My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
4.10 SR 11-06-2023
ElkRiver
>
City Government
>
City Council
>
Council Agenda Packets
>
2021 - 2030
>
2023
>
11-06-2023
>
4.10 SR 11-06-2023
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/3/2023 10:29:45 AM
Creation date
11/3/2023 8:34:14 AM
Metadata
Fields
Template:
City Government
type
SR
date
11/6/2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
22
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
City of Elk River <br />L3 Assessment with Roadmap <br />S20rg� Roadmap <br />The primary purpose of the Security Program Roadmap is to empower you to be able to choose which tasks you want to take on and which tasks <br />you want to assign to ea� ternal resources, and provide a strategic Roadmap for completion of all tasks. All actions are measurable and easily <br />communicated. <br />�nternal <br />Risks <br />frl e�nt i�ed <br />� vC15� <br />� MSP <br />� �Ctwtsaurce Y <br />l J <br />5�uri#y <br />Rla �d�pl <br />Improvement comes through putting the recommendations from the assessment into practice by: <br />1. Making risk-based decisions about what to do with each recommendation. <br />2. Assigning responsibility for actions that must be taken. <br />3. Determiiung the priority for such actions and assigning deadlines/timelines. <br />Activities far the Roadmap are driven ti�om the S20rgOO assessment. <br />The FRSecure Analyst creates the initial roadmap (or plan) for your information security program over the next 12, 24, and 36 months <br />The Security Program Roadmap tackles the planning of "what", "who", and "when" far information security improvement: <br />What are we going to do with each of the findings and recommendations from the S20rgOO ? There are four viable options for decision- <br />making: <br />Accept — the risk "as-is" and take no corrective actions but continue to monitor the risk <br />• Mitigate — the risk and do what the recommendation says (or similar) <br />• 1 ransfer — the risk and/or defer it far insurance (or similar) <br />• Avoid — the risk and stop doing the actions that led to the risk in the first place <br />Who is going to do the actions and carry out the decisions that were made? Decisions such as"Mitigate" and "Avoid" made in the <br />previous step will require somebody to do something. Some of the tasks and/or projects can be done internally with your own resources <br />and some of the tasks and/or projects will require outside assistance. Those tasks and/or projects that require outside assistance can be <br />assigned to the vCISO (Step 4) and some of the tasks and/or projects can be assigned to another party. <br />When will the actions need to be taken to achieve your goals? It's best to assign the tasks and/or projects to a timeline based on quarters to <br />accommodate day-to-day operational challenges along the way. <br />The information ti�om S20rgOO and the Roadmap can be easily communicated to stakeholders (Board of Directors, executive management, <br />exasnixiers/regulators, customers, etc.) includes: <br />• What our current S2ScoreOO is. <br />• What our S2ScoreOO goal is. <br />• What tasks and/or projects are necessary to meet objectives. <br />CONFIDENTIAL INFORNIATION <br />Tltis document may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, dis[ribution or copying of this document or the information herein is prohibi[ed <br />without prior permission of FRSecure. <br />Copyright 2022 FRSecure LLC, All Ri@iu`� ResPrvad. Document ID: FRSQ 5515 <br />
The URL can be used to link to this page
Your browser does not support the video tag.