Home → Best Practices → Network Security → Security Risk Assessment \ Documentation

1.12. Security Risk Assessment \ Documentation

• Must Have Practices

  • Self assessment of all risks related to technology

    • NIST Cybersecurity framework (https://www.nist.gov/cyberframework)

  • Develop and maintain a Disaster Recovery plan

  • Develop and maintain an Incident Response plan

  • Ensure logging/reporting retention fits districts needs

• Best Practices

  • Contract with security consultant to assess all risks related to technology

  • Penetration testing

  • Review Disaster Recovery and Incident Response plan annually

  • Review policies related to security annually