Essay City of Chicago Information Security Policy

Words: 2903
Pages: 12

Critique of current Chicago information security policy
Enterprise Information Security Policy (EISP)
Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document
Overview  The City of Chicago (City) intends to manage its information technology and information assets to maximize their efficient, effective, and secure use in support of the City‘s business and its constituents.  This document, the Information Security Policy (Policy), defines the governing principles for the secure operation and management of the information
…show more content…
Appropriate Use
Areas similar to standards discussed -

Users must not allow any consultant, visitor, friend, family member, customer, vendor or other unauthorized person to use their network account, e-mail address or other Cityprovided computer facilities. Users are responsible for the activities performed by and associated with the accounts assigned to them by the City. No User may use City-provided Internet or Intranet access or the City‘s Confidential or Internal information to solicit or conduct any personal commercial activity or for personal gain or profit or non-City approved solicitation. Users must not make statements on behalf of the City or disclose Confidential or Internal City information unless expressly authorized in writing by their Department Management. This includes Internet postings, or bulletin boards, news groups, chat rooms, or instant messaging. Users must protect Confidential or Internal information being transmitted across the Internet or public networks in a manner that ensures its confidentiality and integrity between a sender and a recipient. Confidential information such as Social Security numbers, credit card numbers, and electronic Protected Health Information (ePHI) must be transmitted using encryption software.

Systems Management
Areas similar to standards discussed -

Management of stored materials/documents
Backup  The City will perform regular backups of User files