Experienced in all aspects of information security, K2Share security professionals have a proven, first-rate track record in providing a full range of information security solutions securing federal and state government agencies, academic institutions, and private sector organizations of all sizes.
K2Share’s "Make a Difference" philosophy drives our people and our solutions. We build long-term relationships by working alongside our clients to ensure security is included throughout the entire system lifecycle. Utilizing our K2Shield™ process, a proven methodology designed by our security experts, K2Share provides you with a cost-effective, information-assurance solution that adheres to regulatory and industry standards.
Certification & Accreditation Services
K2Share’s security professionals have extensive knowledge and experience with preparing certification and accreditation (C&A) packages for federal systems in accordance with the requirements of the Federal Information Security Management Act of 2002 (FISMA). Our K2Shield process supports the NIST 800-37, the proposed NIST 800-37, Rev. 1, and DIACAP processes and requirements. It utilizes repeatable and efficient techniques that allow us to obtain an Authorization to Operate (ATO) for your major applications and/or general support systems in a short period of time. Once accredited, K2Share Information Systems Security Officers (ISSOs) work for you, ensuring your systems meet on-going FISMA requirements and maintain their ATO.
Compliance Audits & Security Policy Development
Effective security policies and procedures are crucial to the protection of your information systems and data. Whether documented or informally practiced, K2Share’s security experts can analyze your policies and practices for compliance with the legal and regulatory requirements of FISMA, TAC §202, GLBA, and HIPAA. We also evaluate your policies and practices against industry best practices (e.g. ISO 17799, CoBIT, and NIST). Our thorough review results in recommendations and actionable items for enhancing your protection against internal and external threats, mitigating risks, and ultimately improving your information security posture.
Penetration Testing & Vulnerability Assessments
Utilizing comprehensive and cutting-edge technology security assessment techniques is part of our K2Shield process. The result is identification of the vulnerabilities, threats, and risks in your information technology (IT) environment at all levels, including the physical, logical, and personnel components of your information systems. The identified risks are prioritized and specific recommendations are then provided to help you build a strategic road map to meet your risk mitigation goals. K2Share’s testing and technology security services include:
IT Security Vulnerability Assessment
IT Security Penetration Analysis
IT Security Response Testing
IT Security Training Evaluation
Information Security Awareness & Training
K2Share’s training heritage, combined with our security expertise, allows you to obtain comprehensive, tailored training solutions for your organization. From security awareness to advanced security techniques, we use instructor-led training (ILT) and web-based training (WBT) to provide a complete training solution. Our instructors are certified security professionals, and some perform as SANS mentors. One of the largest areas of security weakness involves the human element, but our IT security training services can make your employees a security asset.
Security Architecture Review & Design
In order to protect information assets, there must be an effective and efficient security infrastructure in place. Drawing from our extensive experience with security controls, K2Share performs a detailed analysis of your existing technical architecture, as compared to your organization’s goals, industry best practices, and regulatory requirements. The resulting detailed assessment report identifies weaknesses and provides prioritized, risk-based mitigation recommendations.
Experience You Can Trust
K2Share security professionals have vast experience in the federal, financial, and higher education markets, and maintain numerous security industry professional certifications
(e.g. CISSP, CISA, GSEC, GCIH, and GSLC). Additionally, our experienced staff currently
performs the duties of an ISSO for multiple systems owned by the Department of Homeland Security Federal Emergency Management Agency (FEMA).