Municipalities face a unique challenge. They have many different departments and often many different hardware and software platforms. Standardization of technology and security policies and procedures is often never achieved.
Cyber attacks to emergency services, police, government, and public utilities can result in public safety concerns, public outcry, and high recovery costs.
Cyberstone can help municipalities avoid twitter updates like this:
Municipalities also face a variety of compliance requirements. Various departments within a municipality may accept credit cards, leading to PCI-DSS compliance concerns. Police departments must follow CJIS rules. All departments must have a level of cybersecurity governance in place, tuned to the unique risk factors facing their department and the municipality as a whole.
Cyberstone’s mindset around security and compliance is as follows:
- Assess – To know where you’re going, you must know where you stand now. To do security right, you need a baseline from which to work. Only then can you focus your efforts on reducing your unique risk.
- Policy – With a baseline established, and using your mission and vision statements as inputs too, you are now ready to write cybersecurity policy that will guide employee behavior and to control risks associated with cyber incidents.
- Technical Controls – Now that you know where you stand and have a written plan for going from an area of high risk to an area of lower risk, it’s time to implement technical controls. Spending money on things like firewalls, content filtering, and data loss prevention should only occur after you have spent time on items 1 and 2.