Critique of current Chicago information security policy
Enterprise Information Security Policy (EISP)
Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document Overview The City of Chicago (City) intends to manage its information technology and information assets to maximize their efficient, effective, and secure use in support of the City‘s business and its constituents. This document, the Information Security Policy (Policy), defines the governing principles for the secure operation and management of the information technology used, administered, and/or maintained by the City and for the protection of the City‘s information assets. Violations of the City‘s Information Security Policy must be reported to Department Management or the Department of Innovation and Technology‘s (DoIT) Chief Information Officer.
To define the responsibilities of the City‘s officers, employees, agents, departments, commissions, boards, offices, and agencies with respect to appropriate use and protection of the City‘s information assets and technology. To ensure that the City‘s information assets and technology are secure from unauthorized access, misuse, degradation, or destruction.
Information Security Organization Provides information on the structure of the information security organization and individuals that fulfill the information security role Scope This Information Security Policy applies to the City of Chicago, its departments, commissions, boards, offices, and agencies, and all officers, employees, temporary employees, interns, vendors, consultants, contractors and agents thereof--collectively referred to as ―User(s)‖. The principles set forth in this Policy are applicable to all information technology and assets, in all formats, used by the City. This Policy does not create any rights, constitute a contract, or contain the terms of any employment contract or other contract between the City of Chicago, any employee or applicant for employment, or any other person. Rather, this Policy details certain purposes, procedures, guidelines, responsibilities, and other matters the City of Chicago deems relevant to its management of information assets. The City reserves the right to amend this Policy or any part or provision of it.
Areas different from standards discussed Fully articulated responsibilities for security that are shared by all members of the organization Fully articulated responsibilities for security that are unique to each role within the organization
Although it mentions that the City‘s Chief Information Officer (CIO) is responsible for overall security of information assets and technology at the City, but it does not fully articulate the specific responsibilities that the CIO may delegate related to information security to others including Employees, consultants, contractors or Third Parties within the City based on their job function. It needs to be enlisted. Organizing Information Security Information Security Co-ordination The Department of Innovation and Technology is responsible for designing, implementing and maintaining a City-wide information security program--in conjunction with other departments--and for assisting all City departments, agencies, offices, boards, and commissions in implementing and maintaining information management practices at their respective locations.
Allocation of information security responsibilities The City‘s Chief Information Officer (CIO) is responsible for overall security of information assets and technology at the City. The CIO may delegate specific responsibilities related to information security to others within the City based on their job function.
Confidentiality Agreements Employees, consultants, or contractors...
Please join StudyMode to read the full document