Information Technology Policies and Standards

Title
Computer Abuse Incident Reporting
Type
Procedure
Related Policy
Category
Security
Status
Superseded
Approved
01/14/2004
To Be Reviewed
02/16/2008
Scope
Applies to all City information technology assets. An "information technology asset" is defined as a system or systems comprised of computer hardware, software, networking equipment, as well as any data on these systems. Such assets include but are not necessarily limited to desktop or laptop computers, servers, printers, telephones, pagers, radios, network lines, personal digital assistants, E-mail and web-based services.
Procedure
City employees should follow established policies and procedures for reporting violations to their Department.

The Department should notify ISD as soon as practicable, via the Help Desk at 768-2930, of any suspected or real abuse incident involving a City information technology asset. The Help Desk will notify the Chief Information Officer or his designee and the Information Security Manager of the incident.

If it is not clear as to whether a situation should be considered an abuse incident, ISD should be contacted to evaluate the situation.

If the abuse incident involves a threat to personal safety/physical property or criminal activity, ISD will work with APD and/or other law enforcement agencies as necessary to help resolve the incident.

When faced with a potential abuse incident:

If the incident involves a computer that is compromised or which may contain evidence, do not alter the state of the system. The computer should remain powered on and all of the currently running programs should be left as is. Do not shut down or restart the computer unless instructed to do so by a Specialist or the Information Security Manager.

Only if instructed to do so by a Specialist, the Information Security Manger, or a representative of law enforcement, disconnect the computer from the network by unplugging the network cable from the back of the computer.

Document any information you know while waiting for ISD or law enforcement to respond to the incident. This may include date, time, and the nature of the incident. Do not attempt to obtain any information from the computer itself. Any information you can provide will aid in responding in an appropriate manner.
Rationale
Due to a variety of issues, including the safety and privacy of City employees, it is imperative that a formal reporting and response policy be followed when responding to incidents of City computer abuse.

City computer abuse may constitute violations of: the City Employee Code of Conduct, City Personnel Rules and Regulations Section 301.15; the City Internet Usage Policy, Administrative Instruction 8-12; Guidelines for City E-Mail Services, Administrative Instruction 8-13; other City computing policies as approved by the Information Services Committee or issued by the Chief Information Officer; or other City ordinances or New Mexico or Federal law, including but not limited to the Federal Computer Fraud and Abuse Act (18 USC §1030 et seq), Electronic Communications Privacy Act (18 USC §2501 et seq), and Digital Millennium Copyright Act (17USC §512 et seq).

Contact: Lee Stark, (505) 768-2978