{"t": "Title ITP Information Technology Policy", "p": "/us/nsn/lco/council/code/ITP", "et": "container", "dj": "/us/nsn/lco/council/code/index.json", "fh": "/us/nsn/lco/council/code/ITP/index.full.html", "sc": "Title ITP", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP", "c": [{"t": "Chapter ITP.1 Information and Technology Use and Security Policy", "p": "/us/nsn/lco/council/code/ITP.1", "et": "container", "sc": "Chapter ITP.1", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1", "c": [{"t": "Subchapter ITP.1.1 Introduction", "p": "/us/nsn/lco/council/code/ITP.1.1", "et": "container", "sc": "Subchapter ITP.1.1", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1", "c": [{"t": "ITP.1.1.010 Title", "p": "/us/nsn/lco/council/code/ITP.1.1.010", "et": "section", "sc": "Section ITP.1.1.010", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.010"}, {"t": "ITP.1.1.020 Authority", "p": "/us/nsn/lco/council/code/ITP.1.1.020", "et": "section", "sc": "Section ITP.1.1.020", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.020"}, {"t": "ITP.1.1.030 Purpose", "p": "/us/nsn/lco/council/code/ITP.1.1.030", "et": "section", "sc": "Section ITP.1.1.030", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.030"}, {"t": "ITP.1.1.040 Effective Date", "p": "/us/nsn/lco/council/code/ITP.1.1.040", "et": "section", "sc": "Section ITP.1.1.040", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.040"}, {"t": "ITP.1.1.050 Interpretation", "p": "/us/nsn/lco/council/code/ITP.1.1.050", "et": "section", "sc": "Section ITP.1.1.050", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.050", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.1.050#(a)", "et": "para", "sc": "Section ITP.1.1.050(a)", "x": "Shall be interpreted and applied as minimum requirements applicable to the "}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.1.050#(b)", "et": "para", "sc": "Section ITP.1.1.050(b)", "x": "Shall be liberally construed in favor of the Tribe;"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.1.050#(c)", "et": "para", "sc": "Section ITP.1.1.050(c)", "x": "Shall not be deemed a limitation or repeal of any other tribal power or aut"}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.1.050#(d)", "et": "para", "sc": "Section ITP.1.1.050(d)", "x": "Shall be interpreted to be in accordance with tribal customary law. Wheneve"}]}, {"t": "ITP.1.1.070 Relation to Other Laws", "p": "/us/nsn/lco/council/code/ITP.1.1.070", "et": "section", "sc": "Section ITP.1.1.070", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.070", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.1.070#(a)", "et": "para", "sc": "Section ITP.1.1.070(a)", "x": "Applicable Law."}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.1.070#(b)", "et": "para", "sc": "Section ITP.1.1.070(b)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.1.070#(b)(1)", "et": "para", "sc": "Section ITP.1.1.070(b)(1)", "x": "Tribal Law."}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.1.070#(b)(2)", "et": "para", "sc": "Section ITP.1.1.070(b)(2)", "x": "State Law."}], "x": "Conflicts with Other Laws."}]}, {"t": "ITP.1.1.080 Severability and Non-Liability", "p": "/us/nsn/lco/council/code/ITP.1.1.080", "et": "section", "sc": "Section ITP.1.1.080", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.080"}, {"t": "ITP.1.1.090 Repeal of Inconsistent Tribal Ordinances", "p": "/us/nsn/lco/council/code/ITP.1.1.090", "et": "section", "sc": "Section ITP.1.1.090", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.1|ITP.1.1.090"}]}, {"t": "Subchapter ITP.1.2 Definitions", "p": "/us/nsn/lco/council/code/ITP.1.2", "et": "container", "sc": "Subchapter ITP.1.2", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.2", "c": [{"t": "ITP.1.2.010 General Definitions", "p": "/us/nsn/lco/council/code/ITP.1.2.010", "et": "section", "sc": "Section ITP.1.2.010", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.2|ITP.1.2.010", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(a)", "et": "para", "sc": "Section ITP.1.2.010(a)", "x": "\"Agent\" shall mean a person who is authorized to act on behalf of the Lac C"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(b)", "et": "para", "sc": "Section ITP.1.2.010(b)", "x": "\"Employee\" shall mean any individual who is employed by the Tribe and is su"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(c)", "et": "para", "sc": "Section ITP.1.2.010(c)", "x": "\"Network or Information Technology (IT)\" shall encompass desktop computers,"}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(d)", "et": "para", "sc": "Section ITP.1.2.010(d)", "x": "\"Officer\" shall mean a person elected or appointed to serve on a board, com"}, {"t": "(e)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(e)", "et": "para", "sc": "Section ITP.1.2.010(e)", "x": "\"Personal electronic devices\" shall include, but shall not be limited