My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
4.10 SR 11-06-2023
ElkRiver
>
City Government
>
City Council
>
Council Agenda Packets
>
2021 - 2030
>
2023
>
11-06-2023
>
4.10 SR 11-06-2023
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/3/2023 10:29:45 AM
Creation date
11/3/2023 8:34:14 AM
Metadata
Fields
Template:
City Government
type
SR
date
11/6/2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
22
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
City of Elk River <br />L3 Assessment with Roadmap <br />The four phases of a S20rgOO assessment are: <br />• Phase 1: Administrative Controls — The "people" part of security, including risk <br />management, security governance, policies, standards, training and employee awareness. <br />• Phase 2: Physical Controls — Physical controls are an essential and often overlooked part <br />of your security strategy. How much does your anti-virus protection mean to you if <br />someone steals your server? <br />• Phase 3: Technical Controls (Internal) — We ai�ectionately call this "the gooey center". <br />Most organizations do a pretty good job at securing the technical perimeter (firewalls, <br />intrusion detection, etc.), but sometime neglect the controls that are essential for an <br />effective defense-in-depth strategy. <br />• Phase 4: Technical Controls (External) — This category covers how effective your <br />organization is at securing the perimeter of your netwark. <br />The S20rgTM process and simple and efficient. We understand that our clients have other wark to do, so the process needs to be focused and time- <br />sensitive. Each phase of the S20rgOO assessment is slightly different in the manner that information is gathered and assessed. <br />Phase 1— Administrative Security Controls Assessment <br />Administrative Controls form the framewark far managing an etfective security program and they are <br />sometimes referred to as the "human" part of information security. Administrative Controls inform <br />people on how organizational leadership expects day-to-day operations to be conducted and they <br />provide guidance on what <br />actions or activities warkforce members are expected to perform. Common Administrative Controls <br />include policies, awareness training, guidelines, standards, and procedures. <br />Administrative Controls are derived ti�om the NIST Cybersecurity Framewark (CSF), ISO/IEC <br />27001:2013, NIST SP 800-53, and the CIS Critical Security Controls for reference, comparison, gap <br />analysis, and risk rating. <br />Where there are applicable gaps, the following metrics are applied using the S20rgOO proprietary <br />algorithm: <br />• Information Security Maturity ("ISM") - a measure of control quality and maturity, <br />• Likelihood of an adverse event or realized threat, and the potential lmpact suffered by the <br />organization; resulting in a Risk Rating. <br />CONFIDENTIAL INFORMATION <br />.. <br />Tltis document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, dis[ribution or copying of this document or the information herein is prohibi[ed <br />without prior permission of FRSecure. <br />Copyright 2022 FRSecure LLC, All Ri@iu`� ResPrv¢d. Document ID: FRSQ 5515 <br />
The URL can be used to link to this page
Your browser does not support the video tag.