400-13 Acceptable use of Computer Systems Flashcards
Access to and use of the department’s computer systems is strictly controlled. Except as provided by this General Order, all computers owned, leased, rented, or under the control of the department shall be used for _____, and any data created (whether on- or off-site) on a department owned or controlled computer or computer system is the property of the department.
business purposes in serving the interests of the city
Employees shall not provide information about or a list of department employees to any party outside the department without the express direction of the _____, _____, or _____.
All outside requests for information shall be carefully considered in light of the _____ of the Texas Civil Statutes and departmental resources. When appropriate, such requests for information shall be directed to the proper authority, as required by General Order 800-10, Police Records.
1) Office of Planning & Data Governance
2) Open Records Unit
3) other authorized department entity
4) Open Records Act
Employees shall not use a computer to:
a. _______. This includes, but is not limited to, the installation or distribution of “pirated” materials or other software products that are not appropriately licensed for use by the department. The department purchases licenses for the
use of software from a variety of outside companies. Employees shall use all software according to the applicable software license agreement.
Violate the rights of any person or company protected by copyright, trade secret, patent or other intellectual property laws, or similar laws or regulations.
Employees shall not use a computer to:
b. _____ including, but not limited to, digitization and distribution of photographs, music, or literary works that are not authorized. This also includes the installation of any copyrighted software for which the department or the end user does not have an active license.
Copy or use copyrighted material
Employees shall not use a computer to:
c. Export software, technical information, or encryption software or technology that is _____. The appropriate level of management shall be consulted prior to exporting any material in question.
not authorized
Employees shall not use a computer to:
d. Intentionally introduce _____ into the network or server.
malicious programs
Employees shall not use a computer to:
e. Procure or transmit material that is in violation of sexual harassment or hostile workplace laws, or harass any person via email, telephone, or any type of paging or communication device, including through language, frequency, or size of messages, as prohibited by _____
General Order 300-11, Discrimination, Harassment, and Other Prohibited Conduct.
Employees shall not use a computer to:
f. Make fraudulent offers of products, items, or services originating from any department account, or make statements about warranty, expressed or implied, unless _____.
it is within the scope of assigned duties
Employees shall not use a computer to:
g. Commit _____ such as accessing data the employee is not intended to receive, logging into a computer, server, or account the employee is not expressly authorized to access, or disrupting network communication through methods such as network sniffing, ping floods, packet spoofing, denial of service, and forged routing information, unless these activities are within the scope of assigned duties.
security breaches
Employees shall not use a computer to:
h. Conduct port scans or security scans unless authorized by the _____.
Office of Technology Services (OTS)
Employees shall not use a computer to:
i. Execute any form of _____ that intercepts data not intended for the employee’s host unless it is within the scope of assigned duties.
network monitoring
Employees shall not use a computer to:
j. Circumvent_____ or security of any host, network, or account.
user authentication
Employees shall not use a computer to:
k. Interfere with or deny service to any user other than the ____ (e.g., denial of service attack).
employee’s host
Employees shall not use a computer to:
I. Send messages or use any program, script, or command of any kind with the intent to _____, via any means.
interfere with or disable a user’s terminal session
Employees shall not use a computer to:
m. Send_____ or other advertising material including sales solicitations of any type to individuals who did not specifically request such material.
junk mail, spam,
Employees shall not use a computer to:
n. Use or forge _____ information that is not authorized.
email header
Employees shall not use a computer to:
o. Create or forward _____ of any type.
“chain letters” or “Ponzi” or other “pyramid” schemes`
Employees shall not use a computer to:
p. Solicit email for any other email address, other than that of the employee’s account, with the intent to _____
harass or to collect replies.
Employees shall not use a computer to:
q. Send unsolicited email that advertises any group or service _____
sponsored by the department.
Employees shall not use a computer to:
r. Perform any action that would cause disruption of any MCD or cause interference with the _____
reasonable supervision of officers.
_____shall ensure department and City of Houston policies and procedures regarding computers and mobile devices are implemented and observed. All employees shall comply with all computer related policies, procedures, and software licensing agreements the department or City of Houston holds.
For security and network maintenance purposes, authorized individuals within the department may monitor equipment, networked systems, and network traffic at any time. The department reserves the right to _____ any department owned or controlled equipment on a periodic basis to ensure compliance with this policy.
1) Supervisors
2) audit
USE OF INFORMATION FROM COMPUTER SYSTEMS
Employees shall not receive security access to any computer system unless authorized by the employee’s division commander. Authorized use of computer systems is restricted to:
a. Entering, modifying, or inquiring records in _____
b. _____.
c. Obtaining information necessary for the _____
Information received from a computer system shall not be considered probable cause for arrest until _____. Information received through a computer system should be considered in conjunction with other information about the circumstances of an offense before any arrest decision is made.
When an incident report is flagged “Confidential” by an investigative division (e.g., Homicide, Narcotics), only the division that initiated the flag can authorize access to the report.
1) local, state, and national databases.
2) Dispatching
3) efficient and expeditious performance of the department’s operations.
