Cyber Security Policy Manual

a. Incident-response scan – An on demand sc an initiated as a result of a specific security related incident. b. Admin Requested – The system owner with administrative authority over the equipment may request vulnerability scans as a part of the Change Management Process. c. Web Application Scan – Conducted monthly against all public facing web applications. d. PCI DSS Scan – Conducted monthly against all external systems and applications to ensure that payment card systems are not vulnerable to compromise. e. Internal Environment Scanning – Conducted bi-weekly against all internal systems and applications. 10) Should an IT Administrator identify a reported vulnerability as a potential false positive, the Cyber Security Team must be engaged to verify. 11) Vulnerabilities and other policy violations must be resolved by communicating to the user of record, with denial of network access reserved as a last resort. Compromises and other security breaches must follow the City of Greensboro’s Incident Response Policies and related documents.

Cyber Security Policy Manual

13