Cyber Security Policy Manual

R OLES AND RESPONSIBILITIES Function

Responsibility

Chief Information Officer

Support efforts to ensure that proper security controls are implemented to protect the City of Greensboro’s systems and information and comply with data privacy laws and industry regulations security management to ensure that information security controls are defined and implemented to protect City of Greensboro systems and information and comply with data privacy laws and industry regulations - Communicate risks and mitigation recommendations to IT and City management and define, implement and manage security controls to protect City of Greensboro systems and information Adhere to all security policies and controls that have been implemented to protect City of Greensboro systems and information - Provide strategic direction and information

Cyber Security Team

All employees, contractors, and consultants

P OLICY 1) Systems and applications must be protected against network intrusions and cyber-attacks that aim at compromising the confidentiality, integrity and availability of City of Greensboro information. Network detection and prevention controls must be implemented to identify and stop these intrusions and cyber-attacks. 2) Access control mechanisms must be implemented to ensure that access to systems and information is provided to users that have been authorized and approved. Unauthorized access attempts to systems and information must be detected and blocked. 3) Vulnerability assessments must be conducted regularly to identify and mitigate system and application vulnerabilities that could be exploited by unauthorized users to gain access to confidential information. Critical vulnerabilities must be mitigated in a timely manner to protect City of Greensboro systems and information. 4) Security patch management process must be implemented to provide efficient and reliable method for the assessment, testing and implementation of security patches to systems, applications and network devices. The process must ensure that security patches are

Cyber Security Policy Manual

8