All systems must authenticate the identity of Users through individually assigned unique identifiers, known as user account IDs, and authentication tokens (e.g., password, key fob, biometrics and/or multifactor authentication). All users are accountable for all activity associated with their user accounts and authentication tokens.
SLAM provides many Systems to its users in pursuit of its mission and to enhance their productivity and jobs. These Systems include computers, software, communication tools (email, chat), access to internal networks (intranet), access to external networks (Internet), as well as telephone systems, voice mail, fax, photocopiers, etc. SLAM requires that these Systems be used in a responsible way, ethically, and in compliance with all legislation and other SLAM policies and contracts.
This policy is to govern the responsible use of generative AI/LLM to protect the interests of the Saint Louis Art Museum from the risks associated with the technology.
To reduce the cybersecurity risk to the organization, SLAM is required to design, implement and maintain a coherent set of policies, standards and procedures (collectively the Security Program) to manage risks to its data and information systems. Users are required to protect and ensure the Confidentiality, Integrity, and Availability (CIA) of data and information systems, regardless of how data is created, distributed, or stored. Security controls will be tailored accordingly.
Mobile devices are a way of life where working on the go is now common. Mobility in business terms means being able to get the job done and stay connected regardless of location, device, or time of day. Accessing business information on mobile devices, exposes SLAM information to serious security risks as portability allows access to the information outside the building, campus, even country.
In order to protect SLAM IT assets, the policy limits the ability for Users to introduce malware to the systems by prohibiting removable media and limits the ability of Users to remove SLAM Confidential information on removable media.
Security Awareness is a vital piece to the Security Program as all system Users need to understand their role in the protection of SLAM data and digital information. This policy describes the requirements for policy awareness and cybersecurity awareness training.
This policy applies to remote access connections used to do work on behalf of the museum, including reading or sending email and viewing intranet web resources. This policy covers all technical implementations of remote access used to connect to SLAM networks.