HomeMy WebLinkAboutPOL-018-23 Network Security
COUNTY OF NEWELL - POLICY HANDBOOK
POLICY NO: POL-018-23
TITLE: NETWORK SECURITY
ADOPTED: March 9, 2023 (C-71/23)
SUPERCEDES NO: 2014-PAD-065 PAGE NO: 1 of 3
POLICY PURPOSE: The purpose of this policy is to protect the integrity of the County’s network,
to mitigate the risks and losses associated with security threats to the County Information
Technology (IT) infrastructure, both internal and external, and to ensure secure and reliable
network access and performance.
This policy applies to all who access the County’s network, including, but not limited to all County
rd
employees, 3 party contractors, consultants, and partners. This policy also applies to all
computer and data communication systems owned by or administered by the or its partners.
DEFINITIONS:
Network is a collection of computers, servers, mainframes, network devices, peripherals or other
devices connected to allow data sharing.
Network Security a set of practices and configurations that uses a variety of technologies,
devices, and processes designed to protect the integrity, confidentiality and accessibility of
computer networks and data. Network security consists of 3 different types of controls: physical,
technical, and administrative. Each control can serve a different function: preventative, detective,
or corrective. See Figure 2 for examples of IT security controls and the function they serve.
IT Security Controls measures put in place to avoid, detect, counteract, or minimize security
risks to IT Infrastructure. These controls can be physical, technical, or administrative. Security
controls can function as preventative, detective, or corrective.
Users all authorized users of the County network, including, but not limited to employees, Elected
Officials, 3rd party contractors, consultants, and partners.
IT Infrastructure Preventative Maintenance and Security Plan is a plan prepared by and for
the IT Department and approved by the Executive Leadership Team that details the preventative
maintenance tasks, security controls and backup retention schedules. The IT Department
executes the plan annually to meet corporate expectations and legislated requirements.
Classifications and Examples:
External facing systems and information. This includes search engine results and social
External media.
Perimeter Firewalls, Secure Web Gateway (SWG), Secure Email Gateway (SEG)
Network Switches, Hub's, Routers, WAP's Repeaters, Media Convertors
Physical hardware of computing device (Servers, PC's, Tablet, Trimble Devices, Phones,
Host etc.)
Operating System (O/S)Server 2012, Windows 10, iOS, Android, Linux, Device Specific O/S (QNAP, NetApp)
SQL server 2017 standard, Microsoft Dynamics, ESRI ArcGIS Suite, Adobe Creative Suite,
Application Laserfiche
POL-018-23
Data Files, Databases, Electronic/Digital Messages, Repositories
NETWORK SECURITY Page 2 of 3
POLICY GUIDELINES:
IT Security Controls shall be applied in an appropriate, cost-effective manner throughout the
various layers of the Classification Model.
Figure 1: Classification Model
POL-018-23
NETWORK SECURITY Page 3 of 3
Figure 2: Network Security Controls
Source: https://www.f5.com/labs/articles/education/what-are-security-controls
ROLES & RESPONSIBILITIES:
IT Department
Establishing, maintaining, implementing, administering, and interpreting organization-wide
information systems security policies, processes, and procedures.
Reviewing, updating, and delivering the service levels defined within the IT Infrastructure
Preventative Maintenance and Security Plan.
Provide specific guidance, direction, and authority for information security.
Directors, Managers, Supervisors
Identify the level of network access for each User that reports to them.
Where corrective action is required, ensure actions are identified and completed.
Ensuring that IT security controls are observed in their areas, allocating sufficient
resources and staff time to meet the requirements of the IT security controls.
Ensuring that all users are aware of the County policies, processes, and procedures
related to computer systems and network access and security.
Users
Following the policies, processes, and procedures defining computer and network access
and security.
Follow training guidelines and working within security controls.
Reporting all known and suspected information security vulnerabilities and/or violations to
the IT department.