Home / 
RISK LEVELS

Risk Levels

Level 1Level 2Level 3
AdministrativeAdministrativeAdministrative
Risk Management Processes
Risk Decisions
Actionable Executive Decision Making
Comprehensive Risk Management
Infosec Risk Defined & Documented
Risk Tolerance Determined & Clear
Risk Identified & Prioritized
Threats Identified & Documented
Tolerance Informed by Infrastructure & Sector
PhysicalPhysicalPhysical
Evacuation Procedures
Employee Training
Formalized Policies & Procedures
Emergency Response Plan
Security Exercises Conducted
Background Checks
Security Guards
Areas of Refuge
Formal Facility Threat Analysis Every 2 Years
Regular Facility Physical Risk Assessments
Internal TechnicalInternal TechnicalInternal Technical
Firewall Manager
Firewall Routing
Data Loss Prevention
DMZ Network
Traffic Reviewed For Malware
Egress Traffic Restrictions
Network-Based Intrusion Protection
Multiple Internet Circuits From Multiple ISPs
Redundant Internet Firewall
Web Content Filtering
external technicalexternal technicalExternal technical
Blacklists & Whitelists
Isolated Internal Networks
Firewall Auditable Change Control
Formal Firewall Change Approval
Documented Firewall Review Schedule
Network-based Intrusion Prevention Systems
Internet-facing Systems Hardening Documented
Unauthorized Firewall Changes -> Incident Management Process
Additional Protections on Internet-Accessible and DMZ Servers
Egress Traffic Filtering Specifically Authorized
Solutions
OverviewS2OrgS2VendorS2TeamS2PCIS2PartnerS2Score
Partners
OverviewMSPsMCSPsAEAsPartner Portal
industries
OverviewState and LocalCommercialK12Higher EducationCritical Infrastructure
academy
OverviewLevelsCoursesTeachSign in
LEARN
BlogVideosPodcastsEventsResourcesS2Me
company
AboutContactSupportCareersApp Sign In
©2024 SecurityStudio Inc. All Rights Reserved.
AgreementsSupport Center