Appendices - Hampton Roads Transportation Planning Organization
Appendices - Hampton Roads Transportation Planning Organization
Appendices - Hampton Roads Transportation Planning Organization
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Information Security Policy<br />
RESPONSIBILITIES:<br />
Security and Emergency Management Division’s (SEMD) Information Security Office (ISO) is<br />
responsible for:<br />
1. developing and implementing Information Security policies,<br />
2. providing oversight of policy interpretation and compliance reviews, and<br />
3. advising VDOT management and employees concerning the use and distribution of VDOT<br />
information assets.<br />
Data Owners are responsible for:<br />
1. classifying all information based on its sensitivity,<br />
2. defining what information may be shared with other departments, divisions, agencies, and<br />
the public, and<br />
3. approving user access to the information and supporting system for which they are<br />
responsible.<br />
VDOT Managers are responsible for:<br />
1. exercising due care when authorizing the use of and access to VDOT information and,<br />
2. authorizing access using the principle of least privilege.<br />
VDOT employees, contractors, consultants, and third-party employees are responsible for:<br />
1. accessing only the information assets to which they are authorized,<br />
2. reasonably protecting VDOT information against unauthorized activities performed under<br />
their user ID, and<br />
3. assuring information maintained on computer equipment or on paper is physically<br />
protected from security threats and environmental hazards.<br />
VITA is responsible for:<br />
1. developing procedures to guarantee controls are in place to prevent users from other<br />
connected networks access to sensitive areas of the VDOT’s network,<br />
2. developing procedures to guarantee remote connections to a computer are made through<br />
a managed central point-of-entry,<br />
3. updating the VDOT Active Directory and network access controls,<br />
4. ensuring network and mainframe accounts for the Central Office and Districts comply with<br />
this Access Control Policy,<br />
5. removing of inactive accounts promptly, and<br />
6. reporting actions to inactivate/delete accounts to the VDOT supervisory chain.<br />
VDOT Information Technology Division is responsible for:<br />
1. developing procedures to guarantee access to source code for applications and systems<br />
is limited to authorized VDOT staff, contractors, consultants, and third-party employees,<br />
and for only those applications and systems they directly support,<br />
2. ensuring application accounts for the Central Office and Districts comply with this Access<br />
Control Policy,<br />
3. remove inactive accounts promptly, and<br />
4. reporting actions to inactivate/delete accounts to the VDOT supervisory chain.<br />
33