ERIC Number: ED330347
Record Type: RIE
Publication Date: 1989-Oct
Reference Count: N/A
Management Guide to the Protection of Information Resources.
Helsing, Cheryl; And Others
This guide introduces information systems security concerns and outlines the issues that must be addressed by all agency managers in meeting their responsibilities to protect information systems within their organizations. It describes the essential components of an effective information resource protection process that applies to an individual personal computer as well as to a large data processing facility. The first of three sections, "Information Systems Development," describes the protective measures (i.e., the control decisions, security principles, access decisions, and systems development process) that should be included as part of the design and development of information processing application systems. The second section, "Computer Facility Management," speaks to the protective measures that should be incorporated into the ongoing management of information resource processing facilities and applies to any manager who maintains a personal computer, mainframe, or any other form of office system or automated equipment. Physical security, data security, and monitoring and review management policies are discussed. The final section, "Personnel Management," considers security issues that arise when personnel operate computer facilities which process critical data or design sensitive systems. It is suggested that employee training programs that emphasize systems security should be implemented. Sources of additional information are provided. (MAB)
Descriptors: Access to Information, Computer System Design, Confidentiality, Decision Making, Facilities Management, Information Management, Information Systems, Local Area Networks, Microcomputers, Public Agencies, Systems Analysis, Systems Building
Superintendent of Documents, U.S. Government Printing Office, Washington, DC.
Publication Type: Guides - General
Education Level: N/A
Audience: Administrators; Practitioners
Authoring Institution: National Inst. of Standards and Technology, Gaithersburg, MD.
Identifiers: Computer Security
Note: For a related report, see IR 053 509.