Cyber Security Policy Manual

3. Work with HR to ensure that proper handling of personal health information is being followed 4. Engage Cyber Liability Insurance agency if deemed necessary 1. Work with the Communications Department to communicate the credit card compromise to impacted residents enforcement agencies are notified 3. Implement the required security controls to comply with PCI-DSS standards 4. Engage Cyber Liability Insurance agency if deemed necessary 1. Provide user awareness training about the risk of downloading copyrighted material 2. Monitor the City’s network for peer to-peer (P2P) software usage 3. Block peer-to-peer (P2P) communications on the City’s network 1. Provide user awareness training about phishing and social engineering attacks 2. Monitor connections to malware sites and command and control servers 3. Block access to common malware sites and command and control servers 1. Conduct vulnerability scans against external facing systems and 2. Ensure that appropriate law

Failure to meet PCI-DSS requirements which may cause credit card information to become compromised

Internal

Bloggers may request information about City business and may disclose if it contains unethical conduct Illegal download of copyrighted material such as movies, software or music may cause the City to pay significant fines

External Ensure that information is sanitized by the Legal Department before being released to the public

Internal

Employees falling victim to phishing and social engineering attacks and may become infected with Ransomware

Internal

External entities exploiting vulnerabilities in systems and

External

Cyber Security Policy Manual

42