Information Security Management
Information Security describes the policies, processes, and controls to protect the confidentiality, integrity, and availability of data. In 2010, Mayor Karl Dean signed an Executive Order which states, in part, that there is “ . . . a need to establish the Metropolitan Government’s Information Security Management Policy (ISM Policy) to address the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction now and in the future as changes occur . . .”
Information security is everyone’s responsibility. It is neither effective nor proper to simply create a policy and implement it. Policies, whatever the goal, must not be placed on top of the business processes; they must become a part of them.
The Director of ITS (Metro’s Chief Information Officer) is responsible for ensuring that these information security policies are developed, implemented, and modified as necessary. Metro’s Chief Information Security Officer is tasked with doing so. This is part of an overall strategy of implementing and maintaining a strategic Information Security Management program.
For more information email CISO@nashville.gov
ISM Updates
3/1/2012 - New Information Security Policy
A new Metro information security policy Information Labeling and Handling has been released. This policy addresses the need for properly labeling and handling Information of the Metropolitan Government based on its classification as directed in the Metro Information Classification policy.
This policy join others previously distributed and is located on the information security policies page.
11/1/2011 – New Information Security Policy
A new information security policy Human Resources Security has been released. This policy ensures Metro employees, contractors, and third-party users understand their responsibilities and roles related to securing Metro information before, during, and after employment.
This policy joins others previously distributed and is located on the information security policies page.
10/6/2011 – Mayor Dean and Metro Council Supports National Cyber Security Awareness Month
As part of initiatives to raise information security awareness during National Cyber Security Awareness Month, Mayor Karl Dean has signed a proclamation recognizing the importance of Cyber Security Awareness. The proclamation also recognizes the efforts of the STOP. THINK. CONNECT. campaign for promoting a safer and more secure online environment.
The Metro Council also passed a Memorializing Resolution October 4, 2011 formally recognizing October as Cyber Security Awareness Month in Nashville and Davidson County.
9/1/2011 – New Information Security Policies
Two new information security policies have been released:
- Inventory and Ownership of Assets provides for identification, inventory, and ownership of assets associated with information processing; and
- IT Contingency – Disaster Recovery counteracts interruptions to business activities and protects critical business processes from the effects of major failures of information systems or disasters and ensures their timely resumption.
These policies join others previously distributed, located on the information security policies page.
8/1/2011 – New Information Security Policies Released
Four new information security policies have been distributed:
- Confidentiality Agreements addresses the need to protect Metro’s information in Confidentiality and Non-Disclosure Agreements;
- Secure Areas helps to ensure prevent unauthorized physical access, damage, and/or interference to physical facilities where Metro’s information is stored and processed;
- Separation of Development, Test, and Production Facilities ensures that Metro correctly and securely operates its information processing facilities; and
- Cryptographic Controls describes the cryptographic means for protecting the security of Metro’s information by encryption.
These policies join others previously distributed, located on the information security policies page.
7/1/2011 – New Information Security Policy Released
The Risk Assessment and Treatment policy has been distributed. It and other Metro Information Security policies as well as supporting documentation may be found at the Information Security Policies page.
5/3/2011 – New Information Security Policies
A signature initiative of the ISM program is the implementation of a suite of new and updated information security policies. The three policies below have been distributed: