Enterprise Information Security Policy (EISP)
Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document
Overview The City of Chicago (City) intends to manage its information technology and information assets to maximize their efficient, effective, and secure use in support of the City‘s business and its constituents. This document, the Information Security Policy (Policy), defines the governing principles for the secure operation and management of the information technology used, administered, and/or maintained by the City and for the protection of the City‘s information assets. Violations of the City‘s Information Security Policy must be reported to Department Management or the Department of Innovation and Technology‘s (DoIT) Chief Information Officer.
Purpose
To define the responsibilities of the City‘s officers, employees, agents, departments, commissions, boards, offices, and agencies with respect to appropriate use and protection of the City‘s information assets and technology. To ensure that the City‘s information assets and technology are secure from unauthorized access, misuse, degradation, or destruction.
Information Security Organization Provides information on the structure of the information security organization and individuals that fulfill the information security role Scope This Information Security Policy applies to the City of Chicago, its departments, commissions, boards, offices, and agencies, and all officers, employees, temporary employees, interns, vendors, consultants, contractors and agents thereof--collectively referred to as ―User(s)‖. The principles set forth in this Policy are applicable to all information technology and assets, in all