Yur Infrmatin technlgy Security Plicy

Transcription

1 INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE

2 Cunty f Orange Infrmatin Technlgy Usage Plicy 1 INTRODUCTION: The Cunty f Orange Infrmatin Technlgy (IT) Usage Plicy is the fundatin f the Cunty s infrmatin security effrts. Each member f the Cunty wrkfrce is respnsible fr understanding his/her rle in maintaining Cunty IT security. This plicy summarizes yur infrmatin technlgy respnsibilities. T learn mre abut infrmatin security, please see the Infrmatin Technlgy Security Plicy. Cmplete Sectin 5: Acknwledgement after yu have finished reading this dcument. Yur signature n the Acknwledgement indicates that yu understand and will cmply with Cunty security plicy. If yu disregard security plicies, standards, r prcedures, yu can be subject t Cunty and agency-specific disciplinary actin. 2 TERMS YOU NEED TO KNOW: Authenticatin Back Up Cnfidentiality / Nn-Disclsure Agreement System r Sftware Cnfiguratin Files Electrnic Cmmunicatin Encryptin Infrmatin Security Infrmatin Technlgy (IT) Lcal Security Administratr (LSA) Netwrk Passwrd The prcess f verifying the identity f anyne wh wants t use Cunty infrmatin befre granting them access. T cpy files t a secnd medium (fr example, a disk r tape) as a precautin in case the first medium fails. An agreement that utlines sensitive materials r knwledge that tw r mre parties wish t share with ne anther. By way f such agreement, the parties t the agreement agree nt t share r discuss with utside parties the infrmatin cvered by the agreement. Highly imprtant files that cntrl the peratin f entire systems r sftware. Messages sent and received electrnically thrugh any electrnic text r vice transfer/strage system. This includes , text messages, instant messages (IM) and vic . The translatin f data int a secret cde. Encryptin is the mst effective way t achieve data security. T read an encrypted file, yu must have access t a secret key r passwrd that enables yu t decrypt it. Unencrypted data is called plain text; encrypted data is referred t as cipher text. Safeguarding an rganizatin's data frm unauthrized access r mdificatin t ensure its availability, cnfidentiality, and integrity. The brad subject cncerned with all aspects f managing and prcessing infrmatin within an rganizatin. The persn at each agency wh is respnsible fr the peratinal maintenance f IT security resurces within the agency. Tw r mre linked cmputer systems. There are many different types f cmputer netwrks. Sequence f characters (letters, numbers, symbls) used in cmbinatin with a User ID t access a cmputer system r netwrk. Passwrds are used t authenticate the user befre s/he gains access t the system. Infrmatin Technlgy Usage Plicy January 2010 Page 1

3 Cunty f Orange Infrmatin Technlgy Usage Plicy Persnally Identifiable Infrmatin (PII) User User ID Virus / Malicius Sftware Wrkfrce Member Any piece f infrmatin that culd be used t uniquely identify, cntact, r lcate a single persn. Examples include: full name; natinal identificatin number; address; IP address; driver s license number; and Scial Security Number. Any individual wh uses a cmputer. Unique name given t a user fr identificatin t a cmputer r telephne netwrk, database, applicatin, etc. Cupled with a passwrd, it prvides a minimal level f security. A sftware prgram that interferes with cmputer peratin, damages r destrys electrnic data, r spreads itself t ther cmputers. Viruses and malicius sftware are ften transmitted via , dcuments attached t , and the Internet. Any member f the Cunty wrkfrce, including emplyees, temprary help, cntractrs, vendrs and vlunteers. 3 POLICY OVERVIEW As a member f the Cunty wrkfrce, yu are expected t cmply with the Cunty s Infrmatin Technlgy Usage Plicy. Yur agency may have additinal plicies that yu must fllw as part f yur jb. The fllwing are key cncepts f the Cunty s plicy: Infrmatin created r used in supprt f Cunty business activities is the prperty f the Cunty. Yur assigned infrmatin technlgy resurces are meant t facilitate the efficient and effective perfrmance f yur duties. It is yur respnsibility t ensure that resurces are nt misused and that yu cmply with plicy. If yu need t access cnfidential infrmatin as part f yur duties, yu will be asked t sign a cnfidentiality r nn-disclsure agreement befre yu access the Cunty netwrk. Many Cunty facilities huse sensitive r critical infrmatin systems. Yu are expected t cmply with all physical access cntrls designed t restrict unauthrized access. Yu may nt remve Cunty equipment r data in any frmat frm the wrkplace unless yu have received prir written apprval frm yur supervisr r manager. The use f the netwrk and Internet is a privilege, nt a right. If yu vilate plicy, yu may lse yur netwrk and/r Internet access. The Cunty may refuse t reinstate yur access fr the remainder f yur emplyment at the Cunty. The Cunty may als take ther disciplinary actin as apprpriate under Cunty plicy, departmental plicy and applicable emplyment MOUs. 4 YOUR RESPONSIBILITIES Yur security respnsibilities fall under several different Infrmatin Technlgy categries. Each categry and the key respnsibilities assciated with it are listed belw: Infrmatin Technlgy Usage Plicy January 2010 Page 2

