Cyber Security Policy Manual

applications address the OWASP top 10 vulnerabilities. IT personnel must also be trained on using advanced analysis and forensics techniques to identify and remove Malware infections in systems and applications. 14) Risk assessments must be conducted regularly to identify risks to City of Greensboro’s systems and information and implement controls to mitigate identified risks. The risk assessment must take into considerations business objectives, compliance changes and evolving security threats. City of Greensboro information security strategy must be defined according to identified risks and must focus on minimizing these risks to an acceptable level. 15) The City of Greensboro must undergo annual Payment Card Industry (PCI) audits to ensure that proper security controls are implemented to protect credit card information traversing the City’s systems and network. 16) IT compliance program must be established to ensure compliance to laws, regulations, policies and standards. Monthly, quarterly, semi-annually and annual compliance activities must be conducted to identify and mitigate compliance deficiencies.

Cyber Security Policy Manual

10