to, e"}, {"t": "(f)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(f)", "et": "para", "sc": "Section ITP.1.2.010(f)", "x": "\"Reservation or Reservation Lands\" shall mean those lands located within th"}, {"t": "(g)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(g)", "et": "para", "sc": "Section ITP.1.2.010(g)", "x": "\"Tribal Entity\" shall mean a corporation or other organization which is who"}, {"t": "(h)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(h)", "et": "para", "sc": "Section ITP.1.2.010(h)", "x": "\"Tribe\" shall mean the Lac Courte Oreilles Band of Lake Superior Chippewa I"}, {"t": "(i)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(i)", "et": "para", "sc": "Section ITP.1.2.010(i)", "x": "\"Tribal Court\" shall mean the court of the Lac Courte Oreilles Band of Lake"}, {"t": "(j)", "p": "/us/nsn/lco/council/code/ITP.1.2.010#(j)", "et": "para", "sc": "Section ITP.1.2.010(j)", "x": "\"Tribal Governing Board\" shall mean the Tribal Governing Board of the Lac C"}]}]}, {"t": "Subchapter ITP.1.3 Information Security", "p": "/us/nsn/lco/council/code/ITP.1.3", "et": "container", "sc": "Subchapter ITP.1.3", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3", "c": [{"t": "ITP.1.3.010 Responsibilities", "p": "/us/nsn/lco/council/code/ITP.1.3.010", "et": "section", "sc": "Section ITP.1.3.010", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.010", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(a)", "et": "para", "sc": "Section ITP.1.3.010(a)", "x": "The Tribal Governing Board hall oversee the Tribe's efforts to develop, imp"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(b)", "et": "para", "sc": "Section ITP.1.3.010(b)", "x": "The Tribe's IT Department shall assist with the enforcement and adherence t"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(c)", "et": "para", "sc": "Section ITP.1.3.010(c)", "x": "The Tribe's IT Department shall provide direction and control for informati"}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(d)", "et": "para", "sc": "Section ITP.1.3.010(d)", "x": "The Tribe shall exercise due diligence in selecting its service providers a"}, {"t": "(e)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(e)", "et": "para", "sc": "Section ITP.1.3.010(e)", "x": "Employees shall know and understand their duties with respect to the Inform"}, {"t": "(f)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(f)", "et": "para", "sc": "Section ITP.1.3.010(f)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(f)(1)", "et": "para", "sc": "Section ITP.1.3.010(f)(1)", "x": "Availability, integrity and confidentiality of data or systems"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(f)(2)", "et": "para", "sc": "Section ITP.1.3.010(f)(2)", "x": "Accountability and assurance of processes and controls"}], "x": "Security Objectives."}, {"t": "(g)", "p": "/us/nsn/lco/council/code/ITP.1.3.010#(g)", "et": "para", "sc": "Section ITP.1.3.010(g)", "x": "Security Process."}]}, {"t": "ITP.1.3.020 Risk Assessment", "p": "/us/nsn/lco/council/code/ITP.1.3.020", "et": "section", "sc": "Section ITP.1.3.020", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.020", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.020#(a)", "et": "para", "sc": "Section ITP.1.3.020(a)", "x": "Information gathering."}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.020#(b)", "et": "para", "sc": "Section ITP.1.3.020(b)", "x": "Analysis."}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.020#(c)", "et": "para", "sc": "Section ITP.1.3.020(c)", "x": "Prioritize responses."}]}, {"t": "ITP.1.3.030 Strategy", "p": "/us/nsn/lco/council/code/ITP.1.3.030", "et": "section", "sc": "Section ITP.1.3.030", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.030", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.030#(a)", "et": "para", "sc": "Section ITP.1.3.030(a)", "x": "Cost comparisons of different strategic approaches appropriate to the Tribe"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.030#(b)", "et": "para", "sc": "Section ITP.1.3.030(b)", "x": "Layered controls that establish multiple control points between threats and"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.030#(c)", "et": "para", "sc": "Section ITP.1.3.030(c)", "x": "Educating officers and employees in implementing the information security p"}]}, {"t": "ITP.1.3.040 Controls Implementation", "p": "/us/nsn/lco/council/code/ITP.1.3.040", "et": "section", "sc": "Section ITP.1.3.040", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.040", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(a)", "et": "para", "sc": "Section ITP.1.3.040(a)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(a)(1)", "et": "para", "sc": "Section ITP.1.3.040(a)(1)", "x": "Assign end-users and system resources only the access required to perform t"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(a)(2)", "et": "para", "sc": "Section ITP.1.3.040(a)(2)", "x": "Update access rights based on personnel or system changes;"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(a)(3)", "et": "para", "sc": "Section ITP.1.3.040(a)(3)", "x": "Periodically review users' access rights based on the risk to the applicati"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(a)(4)", "et": "para", "sc": "Section ITP.1.3.040(a)(4)", "x": "Design appropriate acceptable-use and end-user policies."