We Offer Safe, Reliable Options to an Uncertain World

The Kuma approach to privacy risk management includes targeted interviews and technical requirements review sessions with system architects, developers, and operators to identify architecture risk to user and systems, which affords the opportunity to embed privacy throughout the design of the system and user interfaces.

More info

• We conduct risk assessments with careful review of sequence diagrams, data mapping, privacy operational life cycles to identify privacy implications throughout system interfaces, user interfaces and back-end exchanges and processing of information.

• We focus on identifying relevant business and legal frameworks as foundational to privacy assessment, conducting stakeholder and questionnaire reviews to identify data mapping and data life cycle journeys including the customer experience, and analyzing privacy risk in an objective and actionable manner. This approach yields a catalog of potential mitigating controls presented in a concise, approachable manner for business owner consideration and application. Kuma may incorporate the processes from the NISTIR 8062 Privacy Risk Assessment Methodology to yield a more comprehensive and delineated evaluation of risk.

• A privacy risk assessment may be developed from an initial set of privacy references, such as the FIPPs and the Consumer Privacy Bill of Rights (CPBR), privacy and civil liberties risks, numerous discussions, and the deliberations from the privacy experts on the team. The framework identified will enable the assessment of privacy risk to the system, to organizational participants, and to users across the entire data life cycle (collection, handling, processing, storing, transfer, storage).

• We will further assess relevant state and federal legislation and industry standards where applicable, including records and information management requirements and schedules. The framework will couple the organizational privacy governance goals with privacy-related obligations, principles, and business objectives for the programs or systems.

Kuma provides world-class and progressive privacy engineering activities designed to mitigate and remediate implicated privacy risk to the organization and to individuals. Based on analysis and subsequent engineering-based activities within systems, our recommended solutions address both the policy and the technological stacks within the organization.

Watch video More info

• Our privacy engineering service may include translation of applicable business requirements into both the policy and technological stacks. This supports the technical implementation of policies and procedures to comply with privacy frameworks, principles, standards and requirements.  Additional activities may include:

  • Close advisement of Engineers/Operations Development/Security Architect to oversee implementation of privacy controls in the technology stacks and systems.
  • Oversight of implementation of systems and procedures to meet Regulatory Compliance standards by the actual configurations and usage of the systems; and
  • Participation in corporate and business unit meetings to execute organizational privacy functions in alignment with budget and resource allocation.
  • Analysis of risks associated with the individual data actions, potential privacy risks, and a catalog of risk management strategies and controls.
  • Review of consent mechanisms, audit of user-control mechanisms, and audit of the transfer of user claims and preferences in the systems.

• The Privacy Engineer may act as a Privacy Subject Matter Expert (“SME”) to be available to provide direct content and contributions to the functional areas of Privacy Program development and implementation, including being available for questions, meetings, programmatic decisions and privacy aspects of the organization corporate and systems.

We provide executive-level services in roles such as Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). Kuma will serve as a virtual CISO or CPO, providing support and overarching guidance of information security and privacy program governance and risk management efforts. The CISO and CPO will oversee ongoing activities related to the development, implementation, maintenance and compliance with your Information Security and Privacy Program.

More info

• The Chief Information Security Officer (CISO) will oversee strategic information security operations for the protection of the confidentiality, integrity, and availability specifically for your infrastructure, systems, and data. The CISO will partner with relevant stakeholders to conduct risk assessments of potential collaborators and coordinate contractual negotiations with legal counsel based on risk identification. The CISO will oversee and audit the administration, implementation, and maintenance of tactical and organizational security operations, in accordance with state and federal regulations and industry specifications and best practices, when applicable. The CISO will review activities through a lens of compliance with internal and external data and information security policies and regulatory frameworks.

• The Chief Privacy Officer (CPO) will oversee strategic information and privacy-related operations for the protection of the privacy-lifecycle of your data and information. The CPO will oversee the strategic development and implementation of the Privacy Program for the security of your mission, organization, systems, and data. This resource can provide a prompt response for privacy matters on a full array of the privacy profile, participate with daily operational meetings and meet with agencies and departments. Strategically, the CPO promotes a sense of community and continuity in operations, and promotes a positive culture and focused, collective path toward achieving and protecting the vision and mission of organization.

