starts at the top with its board of directors.
And it trickles down to the lowest employee
because they are the ones who often times
have to implement the controls that are established for security.
As a financial institution, Northrim is
heavily audited and examined. The bank is
By Tracy Barbour
The Alaska Department of Military and Veteran Affairs Division of Homeland Security and Emergency Management
offers a number of resources to help organizations assess their security risks. For example, they can take advantage of the Cyber-security Vulnerability Analysis (CSVA), which
is a non-regulatory review of cybersecurity
management practices within an organization. Primarily, the CSVA is designed to build
a risk matrix, threat indicators, maturity model.
and prioritized recommendations. It also is intended to build the relationships necessary to
foster cooperative arrangements during both
normal operations and in times of crisis.
Incidentally, the CSVA is not an examina-
tion of all the IT business operations or a
technical assessment. Also, all information
collected by the CSVA Team becomes pro-
tected from public dissemination under the
Homeland Security Act.
Organizations associated with industrial
control systems can use the Cybersecurity
Evaluation Tool (CSET), which is a Depart-
ment of Homeland Security product that can
be used by federal and private-sector entities.
CSET assists users with protecting their key
national cyber assets. The tool provides organizations with a systematic and repeatable
approach to assessing the security posture of
their cyber systems and networks. It includes
both high-level and detailed questions related
to all industrial control and IT systems. CSET
is designed to contribute to an organization’s
risk management and decision-making process. It also:
Raises awareness and facilitates discussion
on cybersecurity within the organization;
Highlights vulnerabilities in the
organization’s systems and provides
recommendations on ways to address the
Identifies areas of strength and best
practices being followed in the
Provides a method to systematically
compare and monitor improvement in the
Provides a common industry-wide tool for
assessing cyber systems.
Organizations can download CSET
through the Industrial Control Systems
Cyber Emergency Response Team’s website at
Technical Innovation for Industry and Government
Phone: 907-586-6167 www.wostmann.com
Project Quality Assurance
IT Management and Consulting
Cyber Security Reviews
Information Risk Assessment
Physical Security Assessment
Disaster Recovery Planning
Business Continuity Reviews