1. Purpose of the Procedure
In response to an increasing number of well-publicized threats to the integrity and reliability of computer and communication networks, the City has developed this procedure. It is a proven fact that the integrity and security of the entire network can be compromised by one weak link. This procedure is implemented to help meet the requirements of due diligence in safeguarding and protecting the City's networks.
This policy applies to all computers, servers, software, PDA's, etc, that will be connected to or used by Salt Lake City Corporation's networks.
2. Responsibilities of City Staff and Duties of City Network/Server Security Team
The procedure consists of a two-step process as follows:
A. During the design or planning stage, the person with overall responsibility for this project or their designee (project manger technician, software engineer, Technology Consultant, etc.) should contact the City's Network Security Manager (e-mail security.manager@ci.slc.ut.us) to get security guidance and discuss any security concerns that this project may present to the City's networks. The Security Manager may be able to give an immediate clearance or need to request an evaluation and/or research by members of the City Network/Server Security Team*, depending on the complexity of the project. A formal e-mail approval and/or specific concerns will be sent to the requestor in a timely manner. In some cases there may be multiple technical approaches to accomplish the same goals. This step is included to help direct the process to consider adequate security measures when evaluating the alternatives.
B. Prior to the implementation of the software or hardware, the person with overall responsibility for this project (or their designee) must contact the City's Citywide Network Security Manager (e-mail security.manager@ci.slc.ut.us)) for fine tuning of security issues and final clearance. The Security Manager (in coordination with the City Network/Server Security Team*) will send the requestor by email in a timely manner, an approval or a detailed list of concerns and the possible remedies.
FOR OBVIOUS SECURITY REASONS - NO SYSTEM CAN GO INTO PRODUCTION OR NO HARDWARE CAN BE CONNECTED TO THE CITY'S NETWORKS UNTIL THE PROPER SECURITY CLEARANCE HAS BEEN OBTAINED.
* City Network/Server Security Team - The official team responsible for insuring that all city networks (communication and data) are secure and properly protected. The team consists of members from the major network users (i.e. Airport, Public Utilities, Police, Fire, IMS, etc).