IT Cyber Security and Compliance Policy Manual

P OLICY E NFORCEMENT Violation of any of the constraints of these policies or procedures will be considered a security breach and depending on the nature of the violation, progressive corrective action will be implemented according to Personnel Policy H-1 Corrective Action at the discretion of the employee’s supervisor/manager in consultation with Employee Relations of the City’s Human Resources Department. P OLICY C OMPLIANCE It is the responsibility of City of Greensboro employees to ensure that the policy described in this document is followed. City of Greensboro employees must understand that ensuring the security of systems and applications and complying with data privacy laws and regulations is a critical part of the City’s information security strategy. The Cyber Security Team is authorized to restrict access for systems or employees that do not comply with this policy. P OLICY E XCEPTIONS Requests for exceptions to this policy may be granted for systems or applications that have adequate security controls implemented. The security controls must provide good protection against Malware, cyber-attacks and other forms of threats. Requests must be submitted in writing to the Cyber Security and Compliance Manager for review and approval and must include the following details: 1) Purpose for requesting the exception 2) The risk to the City if the system or application becomes compromised 3) Mitigation controls that have been implemented to protect the system or application 4) End date for the exception

Cyber Security Policy Manual

53

Made with FlippingBook Annual report