Security Awareness Training: Topic 1

Information Technology Security

You are responsible for the physical security of all of the information technology you use in the conduct of County business that is under your direct control. This means that you will implement controls to prevent unauthorized persons from using your network accounts and/or from accessing County protected or confidential electronic information stored on your device(s).
 
Network Accounts

As an authorized User, you are provided with a County network account.  This  account is configured to require that you create a password that meets the County’s minimum password length requirement.  ITS requires the use of strengthened network passwords. Striving for balance, ITS is promoting an enhanced minimum password standard that still remains far less demanding than complexity levels recommended under several security standards. Following password requirements:

  • Minimum of 8 characters, max is 128·  

  • Requires 3 of 4 from the following:

    • Capital letter
    • Lower case letter
    • Number
    • Special character –such as $ % &* @ etc.·  
  • Passwords must be changed every 60 days

The County’s network account management practice requires mandatory password renewal and restricts password reuse.   Providing network access to another individual, either deliberately or through failure to secure its access, is a violation of this Policy.  Therefore, please do not share County account or password information with anyone. Once logged in with your County network account,  do not allow any unauthorized person including co-workers to use your device.  

Based on your job responsibilities, you may be given rights to other County network resources such as databases and applications.  These accounts will also require that you create a password that meets a specific requirement. The security of these passwords is just as important as your network account password. 

Network user rights are assigned to allow the appropriate level of access to applications and data required for your job. External agencies may also extend network rights to their applications.  Should you ever discover you have rights to applications or data areas that don't seem to match your responsibilities you should advise your supervisor and contact ITS immediately.  Knowingly using inappropriately assigned network rights to access County or other network resources beyond your job responsibilities is a violation of the security policy and constitutes a data breach.

Some of the regulatory agencies with whom the County works require additional security beyond the standard access controls and password that we use in all locations.  An example is “Two-Factor Authentication”, which refers to technology that adds a secure hardware or software token to the access process.   Evolving security requirements in areas with sensitive data may necessitate the addition of this or similar technology as a compliance requirement in the future.

As a security control, each time you log in to gain access to the County network a system notification message will appear. This message serves as a privacy and security notice consistent with the acceptable use of the County' s network as applicable to Federal, State laws or County policies.

Securing Your Work Site(s) - Physical Security

A work site has traditionally referred to as a permanent space assigned to you within a building owned or leased by the County. The expansion of mobile computing and advanced communications increasingly empowers employees to perform their duties from field locations or work remotely. Regardless of the location of your work site, you are responsible for ensuring its physical security including the devices in your control.  Your objective is to protect your work site against unauthorized access. To ensure the security of your work site:

 
  • Control access to your work sites and secure them during off‐hours.
  • Within County facilities, while being mindful of personal safety, confront any unauthorized person who has gained access to a work site designated only for authorized Users. Seek assistance from your department management if you are not comfortable directly communicating with an unauthorized person in the workspace. Report any such intrusion or lack of cooperation to your supervisor.

  • The County imposes a 15‐minute screen saver policy on all devices used in the conduct of the County business.

  • Lock or log off your device when it is unattended.

  • Log off and shut down the device at the end of the workday, over weekends and or during extended times away from your device.

 

 security awareness training home button   cyber security button prev pg cyber security button next page cyber security button glossary