4 Cunty f Orange Infrmatin Technlgy Usage Plicy USER IDs AND PASSWORDS Yu will be issued a netwrk user ID unique t yu. Only yu may use yur user ID t access Cunty resurces (e.g. cmputer, telephne, FAX). Yu will be issued a default passwrd at the same time as yur user ID. Yu will be prmpted t change yur passwrd the first time yu lg in t the system. D nt share user IDs and passwrds with ther users r individuals, including cwrkers and supervisrs. Treat yur passwrd as sensitive and highly cnfidential infrmatin. Yu are agreeing t fllw the Infrmatin Technlgy Usage Plicy when yu accept a passwrd frm the Cunty and use it t access the Cunty data r telephne netwrks, the Internet, r the Intranet. Change yur passwrd immediately if yu think smene else knws it. Reprt yur suspicins t management. If yu lse r frget yur passwrd, yu are required t request a passwrd reset. N ne else can d it fr yu. HARDWARE AND SOFTWARE The Cunty will prvide, and emplyees may request, peripheral equipment such as ear buds fr cellular phnes r Blackberry devices, as may be necessary t enable cmpliance with all lcal laws which pertain t the use f mbile cmmunicatin equipment r the individual wrkplace needs fr the emplyee t perfrm his r her emplyment. Never dwnlad r install any hardware r sftware withut prir written apprval f yur agency IT representative. D nt make any changes t system and/r sftware cnfiguratin files unless specifically authrized in writing by yur agency IT. Maintain yur business data files n a netwrk (r shared ) drive s that they can be backed up accrding t yur agency s regular backup schedule. Use the lck wrkstatin feature any time yu leave yur wrkstatin lgged n t the netwrk and yu are away frm yur desk. D nt cnnect a Cunty laptp r ther mbile device t the netwrk until it has been scanned fr viruses and malicius sftware. Fllw the authenticatin prcedures defined by yur agency whenever yu lg in t the Cunty netwrk via Remte Access. D nt attempt t cnnect yur wrkstatin, laptp, r ther cmputing device t the Internet via an unauthrized wireless r ther cnnectin while simultaneusly cnnected t any Cunty netwrk. Retain riginal sftware installed n yur cmputer if it is prvided t yu. The sftware must be available when yur system is serviced in case it needs t be reinstalled. D nt keep liquids r magnets n r near cmputers, as they can cause serius damage. Ensure that yur equipment is plugged int a surge prtectr at all times. Infrmatin Technlgy Usage Plicy January 2010 Page 3

5 Cunty f Orange Infrmatin Technlgy Usage Plicy Reprt all cmputer prblems in detail n the apprpriate frm and/r when yu cntact the Cunty Service Desk r discuss the prblem with yur agency s Help Desk. Reprt equipment damage immediately t the Cunty Service Desk r yur agency s Help Desk. and TELEPHONE The and telephne systems and netwrks are primarily fr fficial Cunty business. Management can freely inspect r review electrnic mail and data files including vic . Emplyees shuld have n expectatin f privacy regarding their internet usage, electrnic mail r any ther use f Cunty cmputing r telephne equipment. D nt use a Cunty accunt r vic bx assigned t anther individual t send r receive messages unless yu have been authrized, in writing, t act as that individual s delegate. Use f persnal Internet (external) systems frm Cunty netwrks and/r desktp devices is prhibited unless there is a cmpelling business reasn fr such use and prir written apprval has been given by agency management and agency IT. D nt cnfigure r use autmated frwarding t send Cunty t Internet-based (external) systems unless specifically authrized t d s, in writing, by Cunty management. Send cnfidential infrmatin via nly with the written permissin f management and nly via an apprved methd. Mark the accrding t agency plicy. Treat cnfidential r restricted files sent as attachments t messages as cnfidential r restricted dcuments. This als applies t cnfidential r restricted infrmatin embedded within an message as message text r a vic message. D nt delete r vic messages r ther data if management has identified the subject matter as relevant t pending r anticipated litigatin, persnnel investigatin, r ther legal prcesses. THE INTERNET / INTRANET Internet/Intranet access is primarily fr Cunty business. Yu may access the Internet fr limited persnal use nly during nnwrking time and in strict cmpliance with plicy. If there is any dubt abut whether an activity is apprpriate, cnsult with yur Department Head r his/her designee. INFORMATION SECURITY Treat hardcpy r electrnic Persnally Identifiable Infrmatin (PII) as cnfidential and take all precautins necessary t ensure that it is nt cmprmised. Intentinal r even accidental disclsure f PII t unauthrized users is a vilatin f plicy. Dn t leave PII unattended r unsecured fr any perid f time. Be sure t fllw yur agency s plicy fr dispsing f cnfidential data. This may include the physical destructin f data thrugh shredding r ther methds. Infrmatin created, sent, stred r received via the system, netwrk, Internet, telephnes (including vic ), fax r the Intranet is the prperty f the Cunty. Infrmatin Technlgy Usage Plicy January 2010 Page 4

