Cyber Security Policy Manual

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

1) Provide training to users to ensure that security incidents are reported on a regular basis 2) Manage the mitigation of security incidents 3) Take corrective actions to limit the incident impact and restore services 1) Act as the main liaison point for security incidents 2) Ensure that security incidents are recorded correctly 3) Ensure that relevant departments are made aware of security breaches 4) Provide incident updates to the CIO 5) Perform after incident review Reports known or suspected security incidents to the IT Service Desk or directly to the Cyber Security Team

Cyber Crime Officer

Employees, consultants and contractors

P ROCEDURE

1) Prepare a. Provide training to users to ensure that cyber security incidents are reported in a timely manner b. Set up a monitored email address that users can use to report Cyber security incidents c. Conduct cyber security incident drills to improve response procedures d. Ensure there are good detective controls to detect cyber security incidents early on a. Determine the incident type b. Determine how the incident occurred. If the incident was related to a malware infection, determine if vulnerability was exploited to infect or gain access to the system c. Perform additional research and contact the vendor to identify additional information about the infection or attack d. Determine how widespread the incident is e. Communicate the incident to the Cyber Crime Officer f. Determine the impact to the City g. Determine if confidential information was leaked 2) Detect and Analyze

Cyber Security Policy Manual

37