Salt Lake City Corporation management encourages staff to use the Internet for business purposes. If it is used for personal purposes, it should be done on personal, not company time and on a very limited basis. (See ‘Acceptable Use’ Procedure)
Reliability of Information from the Internet
All information taken off the Internet should be considered suspect until confirmed by another source. There is no quality control process on the Internet, and a considerable amount of Internet information is outdated, inaccurate, or deliberately misleading.
Handling Software and Files Down-Loaded from Internet
All software and files down-loaded from non-Salt Lake City Corporation sources via the Internet (or any other public network) must be screened with virus detection software (see ‘Virus scanning’ procedure). This screening must take place prior to being run or examined via another program such as a word processing package.
Remote User Connections through the Internet Require Approved Firewalls, Ant-Virus Protection and Authentication
All remote user connections with Salt Lake City Corporation internal networks using the Internet (or any other publicly-accessible computer network) must include an approved firewall and anti-virus system.
Approved connecting technologies include a Virtual Private Network (VPN) or dial-in server (RAS).
All users wishing to establish a connection with Salt Lake City Corporation computers via the Internet must authenticate before gaining access. This must be done via an extended user authentication process approved by the IMS Security Administrator.
Salt Lake City Corporation reserves the right to audit the security measures in effect on these connected systems without prior warning. Salt Lake City Corporation also reserves the right to immediately terminate network connections of any City remote users not meeting these requirements.
Approval Required for Third-Party Network Connections
City users may not establish Internet or any other external network physical connections which could allow non-Salt Lake City Corporation users to gain access to Salt Lake City Corporation systems and information unless prior approval of the IMS Security Administrator has been obtained.
Third party connections with the Salt Lake City Corporation internal networks using the Internet (or any other publicly-accessible computer network) must include an approved firewall and anti-virus system.
Salt Lake City Corporation reserves the right to audit the security measures in effect on these connected systems without prior warning. Salt Lake City Corporation also reserves the right to immediately terminate network connections with all third party systems not meeting such requirements.
Posting/Transferring Salt Lake City Corporation Material to the Internet
Users must not place Salt Lake City Corporation material (software, internal memos, documentation, and all other types of internal information) on any publicly-accessible Internet computer system unless the posting has first been approved by the City Recorder’s Office and/or the IMS Security Administrator.
Sending Sensitive Information using the Internet
Salt Lake City Corporation secret, proprietary, or private information must never be sent over the Internet unless it has first been encrypted by approved methods. Unless specifically known to be in the public domain, source code must always be encrypted before being sent over the Internet.
Staff must not send credit card numbers, log-in passwords, or other security information or payments information via Internet electronic mail if it is in readable (unencrypted) form. Readable electronic mail sent via the Internet has the same security as a post card; sensitive information unsuitable for a post card must not be sent by Internet electronic mail.
Tools Used to Break Systems Security Prohibited
Unless specifically authorized by the IMS Security Administrator, Salt Lake City Corporation employees must not acquire, possess, trade, or use hardware or software tools that could be employed to evaluate or compromise information systems security. Examples of such tools include those which defeat software copy-protection, discover secret passwords, or identify security vulnerabilities.