At KENEX, we orchestrate capabilities and resources needed to fulfill requirements of IT-related regulations, standards and programmes such as ISO 27001, SWIFT Compliance Programme (CSP), etc.
Since November 2020, KENEX has been listed by SWIFT in their site as one of the Cyber Security Consultants under the CSP. We have now been listed as one of the CSP assessment providers.
All financial institutions using the SWIFT platform are required by SWIFT to provide attestation to security guidelines set forth in the customer security controls framework (CSCF). All users must comply by end of December 2021 with CSCF guidelines. Starting from 2021, all users must utilize a 3rd party (independent) assessment.
Our association with SWIFT as a Service bureau for two decades confirms the quality of our services in the area of Financial Messaging , advising on information security and cybersecurity management systems. Our great experience in this field makes as eminently suitable to advise and train Banks on setting up and maintaining internal systems and conduct their own self-certification in line with the Client Security Program (CSP).
The assessment methods we use are (for both onsite and offsite inspection):
- Inquiries: interviewing relevant staff.
- Surveillance: direct observation of the existence of specific control measures.
- Inspection: obtaining evidence gathered by checking documents and records.
- Testing: practical verification of system security features and selective evidence collection.
Our Team is comprised of professionals from a diverse range of backgrounds, including experienced IT, operations, and CISA/ISO27001 consultants. The team uses below industry standards, in their consultancy and assessments;
- SWIFT Customer Security Controls Framework
- NIST Cybersecurity Framework
- ISO 27001 (2013)
- PCI DSS 3.2.1
KENEX Cyber Risk Assessment
In today’s world of rapidly growing cybersecurity, IT systems face inherent risks, no matter the size of the environment. These inherent risks must be detected and mitigated. However, the biggest challenge is knowing where to focus. This is where KENEX steps in to assist organizations in regards to Cybersecurity services Assessments.
Our assessments include validation of the three pillars of Information Security: Confidentiality, Integrity, and Availability. The output of this process is intended to provide management a roadmap of potential security gaps and detailed technical recommendations to apply additional controls to mitigate risks.
Our Techniques
KENEX is a PCI Qualified Security Assessor (QSA) and provides a wide range of Payment Card Industry Data Security Standard (PCI DSS) compliance validation services.
KENEX is an ISO/IEC 27001:2013 certified ICT company. We are also compliant to SIPSOF framework v_2021 which is in line with PCI DSS 3.2.1 and NIST Cyber Framework v1.1.
The Center for Internet Security (CIS) Controls are a recommended set of highly effective defensive actions for cyber defense that provide specific and actionable methods to prevent the most dangerous and pervasive cyber-attacks. KENEX uses current Version 8 (v8). To provide a prioritized path to help organizations improve their cybersecurity program.
Our Approach
Asset Identification
We assist organizations to classify assets into Hardware, Software, Data, processes inorder to empowers security team, as well as the overall business, with the visibility it needs to build a comprehensive security strategy
Threat Identification
Using latest Threat analysis techniques we assist organizations in the process of identification of potential sources of harm to the assets.
Vulnerability Identification
KENEX offers thorough services for Security Testing on all identified assets. This enables organisations to identify and understand weaknesses in their system, underlying infrastructure, support systems, etc
Risk Assessment
Managing risk is critical, and that process starts with a risk assessment. KENEX assists organizations to undertake risk assessment process that aligns with business goals and help to guide cost-effective measures to reduce risks.
Reporting
Executive Summary and Detailed Risk Assessment Report
