- Confidentiality – Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people."
- Integrity - Integrity refers to the trustworthiness of information resources.
- Availability - Availability refers to the availability of information resources. An information system that is not available when you need it is almost as bad as none at all.
It is the policy of the City of Albuquerque to protect the Confidentiality, Integrity and Availability of data and, protect against disruption of the operation of its information technology assets and thereby help to protect the citizens, economy, essential human and government services, and public safety of the City.
Information must be protected according to its sensitivity, criticality and value, regardless of the media on which it is stored, the manual or automated systems that process it, or the methods by which it is distributed. Maintaining the computer patch management and operating system security updates on all networked resources to include personal computers, mobile devices, application servers, printing devices and networked devices are critical in the protection of the City resources.
To ensure that City business objectives are met and the confidence of our citizens, customers, taxpayers, ratepayers and bondholders is maintained, all employees have a responsibility to protect information from unauthorized access, modification, disclosure, and destruction, whether accidental or intentional.
Except as otherwise provided by City policy:
- Protection of centrally-managed or "City-wide" information technology assets is the responsibility of the Chief Information Officer, Information Security Office or designee.
- protection of information technology assets under the physical control of a Department is the responsibility of the Department Director;
- Patch Management and Security Updates:
- The City of Albuquerque ITSD shall maintain and manage all operating system patches and security updates on personal computers, application servers, printing and all network related devices. System operating patches and security updates shall be reviewed on a monthly basis. Implementation of system operating patches and security updates shall be performed on an “as needed” basis but no longer than quarterly. All changes shall be presented to the Change Advisory Board for review.
- In all cases, protection shall be provided in compliance with all City information technology policies, standards, procedures and guidelines.