ERIC Number: ED330346
Record Type: RIE
Publication Date: 1989-Oct
Reference Count: N/A
Executive Guide to the Protection of Information Resources.
Helsing, Cheryl; And Others
The purpose of this guide is to help the policy maker address a series of questions regarding the protection and safety of computer systems and data processed within his/her agency. It introduces information systems security concerns, outlines the management issues that must be addressed by agency policies and programs, and describes the essential components of an effective implementation process. The guide is divided into four major sections: (1) Executive Responsibilities (set the security policy of the organization); (2) Executive Goals (reduce risk to an acceptable level, assure organizational continuity, comply with applicable laws and regulations, and assure integrity and confidentiality); (3) Information Protection Program Elements (need for policies and procedures, extension of protection from automated information resources to all forms of media, accountability for information, vulnerability assessment, data access, systems development, hardware/software configuration control, and operational controls); and (4) Information Protection Program Implementation (information protection management, independence of functional areas within the agency, degree of centralization, need for dedicated staff member at program management level, implementation stages, training, monitoring and enforcement, and maintenance). Sources for additional information are also provided. (MAB)
Descriptors: Access to Information, Confidentiality, Decision Making, Information Management, Information Systems, Local Area Networks, Microcomputers, Organizational Development, Organizational Objectives, Policy Formation, Public Agencies, Systems Analysis, Systems Building
Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402.
Publication Type: Guides - General
Education Level: N/A
Authoring Institution: National Inst. of Standards and Technology, Gaithersburg, MD.
Identifiers: Computer Security
Note: For a related report, see IR 053 510.