Yur Infrmatin technlgy Security Plicy



Similar documents
GUIDANCE FOR BUSINESS ASSOCIATES

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Data Protection Policy & Procedure

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Internet and Policy User s Guide

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

How To Ensure That The Internet Is Safe For A Health Care Worker

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

Meopham School Information Technology Code of Conduct

VCU Payment Card Policy

Information & Communications Technology ICT Security Compliance Guide (Student)

First Global Data Corp.

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

HIPAA HITECH ACT Compliance, Review and Training Services

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Personal Data Security Breach Management Policy

Remote Working (Policy & Procedure)

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Williamson County Board of Education Procedures and Guidelines

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

Systems Support - Extended

ensure that all users understand how mobile phones supplied by the council should and should not be used.

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office

Frequently Asked Questions About I-9 Compliance

IT Account and Access Procedure

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Service Desk Self Service Overview

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

How To Ensure Your Health Care Is Safe

Help Desk Level Competencies

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Online Banking Agreement

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

DisplayNote Technologies Limited Data Protection Policy July 2014

Information Services Hosting Arrangements

New York Institute of Technology Faculty and Staff Retention Policy

North Carolina Department of Cultural Resources Division of Historical Resources Archives & Records Section Government Records Branch

IT Help Desk Service Level Expectations Revised: 01/09/2012

EA-POL-015 Enterprise Architecture - Encryption Policy

Process of Setting up a New Merchant Account

Session 9 : Information Security and Risk

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Junos Pulse Instructions for Windows and Mac OS X

ScaleIO Security Configuration Guide

Serv-U Distributed Architecture Guide

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

PENNSYLVANIA SURPLUS LINES ASSOCIATION Electronic Filing System (EFS) Frequently Asked Questions and Answers

Creating an Ethical Culture and Protecting Your Bottom Line:

Erie Community College. Acceptable Use Policy Last Revision: December 17, College Information Technology Services

Treasury Gateway Getting Started Guide

Key Steps for Organizations in Responding to Privacy Breaches

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

DATE APPROVED March Version Date Comments / Changes 1.0 March 2011 Initial policy released

For students to participate in BYOD please follow these two steps

Internet Banking Agreement & Disclosure

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

E-LEARNING ONTARIO POLICY DOCUMENT

expertise hp services valupack consulting description security review service for Linux

Privacy Breach and Complaint Protocol

Resident Assistant Application JOB DESCRIPTION

Internet and Social Media Solicitations: Wise Giving Tips

Privacy Plicy Welcme, Sensati & JHI

Statement of Work For. Federal Communications Commission. Emergency Mass Notification and Response System

Information Security Policy

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

CORPORATE CREDIT CARD POLICY

Transcription:

INFORMATION TECHNOLOGY USAGE POLICY COUNTY OF ORANGE

Cunty f Orange Infrmatin Technlgy Usage Plicy 1 INTRODUCTION: The Cunty f Orange Infrmatin Technlgy (IT) Usage Plicy is the fundatin f the Cunty s infrmatin security effrts. Each member f the Cunty wrkfrce is respnsible fr understanding his/her rle in maintaining Cunty IT security. This plicy summarizes yur infrmatin technlgy respnsibilities. T learn mre abut infrmatin security, please see the Infrmatin Technlgy Security Plicy. Cmplete Sectin 5: Acknwledgement after yu have finished reading this dcument. Yur signature n the Acknwledgement indicates that yu understand and will cmply with Cunty security plicy. If yu disregard security plicies, standards, r prcedures, yu can be subject t Cunty and agency-specific disciplinary actin. 2 TERMS YOU NEED TO KNOW: Authenticatin Back Up Cnfidentiality / Nn-Disclsure Agreement System r Sftware Cnfiguratin Files Electrnic Cmmunicatin Encryptin Infrmatin Security Infrmatin Technlgy (IT) Lcal Security Administratr (LSA) Netwrk Passwrd The prcess f verifying the identity f anyne wh wants t use Cunty infrmatin befre granting them access. T cpy files t a secnd medium (fr example, a disk r tape) as a precautin in case the first medium fails. An agreement that utlines sensitive materials r knwledge that tw r mre parties wish t share with ne anther. By way f such agreement, the parties t the agreement agree nt t share r discuss with utside parties the infrmatin cvered by the agreement. Highly imprtant files that cntrl the peratin f entire systems r sftware. Messages sent and received electrnically thrugh any electrnic text r vice transfer/strage system. This includes e-mail, text messages, instant messages (IM) and vicemail. The translatin f data int a secret cde. Encryptin is the mst effective way t achieve data security. T read an encrypted file, yu must have access t a secret key r passwrd that enables yu t decrypt it. Unencrypted data is called plain text; encrypted data is referred t as cipher text. Safeguarding an rganizatin's data frm unauthrized access r mdificatin t ensure its availability, cnfidentiality, and integrity. The brad subject cncerned with all aspects f managing and prcessing infrmatin within an rganizatin. The persn at each agency wh is respnsible fr the peratinal maintenance f IT security resurces within the agency. Tw r mre linked cmputer systems. There are many different types f cmputer netwrks. Sequence f characters (letters, numbers, symbls) used in cmbinatin with a User ID t access a cmputer system r netwrk. Passwrds are used t authenticate the user befre s/he gains access t the system. Infrmatin Technlgy Usage Plicy January 2010 Page 1

