Cyber Security Resources
The following best practices focus on important processes that should be part of every agency's cyber security.
Service Provider Management Best Practices
Service Provider Management, or Supply Chain Risk Management, is the practice of vetting, selecting, and monitoring Contractors, Vendors and Service Providers throughout the contract lifecycle. The need for Service Provider management practices extends to all departments that rely on external support in some capacity. This resource covers; data security and handling requirements, vendor questionnaires, service provider classification and documentation, and much more.
Vulnerability Management Best Practices
Vulnerability Management is the practice of identifying, tracking and remediating vulnerabilities on a continuous basis. New vulnerabilities are discovered and exploited by threat actors daily, requiring vigilance to stay abreast of these threats. This resource discusses some key processes that can help reduce the occurrence of vulnerabilities and potentially limit the likelihood of occurrence and impact on a network. The best practices include; configuration and security patch management, vulnerability scanning, penetration testing, and vulnerability tracking.
These best practices were developed in partnership with Lodestone and are an exclusive resource for members of PRISM. A password is required to access this document. Members, please contact PRISM's Risk Control Department at (916) 850-7300 for assistance.