}], "x": "Access rights admin."}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(b)", "et": "para", "sc": "Section ITP.1.3.040(b)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(b)(1)", "et": "para", "sc": "Section ITP.1.3.040(b)(1)", "x": "Selecting authentication mechanisms based on the risk associated with a par"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(b)(2)", "et": "para", "sc": "Section ITP.1.3.040(b)(2)", "x": "Considering whether multiple forms of authentication are appropriate for ea"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(b)(3)", "et": "para", "sc": "Section ITP.1.3.040(b)(3)", "x": "Encrypting the transmission and storage of authenticators (e.g., passwords,"}], "x": "Authentication."}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(c)", "et": "para", "sc": "Section ITP.1.3.040(c)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(c)(1)", "et": "para", "sc": "Section ITP.1.3.040(c)(1)", "x": "Group network servers, applications, data, and users into security domains;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(c)(2)", "et": "para", "sc": "Section ITP.1.3.040(c)(2)", "x": "Require use of unique user IDs and strong passwords;"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(c)(3)", "et": "para", "sc": "Section ITP.1.3.040(c)(3)", "x": "Establishing appropriate access requirements within and between each securi"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(c)(4)", "et": "para", "sc": "Section ITP.1.3.040(c)(4)", "x": "Implementing appropriate controls to meet those access requirements consist"}], "x": "Network access."}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)", "et": "para", "sc": "Section ITP.1.3.040(d)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)(1)", "et": "para", "sc": "Section ITP.1.3.040(d)(1)", "x": "Securing access to system utilities;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)(2)", "et": "para", "sc": "Section ITP.1.3.040(d)(2)", "x": "Restricting and monitoring privileged access;"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)(3)", "et": "para", "sc": "Section ITP.1.3.040(d)(3)", "x": "Logging and monitoring user or program access to sensitive resources;"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)(4)", "et": "para", "sc": "Section ITP.1.3.040(d)(4)", "x": "Updating the operating systems with security patches; and"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(d)(5)", "et": "para", "sc": "Section ITP.1.3.040(d)(5)", "x": "Securing the devices that can access the operating system through physical "}], "x": "Operating System access."}, {"t": "(e)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(e)", "et": "para", "sc": "Section ITP.1.3.040(e)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(e)(1)", "et": "para", "sc": "Section ITP.1.3.040(e)(1)", "x": "Using authentication and authorization controls appropriate for the risk of"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(e)(2)", "et": "para", "sc": "Section ITP.1.3.040(e)(2)", "x": "Monitoring access rights to ensure they are the minimum required for the us"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(e)(3)", "et": "para", "sc": "Section ITP.1.3.040(e)(3)", "x": "Using time of day limitations on access as appropriate; and"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(e)(4)", "et": "para", "sc": "Section ITP.1.3.040(e)(4)", "x": "Logging access and security events"}], "x": "Application access."}, {"t": "(f)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)", "et": "para", "sc": "Section ITP.1.3.040(f)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)(1)", "et": "para", "sc": "Section ITP.1.3.040(f)(1)", "x": "Controlling access through management approvals;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)(2)", "et": "para", "sc": "Section ITP.1.3.040(f)(2)", "x": "Implementing controls over configuration to disallow potential malicious us"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)(3)", "et": "para", "sc": "Section ITP.1.3.040(f)(3)", "x": "Monitoring remote access;"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)(4)", "et": "para", "sc": "Section ITP.1.3.040(f)(4)", "x": "Securing remote access devices; and"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(f)(5)", "et": "para", "sc": "Section ITP.1.3.040(f)(5)", "x": "Using strong authentication and encryption to secure communications."}], "x": "Remote access."}, {"t": "(g)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(g)", "et": "para", "sc": "Section ITP.1.3.040(g)", "x": "Physical Security."