My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
4.10 SR 11-06-2023
ElkRiver
>
City Government
>
City Council
>
Council Agenda Packets
>
2021 - 2030
>
2023
>
11-06-2023
>
4.10 SR 11-06-2023
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/3/2023 10:29:45 AM
Creation date
11/3/2023 8:34:14 AM
Metadata
Fields
Template:
City Government
type
SR
date
11/6/2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
22
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
City of Elk River <br />L3 Assessment with Roadmap <br />Information Security Risk Assessment With S20rgOO And S2ScoreOO <br />The S2ScoreOO, available through the SecurityStudioOO software platform is the most objective and comprehensive measurement of information <br />security risk available in the market. It was designed by engineers at FRSecure, who average more than 15 years of information security experience, <br />with these specific objectives in mind: <br />• Serve as the foundational risk score and measurement. <br />• Based on risk. The most effective way to manage information security is based on risk, not on specific controls that may ar may not fit for <br />your organization. <br />• Easy to understand. Easy to understand and effective are not mutually exclusive. In fact, they usually go hand in hand. The most <br />effective information security programs are typically simple and effective. Complexity is often the enemy to good security. <br />• Comprehensive. Information security is not an IT issue; it is a business issue. <br />• Objective. Scaring is as objective as is possible given what we know about threats, vulnerabilities, exploits and risk in general. Each <br />assessed control is given a risk metric based on professional opinions, best practices, and real-life data. <br />• Clear and free from technical jargon. Terms like "NextGen", "Internet of Things" (IoT), "Advanced Persistent Threats" (APT), eta are <br />all avoided as much as possible. <br />• Industry accepted and credible. The assessment leverages and references current security framewarks and standards such as ISO/IEC <br />27001:2013 and the NIST Cybersecurity Framewark (CSF). This is very good news for organizations that have built their information <br />security programs per one or more of these framewarks and helps to lend to the credibility of the assessment. <br />• One-stop. The type of assessment that can be used to measure the ei�ectiveness of the security program, provide high-quality next steps <br />(or recommendations), demonstrate regulatory compliance (HIPAA, GLBA, and others), and allow for etfective cyber insurance <br />underwriting * <br />*NOTE: The S2ScoreOO is approved for cyber insurance underwriting submission through Node International and Lloyd's of London. <br />Check with your governing authority to ensure an "update" assessment is compliant before conducting this type of assessment. <br />* Updates must be performed within 12 months upon receipt of deliverables from the previous S20rg <br />* Major infrastructure changes, mergers/acquisitions or other fundamental changes to the environment will require a re-scoping of the project. <br />The S20rgU Assessment is built to be the definitive and best information security risk assessment methodology available with reporting designed to <br />be easy to manage and actionable. <br />Each phase, control category, control subcategory, and the overall S20rgOO assessment is calculated based upon <br />1. The size of the organization <br />2. The industry in which the organization operates <br />3. Historical threat and incident data obtained from a variety of source. <br />Scope <br />The intended scope far the S20rgOO is the entire organization. Information security is a very broad topic so to ensure a comprehensive assessment, <br />that is still easy to understand, the S20rgOO assessment is segmented into four (4) phases. <br />In-Person Assessment Remote Assessment <br />Assessor does an on-premise walkthrough of the facility. Assessor requests a look at key areas of the facility from staff over video <br />Review includes a facility walkthrough and the Assessor is able to conference. <br />validate controls such as: Review includes what client provides the assessor a view of. <br />* facility visitor process. Recommended for clients that have had an independent security review within <br />* clear desk/clear screen practices. the last 12 months. <br />* doors to sensitive areas are locked. No travel costs. <br />* other exceptions from policy. <br />Client covers assessar travel costs. <br />CONFIDENTIAL INFORMATION <br />Tltis document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, dis[ribution or copying of this document or the information herein is prohibi[ed <br />without prior permission of FRSecure. <br />Copyright 2022 FRSecure LLC, All Ri@iu`� ResPrv¢d. Document ID: FRSQ 5515 <br />
The URL can be used to link to this page
Your browser does not support the video tag.