
ISO, and HIPAA
Phased implementations helps ensure that organizations receive the most significant benefits by
implementing the highest priority controls first.
Cybersecurity Maturity Assessment
KMicro will help define the fundamental parts of an organization’s Information Security
program, develop better “security situational awareness,” and create a solid foundation for
program development.
• Assess Current Conditions - We perform a thorough evaluation of the current state of
controls and gain an understanding of the organizational risk appetite and business
objectives.
• Analyze Gaps – Industry best practices will be compared to an organization’s current
controls and changes will identified to build a relevant, actionable, and sustainable
security program.
5. Corporate Security Policy
Developing a proper Information Security Policies for your organization is the first step in the
development of a comprehensive security strategy. KMicro works with organizations to deal
with all three parameters that are required for enabling a robust cybersecurity program
including the people, the technology and processes. Information security policies have to
address electronic business application security, enterprise security & business continuity,
remote access & Internet Security, and infrastructure security management.
Information Security Policy Development
Depending on the requirements of the organization, there are requirements for varying policies,
processes, and standards to be generated or updated. Each position paper will describe in detail
the policies for a specific domain and if required, define the procedures for implementing those
policies. Each defined policy could have the following subsections: policy number, name of the
policy, description, audience, owner and any other related policy number.
Information Security standards can be based on the various domains as defined by ISO27001,
NIST or other established standards and frameworks. However, any additional domains can also
be incorporated, if required. Some common domains that have its own policies in a corporate
environment are
• Information Security Planning Policy
• Risk Management Policy
• Information Security Awareness
Policy
• Communications & Outreach Policy
• Performance Management Policy
• Information Classification Policy
• Asset Inventory Policy
• Asset Categorization Policy
• Physical and Environment Security
Policy
• Sanitization Policy
• Equipment Movement Policy
• Operating Procedures Policy
• Separation of Duties Policy
• Business Continuity Management
Policy
• Third Party Policy
• Capacity Management
• Anti-Virus Policy
• Backup Policy
• Interconnection Policy
• Media Management Policy
• Information Exchange Policy
• Data Management Security
• Security Monitoring and Logging
• Monitoring Policy
• Patch Management Policy
• Identity and Access Management
• User Access Management Policy
• Password Policy
• Lockout Policy
• Roles & Responsibilities
• Clear Desk Policy
• Network Security Policy
• Network DMZ Policy
• Mobile Computing Policy
• Information Security Analysis
Policy
• Data Validation Policy
• Encryption Policy
• Testing Policy
• Source Code Library
• Change Management Policy
• System Acceptance Policy
• Software Installation Policy
• Vulnerability Scanning Policy
• Incident Management Policy
6. Risk Assessment
Based on the Goals set out in the Corporate Security Policy, a Gap Analysis will be carried out in
accordance with security standards and frameworks such ISO 27001, CIS & NIST Cybersecurity
Frameworks.
In order to perform an evaluation, KMicro has devised an approach that is both effective and
efficient. In summary, our overall methodology consists of the following:
1. Understand the organization’s Business Objectives and Daily Operations Workflow
2. Design and Implement a Risk Management Framework (Strategic and Technical)
3. Devise a Risk Treatment Plan
• Step 1 – Identify Threats and Vulnerabilities
• Step 2 – Identify Existing Controls and Determine Likelihood
• Step 3 – Determine Impact
• Step 4 – Determine Risk Scoring
Business Continuity Planning (BCP)
With a methodology used to create a plan for how an organization will resume partially or
completely interrupted critical function(s) within a predetermined time after a disaster or
disruption, KMicro works with organizations to develop Business Continuity Plans. BCP may be a
part of a larger organizational effort to reduce operational risk associated with poor information
security controls, and thus has a number of overlaps with the practice of risk management.
Business Continuity Management
A complete BCM focuses on ensuring the expedient response, recovery and restoration of
critical business processes due to unplanned business interruptions. A completed BCP cycle
results in a formal printed manual available for reference before, during, and after disruptions
have occurred. For such a comprehensive BCP, the term disaster can represent a natural
disaster, man-made disaster, and disruptions.
BCM Benefits
Organizations which implement a robust business continuity management process will benefit
from:
• Increased resilience to key threats
• Greater awareness of risk exposures
• Ability to respond rapidly to minimize costly interruptions
• A workable, accountable approach that can be reviewed
• A marketing advantage with key customers
• A process which can be part of corporate governance
• An enhanced insurance profile
7. Cybersecurity Assurance & Secure Infrastructure
Architecture development is essential for secure and stable operational IT environments. With
the emphasis on IT assets in most organizations today, proper design and development of
secure infrastructure becomes a necessity. Our consultants enable the development of
comprehensive design and implementation for various technologies used for security
enhancement.
