{"id":9285,"date":"2020-03-31T16:06:12","date_gmt":"2020-03-31T23:06:12","guid":{"rendered":"http:\/\/cdcr.test\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/"},"modified":"2020-03-31T16:06:12","modified_gmt":"2020-03-31T23:06:12","slug":"49020-4-departmental-approach-to-information-security","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/","title":{"rendered":"49020.4 Departmental Approach to Information Security"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The departmental approach to information security consists of the following components:<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Assigned management responsibilities for IT risk management. See SAM \u00a7 5315.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Provisions for the integrity and security of automated and paper information, produced or used in the course of CDCR operations. See SAM \u00a7 5310 through 5350.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Provisions for the security of IT facilities, software, and equipment utilized for automation. See SAM \u00a7 5330.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establishment and maintenance of an IT risk management program, including a risk analysis process. See SAM \u00a7 5305.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establishment and maintenance of an agency Disaster Recovery Plan. See SAM \u00a7 5355.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>A security and ongoing privacy program, including an annual training component for all employees and contractors. Refer to GC 11019.9 and CC 1798.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Compliance with state audit requirements relating to the integrity of information assets. See SAM \u00a7 20000 et seq.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Policies to ensure that information security and information privacy are incorporated at each phase of the Information Systems Development Life Cycle.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Risk assessments in accordance with SAM, \u00a7 5305.1 to ascertain the threats and vulnerabilities that impact the CDCR&#8217;s information assets and implement appropriate mitigations.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>ProvideInformation security training for to all employees who use information assets in the course of their assigned duties to ensure awareness and understanding of the Department&#8217;s policies.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Conduct Coordination of information security audits for compliance with security policies.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Reporting of deficiencies for noncompliance with the CDCR security policies for management&#8217;s corrective action.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Reporting violations of this policy to the hiring authority of the employee alleged to have committed the act or the Office of Internal Affairs (OIA), when appropriate.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Adherence to requirements established in SAM, \u00a7 4841. 5300.3.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Periodically review of security policies for changes that may be necessary as a result of technology evolution or changes in Department operations.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>This policy includes, but is not limited to, the following information assets:<\/p>\n\t\t\t\t\t<ul class=\"cdcr-dom-group-block\">\n\t\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>All categories of automated information including, but not limited to, records, files, and data bases.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>IT facilities, software, and equipment (including personal computer systems) owned or leased by the CDCR.<\/p>\n\t\t\t\t\t<\/li>\n\t\t<\/ul>\n\t\t<\/li>\n\t\t<\/ul>\n\t","protected":false},"parent":9281,"template":"","class_list":["post-9285","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Department Operations Manual (DOM)\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-4-departmental-approach-to-information-security\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-4-departmental-approach-to-information-security\\\/\",\"name\":\"49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\"},\"datePublished\":\"2020-03-31T23:06:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-4-departmental-approach-to-information-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-4-departmental-approach-to-information-security\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/49020-4-departmental-approach-to-information-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 4 &#8211; Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 45 &#8211; Information Security\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/dom\\\/chapter-4-information-technology\\\/article-45-information-security\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"49020.4 Departmental Approach to Information Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/\",\"name\":\"Operations Manual\",\"description\":\"CDCR\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/operations-manual\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)","og_url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/","og_site_name":"Department Operations Manual (DOM)","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/","name":"49020.4 Departmental Approach to Information Security - Department Operations Manual (DOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website"},"datePublished":"2020-03-31T23:06:12+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/49020-4-departmental-approach-to-information-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/"},{"@type":"ListItem","position":2,"name":"DOM","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 4 &#8211; Information Technology","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/"},{"@type":"ListItem","position":4,"name":"Article 45 &#8211; Information Security","item":"https:\/\/www.cdcr.ca.gov\/operations-manual\/dom\/chapter-4-information-technology\/article-45-information-security\/"},{"@type":"ListItem","position":5,"name":"49020.4 Departmental Approach to Information Security"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/operations-manual\/#website","url":"https:\/\/www.cdcr.ca.gov\/operations-manual\/","name":"Operations Manual","description":"CDCR","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/operations-manual\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Department Operations Manual (DOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/operations-manual","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9285","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":0,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9285\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/dom\/9281"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/operations-manual\/wp-json\/wp\/v2\/media?parent=9285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}