}, {"t": "(h)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(h)", "et": "para", "sc": "Section ITP.1.3.040(h)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(h)(1)", "et": "para", "sc": "Section ITP.1.3.040(h)(1)", "x": "Encryption strength sufficient to protect the information while in transit "}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(h)(2)", "et": "para", "sc": "Section ITP.1.3.040(h)(2)", "x": "Effective encryption key management practices; and"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(h)(3)", "et": "para", "sc": "Section ITP.1.3.040(h)(3)", "x": "Appropriate protection of the encrypted communication's endpoints."}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(h)(4)", "et": "para", "sc": "Section ITP.1.3.040(h)(4)", "x": "USB storage devices shall not be authorized for general use. If a USB stora"}], "x": "Encryption."}, {"t": "(i)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(i)", "et": "para", "sc": "Section ITP.1.3.040(i)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(i)(1)", "et": "para", "sc": "Section ITP.1.3.040(i)(1)", "x": "Using anti-virus products on clients and servers;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(i)(2)", "et": "para", "sc": "Section ITP.1.3.040(i)(2)", "x": "Using an appropriate blocking strategy on the network perimeter;"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(i)(3)", "et": "para", "sc": "Section ITP.1.3.040(i)(3)", "x": "Filtering input to applications; and"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(i)(4)", "et": "para", "sc": "Section ITP.1.3.040(i)(4)", "x": "Educating staff in appropriate computing policies and procedures"}], "x": "Malicious code."}, {"t": "(j)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)", "et": "para", "sc": "Section ITP.1.3.040(j)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(1)", "et": "para", "sc": "Section ITP.1.3.040(j)(1)", "x": "Defining security requirements before developing or acquiring new systems;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(2)", "et": "para", "sc": "Section ITP.1.3.040(j)(2)", "x": "Incorporating recognized standards in developing security requirements;"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(3)", "et": "para", "sc": "Section ITP.1.3.040(j)(3)", "x": "Incorporating appropriate security controls, audit trails, and logs for dat"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(4)", "et": "para", "sc": "Section ITP.1.3.040(j)(4)", "x": "Implementing an effective change control process;"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(5)", "et": "para", "sc": "Section ITP.1.3.040(j)(5)", "x": "Hardening systems before deployment;"}, {"t": "(6)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(6)", "et": "para", "sc": "Section ITP.1.3.040(j)(6)", "x": "Establishing an effective patch process for new security vulnerabilities; a"}, {"t": "(7)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(j)(7)", "et": "para", "sc": "Section ITP.1.3.040(j)(7)", "x": "Overseeing vendors to protect the integrity and confidentiality of applicat"}], "x": "Systems development, acquisition, and maintenance."}, {"t": "(k)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(k)", "et": "para", "sc": "Section ITP.1.3.040(k)", "x": "Personnel security."}, {"t": "(l)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(l)", "et": "para", "sc": "Section ITP.1.3.040(l)", "x": "Virtualization."}, {"t": "(m)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(m)", "et": "para", "sc": "Section ITP.1.3.040(m)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(m)(1)", "et": "para", "sc": "Section ITP.1.3.040(m)(1)", "x": "Establish and ensure compliance with policies for handling and storing info"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(m)(2)", "et": "para", "sc": "Section ITP.1.3.040(m)(2)", "x": "Ensure safe and secure disposal of sensitive media and"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(m)(3)", "et": "para", "sc": "Section ITP.1.3.040(m)(3)", "x": "Secure media in transit or transmission to third parties."}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(m)(4)", "et": "para", "sc": "Section ITP.1.3.040(m)(4)", "x": "Employees are instructed to save data to \"shared drives\" or other network d"}], "x": "Electronic and paper-based media handling."}, {"t": "(n)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(n)", "et": "para", "sc": "Section ITP.1.3.040(n)", "x": "Logging and data collection."