Document: Camdeboo Municipality Proposed Policy Additions

Description

Introduction

Over the last few years the Municipality has invested much time and energy in its Computer Information Systems (CIS) infrastructure. This rapid progress has improved the network greatly and opened many new possibilities to the Municipality allowing more opportunities for more efficient service delivery.

Unfortunately this rapid growth has not allowed for adequate documentation of the equipment and new procedures. Also, as computers become a more crucial part of our everyday lives, so has CIS become a critical part of the operations of the Municipality.

We have been able to provide more computers to employees enabling them to be more efficient in their daily duties. Email and other Internet based communications have allowed for more reliable and faster communications. The Internet has also opened a world of information to officials allowing them to make informed decisions and commentary. Radio based wireless communications have enabled the Municipality to link its various buildings and open vending points in a reliable and cost effective way. Likewise, ADSL VPN’s have linked external service providers in efforts to further simplify operations.

Remote support options have been enabled wherever possible to improve on service response times and reduce traveling expenses. Linux and other free open-source technologies have been embraced to reduce licensing fees.

Unfortunately this change has not always been as smooth as we would have liked and can in no way be considered complete. Certain aspects of the network have out-grown their backbone infrastructures, while other sections do not have the necessary failsafe redundancy required in the event of a disaster. Operational documentation is either severely out dated or non-existent. The same can be said for CIS related policies. Many programs and technologies are implemented on the assumption that municipal users will be computer literate enough to adapt to the changes. If only it was always so. Failure to understand the changes often leads to frustration and while these changes are done to improve on efficiency, the converse then occurs.

By expanding the spread of computer equipment through the Municipality the risk for misuse or abuse of municipal resources has grown exponentially, as has the risk toward the security of data and other information stored by the Municipality. Threats such as error, fraud, embezzlement, terrorism, extortion, privacy violation, service interruption, viruses, spyware, data theft and sabotage are very real threats to the Municipality and without the correct policies in place it is difficult the ensure security, accountability and ownership of CIS resources and to take the correct actions against transgressions. With no formal procedures in place it is difficult for users to report problems and to ensure that these problems are addresses and resolved.

Also, with no fixed management structure in place for CIS resources there is little forward planning and the approach is reactive instead of proactive in most cases.

It is in light of the above mentioned that this document has been drafted so that the Municipality can address these issues.

Table of Contents

Introduction

Letter to the Municpal Manager

Proposed Policies

1.     Policy on the use of personal computer equipment

a.     Purpose

b.     Scope

c.     Policy Statements

d.     Application of this policy

e.     Disciplinary Action

f.     Legal support for this policy

g.     Terminology

h.     Notes

2.     Internet and Email usage policy

a.     Purpose

b.     Scope

c.     Policy Statements

d.     Application of this policy

e.     Disciplinary Action

f.     Terminology

g.     Notes

3.     IT Data and System Security Policy

a.     Purpose

b.     Scope

c.     Policy Statements

d.     Application of this policy

e.     Disciplinary Action

f.     Terminology and Definitions

g.     Notes

4.     Network Security Policy

a.     PURPOSE

b.     Scope

c.     Policy Statements

d.     Application of this policy

e.     Disciplinary Action

f.     TERMINOLOGY

g.     Notes

5.     POLICY REGARDING THE ACQUISITION OF mobile data connections

a.     Purpose

b.     Scope

c.     Conditions

d.     Disciplinary Action

e.     Definitions

6.     Bluetooth Security Policy

a.     Purpose

b.     Scope

c.     Policy

d.     Application of this policy

e.     Disciplinary Action

7.     TECHNOLOGY EQUIPMENT DISPOSAL POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     Disciplinary Action

8.     NETWORK ACCESS POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     Disciplinary Action

e.     DEFINITIONS

9.     REMOTE ACCESS POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     Disciplinary Action

10.     EXTRANET POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     Disciplinary Action

e.     DEFINITIONS

11.     PROXY FILTERING AND INTERNET ACCESS POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     Disciplinary Action

e.     DEFINITIONS

12.     WIRELESS ACCESS POLICY

a.     PURPOSE

b.     SCOPE

c.     Policy

d.     Disciplinary Action

13.     SERVER DOCUMENTATION POLICY

a.     PURPOSE

b.     Policy

14.     NETWORK SCANNING POLICY

a.     NETWORK SCAN TYPES AND SCOPE

b.     Disciplinary Action

15.     NETWORK DOCUMENTATION POLICY

a.     OVERVIEW

b.     PURPOSE

c.     Policy

16.     BACKUP POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

d.     DEFINITIONS

17.     INTRUSION DETECTION POLICY

a.     PURPOSE

b.     SCOPE

c.     Policy

18.     SERVER MONITORING POLICY

a.     PURPOSE

b.     SCOPE

c.     POLICY

19.     SYSTEM LOCKDOWN POLICY

a.     PURPOSE

b.     Scope

c.     Policy

d.     ENFORCEMENT

e.     APPENDIX A - SERVICES RECOMMENDED FOR SHUTDOWN

20.     ANTI-VIRUS, MALWARE AND OTHER THREATS POLICY

a.     PURPOSE

b.     ANTI-VIRUS POLICY

c.     EMAIL SERVER POLICY

d.     Enforcement

e.     Disciplinary Action

21.     Standard THIRD-PARTY NON-DISCLOSURE AGREEMENT

22.     Digital Piracy Policy

a.     Purpose

b.     Scope

c.     Policy

d.     Enforcement

e.     Disciplinary Action

Cover: Camdeboo Municipality Proposed Policy Additions

Rating

0
Your rating: None
3
Average: 3 (6 votes)