Cunty f Orange Infrmatin Technlgy Usage Plicy Persnally Identifiable Infrmatin (PII) User User ID Virus / Malicius Sftware Wrkfrce Member Any piece f infrmatin that culd be used t uniquely identify, cntact, r lcate a single persn. Examples include: full name; natinal identificatin number; email address; IP address; driver s license number; and Scial Security Number. Any individual wh uses a cmputer. Unique name given t a user fr identificatin t a cmputer r telephne netwrk, database, applicatin, etc. Cupled with a passwrd, it prvides a minimal level f security. A sftware prgram that interferes with cmputer peratin, damages r destrys electrnic data, r spreads itself t ther cmputers. Viruses and malicius sftware are ften transmitted via email, dcuments attached t email, and the Internet. Any member f the Cunty wrkfrce, including emplyees, temprary help, cntractrs, vendrs and vlunteers. 3 POLICY OVERVIEW As a member f the Cunty wrkfrce, yu are expected t cmply with the Cunty s Infrmatin Technlgy Usage Plicy. Yur agency may have additinal plicies that yu must fllw as part f yur jb. The fllwing are key cncepts f the Cunty s plicy: Infrmatin created r used in supprt f Cunty business activities is the prperty f the Cunty. Yur assigned infrmatin technlgy resurces are meant t facilitate the efficient and effective perfrmance f yur duties. It is yur respnsibility t ensure that resurces are nt misused and that yu cmply with plicy. If yu need t access cnfidential infrmatin as part f yur duties, yu will be asked t sign a cnfidentiality r nn-disclsure agreement befre yu access the Cunty netwrk. Many Cunty facilities huse sensitive r critical infrmatin systems. Yu are expected t cmply with all physical access cntrls designed t restrict unauthrized access. Yu may nt remve Cunty equipment r data in any frmat frm the wrkplace unless yu have received prir written apprval frm yur supervisr r manager. The use f the netwrk and Internet is a privilege, nt a right. If yu vilate plicy, yu may lse yur netwrk and/r Internet access. The Cunty may refuse t reinstate yur access fr the remainder f yur emplyment at the Cunty. The Cunty may als take ther disciplinary actin as apprpriate under Cunty plicy, departmental plicy and applicable emplyment MOUs. 4 YOUR RESPONSIBILITIES Yur security respnsibilities fall under several different Infrmatin Technlgy categries. Each categry and the key respnsibilities assciated with it are listed belw: Infrmatin Technlgy Usage Plicy January 2010 Page 2

