Cyber Security Policy Manual

N ETWORK A CCESS P OLICY

P URPOSE The purpose of this policy is to establish the rules and guidelines for accessing and using the City network and IT resources. These rules and guidelines are necessary to ensure the confidentiality, integrity, and availability of the City’s network, syste ms and information. S COPE This policy applies to: 1) All City of Greensboro employees, contractors, and consultants. 2) All IT resources include, but are not limited to network devices, printers, servers, workstations, environmental controls and storage media.

R OLES AND RESPONSIBILITIES Function

Responsibility

Employees, consultants and contractors

Adhere to the rules and principles defined in this policy to protect the confidentiality, integrity and availability of the City’s network, systems and information

P OLICY 1) Employees must not connect any system or device to the City’s network without prior approval from the IT department. Only IT resources that have been approved by the City’s IT department can be connected to the City’s network. This includes mobil e devices, software, computers, environmental controls, wireless routers, and other devices. Employees must contact the IT Service Desk at 373-2322 before attempting to install software or connect devices to the City’s network. 2) Employees must understand t hat the City’s public network does not have the same security controls as the City’s private network. For this reason, employees are prohibited from connecting their City’s computers to the public network. 3) Employees must not provide network services in any way. This includes installing a router, switch, hub, or wireless access point that may cause conflict with network services provided by the City’s IT department. 4) Employees will not willfully engage in activities that might be harmful to the City’s networ k. This includes introducing computer viruses to the network, sending spam emails and disrupting services. Employees are also prohibited from using hacking or password cracking programs in an attempt to gain unauthorized access to systems and information .

Cyber Security Policy Manual

34