We Offer Safe, Reliable Options to an Uncertain World

Kuma leverages their deep experience and knowledge to provide a complete suite of solutions to meet your distinct needs.

Our non-invasive, light touch approach to every client engagement is always grounded in the latest governmental security and privacy standards of our client’s jurisdiction and privacy and security best practices. Kuma’s staff supports organizational navigation of complex business drivers, technology controls and policy implementations to produce outcomes that matter. We enable you to make risk-informed decisions while simultaneously maturing your organizational security and privacy position.

Strategy and Program Development

Strategy and Program Development

An Important First Step in Transitioning Your Organization to a World Class Privacy and Security Model

Kuma has the credentials and expertise to help you develop a best of breed privacy and security program and make a deliberate commitment to security and privacy excellence.

Program Development and Project Management

The starting point of your privacy and security framework is a strong program and project management plan. Kuma deploys a selection of proposals to ensure all necessary components of your plan is soundly in place including:

  • A written assessment of findings and results of current security and privacy practices within the Agency. We will assess the Agency’s practices across five dimensions of security and privacy, including Governance, Policy, Training and Awareness, Data Classification and IT Assets, Data Breach Preparedness. We utilize the Assessment Metrics of Maturity, Saturation and Performance.

  • Actionable recommendations on governance structure, policies and practices, staffing, training and awareness, incident response, and performance metrics. We provide and implement an easy-to-follow action plan to implement our Security and Privacy Program incorporating the following focus areas: Governance, Workforce Structure, Training Plan, Communications Plan, Framework Development, Compliance.

  • A written assessment of findings and results of current security and privacy practices. The assessment may encompass evaluation of the organization’s strengths, weaknesses, opportunities and threats (SWOT) for privacy policies and practices within your organization.

  • A written report of recommendations to develop or evolve your organization’s security and privacy position is also provided and may include various features of the Privacy Program including the governance structure, policies and practices, staffing approach, ways to manage legal regulations and contractual obligations, training and awareness program recommendations, incident response plans, and proposed performance management of a privacy program.

  • A robust communications plan for internal and external stakeholders to communicate and enhance the efficiency of the new security and privacy program.

Go To Market Strategy

Kuma works with organizations around the world to develop strategies for how to uniquely position their business and services for maximum financial and operational impact.

  • Kuma’s experience across multiple sectors and relationships with global stakeholders enables our team to build successful deployment models and business cases.

  • We also develop a comprehensive communication strategy with your stakeholders to ensure timely and ongoing communications and maximize your impact in the marketplace.

  • Kuma has vast experience in developing and implementing solutions that have an immediate impact to an organization’s bottom-line, their stakeholders, and the broader ecosystem and marketplace.

Privacy, Security and Identity

Privacy, Security and Identity

Better Decisions Means Better Outcomes 

Kuma will work with you to conduct privacy risk assessments for your organization, programs, and technological solutions and provide insight into privacy implications for individuals and the organization, offering the opportunity to make risk-informed decisions.

Privacy Risk Management

The Kuma approach to privacy risk management includes targeted interviews and technical requirements review sessions with system architects, developers, and operators to identify architecture risk to user and systems, which affords the opportunity to embed privacy throughout the design of the system and user interfaces.

  • We conduct risk assessments with careful review of sequence diagrams, data mapping, privacy operational life cycles to identify privacy implications throughout system interfaces, user interfaces and back-end exchanges and processing of information.

  • We focus on identifying relevant business and legal frameworks as foundational to privacy assessment, conducting stakeholder and questionnaire reviews to identify data mapping and data life cycle journeys including the customer experience, and analyzing privacy risk in an objective and actionable manner. This approach yields a catalog of potential mitigating controls presented in a concise, approachable manner for business owner consideration and application. Kuma may incorporate the processes from the NISTIR 8062 Privacy Risk Assessment Methodology to yield a more comprehensive and delineated evaluation of risk.

