DOCSLIB.ORG

Information Security Policy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Information Security Policy Madison County HIPAA Information Security Policy V2.5 Original Version Adopted: May 10, 2005 by Madison County Board of Supervisors Version 1.2 Adopted: July 30, 2009 by Government Operations Committee Version 2.4 Adopted: October 31, 2013 by Government Operations Committee Version 2.5 Adopted: March 27, 2014 by Government Operations Committee Contents Purpose ...................................................................................................................................................... 1 Scope .......................................................................................................................................................... 2 Amending the Madison County HIPAA Information Security Policy.......................................... 2 Violating the Madison County Information Security Policy .......................................................... 2 Part 1 - Management ............................................................................................................................... 3 County Staff Responsibilities ........................................................................................................... 3 Procedure: ........................................................................................................................................... 3 Information Systems ........................................................................................................................... 3 Procedure: ........................................................................................................................................... 3 Centralized Responsibility for HIPAA/HITECH Information Security ..................................... 4 Responsibilities: ................................................................................................................................ 4 Information Security Incident Response ....................................................................................... 5 Annual Information Systems Planning Process Required ....................................................... 5 Risk Analysis, Assessment and Management ............................................................................. 5 User Responsibilities: ......................................................................................................................... 6 Procedure: ........................................................................................................................................... 6 Security Awareness Training and Awareness ............................................................................. 6 Procedure: ........................................................................................................................................... 6 Contingency Planning ........................................................................................................................ 7 Procedure: ........................................................................................................................................... 7 Acceptable and Unacceptable Use Definitions ............................................................................ 8 Acceptable Use ..................................................................................................................................... 8 Disclosure of Information System Vulnerabilities....................................................................... 9 Procedure: ........................................................................................................................................... 9 Reporting Security Incidents ............................................................................................................ 9 Procedure: ........................................................................................................................................... 9 Part 2 Technical ........................................................................................................................................ 9 The County’s Information Systems Connections ....................................................................... 9 Procedure: ........................................................................................................................................... 9 System Privileges/Access ............................................................................................................... 10 Procedure: ......................................................................................................................................... 10 County ITS User Login Process ..................................................................................................... 10 Procedure: ......................................................................................................................................... 11 County User Computer Lockdown/Logoff Process .................................................................. 11 Procedure: ......................................................................................................................................... 11 Password Protection and Network Security ............................................................................... 11 Procedure: ......................................................................................................................................... 11 Information Systems Backup.......................................................................................................... 12 Procedure: ......................................................................................................................................... 12 System Logs Enabled ....................................................................................................................... 12 Malicious Code ................................................................................................................................... 13 Procedure: ......................................................................................................................................... 13 Device Security ................................................................................................................................... 13 Procedure: ......................................................................................................................................... 13 Encryption ............................................................................................................................................ 14 Procedure: ......................................................................................................................................... 14 Transfer of Computer Equipment and Media ............................................................................. 14 Procedure: ......................................................................................................................................... 14 Electronic Storage Media Disposal ............................................................................................... 14 Procedure: ......................................................................................................................................... 