KLC Security Assessment Services
KLC Information Security Assessments provide a comprehensive evaluation of an organization's existing security policies, procedures, controls and mechanisms in relation to best practices and industry standards, such as ISO 27002 and NIST 800-53. Our Security Assessment are performed by security experts (SMEs) to identify risks and outline specific, actionable steps to improve security posture.
IV&V is a systems engineering process employing rigorous methodologies for independent evaluation of the correctness and quality of the system throughout its life cycle. We provide detailed and structured reports of findings of deficiencies and recommendations for their remediation.
Help federal government agencies or contractors assess the current state of information security controls based on FISMA or DIACAP
FISMA - KLC performs FISMA assessments to determine the effectiveness of security controls on information systems operated by, or for, the Federal Government. FISMA requires both an internal evaluation and an independent assessment. FISMA describes security controls as control families. NIST SP 800-53 defines each of these families, as well as referencing additional NIST special publications that further describe execution of security activities for each family.
DIACAP - KLC performs DIACAP serivices to determine the effectiveness of security controls for Defense agencies. We guide clients throughout the Certification and Accreditation (C&A) process, and obtain Authority to Operate (ATO). DIACAP is based on DoD Instruction (DODI) 8510.01 and DoDI 8500.2 IA Implementation Document.
Assess information security controls for financial institutions and health care industry firms based on the security standards (NIST 800-53, FFIEC, PCI, HIPAA, GLBA), and industry standards (ISO 27001 / 27002.)
KLC has security subject matter experts (SME) in financial services and healthcare industries to assess security controls, remediate findings, and achieve regulatory compliance.
TKLC provides security risk assessments of cloud computing business models and technologies. We conduct in-depth and independent analyses that identify key security risks of cloud computing through the application of ISO 27002 standards and utilization of the Cloud Control Matrix (CCM) by the Cloud Security Alliance (CSA). KLC is a contributing member of the CSA CCM working group.
KLC has expertise to assist with the remediation of findings. We understand the constraints of budgets and time, and can offer multiple ways to remediate findings and control gaps.