NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
October 5, 2018

Meet Knox: NuHarbor Security’s Certification Program

Jeffrey Bamberger Jeffrey Bamberger

If you are an information security executive, then at some point during your tenure you will likely have to demonstrate to another company, vendor, or 3rd-party the strength of your Information Security Program. Many organizations, especially vendors who provide a service to another company, choose to conduct a SOC2 assessment to demonstrate the operating effectiveness of their controls. SOC2 reports, as well as control assessments based on frameworks such as NIST 800-53, may provide value to your organization and may allow you to check a box next to a compliance requirement.

While the entities that helped to craft these frameworks may be control experts, they may not possess the breadth or depth of knowledge that a Cybersecurity firm like NuHarbor has. Because of that, we’d like you to meet Knox, the new information security certification program from NuHarbor Security.

What is different about Knox?

Here at NuHarbor we like to do things differently, not just for the sake of being different but because we always want to be operating with the best interests of our diversified clientele in mind. Not every organization is the same. As a result, assessments such as SOC2 often have multiple controls/requirements that do not add business or security value for your organization. To prevent this inefficiency in the certification process, the Knox security certification criteria has been tailored from the ground up based on cybersecurity best practices. This allows it to serve both as a way for you to demonstrate security prowess and to gain comfort that your security hygiene is where you want it to be.

NuHarbor Security Knox Certification

With scalability and flexibility in mind, we crafted Knox with a tiered approach. This allows you to implement changes to your security control suite at a pace appropriate for your organization. You do not have to rush right to the goal line and work to achieve the highest tier of Knox certification. For many organizations, a lower tier may be an easier lift and better fit for a variety of reasons (e.g. type of industry, organizational size/maturity, legacy culture, etc.). As your security program matures, you can then evolve your security footprint to achieve a higher level of certification.

Knox Mechanics

While we have chosen to build flexibility into the certification program, there are some logistics that are not choices and cannot be changed. This is important to maintain the value and viability of a Knox certification. The intent of our program is to facilitate demonstrating the continued operating effectiveness of your information security controls throughout the year. Knox is not intended to be a one-and-done assessment. To that end, annual reassessments are required to maintain your certification. This helps to ensure that as new threats emerge, and your environment changes, the certification process accounts for that change.

Deficiencies

During a Knox certification assessment, we may identify deficiencies in your control environment. Any deficiencies must be remediated within 30 days. Some deficiencies may require a technical solution that would need significantly more than 30 days to implement and operationalize. In these situations, a re-assessment may be required to allow for proper focus on the elements of the environment that have changed.

Knox Certification vs. Readiness Assessment

One question you may have with respect to your organization is if you are ready for a full certification at this time. In situations like these, you can choose to have NuHarbor perform a Knox readiness assessment. A readiness assessment can be viewed as a dress rehearsal or dry-run. NuHarbor will partner with your organization to review the certification requirements in detail and provide feedback on which Knox criteria may require remediation. The readiness assessment will allow your security team to get a feel for what NuHarbor’s expectations are for each Knox criteria for your chosen certification level.

Unless your organization has a mature cybersecurity program and has been regularly assessed by a 3rd-party, a readiness assessment is always our recommended starting point.

Knox Certification sounds like a lot of work. Will it be overwhelming?

As your trusted cybersecurity advisors, we will always be open and honest with you. Yes, the process for achieving your chosen level of Knox certification will be a lot of work. It will require a significant level of management commitment in planning for and executing the certification process, and remediation of any identified control weaknesses. However, we strongly believe that with the right level of effort, Knox certification will be achievable and add real business value to your organization.

If you would like to learn more about NuHarbor’s Knox Security Certification program, please visit: https://nuharborsecurity.com/security-certifications, or feel free to reach out!

 

Included Topics

  • Compliance,
  • Security Operations
Jeffrey Bamberger
Jeffrey Bamberger

Jeffrey Bamberger is the Principal Advisor for Information Assurance at NuHarbor Security. Jeff brings over 30 years in cybersecurity and information technology experience, focusing on consulting, risk management, compliance, and audit. Jeff's broad consulting experiences include cyber risk/threat management and assessment, information security control assessments, payment card industry (PCI) compliance, social engineering and physical security, privacy, vendor management, and Sarbanes-Oxley compliance. A graduate of the F.W. Olin Graduate School of Business at Babson College, he holds a Master of Business Administration degree. Jeff also has a Bachelor of Arts in Computer Science and Religion from Colgate University. He is a current member of the New England Chapter of the Information Systems Audit and Control Association and holds both a CISA and CISM certification.

Related Posts

Compliance 3 min read
Organizational structure's impact on information security Read More
Advisory and Planning 5 min read
Your Guide to Building a Cyber Resilience Strategy
Read More
2 min read
When It’s Time to Change, You’ve Got to Rearrange: A Guide to Navigating Change in Cybersecurity
Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.