Cunty f Orange Infrmatin Technlgy Usage Plicy USER IDs AND PASSWORDS Yu will be issued a netwrk user ID unique t yu. Only yu may use yur user ID t access Cunty resurces (e.g. cmputer, telephne, FAX). Yu will be issued a default passwrd at the same time as yur user ID. Yu will be prmpted t change yur passwrd the first time yu lg in t the system. D nt share user IDs and passwrds with ther users r individuals, including cwrkers and supervisrs. Treat yur passwrd as sensitive and highly cnfidential infrmatin. Yu are agreeing t fllw the Infrmatin Technlgy Usage Plicy when yu accept a passwrd frm the Cunty and use it t access the Cunty data r telephne netwrks, the Internet, r the Intranet. Change yur passwrd immediately if yu think smene else knws it. Reprt yur suspicins t management. If yu lse r frget yur passwrd, yu are required t request a passwrd reset. N ne else can d it fr yu. HARDWARE AND SOFTWARE The Cunty will prvide, and emplyees may request, peripheral equipment such as ear buds fr cellular phnes r Blackberry devices, as may be necessary t enable cmpliance with all lcal laws which pertain t the use f mbile cmmunicatin equipment r the individual wrkplace needs fr the emplyee t perfrm his r her emplyment. Never dwnlad r install any hardware r sftware withut prir written apprval f yur agency IT representative. D nt make any changes t system and/r sftware cnfiguratin files unless specifically authrized in writing by yur agency IT. Maintain yur business data files n a netwrk (r shared ) drive s that they can be backed up accrding t yur agency s regular backup schedule. Use the lck wrkstatin feature any time yu leave yur wrkstatin lgged n t the netwrk and yu are away frm yur desk. D nt cnnect a Cunty laptp r ther mbile device t the netwrk until it has been scanned fr viruses and malicius sftware. Fllw the authenticatin prcedures defined by yur agency whenever yu lg in t the Cunty netwrk via Remte Access. D nt attempt t cnnect yur wrkstatin, laptp, r ther cmputing device t the Internet via an unauthrized wireless r ther cnnectin while simultaneusly cnnected t any Cunty netwrk. Retain riginal sftware installed n yur cmputer if it is prvided t yu. The sftware must be available when yur system is serviced in case it needs t be reinstalled. D nt keep liquids r magnets n r near cmputers, as they can cause serius damage. Ensure that yur equipment is plugged int a surge prtectr at all times. Infrmatin Technlgy Usage Plicy January 2010 Page 3

Cunty f Orange Infrmatin Technlgy Usage Plicy Reprt all cmputer prblems in detail n the apprpriate frm and/r when yu cntact the Cunty Service Desk r discuss the prblem with yur agency s Help Desk. Reprt equipment damage immediately t the Cunty Service Desk r yur agency s Help Desk. EMAIL and TELEPHONE The e-mail and telephne systems and netwrks are primarily fr fficial Cunty business. Management can freely inspect r review electrnic mail and data files including vicemail. Emplyees shuld have n expectatin f privacy regarding their internet usage, electrnic mail r any ther use f Cunty cmputing r telephne equipment. D nt use a Cunty email accunt r vicemail bx assigned t anther individual t send r receive messages unless yu have been authrized, in writing, t act as that individual s delegate. Use f persnal Internet (external) email systems frm Cunty netwrks and/r desktp devices is prhibited unless there is a cmpelling business reasn fr such use and prir written apprval has been given by agency management and agency IT. D nt cnfigure r use autmated frwarding t send Cunty email t Internet-based (external) email systems unless specifically authrized t d s, in writing, by Cunty management. Send cnfidential infrmatin via email nly with the written permissin f management and nly via an apprved methd. Mark the email accrding t agency plicy. Treat cnfidential r restricted files sent as attachments t email messages as cnfidential r restricted dcuments. This als applies t cnfidential r restricted infrmatin embedded within an email message as message text r a vicemail message. D nt delete email r vicemail messages r ther data if management has identified the subject matter as relevant t pending r anticipated litigatin, persnnel investigatin, r ther legal prcesses. THE INTERNET / INTRANET Internet/Intranet access is primarily fr Cunty business. Yu may access the Internet fr limited persnal use nly during nnwrking time and in strict cmpliance with plicy. If there is any dubt abut whether an activity is apprpriate, cnsult with yur Department Head r his/her designee. INFORMATION SECURITY Treat hardcpy r electrnic Persnally Identifiable Infrmatin (PII) as cnfidential and take all precautins necessary t ensure that it is nt cmprmised. Intentinal r even accidental disclsure f PII t unauthrized users is a vilatin f plicy. Dn t leave PII unattended r unsecured fr any perid f time. Be sure t fllw yur agency s plicy fr dispsing f cnfidential data. This may include the physical destructin f data thrugh shredding r ther methds. Infrmatin created, sent, stred r received via the email system, netwrk, Internet, telephnes (including vicemail), fax r the Intranet is the prperty f the Cunty. Infrmatin Technlgy Usage Plicy January 2010 Page 4

