Information Protection

Kivu helps organizations identify and address weak links in an otherwise strong chain.

In today’s business environment, an incident or cyber event is the perfect storm. A cyber event destroys customer loyalty, damages a brand, absorbs already scarce personnel resources, and opens the door to regulatory action and lawsuits. In the face of these perpetual internal and external threats, only careful planning and an aggressive response can prevent an incident from turning into an organizational disaster.

Kivu’s cyber security professionals work with organizations to protect their vital information, effectively preventing or mitigating incidents and cyber events. Our team combines unparalleled expertise in cyber compliance issues, organizational skills, legal knowledge and incident response. As an investigative firm, our experts can evaluate the soundness of an organization’s technical environment, as well as the human behavior that can either prevent or lead to an incident.

Kivu combines the highest technical expertise with legally sound, practical business solutions. Our team assesses an organization’s ability to respond to a security intrusion and identifies the measures it can take to improve its readiness. Our goal is to provide experienced, unbiased advice so that organizations can achieve better control over information security and the governance of their sensitive information.

Our Capabilities

Assessment Services App Security Services GRC Services Security Training Staff Augmentation

Assessment Services

All too often, organizations are unaware of the most likely cyber threats that may impact their business, as well as the pre-emptive steps they can take to mitigate that risk.

Through our Assessment Services, Kivu provides a comprehensive analysis of an organization’s security risks and makes specific recommendations that will strengthen its security operations and programs.

Vulnerability Assessments
Kivu’s vulnerability assessment consists of an external and/or internal network scan, using best of breed tools and technologies. The result of the vulnerability scan provides the same information that an attacker would see. After Kivu analysts review the scan, they provide detailed recommendations, which enable the organization to better prioritize its remediation efforts, thus mitigating its security risks.

Penetration Tests
Penetration testing is a controlled attack on a computer system, network or web application in order to find and exploit existing vulnerabilities. Penetration testing can be carried out externally, or from within the target organization. After penetration testing is complete, Kivu provides a full report detailing how successful the infiltration was, the system vulnerabilities that allowed access, and how the organization can remediate its vulnerabilities. Kivu tailors its penetration tests to meet an organization’s specific needs and minimize any business interruption.

Risk Assessments
Using several methodologies, such as NIST SP800-30revl and NIST CSF, our assessments provide a risk rating and detailed recommendations on how to specifically address security risk.

Technical Reviews
Kivu will review the configuration of critical cloud and IT systems, ensuring they are up to par with the latest security thinking.

Compliance Assessments
Kivu supports an organization’s efforts to obtain or maintain compliance with multiple US and international regulations and standards.

Application Security Services

Kivu’s Application Security Services can verify that an organization’s applications have been built with an adequate level of security. Our services offer an added level of confidence before an application is released to the public, or used internally.

Web Application Reviews
Kivu can review the security of an organization’s web applications, pointing out shortfalls that may allow an attacker to gain unauthorized access.

Application Penetration Testing
Kivu’s ethical hackers can simulate attacks on applications (Web, Mobile or Client-Server) by trying to gain access to data, accounts or the actual code.

Code Review
Kivu can review application code for dangerous constructs that could potentially introduce vulnerabilities.

Governance, Risk and Compliance (GRC) Services

GRC is an integrated collection of capabilities that enable organizations to reliably achieve their objectives, address uncertainty, and act with integrity. Kivu helps organizations ensure they have the critical security policies, standards and processes in place to uniquely support a secure business environment.

Security Program Review
Kivu’s consultants have developed security programs for multi-billion-dollar organizations as well medium and small-sized companies. Their experience allows them to review an existing security program and provide valuable feedback on how to improve it.

Security Program Development
Kivu develops security programs for organizations using NIST’s Cyber Security Framework (CSF). The NIST Framework consists of standards, guidelines and best practices to manage cyber security-related risk.

Policy and Standard Development
Our analysts have helped many organizations develop meaningful policies and standards that support their security programs. For organizations that prefer to customize the policies and standards themselves, we offer a generic set of security policies that can be easily adapted.

Security Process Development
Kivu can develop processes that uniquely support the security of any organization, including playbook development for incident response plans or a new hire process.

Risk Management Program
We have created and implemented information security risk management programs for all sizes of organizations.

Cyber Security Training

Kivu’s cyber security training helps organizations reduce their risk of cyber attack. Our consultants provide the information employees need to understand how not to be tricked by sophisticated phishing, email attachments or other methods that may enable external entry into information and data systems.

Classroom Training
Kivu can conduct classroom training, either as part of an organization’s internal security awareness program, supplementing it, or as a stand-alone project. Classroom training has been shown to have a higher success rate than computer based training alone.

Training Material
If an organization prefers to conduct its own classroom training, Kivu can provide generic training material that can be tailored to an organization’s needs. We can also customize training material for an organization.

Training Program Review
Kivu can review an organization’s current security training program and provide valuable feedback on how to improve it.

Staff Augmentation

Many mid-to-large-sized organizations don’t have the seasoned security professionals on staff to develop and implement a robust cyber security program. Kivu consultants can help any organization fill that need.

Virtual Chief Information Security Officer (CISO)
Kivu has seasoned information security professionals on staff that have developed and run security programs for mid-to-large-sized organizations. These strategic thinkers can help align an organization’s security program with its business and IT strategy.

Virtual Security Architect
Kivu has security architects on staff that can help an organization tackle the task of creating a robust security architecture. Our consultants understand the big picture of technical controls, and how to configure and augment them to maximize cyber security.

Additional Information About Our Services

VULNERABILTY ASSESSEMENTS AND PENETRATION TESTING

It’s vital for organizations to ensure their data is protected. Kivu performs vulnerability assessments and penetration testing to identify and resolve critical security risks.

Download PDF >