The Company Profile is more than a location to gather basic company information. There are two goals:
- Internal: high-level information about the organization for new employees and old to gain an understanding of the scale and scope of the company essential to understanding how each piece of technology and each control supports the overarching IT goals.
- External: provide a 3rd party assessor the context for a basic understanding of the organization. Such context enables the assessment to focus on where the CUI, FCI and other confidential information resides and how it is used.
Three Sections
Assessment Scope - includes basic information about the organization, the scope of the assessments along with the physical and electronic locations of the data that needs to be protected. The driving theory - "you can't protect it if you don't know where it is."
Users and Roles - organizes the leadership and support for the cybersecurity posture of the organization
Financial 360 - a repository of high-level financials for the NIST SSP (System Security Plan) template and, once the assessment is complete, a One-Click Budget for managing IT finances
Comments
0 comments
Please sign in to leave a comment.