The purpose of this policy is to define a set of minimum security requirements that all agencies will adhere to, using them as minimum standards with which to develop, implement, and maintain their individual agency IT security plans, policies, and procedures. The primary objectives of this policy are to:
A. Manage the risk of security exposure or compromise by focusing on the creation of a shared and trusted environment, with particular attention to: 1. Common approaches to end-user authentication;2. Consistent and adequate network, server, and data management;3. Appropriate uses of secure network connections;4. Prevent unauthorized use or reproduction of copyrighted material by public entities; and5. Closing unauthorized pathways into the network and into the data pursuant to Mississippi Code Annotated § 25-53-5.B. Establish an enterprise approach to security in state government that: 1. Promotes an enterprise view among separate agencies;2. Requires adherence to a common security architecture and its related procedures;3. Recognizes an interdependent relationship among agencies, such that strengthening security for one strengthens all and, conversely, weakening one weakens all; and4. Assumes mutual distrust until proven friendly, including relationships with government, trading partners, and anonymous users to ensure secure interactions. Miss. Code Ann. § 25-53-1 to § 25-53-25.