Table of Contents Table of Contents
Previous Page  99 / 105 Next Page
Information
Show Menu
Previous Page 99 / 105 Next Page
Page Background

Confidential — for Internal Use Only

Associate Handbook August 2016 |

99

CHAPTER 9

INFORMATION SECURITY

ICMA‑RC’s corporate data and computer resources are vital assets. Information Security Department is

responsible for protecting the confidentiality, integrity, and availability of all ICMA‑RC’s information

processing activities, but all associates play a part.

All information traveling over ICMA‑RC’s computer networks is a corporate asset, and the corporation

prohibits the unauthorized access, disclosure, duplication, modification, diversion, loss, misuse or theft of this

information. Further, it bears mention that information belonging to third parties (e.g., information entrusted

to ICMA‑RC in confidence) is also included in this prohibition, as ICMA‑RC is contractually obligated to

keep the information of our clients and partners secure.

In an effort to safeguard ICMA‑RC’s information resources, Information Security & Technical Operations

(ISTO) Division has developed a suite of ICMA‑RC policies all associates must follow. These policies

provide guidance on all levels of interaction with ICMA‑RC’s data and information systems. While there is

no substitute for familiarity with every ISTO-sponsored policy — all of which are available on ICMA‑RC’s

intranet under the heading Computer Security Policies — the following policies provide guidance most

applicable to and most referenced by the largest number of ICMA‑RC associates.

Acceptable Use Policy

This policy provides guidance at the highest level for how ICMA‑RC expects its associates to interact with its

technology and handle its data. Associates will find in its pages handling instructions for sensitive data, password

restrictions, reporting requirements for when equipment is stolen, and social media restrictions. Readers will also

find prohibitions against distributing offensive material, unauthorized access attempts, and probing electronic

security measures. All associates must read and sign the ICMA‑RC Acceptable Use Policy annually.

Internet Use Policy

This policy provides detailed guidance on acceptable Internet use on or through ICMA‑RC information

systems. Specifically, the document provides direction on the use of proper security controls when

transmitting ICMA‑RC data, as well as information regarding ICMA‑RC Internet-monitoring practices. This

document also details ICMA‑RC Web-surfing limitations, and prohibitions against excessive personal Internet

use, illegal use, and attempts to circumvent ICMA‑RC’s Internet security controls.

Password Security Policy

In the ICMA‑RC Password Security Policy (and its associated standard), you will find the corporation’s

password complexity requirements, including specific, minimum construction standards user and

administrator passwords must meet to be acceptable. You will also find information regarding ICMA‑RC

password testing, handling, and limitations on password use.

Remote Access Policy

The ICMA‑RC Remote Access Policy defines the minimum acceptable measures required for accessing

1 94 95 96 97 98 99 100 101 102 103 104 105  FlippingBook