  • A privacy risk assessment may be developed from an initial set of privacy references, such as the FIPPs and the Consumer Privacy Bill of Rights (CPBR), privacy and civil liberties risks, numerous discussions, and the deliberations from the privacy experts on the team. The framework identified will enable the assessment of privacy risk to the system, to organizational participants, and to users across the entire data life cycle (collection, handling, processing, storing, transfer, storage).

  • We will further assess relevant state and federal legislation and industry standards where applicable, including records and information management requirements and schedules. The framework will couple the organizational privacy governance goals with privacy-related obligations, principles, and business objectives for the programs or systems.

Privacy Engineering

Kuma provides world-class and progressive privacy engineering activities designed to mitigate and remediate implicated privacy risk to the organization and to individuals. Based on analysis and subsequent engineering-based activities within systems, our recommended solutions address both the policy and the technological stacks within the organization.

Watch video

  • Our privacy engineering service may include translation of applicable business requirements into both the policy and technological stacks. This supports the technical implementation of policies and procedures to comply with privacy frameworks, principles, standards and requirements.  Additional activities may include:

    • Close advisement of Engineers/Operations Development/Security Architect to oversee implementation of privacy controls in the technology stacks and systems.
    • Oversight of implementation of systems and procedures to meet Regulatory Compliance standards by the actual configurations and usage of the systems; and
    • Participation in corporate and business unit meetings to execute organizational privacy functions in alignment with budget and resource allocation.
    • Analysis of risks associated with the individual data actions, potential privacy risks, and a catalog of risk management strategies and controls.
    • Review of consent mechanisms, audit of user-control mechanisms, and audit of the transfer of user claims and preferences in the systems.
  • The Privacy Engineer may act as a Privacy Subject Matter Expert (“SME”) to be available to provide direct content and contributions to the functional areas of Privacy Program development and implementation, including being available for questions, meetings, programmatic decisions and privacy aspects of the organization corporate and systems.

Remote CPO and CISO Services

We provide executive-level services in roles such as Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO). Kuma will serve as a virtual CISO or CPO, providing support and overarching guidance of information security and privacy program governance and risk management efforts. The CISO and CPO will oversee ongoing activities related to the development, implementation, maintenance and compliance with your Information Security and Privacy Program.

  • The Chief Information Security Officer (CISO) will oversee strategic information security operations for the protection of the confidentiality, integrity, and availability specifically for your infrastructure, systems, and data. The CISO will partner with relevant stakeholders to conduct risk assessments of potential collaborators and coordinate contractual negotiations with legal counsel based on risk identification. The CISO will oversee and audit the administration, implementation, and maintenance of tactical and organizational security operations, in accordance with state and federal regulations and industry specifications and best practices, when applicable. The CISO will review activities through a lens of compliance with internal and external data and information security policies and regulatory frameworks.

  • The Chief Privacy Officer (CPO) will oversee strategic information and privacy-related operations for the protection of the privacy-lifecycle of your data and information. The CPO will oversee the strategic development and implementation of the Privacy Program for the security of your mission, organization, systems, and data. This resource can provide a prompt response for privacy matters on a full array of the privacy profile, participate with daily operational meetings and meet with agencies and departments. Strategically, the CPO promotes a sense of community and continuity in operations, and promotes a positive culture and focused, collective path toward achieving and protecting the vision and mission of organization.

Cybersecurity and Information Security Management

Kuma believes in a broad perspective on cybersecurity including security assurance, risk management, identity assurance, vulnerability scoring, and assessment.

  • We can support organizations implementing imperatives from the Commission on Enhancing National Cybersecurity final report (12/2016) recommending organizations: protect information infrastructure, invest wisely in future security capabilities, prepare consumers for the digital age, build cybersecurity workforce capabilities, assist governments in functioning securely and effectively while ensuring open, fair and competitive digital economy.

  • We can guide you in high level activities such as the implementation of information security management systems and risk management frameworks, security planning and management; or lead you through the more technical aspects of your business such as assisting with system asset identification, disaster recovery and contingency planning, incident response planning, and support managing awaren

Identity Management

Kuma’s resources come from a strong background in identity management within the federal government and commercial sectors.

