|Sector||Cybersecurity and Privacy|
|Industrial||Commercial & Professional Services|
|City, State||San Jose CA|
|Number of employees||12|
Our mission is to enable the underserved sectors’ datacare awareness and postures at scale:
- Assist Cities and Communities in cyber risk strategy, planning, and execution
- Match Cities and Communities’ needs with trusted and affordable solutions
- Foster a culture of trust and resilience in a variety of formats
|Cybersecurity Risk Assessment and Mitigation|
|Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.
The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.
|Risk Assessment and Prioritization in the Smart City Cyber Resilience Planning Process|
|This use case summarizes an engagement between a GCTC Action Cluster member, Adaptable Security Corp (ADA), and a California municipality, focusing on how the risk management process, with a particular focus on risk assessment and prioritization, played a critical role in the overall cyber resilience planning process. The content covered in this use case primarily aligns with the Prepare, Select, Assess, and Monitor steps of the RMF.|
|Risk Assessment in the County of San Mateo, California|
|This use case describes how risk assessment has been implemented in the County of San Mateo, California, and identifies activities that align most closely with the Step 0: Prepare and Step 6: Monitor steps of the risk management process. However, the assessment process and the outputs from the assessment also involve elements from and inform all of the other risk management steps (i.e., Step 1: Categorize, Step 2: Select, Step 3: Implement, Step 4: Assess, Step 5: Authorize). Refer to Appendix B of this Guidebook for an example of the risk assessment questionnaire and its application.|
|Risk Management in a Privacy-Specific Context|
|This use case describes how the risk management concepts and processes presented in this Guidebook apply in privacy-specific applications. Given the overlapping relationship of cybersecurity and privacy, much of the information in this use case may sound similar to, or even identical to, aspects of cybersecurity risk management. This reinforces the notion that cybersecurity and privacy are closely related and should generally be considered in tandem.|
- Business model
- We are a digital-first nonprofit. It allows us to provide trusted services at a fraction of commercial cost. We save traditional overheads such as office and software expenses. We have the state of the art digital capabilities thanks to our partners such as Google, AWS, Salesforce, and Okta.
- Our people
- Our expertise in protecting data according to laws and regulations, best practices and forward thinking is exceptional. Our founders, board of directors, board of advisors, management and staff are industry thought leaders, keynote speakers and visionary thinkers. Our people are passionate professional volunteers, whose hearts are in helping the community. They also coach newer entrants based on our proven training model.
- Our focus
- The underserved sector is our focus, including local governments, schools, small and medium-sized businesses and nonprofits. To serve their needs with good, affordable and fast enough solutions, we partner with other innovators and enterprises.