Effective Solutions Through Partnership

Category Archives: Cyber Security

Equifax Data Breach: Next Steps

Cyber Security, Information Security, Information Security Management System (ISMS), Information Technology, ISO27001, KAI Partners, Ransomware, Sacramento, Small Business, Startup Company, Technology

As you may have heard, there has been a major breach of data at credit bureau Equifax.

It’s now more important than ever to protect yourself. To check whether you were affected by this data breach, visit: https://www.equifaxsecurity2017.com/potential-impact/. It’s quick and easy—it took our staff less than a minute to check their status.

If you were compromised, check out this article on ways you can protect yourself:
http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html?iid=EL

Remember, KAI Partners can help your organization assess its security protection through our small business information security risk assessments and Information Security Management System frameworks.

KAI Partners is Hiring!

Agile, Business Analysis, Certified ScrumMaster (CSM), Communications, Cyber Security, Hiring, Human Resources, Information Security, Information Technology, Issues and Risks, KAI Partners, Onboarding, Organizational Change Management (OCM), Project Management, Risk Assessment, Sacramento, Small Business, Technology, Training

KAI Partners is thrilled to announce we are once again expanding our stellar team! Interested in joining our growing company? Take a look at the following positions for which we are currently hiring!

Business Analyst
The seasoned, motivated, and client-focused Business Analyst should be a highly organized, self-directed, and engaged individual. The Business Analyst will be responsible for a diverse set of responsibilities including, but not limited to:

  • Requirement elicitation and facilitation
  • Business process improvement
  • Business process and narrative modeling
  • User testing
  • Training
  • Organizational change management and communication
  • Process standardization and improvement for ongoing operations

We are looking for four (4) Business Analysts who are enthusiastic problem-solvers who thrive on aligning the client’s business needs with technology solutions. Click here for more information or to apply for one of our on-site, Sacramento-based Business Analyst roles.

IT Audit Consultant
The seasoned, motivated, and client-focused contract IT Audit Consultant will engage with a number of stakeholders in client IT support infrastructures to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet key control requirements for clients, and will mitigate significant risks that clients deem appropriate. To be successful, the IT Audit Consultant should be a dedicated professional who possesses the analytical, feasibility, relationship, and executive IT audit skills needed to identify and test risk and control management strategies to meet various client requirements, along with compliance and regulatory requirements. The IT Audit Consultant will be responsible for providing IT risk management advice and control solution alternatives as the client needs.

The IT Audit Consultant can be based from anywhere in the U.S., but must have a valid U.S. passport and the ability to travel. Click here or for more information or to apply for the IT Audit Consultant role.

IV&V (Independent Verification & Validation) Consultant
The experienced, motivated, and flexible IV&V Consultant will be an enthusiastic problem-solver who thrives in a fast-paced environment. The IV&V Consultant will be responsible for performing IV&V assessments including, but not limited to:

  • Quality Management
  • Training
  • Requirements Management
  • Operating Environment
  • Development Environment
  • Software Development
  • Systems and Acceptance Testing
  • Data Management
  • Operation Oversight
  • Assessing Program risks

Click here for more information or to apply for the on-site, Sacramento-based IV&V Consultant role.

Scrum Master
The Scrum Master should have experience setting up teams for successful delivery by removing obstacles, constantly helping the team to become more self-organizing, and enabling the work the team does rather than imposing how the work is done. The Scrum Master will manage one or more agile projects, typically to deliver a specific product or transformation via a multi-disciplinary, high-skilled digital team. Adept at delivering complex digital projects, breaking down barriers to the team, and both planning at a higher level and getting into the detail to make things happen when needed, the Scrum Master will define project needs and feed the needs into the portfolio/program process to enable resources to be appropriately allocated.

Click here for more information or to apply for the on-site, Sacramento-based Scrum Master role.

Senior Technical Lead

The experienced, motivated, and flexible Senior Technical Lead should be an enthusiastic problem-solver who thrives on aligning business needs with the technology solutions. The Senior Technical Lead will work with a team of people to deliver the following tasks:

  • Task Accomplishment Plan (TAP)
  • TAP updates
  • Monthly written status reports
  • Requirements Management Plan
  • Project Schedule
  • Weekly Project Schedule Updates
  • Conduct JAD sessions
  • Code Assessment
  • Documentation Review and Assessment
  • Process Analysis
  • Data Analysis
  • Validate Requirements
  • Business Rules Extraction and Analysis
  • Knowledge Transfer

Click here for more information or to apply for the on-site, Sacramento-based Senior Technical Lead role.

Systems Analyst

The experienced, motivated, and flexible Systems Analyst should be an enthusiastic problem-solver who thrives in a fast-paced environment and has SharePoint experience. Some responsibilities of the Systems Analyst include, but are not limited to:

  • Determining operational objectives by studying business functions; gathering information; evaluating output requirements and formats
  • Designing new computer programs by analyzing requirements; constructing workflow charts and diagrams; studying system capabilities; writing specifications
  • Improves systems by studying current practices; designing modifications.
  • Recommending controls by identifying problems; writing improved procedures
  • Defining project requirements by identifying project milestones, phases, and elements; forming project team; establishing project budget
  • Monitoring project progress by tracking activity; resolving problems; publishing progress reports; recommending actions

Click here for more information or to apply for the on-site, Sacramento-based Systems Analyst role.