14 Physical Security for IT Equipment ............................................................................................... 14 Procedure: ......................................................................................................................................... 15 Copy Machines and Other Equipment Having Data Storage Capability ............................. 15 Procedure: ......................................................................................................................................... 15 Breach Definitions ............................................................................................................................. 15 Breach Notification Procedures ..................................................................................................... 15 Appendix A: Glossary ........................................................................................................................... 17 Appendix B: County Staff Responsibility ........................................................................................ 20 Purpose Access to Madison County's (“the County”) information systems has been provided to only authorized County entities, employees, consultants, contractors, interns, volunteers and temporary workers (“Users”) for the benefit of providing service by the County to residents of the County. All County Users have the responsibility to comply with County policies and procedures to help protect and maintain the County’s information assets against accidental or intentional disclosure or compromise. All County Users have the responsibility to maintain and protect the County’s public image and to use the County’s information systems in a productive and appropriate manner while performing official County business. It is important to also note the following: 1. “County Entities”, for the purposes of this policy, shall include all County departments, offices, etc. 2. County Users, for the purposes of this Policy, shall refer only to those users that have been approved to have access to electronic Protected Health Information (ePHI). 3. All references to ePHI and other
Load more

Recommended publications
  • Beyond Napster: Using Antitrust Law to Advance and Enhance Online Music Distribution
    University of Maryland Francis King Carey School of Law DigitalCommons@UM Carey Law Faculty Scholarship Francis King Carey School of Law Faculty 2002 Beyond Napster: Using Antitrust Law to Advance and Enhance Online Music Distribution Matthew Fagin Frank Pasquale University of Maryland Francis King Carey School of Law, [email protected] Kim Weatherall Follow this and additional works at: https://digitalcommons.law.umaryland.edu/fac_pubs Part of the Antitrust and Trade Regulation Commons, and the Intellectual Property Law Commons Digital Commons Citation 8 Boston University Journal of Science & Technology Law 451 (2002) This Article is brought to you for free and open access by the Francis King Carey School of Law Faculty at DigitalCommons@UM Carey Law. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of DigitalCommons@UM Carey Law. For more information, please contact [email protected]. ARTICLE BEYOND NAPSTER: USING ANTITRUST LAW TO ADVANCE AND ENHANCE ONLINE MUSIC DISTRIBUTION MATrHEW FAGIN,* FRANK PASQUALE, & KIM WEATHERALL INTRODUCTION ................................................................................................ 454 1. BACKGROUND .......................................................................................... 457 A. The Nature and Significance of the Technology ......................... 457 1. A Brief Recent History of Unauthorized Online Music Distribution and Its Threat to Copyright Owner's Interests... 457 2. Music Distribution Online: The Authorized
    [Show full text]
  • Beyond Napster, Beyond the United States: the Technological and International Legal Barriers to On-Line Copyright Enforcement
    NYLS Law Review Vols. 22-63 (1976-2019) Volume 46 Issue 1 Judge Jon. O. Newman: A Symposium Celebrating his Thirty Years on the Federal Article 10 Bench January 2003 BEYOND NAPSTER, BEYOND THE UNITED STATES: THE TECHNOLOGICAL AND INTERNATIONAL LEGAL BARRIERS TO ON-LINE COPYRIGHT ENFORCEMENT Jeffrey L. Dodes Follow this and additional works at: https://digitalcommons.nyls.edu/nyls_law_review Part of the Communications Law Commons, Intellectual Property Law Commons, Internet Law Commons, Law and Society Commons, Legal History Commons, Litigation Commons, and the Rule of Law Commons Recommended Citation Jeffrey L. Dodes, BEYOND NAPSTER, BEYOND THE UNITED STATES: THE TECHNOLOGICAL AND INTERNATIONAL LEGAL BARRIERS TO ON-LINE COPYRIGHT ENFORCEMENT, 46 N.Y.L. SCH. L. REV. (2002-2003). This Note is brought to you for free and open access by DigitalCommons@NYLS. It has been accepted for inclusion in NYLS Law Review by an authorized editor of DigitalCommons@NYLS. \\server05\productn\N\NLR\46-1-2\NLR102.txt unknown Seq: 1 11-FEB-03 13:48 BEYOND NAPSTER, BEYOND THE UNITED STATES: THE TECHNOLOGICAL AND INTERNATIONAL LEGAL BARRIERS TO ON-LINE COPYRIGHT ENFORCEMENT I. INTRODUCTION Courts in the United States and throughout the world are faced with great challenges in adjudicating legal conflicts created by the rapid development of digital technologies. The proliferation of new technologies that allow for fast, reliable and widespread transmission of digital files has recently created a swell of litigation and media cover- age throughout the world. Copyright
    [Show full text]
  • Tuna: Shared Audio Experience
    tunA: Shared Audio Experience Julian Moore Advanced Scholar / AIB Fellow University of Limerick / Media Lab Europe (2004) Bachelor of Computer Engineering with First Class Honours University of Limerick (2002) Submitted to the College of Informatics & Electronics in fulfilment of the requirements for the degree of Master of Science at the UNIVERSITY OF LIMERICK Timothy Hall, University of Limerick Stefan Agamanolis, Media Lab Europe Submitted to the University of Limerick, September 2004 Keywords: Mobile Audio, MP3, Ad-Hoc Networking, Synchronisation, Instant Messaging, Social Networks, P2P, Peer to Peer, Shared Experience, Distributed Systems, tunA, Proximity Networks, Wireless Devices, Personal Music Players ii Abstract This thesis presents tunA – a ‘socialising MP3 player’. An evolution of the walkman, it is a peer-to-peer software application for mobile devices that as well as functioning as a normal MP3 player, allows users to locate nearby peers, view their profiles, send instant messages, and wirelessly share music. Rather than simply exchanging music libraries, the software streams audio from device to device in a tightly synchronised fashion, so that all parties hear the same audio, at the same time. This combination of discovery mechanism, profile and message swapping, and ‘shared audio experience’ provide a platform for people to encounter and engage with others of similar tastes and interests. A comprehensive logging mechanism completes the application, and extends it into a valuable tool for the study of social dynamics. Technically, tunA sports a number of unique characteristics, several of which are the subject of a provisional United States patent. These features include: a custom algorithm for synchronising the playback of streaming media in ad-hoc networks, a proximity-based instant messenger, the ability to ‘bookmark’ favourite peers / audio, and a novel user interface (including a bespoke input mechanism for touch screen mobile devices).