}, {"t": "(o)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(o)", "et": "para", "sc": "Section ITP.1.3.040(o)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(o)(1)", "et": "para", "sc": "Section ITP.1.3.040(o)(1)", "x": "Appropriate due diligence in service provider research and selection;"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(o)(2)", "et": "para", "sc": "Section ITP.1.3.040(o)(2)", "x": "Contractual assurances regarding security responsibilities, controls, and r"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(o)(3)", "et": "para", "sc": "Section ITP.1.3.040(o)(3)", "x": "Nondisclosure agreements regarding the Tribe's systems and data; and"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(o)(4)", "et": "para", "sc": "Section ITP.1.3.040(o)(4)", "x": "Third-party review of the service provider's security through appropriate a"}], "x": "Service provider oversight."}, {"t": "(p)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(p)", "et": "para", "sc": "Section ITP.1.3.040(p)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(p)(1)", "et": "para", "sc": "Section ITP.1.3.040(p)(1)", "x": "Preparation."}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(p)(2)", "et": "para", "sc": "Section ITP.1.3.040(p)(2)", "x": "Response to an intrusion."}], "x": "Intrusion detection and response."}, {"t": "(q)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(q)", "et": "para", "sc": "Section ITP.1.3.040(q)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(q)(1)", "et": "para", "sc": "Section ITP.1.3.040(q)(1)", "x": "Identification and training of personnel with key security roles during con"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(q)(2)", "et": "para", "sc": "Section ITP.1.3.040(q)(2)", "x": "Security needs for back-up sites and alternate communications."}], "x": "Business continuity considerations."}, {"t": "(r)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(r)", "et": "para", "sc": "Section ITP.1.3.040(r)", "x": "Insurance."}, {"t": "(s)", "p": "/us/nsn/lco/council/code/ITP.1.3.040#(s)", "et": "para", "sc": "Section ITP.1.3.040(s)", "x": "Equipment disposal/destruction."}]}, {"t": "ITP.1.3.050 Security testing", "p": "/us/nsn/lco/council/code/ITP.1.3.050", "et": "section", "sc": "Section ITP.1.3.050", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.050", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.050#(a)", "et": "para", "sc": "Section ITP.1.3.050(a)", "x": "Basing their testing plan, test selection, and test frequency on the risk p"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.050#(b)", "et": "para", "sc": "Section ITP.1.3.050(b)", "x": "Establishing controls to mitigate the risks posed to systems from testing; "}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.050#(c)", "et": "para", "sc": "Section ITP.1.3.050(c)", "x": "Using test results to evaluate whether security objectives are met."}]}, {"t": "ITP.1.3.060 Monitoring and updating", "p": "/us/nsn/lco/council/code/ITP.1.3.060", "et": "section", "sc": "Section ITP.1.3.060", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.060", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.060#(a)", "et": "para", "sc": "Section ITP.1.3.060(a)", "x": "The Tribe shall continuously gather and analyze information regarding new t"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.060#(b)", "et": "para", "sc": "Section ITP.1.3.060(b)", "x": "The information in par. (a) shall be used to update the risk assessment, st"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.3.060#(c)", "et": "para", "sc": "Section ITP.1.3.060(c)", "x": "To complete the goals of (a) and (b) the Tribe shall utilize malware, antiv"}]}, {"t": "ITP.1.3.070 Reporting", "p": "/us/nsn/lco/council/code/ITP.1.3.070", "et": "section", "sc": "Section ITP.1.3.070", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.070"}, {"t": "ITP.1.3.080 Incident response program", "p": "/us/nsn/lco/council/code/ITP.1.3.080", "et": "section", "sc": "Section ITP.1.3.080", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.3|ITP.1.3.080", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)", "et": "para", "sc": "Section ITP.1.3.080(a)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(1)", "et": "para", "sc": "Section ITP.1.3.080(a)(1)", "c": [{"t": "(A)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(1)(A)", "et": "para", "sc": "Section ITP.1.3.080(a)(1)(A)", "x": "IT Director"}, {"t": "(B)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(1)(B)", "et": "para", "sc": "Section ITP.1.3.080(a)(1)(B)", "x": "IT Department personnel"}], "x": "The primary Incident Response Team shall consist of:"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(2)", "et": "para", "sc": "Section ITP.1.3.080(a)(2)", "c": [{"t": "(A)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(2)(A)", "et": "para", "sc": "Section ITP.1.3.080(a)(2)(A)", "x": "Office of Attorney General"}, {"t": "(B)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(2)(B)", "et": "para", "sc": "Section ITP.1.3.080(a)(2)(B)", "x": "Tribal Law Enforcement"}, {"t": "(C)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(2)(C)", "et": "para", "sc": "Section ITP.1.3.080(a)(2)(C)", "x": "Compliance/Audit Officer"}], "x": "More severe or extensive incidents can