Cyber Security Policy Manual

P ATCH M ANAGEMENT P OLICY

P URPOSE Patch management is a critical part of maintaining the security of systems, applications and network infrastructure. It is a vital component of the City’s cyber security program. Security vulnerabilities are inherent in systems and applications, which allow the development and propagation of Malware that can disrupt the City’s operations in addition to placing confidential data at risk. This policy ensures that there is a process in place to provide efficient and reliable method for the assessment, testing and deployment of software patches to all systems, applications and network devices. The process will ensure patches are deployed in a timely manner to effectively mitigate the risk to the City. S COPE This policy applies to: 1) All City of Greensboro IT employees, contractors, consultants. 2) All IT resources including software, network devices, servers, workstations, and storage media.

D EFINITIONS Vulnerability

A weakness that, if exploited, allows an attacker to gain access and take control of a system A software update designed to fix a vulnerability in a system or application

Patch

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

1) Conduct vulnerability scans to identify missing patches in systems, applications and network devices 2) Communicate the results to IT Administrators Ensure that security patches are tested and deployed to systems, applications and network devices in a timely manner

IT Administrators

Cyber Security Policy Manual

14