Cyber Risk Management

Keya engineers develop NIST and DoD compliant cybersecurity risk management programs by delivering repeatable and sustainable methods for identifying, assessing, remediating, mitigating, and reporting risks to stakeholders. We support our Federal Government customers with four essential cybersecurity risk management services:

  • Governance Services. Governance serves as the foundation for an effective cybersecurity program by outlining the structure, authority, and processes needed to execute an agency’s cybersecurity program. Keya personnel provide support to cybersecurity program definition by building effective governance strategies by first establishing clearly defined responsibility, authority, and accountability. Our approach leverages a holistic understanding of the interrelationships between culture, people, work processes, and technologies within an organization to develop a governance posture focused on mission accomplishment within a highly secure IT operating environment
  • Policy Management. Cybersecurity policies define risk tolerance to ensure compliance with regulations, guidance, and best practices and the establishment of accountability for the performance of the cybersecurity responsibilities. Keya’s approach is grounded in highly focused policies that are essential and achievable within the customers’ IT environment through all phases of the cybersecurity lifecycle, including a security policy gap analysis, security policy development, implementation and maintenance. We focus on transitioning to new policies by recognizing that publishing a document does little to change a corporate culture. New policies must be accomplished by training, staff orientation, exercises, and a strong management commitment.
  • Vulnerability Assessment. Vulnerability assessments systematically identify points of exposure to reduce the risk of cyber-attacks. Keya uses a combination of automated and manual testing to identify critical flaws in an IT network that are vulnerable to attack. Our testing may include firewalls, routers, web servers, email systems, web servers, Virtual Private Network systems, and other devices and systems.
  • Penetration Testing. Keya’s Penetration Testing (Pen Test) services help agencies test their network security defences and comply with government and industry regulations. Our Pen Test evaluates a network’s security defences and identifies the steps needed to be taken to achieve compliant with federal security directives. As a result of our Pen Test, agencies receive a list of identified vulnerabilities ranked by risk and actionable recommendations for remediation.