    [Show full text]
  • File Sharing in P2P Systems for the Expected High Churn SHRIKANT P
    Shrikant P Bhosale* et al. (IJITR) INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGY AND RESEARCH Volume No.3, Issue No.1, December – January 2015, 1842 – 1845. File Sharing in P2P Systems for the Expected High Churn SHRIKANT P. BHOSALE AMIT R. SARKAR Department of Computer Science & Engineering Department of Computer Science & Engineering SVERI’s College of Engineering SVERI’s College of Engineering Pandharpur India Pandharpur India Abstract— Most of the file sharing networks plays a major role in the current networking domain. On that the file sharing between the users is an important work takes place on those systems. When considering each of the system, the need is a performance improvement in the network. We address the problem of highly transient populations in unstructured and loosely structured peer-to-peer (P2P) systems. In existing system they consider the distributed system and causes collision while communication. But we consider centralized system and overcome the collision during file sharing and also the existing system drawbacks. Keywords-File sharing, peer to peer, Distributed system, Centralized System. I. INTRODUCTION When computers moved into mainstream use, PCs (personal computers) were connected together While a peer is a computer that behaves as a client through LANs (local area networks) to central in the client/server model, it also contains an servers. These central servers were much more additional layer of software that allows it to powerful than the PCs so any large data processing perform server functions. The peer computer can took place on these servers. Since then, PCs have respond to requests from other peers. The scope of become much more powerful, and they are able to the requests and responses, and how they are handle the data processing locally rather than on executed, are application-specific.
    [Show full text]
  • Digitalisation and Intermediaries in the Music Industry
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by ZENODO CREATe Working Paper 2017/07 (March 2017) Digitalisation and intermediaries in the music industry Authors Morten Hviid Sabine Jacques Sofia Izquierdo Sanchez Centre for Competition Policy, Centre for Competition Policy, Department of Accountancy, University of East Anglia University of East Anglia Finance, and Economics, [email protected] [email protected] University of Huddersfield [email protected] CREATe Working Paper Series DOI:10.5281/zenodo.439344 This release was supported by the RCUK funded Centre for Copyright and New Business Models in the Creative Economy (CREATe), AHRC Grant Number AH/K000179/1. Table of Contents 1. Introduction ..................................................................................................................................... 1 2. How the advancement of technologies shapes the music industry ................................................. 2 2.1 Pre-digitalisation production of recorded music ..................................................................... 2 2.2 The role of digitalisation on recorded music ........................................................................... 4 2.2.1 The compact disc ............................................................................................................ 4 2.2.2 MP3 ................................................................................................................................. 5 2.2.3 Peer-to-peer
    [Show full text]
  • Network Security Policy for Dormitory Networks
    GSEC Practical Assignment Version 1.4b, Option 1 Author: Wayne Lai Date submitted: January 5, 2004 Managing Peer-to-Peer Applications in Dormitory Networks Abstract This paper will focus on the issue of peer-to-peer application (P2P app) management in university dormitory networks. Dorm networks are usually not tightly secured as an ordinary network and thus special procedures need to be used to either block or restrict the use of P2P apps for illegal file swapping. Most universities have experienced or are currently experiencing problems in dealing with P2P app management. This paper will start out with an overview of the typical P2P apps used in dorm networks. The paper then discusses the problems associated with P2P apps in dorm networks. Then there is a brief discussion of how a dorm network security policy can be used for P2P app management. The bulk of this paper focuses on the tools for P2P app management. Then issues with P2P monitoring are discussed in the higher educationKey fingerprint environmen = AF19 FA27t. Throughout 2F94 998D the FDB5 paper, DE3D examples F8B5 06E4 of actual A169 universities4E46 and vendor tools are included. The paper concludes with the outlook of P2P management for dorm networks. Introduction Network security for dormitory networks have similar but special network security implications than the typical network. Most universities are less restrictive on user policy and dormitory networks are even less restrictive because it is a semi-private network, since the dorm residents own the workstations but the universities own the network. This makes it hard for universities to control what applications are installed and running on a dorm resident’s computer.© SANS ThereInstitute is a 2004,need to Author manage retains the usage full of rights.
