NCJ Number
197435
Date Published
February 2001
Length
69 pages
Annotation
This guide provides basic resources and guidance for helping to prevent or minimize the impact of cyber attacks against State and local law enforcement agencies' most critical systems and processes.
Abstract
The plan focuses on both baseline processes and vulnerabilities that emerged from a May 2000 survey (see NCJ-197434) by Emergency Law Enforcement Services, a component of the Emergency Services Sector. One survey finding was that a majority of the responding agencies did not have Continuity of Operations Plans. One chapter in this guide provides guidelines for developing such plans. Another survey finding was that only 6 percent of the agencies reported experiencing unauthorized intrusions. This guide provides a case example of an undetected intrusion, as well as guidance on testing for penetration into a computerized system. Further, the survey found that agencies of all sizes were primarily using Windows-based operating systems (95/98 and NT). One chapter of this guide provides information on staying up-to-date on operating system vulnerabilities. The survey also found that agencies reported a lack of technical training/expertise and lack of employee awareness and training as security weaknesses. A chapter of this guide suggests sources for employee awareness and training. A chapter on threat advisories presents guidelines for accessing alert and warning systems and reporting intrusion incidents.