Most of the content on this intranet is made up of ex county council information due to the county intranet being turned off. Please read the blog to find out more about how we have developed this new intranet and where you can go to find information that relates to you.
Information Security Policy Framework
Information and resources for the Information Security Policy Framework.
Information is vital for the operation of the council. It is part of everything we do in our work. Under law and best practice it is essential that we keep this information secure. There are three principles that underpin information security:
- Confidentiality - It is our duty to prevent unauthorized disclosure of information. This can take the form of accidental disclosures, but can be the deliberate release of sensitive information to a third party for gain or spite.
- Integrity - Information must be protected from unauthorized modification or amendment and checked regularly for accuracy and how current it is.
- Availability - To allow the council to perform its functions efficiently and to the best of its ability the information must be available when required.
To safeguard the council's information, the Information Security team has developed an Information Security Management System housing documents and procedures that cover the breadth of information security. To maintain security it is essential that ALL employees read and agree to the Acceptable Use Policy (SharePoint) and take the IT Security E-Learning course.
iLearn Information Security and Data Protection Course
Report a breach or a cyber security incident
Digital Footprint
A digital footprint is the data that's left behind whenever a person uses a digital service, or someone posts information about that person onto a digital forum, such as a social network. Everyone is likely to have a digital footprint, and this is normal. Online activities such as photo sharing, dating, banking, shopping, gaming, professional networking and social networking all add to someone's digital footprint. Others can contribute to an individual's digital footprint by posting photographs or information about them online.
National Protective Security Authority (NPSA) help you to understand how sharing your personal information can affect you and the Council. Employees who have privileged access to sites, information or assets, need to be vigilant as their digital footprints could be of particular interest to those with malicious intent, such as criminals, violent protest groups and terrorist groups. Some vulnerabilities can be obvious, such as posting or sharing confidential organisational information that puts employees, processes or assets at risk. Others may be less so, such as search engines storing search history or smart phones tracking geolocation data which may be exploited by those with malicious intent.
For further details - My Digital Footprint - a brief guide. (SharePoint)
Information Security Management System Policies
The Information Security Management System and associated policies apply to all permanent and temporary employees, elected members, contracted employees, contractors and third parties working for and on behalf of the council that have, or are likely to have, access to council premises and information processing systems either on-site or remotely.
The following documents are held on SharePoint:
Policy Title |
Authored |
|---|---|
| Acceptable Use Policy The acceptable use policy is a document that any user of the Cumberland Council systems must agree to. It sets out what is acceptable behaviour in relation to the use of the council's equipment. |
01/04/2024 |
| Information Risk Policy This policy outlines how risks to information assets will be addressed. |
01/04/2024 |
| Information Security Policy The Information Security Policy outlines the information security approach taken and the criteria that need to be met to provide information security. |
01/04/2024 |
| Internet Acceptable Use Policy This policy extends the information security management system (ISMS) within the council to encompass visitors using the council facilities and applies to ALL users of the county council internet systems. |
01/04/2024 |
| IS Agile or Remote Working Policy This document sets out the council policy for agile and remote working. |
01/04/2024 |
| IS Forensic Readiness Policy This document sets out the policy for the systematic, standardised and legal basis for the admissibility of digital evidence that may be required for formal dispute or legal process |
01/04/2024 |
| IS GenAI Policy This policy provides a framework for the use of Generative Artificial Intelligence Large Language Models |
01/04/2024 |
| ISMS Framework Document The Information Security Management System framework document describes the business case for the ISMS, how the information security management system will work and the roles and responsibilities within the system. |
01/04/2024 |
| IS Social Media Policy This policy sets out the restriction and concerns regarding the use of social media by council employees. |
01/04/2024 |
| Mobile Communication Device Policy This policy provides a framework for the appropriate usage, maintenance and payment for approved mobile services. |
01/04/2024 |
| Password Strength This document shows the effect of password length and complexity on its vulnerability. |
01/04/2024 |
| Payment Card Data Policy This policy describes the outline for using and receiving payment card information for the payment of bills. |
01/04/2024 |
|
This guidance describes how to manage physical data when relocating premises. |
01/04/2024 |
| Pseudonymisation and Anonymisation Policy This policy sets the aims for pseudonymisation and anonymisation to be used for the protection of Personally Identifiable Information. |
01/04/2024 |
| Safe Haven Procedure This procedure details how a safe haven can be used for transferring information more securely. |
01/04/2024 |
| Security Classifications Policy This document explains the Government Security Classification policy that came into force in April 2015 and gives guidance on how to apply it in the council. |
01/04/2024 |
| Third Party Access Agreement Template This is a template for use when setting up a Third Party Network Connection Agreement. |
01/04/2024 |