Anchor: #i1022634

Section 6: Internet Content Filtering

Anchor: #i1022642

Introduction

The inherent risks of conducting state business over global, public networks reinforce the need for careful, deliberate filtering of Internet content. This content includes email, telephony, video, web services, web browsing, and file transfers. Recognizing, then separating, potential threats from authorized individuals aligns with the Agency’s Intrusion Prevention Policy and helps to implement the “Detect” objective of the Texas CyberSecurity Framework.

Anchor: #i1022656

Protocol

TxDOT will filter digital communications using multiple mechanisms. This allows TxDOT to gain the greatest protection and target its defensive efforts. For example, email traffic often contains spam, phishing attacks, and malicious hyperlinks. These communications and web activity will be monitored for the proper use and authorized access to TxDOT information resources.

Anchor: #i1022670

General Responsibilities

Those who use TxDOT information assets must follow the rules included in the Acceptable Use Form they signed to gain access to TxDOT's network. Information custodians, information owners and the Information Security Officer have additional, specific responsibilities listed below.

Information custodians ensure the information within their assigned purview is monitored and filtered when it passes to and from TxDOT's network.

Information owners select and manage information that may use a cloud service provider.

Information Security Officer must:

  • provide to information owners, custodians, and individuals support for the safe use of web services and email filtering
  • implement security controls for filtering web and email content to prevent data loss
  • ensure that information owners and custodians comply with the Internet content filtering mandates issued in the Intrusion Prevention Policy.

Compliance and Standards

See the “Internet Content Filtering Standards” in the Information Security Standards manual for minimum standards necessary to comply with this objective of the Intrusion Prevention Policy.

Previous page  Next page   Title page