Security Policies
 

INFORMATION TECHNOLOGY

  

The Following policies and procedures were created to strengthen the Information Technology's security initiatives, to protect technology resources from abuse and/or illegal use, and first and foremost, to negate City liability.

Account Management Policy

Administration Special Access Policy

Backup Security Policy

Email Policy

Incident Management Policy

Internet Policy

Intrusion Detection Policy

IS Privacy Policy

Network Access Security

Network Configuration Security

Password Policy

Physical Access Policy

Portable Computing Security Policy

Security Monitoring Policy

Security Training Policy

Software Licensing Policy

System Upgrade Maintenance Security

Vendor Access Policy

Virus Policy

 

 

The following state and federal references were used in the development of these policies:

Copyright Act of 1976
Foreign Corrupt Practices Act of 1977
Computer Fraud and Abuse Act of 1986
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The State of Texas Information Act
Texas Government Code, Section 441Texas Administrative Code, Chapter 202
IRM Act, 2054.075(b)
The State of Texas Penal Code, Chapters 33 and 33 A
DIR Practices for Protecting Information Resources Assets
DIR Standards Review and Recommendations Publications

 

The following statements constitute standard Information Technology security policies and procedures.

  • IT Security controls will not be bypassed or disabled.
  • Security awareness of personnel will be continually emphasized, reinforced, updated and validated.
  • All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confided violations of this policy to the appropriate management.
  • All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confided violations of this policy to the appropriate management.
  • Passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), and other computer systems security procedures and devices shall be protected by the individual user from use by, or disclosure to, any other individual or organization. All security violations shall be reported to the custodian or the IT department management.
  • Access to, change to, and use of IR will be strictly secured. Information access authority for each user will be reviewed on a regular basis, as well as each job status change such as: a transfer, promotion, demotion, or termination of service.
  • The use of IR will be for officially authorized business purposes only. There is no personal privacy or access to tools such as, but not limited to; email, Web browsing, and other electronic discussion tools. The use of these electronic communications tools may be monitored to fulfill complaint or investigation requirements. Departments responsible for the custody and operation of computers (custodian departments) shall be responsible for proper authorization of IR utilization, the establishment of effective use, and reporting of performance to management.
  • Any data used in an IR system will be kept confidential and secure by the user. The fact that the data may be stored electronically does not change the requirement to keep the information confidential and secure. Rather, the type of information or the information itself is the basis for determining whether the data will be kept confidential and secure. Furthermore if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data will still be protected as confidential and secured.
  • On termination of the relationship with the City Of El Paso, users will surrender all property and IR managed by the City of El Paso v. All security policies for IR apply to and remain in force in the event of a terminated relationship until such surrender is made. Further, this policy survives the terminated relationship.
  • Custodian departments will provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access will be properly documented, authorized and controlled.
  • All departments will carefully assess the risk of unauthorized alteration, unauthorized disclosure, or loss of the data for which they are responsible and ensure, through the use of monitoring systems, that the agency is protected from damage, monetary or otherwise. Owner and custodian departments will have appropriate backup and contingency plans for disaster recovery based on risk assessment and business requirements.

Violation of this policy can and will result in disciplinary action, which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers. Additionally, individuals are subject to loss of The City Of El Paso Information Resources access privileges, and civil and/or criminal prosecution.

 

print-version   

| Disclaimer | Accessibility | Privacy Policy | Security Policy | Link Policy |
| Tools | Contact Us | Directions to City Hall | Employees | © 2008 City of El Paso | Webmail |

THE CITY OF EL PASO, TEXAS Home Government Residents Business Visitors Departments Online Services Meetings Search THE CITY OF EL PASO, TEXAS - www.elpasotexas.gov