My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025 Regular & Special SA
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Security Policies and Procedures <br />A. Risk reviews <br />The job of reviewing risks and setting requirements for controls is the ISO's. Risks should <br />be reviewed or assessed when: <br />1. Developing or deploying new applications, systems, networks or software <br />2. When significant changes are made to that same list <br />3. When business processes change <br />4. When Virtru enters a new geographical area of business <br />S. When Virtru enters a new line of business <br />6. When incidents occur or new risks emerge <br />7. When new regulations or standards are set <br />B. Risk management <br />Risks may be accepted, avoided or mitigated. <br />Accepting the risk is appropriate when the cost of avoiding or mitigating the risk is <br />greater than the expected loss. The losses considered should include the less tangible <br />items such as Virtru's reputation, loss of market share and loss of public trust in Virtru. <br />Acceptance of a risk requires complete documentation of the risk analysis and approval <br />by the information owner. <br />Avoiding the risk is appropriate when the cost of insurance is less than the cost of <br />incremental controls. However, basic controls must always be in place. <br />Mitigating the risk is appropriate in most situations. These situations are those where <br />compensating controls are possible, cost-effective and manageable. These mitigating <br />controls may include: <br />1. Increasing a protection to a level higher than what is listed in this document <br />2. Improving oversight or monitoring of the risk to limit impact and minimize <br />response time <br />3. Limiting transactions or other events to minimize the possible impact of the <br />risk event <br />The method chosen for managing the risk (acceptance, avoidance, mitigation) must match <br />the business value and costs involved and must be approved by the information owner. <br />For further detail, see the Risk Management Policy and the Disaster Recovery Plan. <br />Rev.2015.8.6 <br />26 <br />
The URL can be used to link to this page
Your browser does not support the video tag.