IT Security

Our Mission

To Serve with Excellence, Lead through Innovation, and use Technology to make a Positive Difference in Chattanooga

Our Vision

To be the most technologically advanced city, by cultivating a collaborative environment where intentional actions drive innovative solutions, empowering our team and communities to be catalysts for positive change.

Responsibilities

Protecting Sensitive Data:

  • Ensuring the confidentiality, integrity, and availability of sensitive data, including personal information of citizens, financial records, and other critical data held by the city.
  • Implementing strong encryption, access controls, and secure data storage practices to prevent unauthorized access and data breaches.

Ensuring Continuity of Services:

  • Maintaining the availability and functionality of critical city services such as emergency response systems, public utilities, and communication networks.
  • Developing and regularly updating disaster recovery and business continuity plans to quickly restore services in the event of an incident.

Defending Against Cyber Attacks:

  • Defending against various types of cyber threats including malware, ransomware, phishing attacks, and denial-of-service (DoS) attacks.
  • Employing a multi-layered security approach that includes firewalls, intrusion detection/prevention systems, and regular security audits.

Compliance and Regulatory Requirements:

  • Adhering to local, state, and federal regulations regarding data protection and privacy, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).
  • Regularly reviewing and updating policies to ensure compliance with evolving legal requirements.

Educating and Training Employees:

  • Conducting regular training sessions for city employees to raise awareness about cybersecurity best practices, social engineering threats, and the importance of strong password policies.
  • Promoting a culture of security awareness throughout the organization.

Incident Response and Management:

  • Establishing a clear incident response plan that outlines the procedures for detecting, reporting, and responding to security incidents.
  • Regularly testing the incident response plan through drills and simulations to ensure readiness.

Securing Infrastructure and Networks:

  • Protecting the city's IT infrastructure, including servers, networks, and endpoints, from cyber threats.
  • Implementing network segmentation, secure configuration management, and regular vulnerability assessments to minimize security risks.

Vendor and Third-Party Management:

  • Ensuring that third-party vendors and contractors comply with the city's security standards.
  • Conducting regular security assessments of third-party services and systems to identify and mitigate potential risks.

The IT Security Team protects the city’s citizens, data, and employees by implementing PAIR:

  • Prevention

  • Awareness

  • Incident Response


PAIR is based on the NIST 800.53 and CSF 2.0 cyber security frameworks.

Leadership

AW
Aaron Welch
Director IT Security
AB
Allen Blaylock
Security Analyst
PF
Pat Finnegan
Security Analyst

Leave Us A Message

Indicates required field

Contact Us

IT Security