Vulnerability and Threat Intelligence

Specific activities include the following:

Internal Penetration Tests

Kuma will conduct semi-annual internal penetration testing that simulates an attacker on the internal network, such as an insider threat or a compromised end-user system, that will actively exploit vulnerabilities and leverage configuration deficiencies to provide a tangible demonstration of the associated business impacts in clear, repeatable steps.  Reports will be provided for the purpose of supporting certification activities.

External Penetration Tests

Kuma will conduct semi-annual external penetration testing that goes beyond standard host, service, and vulnerability discovery to uncover the vulnerabilities present in perimeter systems. Discover obscure web application vulnerabilities and identify potentially damaging publicly-available information via Open Source Intelligence Gathering (OSINT). Reports will be provided for the purpose of supporting certification activities.

Wireless Security

Kuma will conduct wireless security assessments that consist of mapping the organization’s wireless footprint, analyzing authentication and encryption configurations, and evaluating the security mechanisms that secure the wireless environment. Reports will be provided in a format consumable for the purpose of supporting certification activities.

Logging and Monitoring

Logging on critical systems, applications and services will provide key information and potential indicators of compromise. Although logging information may not be viewed on a daily basis, it is critical to have from a forensics standpoint.

Vulnerability Scanning

Kuma will oversee the automated quarterly vulnerability scanning of environments for known known vulnerabilities along with recommended fixes. The scans will assess the discovered ports and protocols for known vulnerabilities, missing patches, out-of-date operating systems, exposures to the internet and against a library of over 50,000 vulnerabilities.  Reports will be provided for the purpose of supporting certification activities.

Disaster Recovery & Incident Response Management Program

Organizations need to be prepared to actively reduce their operational risk and respond in times of disaster, incident and/or breach. Kuma works in partnership with organizations to maintain strong security and privacy policies, institutionalize the role of the incident response team and maintain relevant and actionable disaster recovery and incident response plans. Specific activities include the following:

Disaster Recovery & Incident Response Plan Review and Enrichment

Kuma will review and enrich existing Disaster Recovery and Incident Response Plans on at least an annual basis.  As significant changes or modifications are made to the organization’s systems and/or environments, Kuma will revise the Disaster Recovery and Incident Response Plans accordingly. Associated and/or relevant runbooks and checklists will be provided to augment the plans.  Results observed and noted from the annual exercises will inform the annual revision of the Plans.

Exercises

Kuma will facilitate, oversee and/or record the execution of an annual Disaster Recovery Drill.  The drill-scenario will be agreed upon by Kuma and the organization.  Kuma will provide a Disaster Recovery Drill Summary Report at the close of the exercise.

Kuma will facilitate and oversee the exercise of an annual Incident Response Tabletop Exercise. The Incident Response Tabletop scenario(s) will be agreed upon by Kuma and organization.  Kuma will provide materials necessary to support the exercise. Kuma will provide an Incident Response Tabletop Summary Report at the close of the exercise.