include:"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(3)", "et": "para", "sc": "Section ITP.1.3.080(a)(3)", "x": "All Tribal employees shall be aware of the possibility of system or securit"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(4)", "et": "para", "sc": "Section ITP.1.3.080(a)(4)", "x": "Physical building incidents shall be directed to the Tribe's security offic"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(5)", "et": "para", "sc": "Section ITP.1.3.080(a)(5)", "x": "Computer security related incidents shall be directed to the IT or Operatio"}, {"t": "(6)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(a)(6)", "et": "para", "sc": "Section ITP.1.3.080(a)(6)", "x": "Individuals shall work with the response team and executive management to e"}], "x": "Incident Response Team."}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)", "et": "para", "sc": "Section ITP.1.3.080(b)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)", "c": [{"t": "(A)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(A)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(A)", "c": [{"t": "(i)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(A)(i)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(A)(i)", "x": "Host Security"}, {"t": "(ii)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(A)(ii)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(A)(ii)", "x": "Network Security"}, {"t": "(iii)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(A)(iii)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(A)(iii)", "x": "Malware Prevention"}], "x": "Risk Assessment"}, {"t": "(B)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(B)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(B)", "x": "User Awareness and Training"}, {"t": "(C)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(C)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(C)", "x": "System Hardening Guidelines"}, {"t": "(D)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(D)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(D)", "x": "System Access Guidelines"}, {"t": "(E)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(E)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(E)", "x": "Facilities Security Guidelines"}, {"t": "(F)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(1)(F)", "et": "para", "sc": "Section ITP.1.3.080(b)(1)(F)", "x": "Insurance Policies"}], "x": "Preparation."}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(2)", "et": "para", "sc": "Section ITP.1.3.080(b)(2)", "x": "Detection and analysis."}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(3)", "et": "para", "sc": "Section ITP.1.3.080(b)(3)", "x": "Containment, eradication, and recovery."}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(4)", "et": "para", "sc": "Section ITP.1.3.080(b)(4)", "x": "Post incident activity."}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(5)", "et": "para", "sc": "Section ITP.1.3.080(b)(5)", "x": "Unauthorized access to tribal information procedures"}, {"t": "(6)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(6)", "et": "para", "sc": "Section ITP.1.3.080(b)(6)", "c": [{"t": "(A)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(6)(A)", "et": "para", "sc": "Section ITP.1.3.080(b)(6)(A)", "x": "Quality of internal controls associated with the acquisition, development, "}, {"t": "(B)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(6)(B)", "et": "para", "sc": "Section ITP.1.3.080(b)(6)(B)", "x": "Exposure to risks throughout the Tribe and its service provider(s) in the a"}, {"t": "(C)", "p": "/us/nsn/lco/council/code/ITP.1.3.080#(b)(6)(C)", "et": "para", "sc": "Section ITP.1.3.080(b)(6)(C)", "x": "Compliance with this and other related policies, procedures and processes c"}], "x": "Audit."}], "x": "Phases of Incident Response"}]}]}, {"t": "Subchapter ITP.1.4 Acceptable Use", "p": "/us/nsn/lco/council/code/ITP.1.4", "et": "container", "sc": "Subchapter ITP.1.4", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.4", "c": [{"t": "ITP.1.4.010 General principles", "p": "/us/nsn/lco/council/code/ITP.1.4.010", "et": "section", "sc": "Section ITP.1.4.010", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.4|ITP.1.4.010", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(a)", "et": "para", "sc": "Section ITP.1.4.010(a)", "x": "Network, internet, and email privileges provided by the Tribe, shall be con"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)", "et": "para", "sc": "Section ITP.1.4.010(b)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)(1)", "et": "para", "sc": "Section ITP.1.4.010(b)(1)", "x": "email received and sent,"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)(2)", "et": "para", "sc": "Section ITP.1.4.010(b)(2)", "x": "websites visited,"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)(3)", "et": "para", "sc": "Section ITP.1.4.010(b)(3)", "x": "social media