6 Cunty f Orange Infrmatin Technlgy Usage Plicy D nt expect infrmatin yu create and stre n Cunty systems, including messages r electrnic files, t be private. Encrypting r using ther measures t prtect r lck an message r an electrnic file des nt mean that the data are private. The Cunty reserves the right t, at any time and withut ntice, access, read and review, mnitr, and cpy all messages and files n its cmputer system as it deems necessary. The Cunty may disclse text r images t law enfrcement withut yur cnsent as necessary. PROHIBITED ACTIVITY Unless yu are specifically authrized by yur manager r agency in writing, the fllwing uses are prhibited by the Infrmatin Technlgy Security Plicy: Using, transmitting, r seeking inapprpriate r ffensive materials, including but nt limited t vulgar, prfane, bscene, abusive, harassing, belligerent, threatening, r defamatry (harming anther's reputatin by lies) language r materials. Accessing, attempting t access, r encuraging thers t access cntrversial r ffensive materials. Revealing PII withut permissin, such as anther's hme address, telephne number, credit card number r Scial Security Number. Making ffensive r harassing statements r jkes abut language, race, clr, religin, natinal rigin, veteran status, ancestry, disability, age, sex, r sexual rientatin. Sending r sliciting sexually riented messages, images, vide r sund files. Visiting sites featuring prngraphy, terrrism, espinage, theft, drugs r ther subjects that vilate r encurage vilatin f the law. Gambling r engaging in any ther activity in vilatin f lcal, state, r federal law. Uses r activities that vilate the law r Cunty plicy r encurage thers t vilate the law r Cunty plicy. These include: Accessing, transmitting, r seeking cnfidential infrmatin abut clients r cwrkers withut prper authrizatin. Intruding, r trying t intrude, int the flders, files, wrk, netwrks, r cmputers f thers, r intercepting cmmunicatins intended fr thers. Knwingly dwnlading r transmitting cnfidential infrmatin withut prper authrizatin. Uses that cause harm t thers r damage t their prperty, including but nt limited t: Dwnlading r transmitting cpyrighted materials withut the permissin f the cpyright wner. Even if materials n the netwrk r the Internet are nt marked with the cpyright symbl,, assume that they are prtected under cpyright law. Using smene else s passwrd t access the netwrk r the Internet. Impersnating anther user r misleading message recipients int believing that smene ther than the authenticated user is cmmunicating a message. Infrmatin Technlgy Usage Plicy January 2010 Page 5

7 Cunty f Orange Infrmatin Technlgy Usage Plicy Uplading a virus, ther harmful cmpnent, r crrupted data r vandalizing any part f the netwrk. Creating, executing, frwarding, r intrducing cmputer cde designed t self-replicate, damage, r impede the perfrmance f any cmputer s memry, strage, perating system, applicatin sftware, r any ther functinality. Engaging in activities that jepardize the security f and access t the Cunty netwrk r ther netwrks n the Internet. Dwnlading r using any sftware n the netwrk ther than that licensed r apprved by the Cunty. Cnducting unauthrized business r cmmercial activities including, but nt limited t: Buying r selling anything ver the Internet. Sliciting r advertising the sale f any gds r services. Unauthrized utside fund-raising activities, participatin in any lbbying activity, r engaging in any prhibited partisan plitical activity. Psting Cunty, department and/r ther public agency infrmatin t external news agencies, service bureaus, scial netwrking sites, message bards, blgs r ther frums. Uses that waste resurces, including, but nt limited t: Printing f persnal files. Sending chain letters fr any reasn. Including unnecessary recipients n an . Only cpy thers n an r vic message wh shuld be "in the lp" n the tpic addressed. Indiscriminate use f distributin lists. Befre using a distributin list, determine whether r nt it is apprpriate fr everyne n that list t receive the . "All hands" s. s f this type are t be sent nly after management permissin has been btained. Infrmatin Technlgy Usage Plicy January 2010 Page 6

8 Cunty f Orange Infrmatin Technlgy Usage Plicy 5 ACKNOWLEDGEMENT If yu vilate security plicies, standards, r prcedures, yu can be subject t Cunty and agency-specific disciplinary actin up t and including discharge. By signing this dcument, I acknwledge that I have read, understand and will cmply with this Cunty f Orange Infrmatin Technlgy Usage Plicy. I understand that the cmplete Infrmatin Technlgy Usage Plicy is available fr me t review n the Cunty s intranet. I als may request a cpy frm the Cunty Service Desk, my agency s Help Desk, r my agency s Lcal Security Administratr. Wrkfrce Member Name (please print): Wrkfrce Member Signature: Agency/Department: Date: Infrmatin Technlgy Usage Plicy January 2010 Page 7