    [Show full text]
  • Essay the Evolution and Revolution
    Essay The Evolution and Revolution of Napster* By PETER JAN HONIGSBERG** As I TURNED the corner onto Seventh Street from Mission Street in San Francisco on that Monday morning, October 1, 2000, I knew I was watching history unfold. The satellite dishes, the neon-bright lights set atop the media vans, and members of the press fidgeting anxiously had replaced the homeless who usually encamp near the main en- trance to the Federal Court of Appeals building. As many as two hun- dred members of the national and international media had arrived that day, some as early as 4:15 A.M., although the music industry's law- suit against Napster was scheduled to begin at 11:00 A.M.I A television reporter was interviewing a balding man in a blue striped suit, the artificial lamps barely making a dent in the gray, dull natural light. I. Piracy-the Word of the Day While I watched the reporters lining up at the door to the court- house, I could not help but see the "P" word flashing overhead. The five major record companies ("the majors") and the Recording Indus- try Association of America ("RIAA")-the association that represents the companies-had paid their publicity agents and lawyers well. Piracy was the word of the day. Actually, at least where Napster was concerned, it was the word of the entire millennium year of 2000, and continued to be the word after the Ninth Circuit issued its unanimous * Just like the technology upon which this essay is based, the essay itself will be out of date the moment the typing stops.
    [Show full text]
  • Virtual Border Customs: Prevention of International Online Music Piracy Within the Ever-Evolving Technological Landscape
    Valparaiso University Law Review Volume 38 Number 1 Fall 2003 pp.109-164 Fall 2003 Virtual Border Customs: Prevention of International Online Music Piracy Within the Ever-Evolving Technological Landscape Lance D. Clouse Follow this and additional works at: https://scholar.valpo.edu/vulr Part of the Law Commons Recommended Citation Lance D. Clouse, Virtual Border Customs: Prevention of International Online Music Piracy Within the Ever- Evolving Technological Landscape, 38 Val. U. L. Rev. 109 (2003). Available at: https://scholar.valpo.edu/vulr/vol38/iss1/4 This Notes is brought to you for free and open access by the Valparaiso University Law School at ValpoScholar. It has been accepted for inclusion in Valparaiso University Law Review by an authorized administrator of ValpoScholar. For more information, please contact a ValpoScholar staff member at [email protected]. Clouse: Virtual Border Customs: Prevention of International Online Music VIRTUAL BORDER CUSTOMS: PREVENTION OF INTERNATIONAL ONLINE MUSIC PIRACY WITHIN THE EVER-EVOLVING TECHNOLOGICAL LANDSCAPE [Online piracy] is taking food out of my kids' mouths. I've always dreamed about making a living at something that I love to do. And they're destroying my dream.1 I. INTRODUCTION With the widespread use of the Internet, piracy of copyrighted 2 materials has threatened the rights of copyright holders everywhere. One of the earliest and still most prominent targets for the threat of online piracy is sound recordings.3 With the rapid rise and fall of 4 Napster, the world of music distribution may never be the same. Although Napster was only recently founded in May of 1999, the concept of peer-to-peer sharing technology that Napster developed has exploded into a worldwide phenomenon.5 However, the development of this new medium has come at a price; the proliferation of this forum has resulted in the trading of astronomical amounts of unlicensed 6 copyrighted sound recordings throughout the world.
    [Show full text]
  • Le Peer to Peer Un Autre M Odele Econom Ique Pour La M Usique
    LE PEER TO PEER UN AUTRE M ODELE ECONOM IQUE POUR LA M USIQUE Etude remise à l’Adami par TARIQ KRIM 16 juin 2004 2 Tariq Krim « Le Peer to Peer – Un autre modèle économique pour la musique », Etude Adami $ AVANT PROPOS...................................................................................................................................................................... 1 $ INTRODUCTION .................................................................................................................................................................... 1 PREMIERE PARTIE : UNE MISE EN PERSPECTIVE HISTORIQUE .................................................. 1 1 ETUDE DE CAS HISTORIQUES............................................................................................................................................ 1 1.1 Cas n°1 : la musique enregistrée et le piano mécanique................................................................................................... 1 1.1.1 Aux Etats-Unis................................................................................................................................................................ 1 1.1.2 En France......................................................................................................................................................................... 1 1.2 Cas n°2 : La radio...................................................................................................................................................................