Technical Lead

The experienced, motivated, and flexible Technical Lead should be an enthusiastic problem-solver who thrives on aligning business needs with the technology solutions. The Technical Lead will work with a team of people to deliver the following tasks:

  • Task Accomplishment Plan (TAP)
  • TAP updates
  • Monthly written status reports
  • Requirements Management Plan
  • Project Schedule
  • Weekly Project Schedule Updates
  • Conduct JAD sessions
  • Code Assessment
  • Documentation Review and Assessment
  • Process Analysis
  • Data Analysis
  • Validate Requirements
  • Business Rules Extraction and Analysis
  • Knowledge Transfer

We are looking for three (3) Technical Leads. Click here for more information or to apply for one of our on-site, Sacramento-based Technical Lead roles.

We look forward to receiving your application today!

3 Top Cyber Security Infographics

Best Practices, Cyber Security, Infographic, Information Security, Information Security Management System (ISMS), Information Technology, National Cyber Security Awareness Month, Ransomware, Risk Assessment, Small Business, Technology

October is National Cyber Security Awareness Month! While we think cyber security should be at the forefront of everyone’s minds every day, we are glad to see a month dedicated to all things security. To help you be aware of the best insight and advice on this subject, we’ve rounded up some great infographics from around the Internet to share with you today. Take a look at these infographics to make sure you are applying the most up-to-date best practices to protect you and your business.

Remember, KAI Partners can help you to identify gaps in your security efforts. Email us at info@kaipartners.com to address and help minimize your cyber security risks.

Via Stay Safe Online (National Cyber Security Alliance)

 

Via Digital Guardian

 

Via Trend Micro

Ransomware Rescue Plan [INFOGRAPHIC]

Best Practices, Cyber Security, Infographic, Information Security, Information Technology, Ransomware, Technology

A few weeks ago we shared some news and tips on protecting yourself and your business against ransomware. We also wanted to share this infographic from Trend Micro, which breaks down ransomware–its history, how it works, and how to protect against it–in an easily-digestible way.

Via: Trend Micro

How to Help Protect your Business Against Ransomware

Best Practices, Cyber Security, Information Security, Information Technology, Ransomware, Technology

Ransomware

By Julie Kendall

We’ve all heard the term ransomware, but what exactly is it and how can it effect your business? ransomware is malware that will lock up your system, often encrypt your files, and demand payment either in bitcoins or other currencies to get the encryption key to unlock those files.

Scary, right? So, how does ransomware get onto your system and, more importantly, how can you protect your business from this damaging piece of malware?

Our friends at Trend Micro recently published a comprehensive article on ransomware, going over its history, as well as steps you can take to defend your system against ransomware. According to Trend Micro, “Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware. Some ransomware are known to be delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems.”

If your business is not adequately protected, your data is at risk of falling prey to this type of attack on your corporate workstation. The sophistication of this type of malware—which was first seen in Russia in 2005 and had spread to North America by 2012—continues to evolve. According to Trend Micro, “The latest developments show how threat actors are experimenting with new features, such as offering alternative payment platforms to make ransom payments easier … or developing methods that can help spread and infect more systems faster.”

While there is no one panacea to prevent ransomware from attacking your environment, a multi-layered approach that prevents it from attacking your network and systems will help minimize the risk.

Trend Micro provides some ransomware defense mechanisms to consider, all of which are worth your time to review. Among solutions discussed are mail and web gateway solutions, as well as cloud-based hosted email security. Of course, the basics will always serve you well. As recommended by Trend Micro:

  • Avoid opening unverified emails or clicking links embedded in them
  • Back up important files using the 3-2-1 rule—create 3 backup copies on 2 different media with 1 backup in a separate location
  • Regularly update software, programs, and applications to protect against the latest vulnerabilities

These are just a few highlights from the article—we encourage you to take a look to find out more about ransomware and ways to keep your system safe.

Remember, KAI Partners works with organizations to help identify gaps in security efforts and look at what steps you should consider implementing to ensure safety. Contact KAI Partners at info@kaipartners.com to help you address these risks and train your staff to minimize your information security risks.

 About the Author: Co-owner of KAI Partners, Inc., Julie Kendall is an IT Audit Manager with over 40 years’ experience working in project management, IT risk analysis, IT audit testing, Sarbanes-Oxley IT control testing, SAS 70 vendor reviews, and IT audit/control teaching. Julie’s work has focused on IT audit department development consulting, IT risk analysis, IT infrastructure support and application audits, vendor information security testing, IT control identification, IT SOX and ISO 27001 Information Security control compliance consulting/testing, and IT audit software development consulting/project management. Julie has provided training consultation for CISA exam reviews related to IT auditors and management training on a variety of technology controls based on different information security standards, including COSO, SOX, PCI-DCSS, HIPAA, and ISO27001. Her primary focus in the last 10 years has been with the financial services industries, high technology manufacturing, state governments, and digital content production companies.

next page »