Cyber Security Policy Manual

V ULNERABILITY M ANAGEMENT P OLICY

P URPOSE New technology vulnerabilities emerge on daily basis. It is essential to identify and mitigate these vulnerabilities to protect the City’s systems and applications and safeguard confidential information. For this reason, vulnerability scans must be conducted on regular basis to ensure that system and application vulnerabilities are identified, assessed, communicated and mitigated in a timely manner.

S COPE This policy applies to:

1) All City of Greensboro IT employees, contractors, consultants. 2) All IT resources including software, network devices, servers, workstations, and storage media.

D EFINITIONS Vulnerability

A weakness that, if exploited, allows an attacker to gain access and take control of a system Conducting security checks to identify weaknesses in systems and applications

Scan

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

1. Conduct vulnerability scans to identify vulnerabilities and configuration weaknesses in systems and applications 2. Provide vulnerability mitigation recommendations to IT Administrators Ensure that identified vulnerabilities are mitigated in a timely manner as described in bullet 5 of the policy

IT Administrators

P OLICY 1) The Cyber Security Team is authorized to conduct vulnerability assessments against all systems and applications connected to the City’s network to identify vulnerabilities and

Cyber Security Policy Manual

11