|
Tel: 617-314-9721
info@klcconsulting.net
|
Capability Statement
KLC Consulting - Your Compass in the Midst of Chaos!
KLC makes every effort to help our clients stay one step ahead of the
game in security by providing advanced security technology and
processes, and assistance in mitigating the risk associated with
corporate resources and data.
By balancing business needs with security technology, we enable our
clients to make clear, informed decisions regarding the protection of
their valuable resources and reputation.
KLC offers complete and customized solutions based on the KLC Security
Methodology and industry standard guidelines and principles.
Our mission: Help our customers
Build, Defend, Analyze, and Counter Attack (if required) in Cyber
Security
KLC Capability Statement
SMAC Software
Brochure
|
KLC profile:
(Qualification)
-
Certification:
8(a) Certified & SDB
-
Contract
Vehicle: Navy Seaport-e
-
Accounting: DCAA
Audited and Approved
-
DUNS#:
128430050
-
CAGE#:
4WEW4
-
NAICS Code: 541512,
541511, 541513,
541519, 511210, 518210
-
Past Performance: DoD, DISA, NIH,
Veterans Affairs (VA)
|
Core Services:
|
|
|
Qualification |
Description |
|
KLC's Qualification |
KLC Consulting has over 20
years of Information Security and IT Audit services
experience. We have also created the first network
address changer for Windows with over 1.5 million users.
Our mission is to enable federal and state government
and fortune 1000 companies to secure the IT environment
and reduce risks. Our experience covers different
industries including government, defense, financial
services, retail and aerospace.
KLC Consulting also
contributes in leading security projects including Cloud
Security Alliance's Cloud Security Control Matrix for
ISO 27001 and NIST 800-53 / FEDRAMP.
We have
security professionals with DoD security clearance.
We also have DoD 8570.01-M Certified Security, IT
Audit, and Privacy professionals including
- Certified
Information Systems Security Professional (CISSP)
- Certified
Information Security Manager (CISM)
- Certified
Information Systems Auditor (CISA)
- Certified Software
Secure Lifecycle Professional (CSSLP)
- Certified
Information Privacy Professionals (CIPP, CIPP/G)
- Certified ISO
27001 Lead Auditor
- Cisco Certified
Network Professionals (CCNP)
- Juniper Certified
Professionals.
- Security+
- A+
|
|
Services |
Description |
|
Cyber Security Assessment |
-
Perform Independent Verification
and Validation (IV&V)
-
Help
federal government or contractors assess the current
state of information security controls based on
FISMA or DIACAP
-
Help
financial institutions, health care and firms assess
information security controls based on the security
standards (NIST 800-53, FFIEC, PCI, HIPAA, GLBA),
and industry standards (ISO 27001 / 27002.)
-
Conduct Cloud Security Assessment
-
Provide expert guidance to
remediate findings / issues
|
DIACAP
Certification & Accreditation (C&A)
(Contact KLC) |
-
KLC and partners have significant
experience and expertise to successfully perform
DIACAP and obtain
IATO / ATO for different DoD agencies including:
-
Army
-
Navy
-
Air Force
-
Marine Corp
-
Provide guidance and approach for
DIACAP
-
Professionals performing
DIACAP meet DoDD
8570.01-M security certification requirements
-
Approach on
DIACAP C&A
-
Conduct STIG, ST&E, PoA&M
during the DIACAP
process
-
Conduct IV&V for projects
(providing no conflict of interests)
-
Prepare
DIACAP package
-
Obtain Interim ATO (IATO) or
ATO
|
|
Third-Party Service Provider (Vendor) Risk
Assessment / Management |
Conduct fix
cost third-party service provider security risk
assessment based on ISO 27002 security standards.
Provide our
customers the understanding of interdependency risks
with the vendors.
Assist third-party service
providers to fill out client security questionnaire
and provide strategies to navigate through client
assessment / audit
|
|
Information Security
Engineering |
-
Network Infrastructure,
Application Security, Cloud Computing
-
Setup Intrusion Detection,
Prevention, log analyzer for situation awareness,
and counter-attack systems
-
Research and Development for
Custom Cyber Security Applications
-
Prepare the DIACAP and FISMA
Package for Certification and Accreditation (C&A)
-
Assist the C&A process and obtain
Authorization to Operate (ATO)
-
Assess,
design, implement processes and tools that will
provide continuous analysis, detection, and protection of your
information asset.
(information
security lifecycle)
|
|
IT Audit / Regulatory
Compliance |
Our certified IT Auditors help
federal and state government, financial and banking
institutions perform compliant assessment, and help
address issues of the following:
-
DIACAP
-
FISMA
-
NIST 800 Series (800-53, 800-37, 800-34 and more)
-
Privacy Impact Analysis (PIA)
-
Sarbanes-Oxley (SOX)
-
Gramm-Leach-Bliley Act (GLBA)
-
Financial Regulations FDIC, OCC, OTS, NCUA, (FFIEC)
-
Payment
Card Industry (PCI) Security Standard
-
Health
Insurance Privacy and Accountability Act (HIPAA)
-
Pharmaceutical / FDA (21 CFR Part 11)
-
Massachusetts State Data Security Privacy
Regulations (201 CMR 17)
|
|
Information Security Officer
(ISO) Services |
-
Design and build a Information
Security Program
-
Design and Implement Information
Security Policy
-
Create Information Security
Standards and Guidelines
-
Information Security Awareness
Training
-
Regulatory Compliance Enforcement
-
Incident Response Planning and
Coordination
-
Risk Assessment and Incident
Prevention
-
Disaster Recovery Process
planning and implementation
|
|