Information Security Policy Toronto Police Service Flashcards

1
Q

Purpose
This policy defines acceptable use of Toronto Police Service Information and Technology (TPS-IT) resources
to ensure the ——, integrity, and availability of information. The guiding principles are to prevent misuse or
loss of any information asset and to maintain member accountability for the —— of information assets.

A

confidentiality
protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Scope
This policy applies to all ——–Users having access to any TPS-IT resources and all information contained
within those resources.

A

Authorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authorized User are all individuals who have been granted access to the Toronto Police Service’s IT resources.
This includes, but is not limited to,
 permanent members  ———-  volunteers
 temporary members  ——– personnel affiliated with ———

A

contractors
consultants
third parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Workplace Technology Device (WTD) is any computing end user device, typically with its own operating system, which can communicate to a ——. This includes, but is not limited to,

 standard workstations  mobile devices  photocopiers/scanners
 laptops/notebooks/tablets
 ——— fax machines
 mobile workstations (MWS)
 external media storage
devices (hard drives, USBs, etc.)
 printers  ——–and voice mail
 handheld ticketing devices

A

network
monitors
telephones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Information and Technology (IT) Resource is any system, service, hardware, and network resources that are owned by, or supplied to Authorized Users by the Toronto Police Service. This includes, but is not limited to

 ———–and network devices
 communication and business ———–
 ———–
 Workplace Technology Devices
 ———-access

A

networks
applications
software
internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Confidential Information is all police information, and is to be used for ——— business use only. This includes, but is
not limited to,
 ———- information
 any other information collected, obtained or derived for or
from TPS records that must be kept confidential under the
Municipal Freedom of Information and Protection of Privacy
Act (MFIPPA), Police Services Act (PSA), Y———–, or any other applicable legislation.

A

official
privileged
youth Criminal Justice Act (YCJA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

———-Devices any ————-equipment and technology that is not issued or authorized by the
and Technology Service

A

Personal
telecommunication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. General
    1.1 TPS-IT resources are the sole property of the Toronto Police Service (TPS). The TPS grants Authorized Users access to its TPS-IT resources to conduct official police business only.
    1.2 Any records created and/or maintained on any TPS-IT resource are ——–of the Service and bound by
    Service Governance and the TPS ————-.
    1.3 Records may become accessible through criminal or —–court processes, by ——- or as requested under MFIPPA.
    1.4 Authorized Users are responsible for complying government law and Service Governance when using TPS-IT
    resources.
A

property
Records Retention By-Law
civil
subpoena

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. General

1.5 Authorized Users who are granted access must adhere to the terms of use ———for external databases, owned and operated by partnering external agencies. Such systems included but are not limited
to, CPIC, MTO-ISS, ——-, MCM, etc.
1.6 Authorized Users must seek approval from the ——— prior to the acquisition of all new technology. (Please refer to Routine Order 2020.06.10-529 regarding the approval process for request submissions).
1.7 Authorized Users must first consult with the CIO’s Office prior to building any unit specific ——– or
repositories of information such as SharePoint, Excel, or MS Access.
1.8 Authorized Users must consult with the Information Security Unit prior to the implementation of any
technology changes that involve the new ———, use or disclosure of personal information.

A

agreements
OSOR
Chief Information Officer (CIO)
databases
collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

General

1.9 Any misuse of a TPS-IT resource or violation of this agreement shall be reported immediately to a ——,
———, or the ————–following the discovery of the misuse or violation,
in accordance with the Standards of Conduct, Section ——– Contravention of Service of Legislative Governance
and/or Misconduct.

1.10 Any unauthorized ——— of personal or confidential information collected on behalf of the TPS for police
business shall be reported immediately to a supervisor, Unit Commander, the ISO, or the Access & Privacy
Coordinator (only where the unauthorized release involved personal information) following the discovery of the breach, in accordance with TPS Procedures, Section 17-02 – Information Breaches.

A

supervisor
Unit Commander
Information Security Officer (ISO)
1.3
release

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Security of Computerized Systems and Information
    2.1 Authorized Users are responsible for safeguarding and protecting police information, both electronic
    and hardcopy. System access is assigned based on the job role or function performed to ensure sensitive
    information is available to only authorized users. Password ———, or providing access to another
    person, either deliberately or through failure to secure access, is prohibited. Hardcopies material must
    be shredded or discarded inside TPS secure confidential blue bins, when no longer required.
    2.2 Authorized Users are responsible for all activity while logged onto any TPS-IT resource. Devices must be
    secured with a password-protected screensaver, and must be locked or logged off when left ——–
A

sharing
unattended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security of Computerized Systems and Information
2.3 Authorized Users will ensure reasonable care is taken to protect TPS-IT resources from theft, ——-or
illegal access; and against systems designed to disrupt, damage or place excessive ——- on the resource.
2.4 Authorized Users who are issued a smartphone will ensure that operating system or application level ———
are applied in a timely manner.
2.5 Authorized Users will ensure that workplace technology devices and external media storage devices are
secure when not in use, as this type of portable equipment is especially vulnerable to ———. Portable
storage devices containing sensitive information should be ——–.