posts,"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)(4)", "et": "para", "sc": "Section ITP.1.4.010(b)(4)", "x": "uploads, and"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(b)(5)", "et": "para", "sc": "Section ITP.1.4.010(b)(5)", "x": "downloads"}], "x": "Internet use includes, but is not limited to:"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(c)", "et": "para", "sc": "Section ITP.1.4.010(c)", "x": "The Tribe shall own the Network, messaging systems, and the information tra"}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(d)", "et": "para", "sc": "Section ITP.1.4.010(d)", "x": "Employees shall have no expectation of privacy or confidentiality in any of"}, {"t": "(e)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(e)", "et": "para", "sc": "Section ITP.1.4.010(e)", "x": "Correspondence, internal or external, via email, or instant messaging (IM) "}, {"t": "(f)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(f)", "et": "para", "sc": "Section ITP.1.4.010(f)", "x": "The distribution of any information through the Network, computer-based ser"}, {"t": "(g)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(g)", "et": "para", "sc": "Section ITP.1.4.010(g)", "x": "Employees shall be restricted in their usage of employee-owned personal ele"}, {"t": "(h)", "p": "/us/nsn/lco/council/code/ITP.1.4.010#(h)", "et": "para", "sc": "Section ITP.1.4.010(h)", "x": "Employees utilizing web sites and social media sites at work for personal u"}]}, {"t": "ITP.1.4.020 Conditions of use", "p": "/us/nsn/lco/council/code/ITP.1.4.020", "et": "section", "sc": "Section ITP.1.4.020", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.4|ITP.1.4.020", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)", "et": "para", "sc": "Section ITP.1.4.020(a)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(1)", "et": "para", "sc": "Section ITP.1.4.020(a)(1)", "x": "Comply with all current tribal policies"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(2)", "et": "para", "sc": "Section ITP.1.4.020(a)(2)", "x": "Lock or log off computers when leaving them unattended for any length of ti"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(3)", "et": "para", "sc": "Section ITP.1.4.020(a)(3)", "x": "Use unique user IDs and strong passwords as indicated by tribal policy and "}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(4)", "et": "para", "sc": "Section ITP.1.4.020(a)(4)", "x": "Contact the IT and Department manager immediately upon discovering suspicio"}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(5)", "et": "para", "sc": "Section ITP.1.4.020(a)(5)", "x": "Immediately notify IT and management if a business-related mobile device is"}, {"t": "(6)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(a)(6)", "et": "para", "sc": "Section ITP.1.4.020(a)(6)", "x": "The user shall be required to maintain and safeguard the equipment issued a"}], "x": "Users shall"}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)", "et": "para", "sc": "Section ITP.1.4.020(b)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(1)", "et": "para", "sc": "Section ITP.1.4.020(b)(1)", "x": "Knowingly visit Internet sites that contain illegal, obscene, hateful, or o"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(2)", "et": "para", "sc": "Section ITP.1.4.020(b)(2)", "x": "Knowingly access ads or other solicitations commonly seen in the margins of"}, {"t": "(3)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(3)", "et": "para", "sc": "Section ITP.1.4.020(b)(3)", "x": "Knowingly open an attachment or access a link provided in an unsolicited, u"}, {"t": "(4)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(4)", "et": "para", "sc": "Section ITP.1.4.020(b)(4)", "x": "Send non-encrypted emails containing sensitive customer information."}, {"t": "(5)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(5)", "et": "para", "sc": "Section ITP.1.4.020(b)(5)", "x": "Send or receive any material, whether by IM, email, memoranda, or oral conv"}, {"t": "(6)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(6)", "et": "para", "sc": "Section ITP.1.4.020(b)(6)", "x": "Solicit non-tribal business for personal gain or profit"}, {"t": "(7)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(7)", "et": "para", "sc": "Section ITP.1.4.020(b)(7)", "x": "Download any software or electronic files to a tribal workstation or the Ne"}, {"t": "(8)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(8)", "et": "para", "sc": "Section ITP.1.4.020(b)(8)", "x": "Represent personal opinions as those of the tribe or purport to represent t"}, {"t": "(9)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(9)", "et": "para", "sc": "Section ITP.1.4.020(b)(9)", "x": "Upload, download, or otherwise transmit software or any copyrighted materia"}, {"t": "(10)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(10)", "et": "para", "sc": "Section ITP.1.4.020(b)(10)", "x": "Reveal or publicize confidential or proprietary information which includes,"}, {"t": "(11)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(11)", "et": "para", "sc": "Section ITP.1.4.020(b)(11)", "x": "Intentionally interfere with the normal operation of the Network, including"}, {"t": "(12)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(12)", "et": "para", "sc": "Section ITP.1.4.020(b)(12)", "x": "Examine, change, or use another person's username, password, files, and out"}, {"t": "(13)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(13)", "et": "para", "sc": "Section ITP.1.4.020(b)(13)", "x": "Perform any other uses identified by the tribe as inappropriate."