A. Use For Business Purposes: Salt Lake City Corporation management encourages staff to use the internet for business purposes. If it is used for personal purposes, it should be done on personal, not company time and on a very limited basis. (See section 52-5-8, "Acceptable Use Procedure", of this chapter.)
B. Reliability Of Information From Internet: All information taken off the internet should be considered suspect until confirmed by another source. There is no quality control process on the internet, and a considerable amount of internet information is outdated, inaccurate or deliberately misleading.
C. Handling Software And Files Downloaded From Internet: All software and files downloaded from non-Salt Lake City Corporation sources via the internet (or any other public network) must be screened with virus detection software (see Virus Scanning Procedure). This screening must take place prior to being run or examined via another program, such as a word processing package.
D. Remote User Connections Through Internet Require Approved Firewalls, Antivirus Protection And Authentication: All remote user connections with Salt Lake City Corporation internal networks using the internet (or any other publicly accessible computer network) must include an approved firewall and antivirus system.
E. Approved Connecting Technologies Include Virtual Private Network (VPN) Or Dial-In Server (RAS):
1. All users wishing to establish a connection with Salt Lake City Corporation computers via the internet must authenticate before gaining access. This must be done via an extended user authentication process approved by the IMS Security Administrator.
2. Salt Lake City Corporation reserves the right to audit the security measures in effect on these connected systems without prior warning. Salt Lake City Corporation also reserves the right to immediately terminate network connections of any City remote users not meeting these requirements.
F. Approval Required For Third Party Network Connections:
1. City users may not establish internet or any other external network physical connections which could allow non-Salt Lake City Corporation users to gain access to Salt Lake City Corporation systems and information unless prior approval of the IMS Security Administrator has been obtained.
2. Third party connections with the Salt Lake City Corporation internal networks using the internet (or any other publicly accessible computer network) must include an approved firewall and antivirus system.
3. Salt Lake City Corporation reserves the right to audit the security measures in effect on these connected systems without prior warning. Salt Lake City Corporation also reserves the right to immediately terminate network connections with all third party systems not meeting such requirements.
G. Posting/Transferring Salt Lake City Corporation Material To Internet: Users must not place Salt Lake City Corporation material (software, internal memos, documentation, and all other types of internal information) on any publicly accessible internet computer system unless the posting has first been approved by the City Recorder's Office and/or the IMS Security Administrator.
H. Sending Sensitive Information Using Internet:
1. Salt Lake City Corporation secret, proprietary or private information must never be sent over the internet unless it has first been encrypted by approved methods. Unless specifically known to be in the public domain, source code must always be encrypted before being sent over the internet.
2. Staff must not send credit card numbers, login passwords or other security information or payments information via internet electronic mail if it is in readable (unencrypted) form. Readable electronic mail sent via the internet has the same security as a post card; sensitive information unsuitable for a post card must not be sent by internet electronic mail.
I. Tools Used To Break Systems Security Prohibited: Unless specifically authorized by the IMS Security Administrator, Salt Lake City Corporation employees must not acquire, possess, trade or use hardware or software tools that could be employed to evaluate or compromise information systems security. Examples of such tools include those which defeat software copy protection, discover secret passwords or identify security vulnerabilities. (2019 Compilation)