Orange County NC Website
Browse       Search
<br /> <br />P a g e 11 <br /> <br /> <br />Orange County <br />Facilities Security Assessment <br />RFP#: 367-OC 5403 <br />CTCH Security Business Consulting – www.ctchconsulting.com <br />Security Risk Assessment Management Framework (SRAMF) <br /> <br />In an effort to identify the security risk levels associated with each site, physical <br />security vulnerabilities and site security flaws, the team will evaluate each site using the <br />following SRAMF methodology: <br /> <br /> <br />The first step in the SRAMF Model would be to identify security policies, <br />procedures and supporting documents that are in place throughout OC. The <br />documented policies and procedures will outline the existing security protocols, what <br />areas of security are currently covered under the policies/procedures and how security is <br />managed (through governance and response). All identified supporting documents will <br />help add context to the existing policy and procedures, will help identify documented <br />agreements and will help identify individual site infrastructures. <br /> <br />The next step in the SRAMF Model would be to identify what are the critical <br />assets areas associated with each site. Assets fall into two categories: tangible and <br />intangible assets. Tangible assets are those assets that stakeholders can label with a <br />dollar value (equipment, building areas, vehicles, etc.). Intangible assets are assets that <br />stakeholders cannot label with a dollar value (loss of life, business model, public <br />reputation, etc.). By ranking assets and conducting a Security Business Impact Analysis, <br />the team can begin to formulate the final Mitigation Matrix. The team will rank critical <br /> <br />DocuSign Envelope ID: CCAAE303-70FA-49DE-B23A-944301EA0EEB