  • Our experience ranges from solution development, trust framework development, and identity solution implementations ranging from registration, authentication, authorization, and attributes.

  • We work with your organization to develop and implement identity solutions, as well as provide objective guidance on which identity solutions best fit your mission.

Incident Response Management

Incident Response Management

Don’t Wait Until Data Gets into the Wrong Hands to Act

Kuma offers unparalleled expertise to guide an organization through a methodical organizational plan for the prevention of, planning for, and readiness to react to an unauthorized acquisition of data that compromises the security, confidentiality or integrity of personal information collected, processed, stored, transferred or disposed of by the organization.

Vulnerability Management and Penetration Testing

An important piece of an organization’s computer and network security, vulnerability management examines security weaknesses that leave an organization vulnerable to attack such malware infections. Penetration testing goes into an organization’s systems by way of a simulated attack to evaluate weaknesses and strengths to its overall security, identifying areas of improvement.

Kuma works with experienced industry partners to perform the scans and tests and will work directly with you to formulate a remediation plan, if needed.

Incident Response Program Development

The Kuma team consists of expert support of incident response from both legal and operational facets of management.

  • Our lineup of experienced professionals include legal experts skilled at delivering incident management strategies for government agencies, as well as leaders experienced with guiding organizations through various incident scenarios, suspected and actual. We can support your development of the organizational Incident Response Policy, Procedures and runbooks, and conduct regular table-top exercises.

Training and Awareness

Training and Awareness

A Major Determinant of Success for Your Security and Privacy Program 

Developing a sound security and privacy program is a crucial step in establishing a culture of privacy and mitigating harmful and costly risks. Without company-wide training and awareness, you run the risk of low levels of stakeholder adoption and insufficient understanding of its importance.

Training Program Development

Kuma’s training and awareness program is focused on delivering program-wide and role-based training as well as table-top exercises and facilitated in-person training sessions for desired topics, as needed. We leverage a nationally recognized, web-based, training curriculum focused on security and privacy best practices, customized for your organization.

  • Kuma believes that strong and regular communication about your security and privacy program to the workforce is paramount to the realization of your training program goals. Kuma will facilitate robust communication cycles for evolving privacy training and awareness activities with key stakeholders.

  • Kuma’s communication plan addresses insider threat and legislative and regulatory requirements. Documentation will be provided to support the allocation of budget resources to the development and implementation of a training and awareness program for privacy.

  • Insider threat is one of the largest risks to an organization’s privacy. Workforce training and sound privacy practices offer a significant control to privacy risk. Absence of a robust training program that spans industry and sectors, and addresses data collection and handling and disposal procedures, increases the odds of internally-based incidents which, in turn, increases the liability to the organization upon incident realization.

Online, Web Based Training offerings

Kuma has access to a wide range of online, web-based training programs through partnerships with leading educational organizations in the marketplace.

  • We work with your organization to develop your training plan in alignment with your mission, stakeholders, and security and privacy objectives.

  • By partnering with leading training providers, we provide flexible and convenient access to training classes for both general awareness training or specific, role-based training.

Train the Trainer and In-class training

Kuma understands that sometimes there is a need to conduct training in-person, as well as focus on improving an organization’s training program by “training the trainers”.

  • We offer certified trainers for a range of security and privacy topics, customized to your needs.

Culture of privacy

Kuma works with organizations of all sizes around the world to address their security and privacy needs. Our team has experience delivering privacy and security services to Fortune 100 companies as well as federal, state and local governments.

What we have come to learn is that many small businesses need cost-effective ways to improve their security and privacy posture. Kuma, as a small business, understands the need to provide best of breed security and privacy services in a cost-effective manner to best address today’s small business needs.

To meet these needs, Kuma has developed a small business security and privacy program called the “Culture of Privacy”. This program will enable small businesses to market and differentiate their services from their competitors with a public facing “Culture of Privacy” Seal; as well as, have the peace of mind that they have world class consultants at their side.

Learn more