Formal security policies, applicable to all County departments and agencies, are published in the Information Resource Security Policies Manual. These written policies are codified and established under County Policy and Procedure Memoranda (PPM) CW-0-059. Security policies designate ISS as the central support organization for the security functions pertaining to computerized systems. ISS' roles and responsibilities in this regard are to:
- provide full-time enterprise security staff;
- establish written policies and procedures governing computer security;
- serve as a liaison to user departments and agencies;
- investigate security breaches and assist in audit reviews of security controls; and
- maintain integrated system controls.
Countywide security policies address 20 subject areas, including personnel security, physical and environmental protection, production and input/out controls, system access, data confidentiality, disaster recovery planning, and security awareness and training. These policies delineate information security requirements to mitigate the risks that information resources will be destroyed, lost, improperly accessed, incorrectly modified, or not readily available for their intended purposes.
The Justice Information Systems (JIS) projects served as the impetus for establishing formal security policies. Development of integrated justice applications which for use by the independent JIS agencies required the establishment of formal rules and regulations for administering security in a shared IT facility. Countywide applicability of the security policies was imposed through the Chief Judge's Administrative Order 11.040 and the written policies were adopted in December 2000.
IT Operations