Cunty f Orange Infrmatin Technlgy Usage Plicy D nt expect infrmatin yu create and stre n Cunty systems, including email messages r electrnic files, t be private. Encrypting r using ther measures t prtect r lck an email message r an electrnic file des nt mean that the data are private. The Cunty reserves the right t, at any time and withut ntice, access, read and review, mnitr, and cpy all messages and files n its cmputer system as it deems necessary. The Cunty may disclse text r images t law enfrcement withut yur cnsent as necessary. PROHIBITED ACTIVITY Unless yu are specifically authrized by yur manager r agency in writing, the fllwing uses are prhibited by the Infrmatin Technlgy Security Plicy: Using, transmitting, r seeking inapprpriate r ffensive materials, including but nt limited t vulgar, prfane, bscene, abusive, harassing, belligerent, threatening, r defamatry (harming anther's reputatin by lies) language r materials. Accessing, attempting t access, r encuraging thers t access cntrversial r ffensive materials. Revealing PII withut permissin, such as anther's hme address, telephne number, credit card number r Scial Security Number. Making ffensive r harassing statements r jkes abut language, race, clr, religin, natinal rigin, veteran status, ancestry, disability, age, sex, r sexual rientatin. Sending r sliciting sexually riented messages, images, vide r sund files. Visiting sites featuring prngraphy, terrrism, espinage, theft, drugs r ther subjects that vilate r encurage vilatin f the law. Gambling r engaging in any ther activity in vilatin f lcal, state, r federal law. Uses r activities that vilate the law r Cunty plicy r encurage thers t vilate the law r Cunty plicy. These include: Accessing, transmitting, r seeking cnfidential infrmatin abut clients r cwrkers withut prper authrizatin. Intruding, r trying t intrude, int the flders, files, wrk, netwrks, r cmputers f thers, r intercepting cmmunicatins intended fr thers. Knwingly dwnlading r transmitting cnfidential infrmatin withut prper authrizatin. Uses that cause harm t thers r damage t their prperty, including but nt limited t: Dwnlading r transmitting cpyrighted materials withut the permissin f the cpyright wner. Even if materials n the netwrk r the Internet are nt marked with the cpyright symbl,, assume that they are prtected under cpyright law. Using smene else s passwrd t access the netwrk r the Internet. Impersnating anther user r misleading message recipients int believing that smene ther than the authenticated user is cmmunicating a message. Infrmatin Technlgy Usage Plicy January 2010 Page 5

Cunty f Orange Infrmatin Technlgy Usage Plicy Uplading a virus, ther harmful cmpnent, r crrupted data r vandalizing any part f the netwrk. Creating, executing, frwarding, r intrducing cmputer cde designed t self-replicate, damage, r impede the perfrmance f any cmputer s memry, strage, perating system, applicatin sftware, r any ther functinality. Engaging in activities that jepardize the security f and access t the Cunty netwrk r ther netwrks n the Internet. Dwnlading r using any sftware n the netwrk ther than that licensed r apprved by the Cunty. Cnducting unauthrized business r cmmercial activities including, but nt limited t: Buying r selling anything ver the Internet. Sliciting r advertising the sale f any gds r services. Unauthrized utside fund-raising activities, participatin in any lbbying activity, r engaging in any prhibited partisan plitical activity. Psting Cunty, department and/r ther public agency infrmatin t external news agencies, service bureaus, scial netwrking sites, message bards, blgs r ther frums. Uses that waste resurces, including, but nt limited t: Printing f persnal files. Sending chain letters fr any reasn. Including unnecessary recipients n an email. Only cpy thers n an email r vicemail message wh shuld be "in the lp" n the tpic addressed. Indiscriminate use f distributin lists. Befre using a distributin list, determine whether r nt it is apprpriate fr everyne n that list t receive the email. "All hands" emails. Emails f this type are t be sent nly after management permissin has been btained. Infrmatin Technlgy Usage Plicy January 2010 Page 6

Cunty f Orange Infrmatin Technlgy Usage Plicy 5 ACKNOWLEDGEMENT If yu vilate security plicies, standards, r prcedures, yu can be subject t Cunty and agency-specific disciplinary actin up t and including discharge. By signing this dcument, I acknwledge that I have read, understand and will cmply with this Cunty f Orange Infrmatin Technlgy Usage Plicy. I understand that the cmplete Infrmatin Technlgy Usage Plicy is available fr me t review n the Cunty s intranet. I als may request a cpy frm the Cunty Service Desk, my agency s Help Desk, r my agency s Lcal Security Administratr. Wrkfrce Member Name (please print): Wrkfrce Member Signature: Agency/Department: Date: Infrmatin Technlgy Usage Plicy January 2010 Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information