“Providing Services for Your Success”
KM Group, LLC is a WOSB/EDWOSB local professional services company based in southwestern Ohio. Providing services to B2B,
B2G, and B2C in 3 key areas of Business Development, Information Assurance, and Infrastructure. These services and support are
provided through consulting, professional services, on-site and remotely.
Security Audits and Assessments
KM Group, LLC after discussion with the customer, scopes
the requirements for the proposal for an audit or
assessment.
Terms that are commonly used interchangeably are
"security assessment" and "security audit". The way to
differentiate between these two terms is by asking these
two questions:
Do you have a security policy that you want to be tested
against? Do you have a compliance regulation (PCI,
SOX, HIPAA, etc.) or standard (ISO 17799, COBIT, etc.)
that you want to be tested against?
If the answer to either of these questions is "Yes", then it is
an audit. Another term for this is "gap analysis". If you are
testing against something such as a regulation, then it is an
audit. Review of a customer’s security posture is an
assessment. Depending on the level of work done
(granularity of security policy), they can appear to be the
same.
Upon completion of the audit or assessment, the Senior
Security Analyst will deliver a thorough report that will
outline the status of the assessed/audited systems that
contains the details of all actions performed and
information gathered, and an Action Plan to mitigate the
vulnerabilities found.
The report will be delivered as a formal presentation by a
KM Group, LLC Senior Security Analyst.
The goal of this presentation will be to provide customer
with a conclusive understanding of our processes,
procedures and the findings we made with respect to the
Security Assessment, and our recommendations to further
secure customer’s IT environment.
Industry Standards







Federal Information System Controls Audit
Manual (GAO/AIMD-12.19.6)
COBIT 4.1 (IT Governance Institute)
ITIL Information Technology Infrastructure
Library
SANS Institute Standard Audit Procedures
Center for Internet Security Benchmark Standards
NIST National Institute of Standards and
Technology
ISO 27000 Information Security
Certifications

(CISSP) Certified Information Systems Security Professional

(GSNA) Security Auditing

(GCIH) Security Incident Handling

(GPEN) Penetration Testing

(GCFA) IT Forensics
Professional Organizations





ISSA
ISACA
SANS
PMI
SEI
KM Group, LLC security professionals as a team, has been
working together for 5+ years providing professional security
audits/assessments, external penetration testing and risk
management services.
Go to:
http://km-groupllc.com/solutions/commercial-solutions for a
full list of solutions provided to clients.
Customer is provided all materials, including scan results
on CD and the contents are reviewed and discussed with
customer’s technical staff.
Kacey A King, CEO and General Manager
kacey@km-groupllc.com
Mark A Metzner, President and General Manager
mark@km-groupllc.com
KM Group, LLC, 10570 Springboro Pike, Miamisburg, OH 45342-4956 • Tel (937) 619-0137 • Fax (937) 885-5586