U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Managing Information Security - A Program for the Electronic Information Age

NCJ Number
81546
Author(s)
J A Schweitzer
Date Published
1982
Length
133 pages
Annotation
This book presents a model data security program, based on the author's experience with a total information protection system for the Xerox Corporation.
Abstract
The volume focuses on computer-processed information, but also discusses all electronically generated information. The author views protecting computers in data centers as a small part of electronic information security. The book describes the interface of electronic information security with traditional business security emphasizing new requirements for electronic information processing. The book explains information security needs: (1) physical and logical controls of information access; (2) records of all accesses and resistance to attack; (3) effective controls and storage systems; and (4) employee indoctrination regarding their responsibilities relative to the electronic information processing system. The author defines the roles of the electronic security manager and the coordinator. An information security program is a complex matrix consisting of user groups; levels of directive, including executive direction, program management, and local procedures; and protection levels encompassing physical, organizational, logical (software and hardware), and transformational levels (cryptography, passwords). The book gives detailed examples of policy statements and specific standards. It delineates the steps in conducting a security requirements survey and presents a sample survey instrument. The sequence of activities involved in implementing and operating the total security program is discussed, including continuing program development, security reviews, auditing, and planning for emergencies. Probable future developments in computing hardware technology and their impact on security programs are briefly explored. The program described in the volume is currently in operation. Diagrams, an index, 14 references, and 8 recommended readings are provided.

Downloads

No download available

Availability