Support of vulnerability assessment for the municipality’s IT systems
Gladsaxe Municipality has an embedded methodology where IT managers and business system owners engage in joint assessments and reporting of the risk associated with key systems. I-Trust has worked with the municipality on the enablor platform to develop automated processes for vulnerability assessment and reporting. The new solution significantly reduces and streamlines the municipality’s work on the subject and removes the uncertainties of the current manual processes.
As part of their overall strategy for personal data and information security, the municipality has purchased enablor as a GRC platform. Based on ongoing tasks in the municipality, which were previously supported by survey tools and Excel, I-Trust has developed automated processes for vulnerability assessment and reporting of the systems in the municipality. The new solution significantly reduces and streamlines the municipality’s work on the subject and removes the uncertainties of the current manual processes. At the same time, it integrates the municipality’s existing methodology for vulnerability assessment with the general security work, so that the municipality can eventually integrate treatments from inventories so that treatment scope, risks, and consequences can be included in existing vulnerability assessments.
In addition, the municipality will eventually be able to move parts of the vulnerability assessment of the individual system to the supporting infrastructure or the supplier relationship. This will streamline the process by assessing each vendor/server/supporting system once and applying it to all relevant system reports. Likewise, supervision carried out in another context (supplier audit, GDPR audit in the organization, participation in the Baseline survey) will be able to be included in the overall risk assessment without the need repeat work already carried out.
In addition to bringing together the results of different security disciplines on one platform for reuse in other contexts, enablor also streamlines or enables collaboration between different roles in the municipality. The information security coordinator has the overview. The individual system owner/manager can do their part in a vulnerability assessment, IT professionals can be involved in infrastructure security assessment and reports can be produced for management and board.