Cyber Security Policy Manual

C YBER S ECURITY & C OMPLIANCE P OLICY

P URPOSE The purpose of this policy is to define the principles by which the City of Greensboro will protect the confidentiality, integrity and availability of systems and information and ensure compliance with data privacy laws and industry regulations. Protecting systems and information and ensuring compliance with laws and regulations is fundamental to the successful operation of the City of Greensboro.

S COPE This policy applies to:

1) All Information Technology assets leased, owned and operated by the City of Greensboro 2) All data stored, processed and transmitted by City of Greensboro systems and applications 3) All City of Greensboro employees, contractors, and consultants

D EFINITIONS Confidential Information

The type of information that if lost or stolen could severely impact the City of Greensboro and its employees and residents. Examples include personal identifiable information, credit card numbers, bank account numb ers, users’ names and passwords Improving the reliability of a system or application to make it always available for employees, residents and partners

Availability

OWASP

Open Web Application Security Project – Defines security standards to follow to develop and implement secure web applications

PCI

Payment Card Industry standards designed to ensure that companies that process, store or transmit credit card information maintain a secure environment Health Insurance Portability and Accountability Act – a US legislation that provides data privacy and security provisions for safeguarding medical information

HIPPA

Cyber Security Policy Manual

7