Cyber Security Policy Manual

I NTRODUCTION The City of Greensboro provides essential services and functions to residents, which rely on systems, applications and information assets. These essential services and functions promote building the community and providing a better quality of li fe for Greensboro’s residents. All of the actions conducted by City of Greensboro employees are guided by the commitment to the success in building public trust and the future that the community desires. Defining the principles by which the City of Greensboro will use systems, applications and information assets is extremely important to protect the confidentiality, integrity and availability of systems and information and ensure compliance with data privacy laws and industry regulations. Protecting systems and information and ensuring compliance with laws and regulations is fundamental to the successful operation of the City of Greensboro. S COPE S TATEMENT The scope of the ISO 27001 will be limited to the information security management system (ISMS) supporting the City of Greensboro’s Payment Processing Services, Geographical Information Systems, Incident Reporting Systems, Online Permits and Records Management services. The scope will be limited to operations performed at the Greensboro, North Carolina, location. All services provided by third-party service providers will be excluded from the scope of the review.

E XTERNAL /I NTERNAL I SSUES Issue

Type

Mitigation

Police brutality against residents may cause denial of service attacks against City of Greensboro systems

External

1. Ensure that there are adequate denial of service controls such as intrusion prevention systems in place to protect the City from these types of attacks 2. Contact Level3 and document the process to follow to mitigate denial of service attacks employees that have been impacted by the disclosure 2. Implement additional controls to monitor the usage of the employees information 1. Ensure that HR notifies the

Violation of HIPPA law by disclosing employee health information

Internal

Cyber Security Policy Manual

41