The ISO is in the process of building the following 12 Shared Services:
Compliance Assurance (CA)
Ensure technical environment exceeds minimum compliance requirements (PCI, HIPAA). Provide direction and coordination during assessment and audit processes.
Critical Application Access Recertification (CAAR)
Perform ad-hoc and quarterly review of access rights to ensure proper governance and control.
Firewall Change Review (FCR)
Provide secondary approval and segregation of duties (SoD) to firewall change request process.
Firewall Recertification (FR)
Perform ad-hoc and quarterly review of rules and configuration to ensure proper governance and control.
Incident Response (IR)
Identify, respond and remediate suspicious or malicious cyber activity.
Policy and Governance (POL)
Build and maintain the City’s Information Security policy set which governs direction and minimum technical requirements
Network Security Monitoring (NSM)
Monitor and Respond to suspicious and malicious network based traffic.
Perimeter Security (PS)
Validate technical security controls through active testing (aka whitehat hacking).
Enterprise Risk Assessment and Reporting (RISK)
Regularly assess the City’s current risk posture against targeted risk posture. Provide real-time feedback on existing, mitigated and accepted risks.
Security Architecture Review (SAR)
Review RFPs and partner with Project and Technical teams to review proposed solutions to ensure alignment to Policies and Best Practices.
Security Awareness and Training (SAT)
Provide security specific awareness and education training to user and technical community.
Threat and Vulnerability Management (TVM)
Constant monitoring and communication of cyber threat landscape and evaluation of internal technical readiness.