{"id":9283,"date":"2020-03-31T16:06:12","date_gmt":"2020-03-31T23:06:12","guid":{"rendered":"http:\/\/cdcr.test\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/"},"modified":"2020-03-31T16:06:12","modified_gmt":"2020-03-31T23:06:12","slug":"49020-2-purpose","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/","title":{"rendered":"49020.2 Purpose"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The purpose of this Policy is to establish and maintain a standard of due care to prevent misuse or loss of Department information assets. This policy establishes internal policies and procedures that:<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish and maintain management and staff accountability for the protection of departmental information assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish and maintain processes for the analysis of risks associated with departmental information assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish and maintain cost-effective risk management processes intended to preserve the Department&#8217;s ability to meet program objectives in the event of the unavailability, loss, or misuse of information assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Protect departmental employees who are authorized to access the Department&#8217;s information assets from temptation, coercion, and threat.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish agreements with state and non-state entities to cover, at a minimum, the following:<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Appropriate levels of confidentiality for the data based on data classification (see State Administrative Manual [SAM], \u00a7 5320.5).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Standards for transmission and storage of the data, if applicable (see SAM \u00a7 5310).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Agreement to comply with all state policy and law regarding use of information resources and data.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Signed confidentiality statements.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Agreements to apply security patches and upgrades, and keep virus software up-to-date on all systems on which data may be used.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Agreements to notify the information owners promptly if a security incident involving the data occurs.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish appropriate policies and procedures to protect and secure IT infrastructure.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Require that if a data file is downloaded to a mobile device or desktop computer from another computer system, the specifications for information integrity and security which have been established for the original data file must be applied in the new environment (SAM \u00a7 5310).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Require encryption, or equally effective measures, for all personal, sensitive, or confidential information that is stored on portable electronic storage media (including, but not limited to, CDs and thumb drives) and on portable computing devices (including, but not limited to, laptop and notebook computers). This policy does not apply to mainframe and server tapes. (See SAM \u00a7 5345.2).<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<\/ul>\n\t","protected":false},"parent":9281,"template":"","class_list":["post-9283","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>49020.2 Purpose - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"49020.2 Purpose - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-2-purpose\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-2-purpose\\\/\",\"name\":\"49020.2 Purpose - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2020-03-31T23:06:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-2-purpose\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-2-purpose\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-2-purpose\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 45 &#8211; Information Security\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"49020.2 Purpose\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"49020.2 Purpose - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"49020.2 Purpose - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/","og_site_name":"Department Operations Manual (DOM)","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/","name":"49020.2 Purpose - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2020-03-31T23:06:12+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-2-purpose\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 45 &#8211; Information Security","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/"},{"@type":"ListItem","position":5,"name":"49020.2 Purpose"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":0,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9283\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9281"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=9283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}