Cyber Security Policy Manual

D ATA C LASSIFICATION P OLICY

P URPOSE Data classification is the classification of data based on its level of sensitivity and the impact to the City should that data be destroyed, modified or disclosed without authorization. The purpose of this document is to provide a framework for categorizing data collected, stored, and managed by the City, and securing this data from risks including unauthorized destruction, modification, disclosure, access, use, and removal. S COPE This policy applies to: 1) All City of Greensboro employees, contractors, and consultants. 2) All IT resources include, but are not limited to, mobile devices, software applications, network devices, printers, servers, workstations, and storage media.

D EFINITIONS CVV

Authentication procedure established by credit card companies to further efforts towards reducing fraud for internet transactions Firewall rules that defines allowed and denied IP addresses and protocols Intrusion prevention system that detects and blocks intrusion and cyber-attacks against systems and application A standard security technology for establishing an encrypted link to allow for the secure transmission of data

Ruleset

IPS

SSL

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

1) Define the classification model 2) Define the required security controls to protect the classified data 3) Provide user awareness and training about proper data handling 1) Classify data according to data classification model defined in this policy 2) Ensure the proper security controls are in place to protect the classified data

Data Owners

Cyber Security Policy Manual

16