TO: Indian River County Board of County Commissioners
THROUGH: John Titkanich, County Administrator
FROM: Racheal Miller, Cyber Security Technician
DATE: April 22, 2025
SUBJECT: Information Technology Acceptable Use Policy Revision
_________________________________________________________________________________________
BACKGROUND
The Information Technology (IT) Department proposed the Board adopt revisions to Indian River County's Acceptable Use Policy to address evolving cybersecurity threats and operational best practices. As the technology landscape advances, the ways in which employees, contractors, and other stakeholders interact with County information systems must be clearly defined to ensure security, efficiency, and compliance.
ANALYSIS
The IT Department has identified a critical gap in the Acceptable Use Policy related to removable media. While the existing policy requires formal approval by the IT Department before using removable media, end users can bypass this requirement, and in the process increasing the attack surface of County information systems and exposing the County to unnecessary risks.
To appropriately address this issue, the IT Department has tested and is prepared to implement a solution that will ensure compliance by preventing the use of unauthorized USB devices. Implementing a solution that will only permit IT-approved removable media for use will aid in reducing opportunities and minimizing risks to our information systems.
Staff has identified and are addressing a requirement for encryption on approved removable media. To further enhance data security, the revised policy will now mandate encryption, when feasible, on all authorized USB drives and external storage devices. To obtain compliance with this update, the IT Department will begin utilizing software to enforce the Acceptable Use Policy and will provide centralized control over removable media, prevent unauthorized access, and reduce the risk of d...
Click here for full text