Cyber Security Policy Manual

C YBER S ECURITY I NCIDENT R ESPONSE P ROCEDURE

P URPOSE Ensure that cyber security incidents are properly reported and appropriately investigated. This procedure outlines the activities required to successfully manage cyber security Incidents from reporting to closure. S COPE This procedure applies to: 1) All City of Greensboro employees, authorized consultants, contractors, or third parties where agreements allo w access to the City’s Information Technology resources. 2) All IT resources include, but are not limited to: mobile devices, software, communication networks, storage media, and electronic data, which are purchased, owned, licensed, or leased by the City of Greensboro. Cyber security incidents must be reported and investigated in accordance with this procedure. Security incidents could potentially have a negative impact on IT resources and violate information technology policies, and may require immediate action to prevent further negative impact.

D EFINITIONS Incident

Any event, suspected event or vulnerability that could pose a threat to the integrity, availability and confidentiality of the City’s systems, applications or data Fraudulent email messages appearing to come from legitimate businesses. Their intent is to direct users to a spoofed web site or get them to divulge private information Tricking or enticing someone to do something or click on a link that would result in a system or data compromise An attempt by a malicious user to prevent legitimate users from accessing an IT resource An attempt by a malicious user to gain access to IT resources by guessing values that are recognized by a system or an application The destruction, theft or removal of IT resources from the City’s control A program or file that is designed to specifically damage, disrupt, or allow unauthorized access to a system

Phishing

Social Engineering

Denial of Service

Brute Force

Loss of Asset

Malware

Cyber Security Policy Manual

36