Azure/Office 365 Security
• Implement and manage identity and access
• Implement and manage threat protection
• Implement and manage information protection
• Manage governance and compliance features in Office 365
• Enterprise Mobile Security
Data Protection Assessments
The assessment and development of a Data Protection Program (DPP) follows an incremental
approach that builds on existing organizational structures, processes and controls and allow for
adherence to regulations such as GDPR and CCPA. DPP projects will work to preserve existing
sensitive data and data privacy efforts already undertaken by organizations and work towards
implementation of a Data Protection Program (DPP) specifically to plan, that effectively
manages data protection within the organization. As a practical approach, KMicro will review
existing data protection and privacy arrangements and will provide an understanding of the
current state of controls, and a roadmap for what needs to be completed to ensure that the
sensitive data and privacy of information is appropriately stewarded and preserved.
KMicro will conduct a current state assessment of normal business processes, data flow and
data content analysis that includes:
1. Review Data Classification policy including categories, description, integration with
normal business processes.
2. Review current technology in place for data visibility and controls (data loss, encryption,
classification, etc.).
3. Review current data classification & protection roles and supporting functions across IT
Security, Compliance, Privacy.
4. Review a subset of specific data protection requirements from key business units.
5. Review current areas of data lifecycle: storage, data in motion, and data handling across
the organizations IT infrastructure; Network review of egress points, endpoint
environment (USB, web uploads, etc.), data at rest (Network shares/internal
collaboration sites, SharePoint, etc.), and cloud and off-prem services/applications.
6. Analyze current processes in place that address data classification; Employee
communication and awareness, enabling employees and data owners to manage data
protections, and escalation processes.
8. 7. Review current data protection roles and supporting functions across IT Security,
Compliance, Privacy, and Investigations/Incident response teams.
8. Review and identify types of data, regulatory controls that may be mandated upon
Client, data ownership, business processes dependencies (GDPR, PII, PHI/HIPPA, CCPA).
9. Conduct business process mapping and strategy sessions with key Lines of Business,
Compliance, and Information Security teams to define and prioritize data protection
requirements.
10. Conduct DLP Workshop Sessions to discuss Data Protection Impact Analysis that
includes regulatory policy requirements with HR, Legal, Finance, and additional key
business units for HIPAA, CCPA, GDPR.
11. Review current incident response functions within the organization and determine
workflow for DLP and data privacy incident management & escalation.
Firewalls (UTMs, NGFWs, etc.)
Firewall is the principal tool for keeping unwanted intruders out of a specific network. A firewall
usually sits between a trusted network, such as the Corporate LAN, and untrusted network, such
as the Internet. Its main role is to restrict the traffic going into the trusted network while only
allowing authorized traffic to go out to the untrusted network. This same device can also be
used to protect more secure areas of the Intranet from the less secure areas. In addition, in
today’s day of business-to-business communication, it can also be used at the perimeter to
protect the Corporate Infrastructure from traffic originating from business partners.
Network Intrusion Detection Systems & Host Intrusion
Detection Systems
Intrusion Detection is essential for Monitoring of the Corporate Infrastructure. After the
completion of the design and then implementation of the security solution, there is a need to
verify whether the solution is secure enough. Intrusion Detection is the technique to
continuously monitor all the traffic coming into a specific network and/or the hosts systems to
detect any malicious or harmful traffic. Upon detection, the intrusion detection system will
generate an alert for the relevant security administrator. In addition, the IDS can also take
specific action such as blocking the source of the harmful traffic.
Virtual Private Networks
A Virtual Private Network (VPN) is a private tunnel in the public network for connectivity
between various corporate entities i.e. having corporate or private data passing through the
Internet via a secure pipe. This is in comparison with the earlier model where point-to-point
connectivity was used for corporate connectivity and connection to the public network was only
allowed for Internet related activities.
VPNs are playing a vital role in today’s connected infrastructure. They have led to significant cost
savings and provide anytime anywhere connectivity for mobile users. However, security is one
of the biggest concerns for such connectivity as the traffic passing through the VPN can contain
critical corporate data such as payrolls or financial transactions.
9. Security Event Management (SIEM)
The number of events from different security devices that need to be monitored and managed
by a limited number of individuals in any operational environment has multiplied exponentially.
