316 – iSecurity
I. Policy
Many new in-house applications being developed for the Harris County Sheriff’s Office (HCSO) contain sensitive or confidential information. Limiting access to this information to the HCSO members deemed appropriate by the Sheriff or his or her designee is important.
The new iSecurity software will manage the security protocols for all new in-house applications, and this policy will dictate how access is granted. In the past, security protocols were managed by the Systems Intelligence Bureau. The new software is a central location that uses a tiered system to manage access control on a more local level.
In order to provide added security to sensitive or confidential information, the new system establishes a user name and password for all managed in-house applications. There will be one place to set security for every application and one place for users to go to when security issues arise.
II. Four Independent iSecurity Roles
A. Security Level 1 – iSecurity Master Administrator
1. Full access to all applications
2. Responsible for adding users to the iSecurity application administrator role
B. Security Level 2 – iSecurity Application Administrator
1. Full access to a specific application that is using iSecurity to maintain user permissions
2. Responsible for adding users to the iSecurity application manager group
C. Security Level 3 – iSecurity Application Manager
1. Full access to a specific application that is using iSecurity to maintain user permissions
2. Responsible for maintaining roles and permissions for iSecurity application user group
3. Cannot add users to iSecurity application manager group
D. Security Level 4 – iSecurity Application User
1. Has predetermined access to specific applications
2. Can request additional access in an application from the application’s iSecurity application manager
III. iSecurity Master Administrator
A. The iSecurity master administrator role shall be an information technology professional appointed directly by the Systems Intelligence Bureau commander.
B. The iSecurity master administrator role shall be given only to full-time HCSO employees.
C. The Systems Intelligence Bureau commander shall review all iSecurity master administrators annually.
D. The Systems Intelligence Bureau commander is responsible for removing the iSecurity master administrator role at the time of an employee’s end of employment.
E. The Systems Intelligence Bureau commander may suspend any roles as deemed necessary to ensure system and application integrity.
If a user’s role is suspended, the user’s chain of command shall be notified and provided a reason. A discussion may be initiated to determine future action.
F. Unless dire circumstances exist, the iSecurity master administrator shall refrain from adding users to Security Levels 3 and 4.
IV. iSecurity Application Administrator
A. Each application using the security framework provided by iSecurity shall have an iSecurity application administrator (e.g., SIRS application – iSecurity SIRS administrator).
B. The application administrator shall be appointed by the chief deputy for whom the application was developed or the Sheriff.
C. Written documentation of this request shall be submitted to the Systems Intelligence Bureau with the following criteria:
1. Dated within the last 14 days,
2. Signed by the chief deputy or Sheriff, and
3. Content shall demonstrate full understanding of the role being requested.
D. All application administrators must attend an iSecurity training class prior to any permissions being granted.
E. Due to the confidentiality and nature of some applications, the iSecurity master administrator or the Systems Intelligence Bureau commander may request further details prior to placing an employee in an application administrator role.
F. Unless expressly authorized by the Sheriff or his or her designee, the iSecurity master administrator and Systems Intelligence Bureau commander shall not deny access that has been requested in the above method.
The request for further details is simply a mechanism to open a dialogue to confirm the request is fully understood by all parties involved.
G. The chief deputy shall review all appointed application administrators annually. The Systems Intelligence Bureau shall provide each chief deputy with an annual list of their application administrators. A written review shall be submitted to the Systems Intelligence Bureau biannually.
H. The requesting chief deputy shall be responsible for notifying the iSecurity application administrator of an employee’s removal from an application administrator role. Removal causes may not be disclosed but shall include the following at a minimum:
1. End of employment,
2. Change in assignment,
3. Change in position, or
4. Change in employee status.
V. iSecurity Application Manager
Each application using the security framework provided by iSecurity shall have an iSecurity application manager (e.g., SIRS application – iSecurity SIRS manager).
Due to the varying nature of applications, the protocol for establishing the application manager role shall be documented in each application’s policy but shall address at least the following:
A. Request authorizers,
B. Documentation of requests,
C. Review protocols, and
D. Reasons for revocation of permissions.
Revision
This policy has been revised on the below listed dates:
November 21, 2013
December 2, 2020