Cyber Security Policy Manual

support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

P LANNING The Cyber Security Team will conduct risk assessments regularly to identify risks to City of Greensboro’s systems and information and implement controls to mitigate identified risks. The scope of the risk assessment includes items identified in the external/internal issues section as well as the interested parties’ requirements. The risk assessment is conducted according to the steps defined in the Risk Assessment Process and are focused on minimizing all identified risks to an acceptable level. Corrective action plans are defined and communicated to all stakeholders. The Cyber Security Team is responsible for assigning identified risks to an owner and ensuring that risk owners are aware of the corrective action plan they need to follow to mitigate identified risks. Risks should be mitigated according to industry research and recommendations from technology vendors and/or regulatory agencies. Residual risk is monitored and managed by the Cyber Security Team. C HANGES TO P OLICIES , P ROCESSES AND P ROCEDURES The City of Greensboro Cyber Security Team is responsible for establishing, monitoring, maintaining and improving the Information Security Management System. The Cyber Security Team is responsible for periodically reviewing all policies, processes and procedures and making the necessary changes to improve the Information Security Management System. The team will also ensure that all employees, contractors and consultants adhere to all security policies and controls that have been implemented to protect City of Greensboro’s systems and information and comply with laws and regulations. The City of Greensboro communicates the cyber security program documents to all employees via the Citynet SharePoint site. All ISMS documents are stored and controlled within the cyber security department’s shared folder on the Citynet SharePoint site. The CIO reviews and approves policies. Cyber Security Team reviews and approves procedural documents. The Cyber Security Team performs formatting and version controlling for the City of Greensboro’s cyber security program and ISMS documents. C OMMUNICATIONS The CIO is responsible for identifying when internal or external communication will be necessary and is responsible for identifying requirements for internal and external communications and The City of Greensboro is maybe willing to accept the risk if the risk rating is low. All identified risks will be reduced to an acceptable level after risk treatment is documented and implemented.

Cyber Security Policy Manual

45