}, {"t": "(14)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(14)", "et": "para", "sc": "Section ITP.1.4.020(b)(14)", "x": "Use tribal equipment or other resources for any purpose other than that aut"}, {"t": "(15)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(15)", "et": "para", "sc": "Section ITP.1.4.020(b)(15)", "x": "Use tribal email accounts (xxxxx@lco-nsn.gov) to open or maintain personal "}, {"t": "(16)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(16)", "et": "para", "sc": "Section ITP.1.4.020(b)(16)", "x": "Use film cameras, digital cameras, digital camcorders, and personal devices"}, {"t": "(17)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(17)", "et": "para", "sc": "Section ITP.1.4.020(b)(17)", "x": "And are prohibited from connecting personal electronic devices or media, in"}, {"t": "(18)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(18)", "et": "para", "sc": "Section ITP.1.4.020(b)(18)", "x": "And are prohibited from using portable media storage devices, including but"}, {"t": "(19)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(19)", "et": "para", "sc": "Section ITP.1.4.020(b)(19)", "x": "Load a bootable, alternate operating system on any Tribal owned computer fr"}, {"t": "(20)", "p": "/us/nsn/lco/council/code/ITP.1.4.020#(b)(20)", "et": "para", "sc": "Section ITP.1.4.020(b)(20)", "x": "Connect any employee-owned electronic device whether desktop, laptop, table"}], "x": "Users shall not"}]}, {"t": "ITP.1.4.030 Personal posts", "p": "/us/nsn/lco/council/code/ITP.1.4.030", "et": "section", "sc": "Section ITP.1.4.030", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.4|ITP.1.4.030"}, {"t": "ITP.1.4.040 Violations", "p": "/us/nsn/lco/council/code/ITP.1.4.040", "et": "section", "sc": "Section ITP.1.4.040", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.4|ITP.1.4.040"}]}, {"t": "Subchapter ITP.1.5 Backup and Recovery", "p": "/us/nsn/lco/council/code/ITP.1.5", "et": "container", "sc": "Subchapter ITP.1.5", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.5", "c": [{"t": "ITP.1.5.010 Backup and Recovery", "p": "/us/nsn/lco/council/code/ITP.1.5.010", "et": "section", "sc": "Section ITP.1.5.010", "sp": "library|Lac Courte Oreilles Tribal Code of Law|ITP|ITP.1|ITP.1.5|ITP.1.5.010", "c": [{"t": "(a)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(a)", "et": "para", "sc": "Section ITP.1.5.010(a)", "x": "All tribal critical data that is stored locally on the domains file server "}, {"t": "(b)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(b)", "et": "para", "sc": "Section ITP.1.5.010(b)", "x": "Backups shall be done on all critical information that is stored on the sha"}, {"t": "(c)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(c)", "et": "para", "sc": "Section ITP.1.5.010(c)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(c)(1)", "et": "para", "sc": "Section ITP.1.5.010(c)(1)", "x": "These backups shall be based on an incremental or differential backup metho"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(c)(2)", "et": "para", "sc": "Section ITP.1.5.010(c)(2)", "x": "Backup shall be performed in such a way that information can be restored fr"}], "x": "The backup shall be set up to run automatically after normal working hours "}, {"t": "(d)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(d)", "et": "para", "sc": "Section ITP.1.5.010(d)", "x": "Information shall be restored monthly at the discretion of the IT departmen"}, {"t": "(e)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(e)", "et": "para", "sc": "Section ITP.1.5.010(e)", "c": [{"t": "(1)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(e)(1)", "et": "para", "sc": "Section ITP.1.5.010(e)(1)", "x": "Generally, the requested information shall be available to the department w"}, {"t": "(2)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(e)(2)", "et": "para", "sc": "Section ITP.1.5.010(e)(2)", "x": "If the data recovery is needed do to a minor or major system failure it may"}], "x": "Department Directors shall request IT to restore information from a backup "}, {"t": "(f)", "p": "/us/nsn/lco/council/code/ITP.1.5.010#(f)", "et": "para", "sc": "Section ITP.1.5.010(f)", "x": "The servers or equipment that are performing the backups shall be in a lock"}]}]}]}]}