IT Governance Business Case
Vulnerability Management System for Enhanced Cybersecurity Technology Solutions
Background
The Technology Solutions (TS) Cybersecurity program aligns with the National Institute of Standards & Technology (NIST) framework, operating in a state of continuous improvement to strengthen the City’s cybersecurity posture. With enhanced team resources, TS is now positioned to expand IT systems monitoring and improve visibility. Currently, the Cybersecurity team focuses on protecting the vulnerabilities in Windows PCs and servers, applying monthly security updates to operating systems and applications. As cybersecurity threats evolve, TS remains committed to proactively enhancing defenses and strengthening the City’s overall security posture.
Current Business Problem
The TS Cybersecurity program lacks centralized visibility across non-Windows technologies in the enterprise. It also lacks an efficient, best-practice approach to address the identified vulnerabilities.
Current Pain Points
• Lack of centralized and real-time visibility into applicationlevel security vulnerabilities
• Manual identification of vulnerabilities is very timeconsuming, and prone to human error in the identification process
• Manual update process from multiple consoles creates room for delayed security patches
Strategic Alignment
TS Departmental Business Plan Objective 3: Maintain and modernize all of the City’s assets to align to the evolving and emerging technologies in the marketplace for City business units
TS Departmental Business Plan Objective 4: Manage & maintain cyber security policies, procedures and monitoring to defend the City against ongoing threats
Future State Benefits
Real-Time Visibility: Continuous monitoring to quickly identify vulnerabilities across all network assets
Automated prioritization: Automated ranking enables the team to address the most important vulnerabilities first
Streamlined Updates: Simplified and automated deployment of security patches across the City's network
Improved Cybersecurity Posture: Threat visibility and response at the application level
Analysis and Recommended Solution
Analysis
What is Vulnerability Management?
Vulnerability Management Systems exist to take a proactive stance on cybersecurity. By constantly scanning the user's network to identify possible points of entry, they ensure the quick and complete implementation of security patches.
Why Vulnerability Management?
Vulnerability Management ensures network-wide conformity to cybersecurity efforts.
It identifies which applications need to be updated across a diverse array of hardware and software and then automates security patch deployment to ensure all City devices remain up-to-date as updates are released.
Solution Analysis: VMS Industry Leaders
https://www.gartner.com/reviews/market/vulnerability-assessment
Recommended Solution:
Issue an RFP to select and implement a Vulnerability Management System
Description Issue an RFP for a Vulnerability Management System
Pros
• Centralized visibility
• Automated prioritization
• Automated Patch management
• Improved cybersecurity posture
Cons
• N/A
TS Architecture Review
The identified solution will undergo the standard Architecture Review once a vendor is selected.
Cybersecurity Review
The identified solution will undergo the standard Cybersecurity Review once a vendor is selected.
Recommended Solution - Project Financial Estimate
Risk Identification
Mitigation Risk (Costs)
• N/A
Contingency Risk (Costs)
• N/A
Our ask
We are asking the IT Governance Steering Committee to approve and score the business case to implement a Vulnerability Management System with Patch Management to improve the Technology Solutions Cybersecurity Team's cybersecurity posture. The approved and ranked business case will be submitted to the Budget Management Services Department for funding and approval by the City Manager.