FAQ about Cyber-Security

What is a Cyber Security Assessment?

KLC Information Security Assessments provide a comprehensive evaluation of an organization’s existing security policies, procedures, controls and mechanisms in relation to best practices and industry standards, such as ISO 27002 and NIST 800-53. Our Security Assessment are performed by security experts (SMEs) to identify risks and outline specific, actionable steps to improve security posture.

What is Third-Party Risk Management?

Anytime your company does business with another company, you’re at risk. Whether it’s medical to support healthcare for your employees, human resources to provide administrative functions, or wholesalers you purchase products to run your business, sensitive data sits everywhere. How you protect that information is your responsibility, and the risk of doing little or nothing outweighs the potential catastrophe you may face.

What is Information Security Engineering?

Our experts understand the networking technologies of routers, switches, firewalls, intrusion detection systems (IDS), servers, workstations, authentication, encryption, end-point protection, and how they are used to deliver business value. This operational perspective allows us to design a network flexible enough to meet your needs while maintaining a secure and stable system.

What is Regulatory Compliance and why do I need it?

Our certified IT Auditors help federal and state government, financial and banking institutions perform compliant assessment, and help address cyber security issues to ensure that all systems are in compliance with federal and state regulations.

BCP ()

Business Continuity Planning


Cisco Certified Network Associate


Cisco Certified Network Associate


Certified Information Privacy Professional


Certified Information Privacy Professional/Government


Certified Information Systems Auditor


Certified Information Security Manager


Certified Information Systems Security Professional


Certified Secure Software Lifecycle Professional


Defense Information Systems Agency

DoD (Department of Defense)

The United States Department of Defense is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national security and the United States Armed Forces.

FFIEC (Federal Financial Institutions Examination Council)

The Federal Financial Institutions Examination Council is a formal U.S. government interagency body composed of five banking regulators that is “empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions”.

FISMA (Federal Information Security Management Act)

The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, enacted November 12, 1999) is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company.


Gramm–Leach–Bliley Act

HIPAA (Health Insurance Portability and Accountability Act)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act) is a United States federal statute enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It was created primarily to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

IA (Identity and Access Management)

Identity management (IdM), also known as identity and access management (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and authorize individuals who will be utilizing IT resources, but also the hardware and applications employees need to access. Identity and access management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex.

ISO 27001 (International Organization for Standardization)

International Organization for Standardization (ISO) Information Security Management System Family of Standards.

MCSE (Microsoft Certified Systems Engineer)

An MCSE (Microsoft Certified Systems Engineer) is someone who has passed exams about the Microsoft Windows NT operating system, related desktop systems, networking, and Microsoft’s BackOffice server products.

NIH (National Institutes of Health)

NIH is the steward of medical and behavioral research for the Nation. Its mission is to seek fundamental knowledge about the nature and behavior of living systems and the application of that knowledge to enhance health, lengthen life, and reduce illness and disability.


National Institute of Standards and Technology

NOC (network operations center)

A network operations center (NOC, pronounced like the word knock), also known as a “network management center”, is one or more locations from which network monitoring and control, or network management, is exercised over a computer, telecommunication or satellite network.

PCI (Payment Card Industry)

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

SMAC (Spoof MAC)

SMAC is a powerful, yet easy to use MAC Address Changer (Spoofer) for Windows 10, 8, 7, VISTA,, 2008, 2003, XP, 2000 systems, regardless of whether the network card manufacturers allow this option or not.

SOC (security operations center)

A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Typically, a SOC is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barriers.

SOX (Sarbanes–Oxley Act)

The Sarbanes–Oxley Act of 2002 enacted July 30, 2002), also known as the “Public Company Accounting Reform and Investor Protection Act” (in the Senate) and “Corporate and Auditing Accountability, Responsibility, and Transparency Act” (in the House) and more commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.