These include syslogs from firewalls, alerts from IDS, logs from critical systems and networking
equipment, all need to be monitored, especially during a security incident. Security Event
Management tools enable normalization and correlation of all these events, which implies that a
single console is used to monitor all these devices. This leads to less operational overhead and
less false positives.
System Hardening
To ensure comprehensive end-to-end security, Operating Systems running critical services need
to be properly hardened. This is done by applying the latest patches, turning off services that
are not required and using products such as tripwire to ensure integrity of the data on the
system. In addition, technologies such as SSH and SSL can be utilized for further enhancing the
security of the systems.
KMicro is a CIS SecureSuite Services Member https://www.cisecurity.org/partners-services/. CIS
SecureSuite Membership provides KMicro access to multiple cybersecurity resources including
our CIS-CAT Pro configuration assessment tool, build content, full-format CIS Benchmarks™, and
more. Start secure and stay secure with integrated cybersecurity tools and best practice
guidance for over 150 technologies.
Identity access management (IAM)
Identity Management has become one of the critical factors for many organizations providing
remote access to its employees, partners and customers. By the combination of various
methodologies, such as authentication, access control and user policies, a comprehensive
Identity Management solution can be provided.
Wireless Security
With the proliferation of wireless networks in business environments, security has become of
paramount importance. Many wireless networks deployed have little or no security and these
networks with inherent vulnerabilities can easily be exploited to get access to core corporate
systems.
User Security Awareness & Training
One of the best ways to decrease the security threat of any organization is to make its
employees security aware. These are the people who would suffer the most from any security
incident and these are the people who can make the organization’s security program successful
through proper compliance. In Information Security, as in anything else in the world, awareness
of a danger is the first step towards taking the necessary precautions. By enabling a step-by-step
security awareness program, the management of the organization can significantly reduce the
threat profile for the critical assets as well as the non-critical assets.
• Security for Senior Management
• Security Awareness Campaign for General Users
• Security Awareness Quiz
10. Penetration Testing
Whether internal or external, Network Penetration Testing is executed in four phases, with the
goal of exploiting discovered vulnerabilities. Performing regular penetration tests will reveal
emerging vulnerabilities against newly discovered threats.
• Identify unknown flaws or vulnerabilities that can result in a breach or disclosure
• Discover vulnerabilities that traditional control-based testing methodologies can
potentially miss
• Validate, understand, and prepare for known risks to your organization
• Update and maintain regulatory or compliance controls
• Avoid costly downtime as a result of a security breach
• Develop a roadmap to remediate vulnerabilities and address risk
• Manage risk on an ongoing basis, as you make changes to your business or network
Penetration tests are offered in the following areas:
• Web Applications
• Network and infrastructure
• Inside testing
• Exterior testing
• Wireless
• Social Engineering
• Phishing (Email setup)
Other Information Security Assurance Offerings
• Web content filtering
• Endpoint protection Anti-Malware,
• Anti-spam
• Vulnerability scanning
• Patch management
• Data loss prevention (DLP)
• Privileged access management (PAM)
• Solution/tool research and requisition
• Solution implementation
• Management of security systems
11. Managed Security Services
Managed Security Services (MSS) is defined as "the remote management or monitoring of IT
security functions delivered via remote Security Operations Centers (SOCs), not through
personnel on-site." Therefore, Managed Security Services do not include staff augmentation or
any consulting or development and integration services.
Managed Security Services include:
• Monitored or managed firewalls or intrusion prevention systems (IPS)
• Monitoring or managed intrusion detection systems (IDS)
• Managed secure messaging gateways
• Managed secure Web gateways
• Managed endpoint protection
• Security information & event management (SIEM)
• Managed vulnerability scanning of networks, servers, databases or applications
• Security vulnerability or threat notification services
• Log management and analysis
• Reporting associated with monitored/managed devices and incident response
Incident Response
Incident Handling
Incident Response is the methodology used to handle an event that interrupts normal operating
procedure in an Information Technology environment. These events can be anything from a
Denial of Service (DoS) attack, a malicious intrusion or any other activity that is not authorized.
However, every incident is characterized by intense pressure and constraints on time and
resources. Therefore, there is a need to develop a formal strategy to provide a framework for
handling of these incidents.
• Incident Handling Policy
• Computer Security Incident Response Team (CSIRT)
• Incident Handling Procedures
• Business Continuity Planning & Disaster Recovery Planning