    [Show full text]
  • The Age of Forgotten Innocence: the Dangers of Applying Analog Restrictions to Innocent Infringement in the Digital Era
    Fordham Law Review Volume 80 Issue 3 Article 16 December 2011 The Age of Forgotten Innocence: The Dangers of Applying Analog Restrictions to Innocent Infringement in the Digital Era Brian Sheridan Follow this and additional works at: https://ir.lawnet.fordham.edu/flr Part of the Law Commons Recommended Citation Brian Sheridan, The Age of Forgotten Innocence: The Dangers of Applying Analog Restrictions to Innocent Infringement in the Digital Era, 80 Fordham L. Rev. 1453 (2011). Available at: https://ir.lawnet.fordham.edu/flr/vol80/iss3/16 This Note is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Law Review by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. THE AGE OF FORGOTTEN INNOCENCE: THE DANGERS OF APPLYING ANALOG RESTRICTIONS TO INNOCENT INFRINGEMENT IN THE DIGITAL ERA Brian Sheridan* Recently, two popular topics of discussion within intellectual property law have been the statutory damage regime and the legality of peer-to-peer (P2P) downloading. This Note examines a rarely discussed interplay between these two concepts: the innocent infringement defense. Innocent infringement allows a court to dramatically reduce the minimum statutory damage award for an act of copyright infringement from $750 to $200 per act. Both the Fifth and Seventh Circuits have found that § 402(d) of the Copyright Act eliminates innocent infringement as a matter of law in a P2P download setting. This Note examines those circuits’ reasoning as well as the various responses from the legal academic community.
    [Show full text]
  • When Code Isn't Law
    Columbia Law School Scholarship Archive Faculty Scholarship Faculty Publications 2003 When Code Isn't Law Tim Wu Columbia Law School, [email protected] Follow this and additional works at: https://scholarship.law.columbia.edu/faculty_scholarship Part of the Intellectual Property Law Commons, and the Science and Technology Law Commons Recommended Citation Tim Wu, When Code Isn't Law, VIRGINIA LAW REVIEW, VOL. 89, P. 679, 2003; UNIVERSITY OF VIRGINIA SCHOOL OF LAW PUBLIC LAW & LEGAL THEORY RESEARCH WORKING PAPER NO. 03-10 (2003). Available at: https://scholarship.law.columbia.edu/faculty_scholarship/1290 This Working Paper is brought to you for free and open access by the Faculty Publications at Scholarship Archive. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of Scholarship Archive. For more information, please contact [email protected]. UNIVERSITY OF VIRGINIA SCHOOL OF LAW 2003 SPRING PUBLIC LAW AND LEGAL THEORY RESEARCH PAPERS SERIES WHEN CODE ISN’T LAW TIM WU WORKING PAPER NO. 03-10 This Paper Can Be Downloaded Without Charge From The Social Science Research Network Electronic Paper Collection Http://Ssrn.Com/Abstract_Id=413201 101 102 Virginia Law Review Vol. 89:nnn 2003] Compliance & Code 103 VIRGINIA LAW REVIEW VOLUME 89 JUNE 2003 NUMBER 4 ARTICLE WHEN CODE ISN’T LAW Tim Wu* INTRODUCTION...................................................................................104 I. A THEORY OF CODE, CHANGE, AND AVOIDANCE ...........................110 A. Reactions to Law in General Theories of Regulation .............110 B. When Groups Get Sick of Complying.....................................112 1. Avoidance Mechanisms ...................................................112 2. Change Mechanisms........................................................116 3. Summary: The Change/Avoidance Choice .......................118 C.
    [Show full text]
  • Policy Manual
    Policy Manual SUBJECT: Information Technology POLICY: 405.1 Peer‐to‐Peer File Sharing RELATED PROCEDURE: EFFECTIVE: June 2010 REVISED: REVIEWED: February 2014 Introduction and Purpose The primary purpose of this policy is to inform, educate and set expectations for the members of the college community of their individual and corporate responsibilities towards the use of Peer‐to‐Peer applications using the college network. Scope This policy addresses the issues, impacts and concerns with file sharing aspects of Peer‐to‐Peer networking applications using the College’s network. Background Great Falls College MSU maintains a campus network to support and enhance the academic and administrative needs of our students, faculty, staff and other campus users. The college is required by Federal Law – H.R. 4137, Higher Education Opportunity Act (HEOA) – to make an annual disclosure informing students that illegal distribution of copyrighted materials may lead to civil and/or criminal penalties. Also, the HEOA requires institutions to take steps to detect and punish users who illegally distribute copyrighted materials. The College must certify to the Secretary of Education that a policy is in place. Finally, the HEOA requires the College to provide alternatives to illegal file sharing. All users are encouraged to check the list of Alternatives to Illegal Downloading. Although the HEOA makes reference only to students using Peer‐to‐Peer, this policy applies to all College network users. The College reserves the right to suspend or terminate network access to any campus user if the violation is deemed severe. Likewise, network access may be suspended if any use is impacting the operations of the network.
    [Show full text]