Title
a. Accept and approve the County of Monterey Information Technology Policy as amended; and
b. Approve and adopt the County of Monterey Security Policies as amended.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
a. Accept and approve the County of Monterey Information Technology Policy as amended; and
b. Approve and adopt the County of Monterey Security Policies as amended.
SUMMARY:
County of Monterey Information Technology Policy
This update removes the Security Policies from the Information Technology Policy and makes the Security Policies separate documents. This constitutes the entire change to the Information Technology Policies.
County of Monterey Security Policies
Approval of updated, revised County of Monterey Security Policies on Appropriate Use, Information Technology Security, Data Privacy, and Social Media Use will further refine roles, responsibilities, and requirements for the security and appropriate use of County information technology. Updates are necessary to cope with an increasingly complex technological environment and to meet constantly evolving security challenges.
DISCUSSION:
County of Monterey Security Policies
On September 10, 2002, the Board of Supervisors approved adoption of the Monterey County Security Policies, which include policies for Appropriate Use, Information Technology Security, and Data Privacy. These policies were written to address technology as it existed in the year 2002 and included not only policy elements, but also "how to" elements and technological standards. Since the adoption of these original policies, there have been exponential growth and advancements in technology. Because technology is constantly evolving, best policy practices now recommend that "how to" provisions and technological standards be memorialized outside of policy in documents that can be more rapidly modified to keep pace with technological change.
The proposed, updated Security Policies submitted for the Board's consideration strive to be as technologically independent as possible, so that they do not require constant rewriting, while addressing core elements of technology security that remain relatively constant. "How to" elements and technological standards have been moved to separate security standards and security best practice documents.
Information Security is a business issue as well as a technology issue. County departments must ensure the confidentiality, integrity and availability of their data. The proposed County of Monterey Security Policy updates establish what must be done to protect information stored on computers and networks. They specify "what" to do so that "how" to do it can be identified and evaluated.
As such, County Department Directors and Information Security Officers were again brought together for participation in review of the existing Security policies. They provided input on recommended changes to the existing Appropriate Use, Information Technology Security, and Data Privacy policies. They also provided input on the addition of a Social Media Use policy that is consistent with the current and future use of technology by county departments.
OTHER AGENCY INVOLVEMENT:
County of Monterey Security Policies
The Information Security Officers within each County department were provided opportunity to provide input in drafting County of Monterey Security Policies (Appropriate Use, Security, Data Privacy, and Social Media Use). Department Directors participated in the development of the final drafts brought before the Board for approval. County Counsel also extensively reviewed these Security Policies.
FINANCING:
There will be no direct financial impact caused by implementation of these policies.
Prepared by: Dan Kern, Chief Security Officer, 796-1449
Approved by:
Dianah Neff, Director of Information Technology, 759-6923
Attachments:
Security Policy
Social Media Use Policy
Data Privacy Policy
Appropriate Use Policy