Kuma believes in a broad perspective on cybersecurity including security assurance, risk management, identity assurance, vulnerability scoring, and assessment.

More info

• We can support organizations implementing imperatives from the Commission on Enhancing National Cybersecurity final report (12/2016) recommending organizations: protect information infrastructure, invest wisely in future security capabilities, prepare consumers for the digital age, build cybersecurity workforce capabilities, assist governments in functioning securely and effectively while ensuring open, fair and competitive digital economy.

• We can guide you in high level activities such as the implementation of information security management systems and risk management frameworks, security planning and management; or lead you through the more technical aspects of your business such as assisting with system asset identification, disaster recovery and contingency planning, incident response planning, and support managing awaren

Kuma’s resources come from a strong background in identity management within the federal government and commercial sectors.

More info

• Our experience ranges from solution development, trust framework development, and identity solution implementations ranging from registration, authentication, authorization, and attributes.

• We work with your organization to develop and implement identity solutions, as well as provide objective guidance on which identity solutions best fit your mission.

Whether you’re seeking privacy and security training for regulatory compliance or empowered education, it can be overwhelming to comb through all the available options to find Best in Class training that is relevant to the needs of your business and the issues of the moment. As experts in the industry, we understand that the workforce is trending remote, and training your teams to traverse the terrain of the digital space safely and skillfully is more important than ever. Times are different now, and our cutting-edge training is specifically designed to meet the unique challenges of today.

More info

• It’s critical that you have flexibility in how you receive training and, most importantly, that the training truly does improve your security and privacy knowledge in a lasting way. Our goal is to give you the understanding and aptitude to navigate the security and privacy landscape confidently as it evolves, and we’ll supply you with the tools you need to succeed: comprehensive training, crafted by experts, tailored precisely to your business needs.

• Beyond check-the-box Compliance Training, our training series will help you understand the WHY behind security and privacy measures, as you learn how to implement them through direct and uncomplicated instruction.

• Insider threat is one of the largest risks to an organization’s privacy. Workforce training and sound privacy practices offer a significant control to privacy risk. Absence of a robust training program that spans industry and sectors, and addresses data collection and handling and disposal procedures, increases the odds of internally-based incidents which, in turn, increases the liability to the organization upon incident realization.

Level up your understanding and preparedness with clear and concise lessons containing all the important information you need to know. Including quizzes to test your knowledge and certifications for successful completion, choose from options like HIPAA Basics, Social Media Safety, Privacy 101, Social Engineering, and Security Safeguarding.

More info

• We work with your organization to develop your training plan in alignment with your mission, stakeholders, and security and privacy objectives.

• Study at your own pace in less time: our trainings have fewer modules packed with more information than the average course.

• Gain clear understanding of the issues your company might face, and the knowledge and confidence to address them proactively and successfully.

• Track policy distribution and acknowledgments of receipt using optional LMS.

We understand that many of the offerings out there today just provide one-and-done training. We want you to improve your security and privacy posture long-term, and this means increasing and maintaining awareness in an ever-evolving landscape. Our awareness materials include attractive and uncomplicated one-pagers, tips and tricks to keep privacy and security top of mind, and weekly discussion prompts for your favorite online collaboration tool (Slack, Teams, etc), co-branded to your organization’s specifications.

Take your education to the next level with this interactive option, tailor-made to exemplify the risks in your industry. Play out true-to-life scenarios of privacy and security problems like incident response, business continuity, and disaster recovery, through lively tabletop simulations – honing your skills, processes, and procedures for addressing a breach.

We bring our expertise directly to you, going in-depth on the Privacy and Security topics of your choosing, while keeping it approachable. Our experts are fluent in all things tech – from geek speak to C-Suite – and we delight in fashioning content to resonate with all audiences within a business, highlighting the ways particular issues are applicable to a variety of concerns and goals. Contact us to explore Training options for your organization.