Findings are presented as a numerical score – much like a credit score – making it easy for everyone to understand how well the municipality can withstand an attack. Because time is of the essence, these insights are captured in near real-time so that security gaps can be rapidly identified and city leaders can make quick and effective decisions about risk reduction.
Continuous monitoring with security ratings is a beneficial approach for municipalities with decentralized or distributed security programs, which range from city hall to local schools. This method enables the measurement of the overall effectiveness of the security program, rather than a siloed approach to security management and measurement.
4. Scale security monitoring to third parties
As the SolarWinds supply chain attack showed, third parties pose a significant cyber risk to government entities. Although the federal government was the main target of that hack, smaller organizations are just as susceptible to these attacks and must up their game. Simply reviewing a third-party’s cyber security policies and protocols isn’t enough – deeper and continuous cyber security assessment of their security postures is needed.
But with small IT departments and restricted budgets, it’s not always easy for local governments to scale third-party risk management programs across the hundreds of contractors that support municipal services.
Fortunately, security ratings can also be applied to third-party networks.
Before a prospective supplier is selected, municipalities can use security ratings to get an instantaneous snapshot of each potential vendor’s security posture. During onboarding, acceptable risk thresholds can be established ..
Support the originator by clicking the read the rest link below.