A

damage
load
updates
breaches
encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security of Computerized Systems and Information

2.6 Authorized Users’ offsite work location is to be considered an ——of the primary TPS work location. All
requirements set out in this policy also apply to members authorized to work remotely.
2.7 Authorized Users should use TPS issued equipment when conducting police business. Use of any electronic
devices on the TPS network is subject to the rules set out in this policy. The TPS may, when necessary to an
ongoing lawful investigation, ask to ——-relevant information in a personal device and make copies
of relevant information. Individuals who deny the TPS access may face ——– for failing to cooperate.

A

extension
examine
consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Policy Compliance
    3.1 TPS-IT resources and the information generated by, and contained within them, fall under the ownership of
    the ———–. Therefore, while the TPS is aware of, and respects the privacy interests of those who use its IT resources, it is stressed that authorized users will be subject to a significantly ——– expectation of personal privacy when making use of TPS-IT resources.
A

Toronto Police Service
diminished

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Policy Non-Compliance
    4.1 Attempt to ———- or circumvent the user-authentication or security functions of any computer, network or
    account.
    4.2 ——-account or password access to an unauthorized individual, including circumstances when a member
    has had their access deactivated, ——-or terminated.
    4.3 Unauthorized copying, ——, deletion, distortion, removal, concealment, modification or encryption
    of messages, files, or other police data.
    4.4 Use any program/script/command with the intent to interfere or ———with any computer system,
    network or user’s session. Execute any form of network monitoring that will ——data, scan ports, or
    attempt to circumvent the corporate ——–.
A

exploit
Provide
denied
destruction
tamper
intercept
firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Policy Non-Compliance

4.5 Access, create, —— or communicate material that is unsolicited, abusive, harassing, ———,
threatening, discriminatory or offensive, and could otherwise interfere with another individual’s rights under
the Human Rights Code or the Occupational Health and Safety Act.
4.6 Use any unauthorized internet-based web services, even when used in a non-obligatory ‘————’.
4.7 Build, publish or maintain externally facing ——using any type of unapproved cloud-based web
development services (i.e. Wix, WordPress, Zyro, etc.).
4.8 Access internet sites featuring sexual content, drugs, peer-to-peer file sharing, hate, violence, weapons,
gambling and other illegal or unethical subjects – unless, it is authorized for lawful or ———- job duties

4.9 Install unauthorized/unlicensed software on any IT resource that may result in the installation of a virus,
harmful component, corrupted data, or exposes TPS information to vulnerabilities.
4.10 Use any TPS-IT resource for personal commercial or financial gain, or for political causes

A

publish
intimidating
free trial basis
portals
assigned

17
Q
  1. Systems Auditing and Monitoring
    5.1 The TPS reserves the right to access system information, without prior ——, and use all information
    and data stored on and communicated through TPS-IT resources for lawful purposes – to facilitate —— in a
    member’s absence, to conduct ——-technical administration, to routinely ——–system use, to
    investigate suspicions of improper system use and other misconduct and to comply with legal obligations.
    Members who engage in personal use of TPS- IT resources are deemed to ——-that the TPS has this
    right of access and may raise no expectation of privacy that prevents the TPS from accessing and using
    information and data for its legitimate purposes.
    5.2 When a violation of this policy is suspected, the TPS may restrict, suspend or revoke access to any TPS-IT
    system or resource, at any time and without notice, pending completion of an investigation. If a violation of this policy has been substantiated, the TPS will exercise its rights to take appropriate disciplinary
    action against any offending member, up to and including termination of employment. Compliance
    with this policy will be enforced.
A

notice
work
routine
audit
accept

18
Q
  1. Systems Auditing and Monitoring

5.3 Violation of this policy may be considered ———– conduct under the Police Services Act (PSA) and
its related regulations, and may face discipline ——-to the degree and severity. The use of TPS-IT
resources in any manner that violates statutory codes or Service Governance may also become subject to
discipline.
5.4 Users are encouraged to seek guidance from an appropriate supervisor, Unit Commander, or the ISO if they
require further clarification on the application of this policy, or if they have any concerns regarding
compliance

A

discreditable
proportional