4) it has been properly verified for accuracy
Confidential Status for Employee Information
The Crime Analysis & Command Center Division (Command Center) shall coordinate all requests for confidential status of employee information. Classified and civilian employees wanting their home address and telephone number to be confidential shall write a letter of justification via their assistant chief to the Command Center giving specific reasons for the request.
The following employees shall be prioritized for confidential status of employee information:
a. Officers who spend the majority of time_____, if access to the officer’s home address or telephone number would endanger the officer or family members.
b. Officers who primarily investigate ______.
c. Employees who have received a personal or family-directed threat of death or serious bodily injury, if_____
d. Employees who have a _____
Employees not meeting any of the above guidelines may request an exception from the _____ via the employee’s chain of command. The request shall include details about the employee’s duties and responsibilities and explain why there would be a high level of danger to the employee or family members if the home address or telephone number were accessible.
1) serving as an undercover investigator
2) possible criminal violations committed by department personnel
3) the employee’s division commander and Criminal Intelligence Division personnel have determined that the threat is legitimate.
4) spouse with confidential status.
5) Chief of Police
Confidential Status for Employee Information
Employees shall provide justification for confidential status to the Command Center on an _____basis or it shall be removed.
The Command Center shall distribute a quarterly list of employees with confidential status to each affected division for review and corrections. If an employee transfers, has a change of duties, or the situation posing a threat changes, the _____ shall write a letter to the Command Center to advise of the change. The employee’s information shall then become readable in the computer system.
_____ personnel have access to confidential address and telephone information at all times and can be contacted for emergency requests.
1) annual
2) division commander where the confidential status originated
3) Command Center
SECURITY AND PROPRIETARY INFORMATION
Any_____ may be classified as confidential (e.g., law enforcement private information, organizational strategies, specifications, telephone and contact lists, and research data). Employees shall prevent unauthorized access to this information by any person, including all authorized personnel affiliated with third parties, as required by General Order 800-06, CJIS Compliance.
Each employee shall use a unique username and password to access a computer system. Employees shall keep passwords and personal identification numbers (PINs) secure and shall not share accounts, as required by General Order 400-22, Keys, Passwords, and Personal Identification Numbers. Authorized users are responsible for the security of their passwords,
PINs, and accounts. System level user passwords and PINs shall be changed every _____ days.
1) information accessed via computer systems
2) 90 calendar
SECURITY AND PROPRIETARY INFORMATION
Any computer that connects to computer systems, regardless of who actually owns the computer, shall be:
a. Protected and continually scanned by _____
b. Maintained to current levels of _____.
c. Configured to obtain operating system patches and updates from _____.
a. Protected and continually scanned by approved anti-virus software.
b. Maintained to current levels of protection.
c. Configured to obtain operating system patches and updates from OTS or an authorized software vendor.
SECURITY AND PROPRIETARY INFORMATION
All servers and desktop, laptop, and workstation computers shall be secured with a password-protected screensaver with the automatic activation feature set at ___ minutes or less. Employees shall log off their computers if they are going to be away from it for more than ____ hours. All other computers and mobile devices shall have an idle timed screen-lock secured with
a unique password or ___-digit PIN.
1) 10
2) two
3) six
SECURITY AND PROPRIETARY INFORMATION
Employees who forget their HPD Windows password should contact their division technology coordinator to get it reset. If the technology coordinator is not available, the employee should contact the Service Desk for OTS. A Service Desk employee shall initiate a process to confirm the employee’s active status and reset the employee’s password to a temporary password. At the earliest opportunity, the employee shall _____. Once the employee’s password has been reset by the technology coordinator or the Service Desk, the employee may go to the “Password Enrollment” link on the department’s Intranet Portal to enroll in the HPD Password Self-Service feature.
change the temporary password to something known only to the employee
Using Data From Outside Sources
Employees shall use extreme caution when using any data brought in from an outside source. When outside data is used, employees shall first _____ before downloading or using the information, even if the data comes from the employee’s personal computer.
Employees shall use extreme caution when dealing with all _____, especially those received from unknown senders, or unexpected attachments from known senders. Emails frequently carry malicious programs that can easily, quickly, and irrevocably destroy or corrupt all data within a computer, server, or a computer system and compromise the entire HPD
computer network.
Employees shall use extreme caution when using _____. Simply inserting a USB drive containing malicious programs can easily, quickly, and irrevocably destroy or corrupt all data within a computer, server, or a computer system and compromise the entire HPD computer network.
1) scan the files for malicious programs
2) email attachments
3) USB drives (thumb drives)
USAGE OF MOBILE COMPUTING DEVICES AND LAPTOPS
The MCD system shall be used to aid in the dispatching and servicing of calls for service while reducing the amount of voice radio usage. Emergency Communications Division personnel shall use voice communications as the primary assignment medium in all instances in which _____. Follow-up information may be transmitted over the MCD system, as permitted by General Order 600-01, Response Management. Field personnel shall use an MCD, if so equipped, to maintain their unit status in a timely and proper fashion.
All officers assigned and trained in the use of laptop computers or MCDs shall use the laptop or a suitable MCD for incident report entry whenever possible. Any employee encountering problems with the approval of an incident report shall contact the _____.
1) an officer’s safety would be best served by having other field personnel aware of the officer’s location and assignment
2) Service Desk
