skip navigation

Justinfo Subscribe to Stay Informed

Add your conference to our Justice Events calendar


NCJRS Abstract


Subscribe to Stay Informed
Want to be in the know? JUSTINFO is a biweekly e-newsletter containing information about new publications, events, training, funding opportunities, and Web-based resources available from the NCJRS Federal sponsors. Sign up to get JUSTINFO in your inbox.

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
NCJ Number: NCJ 217581     Find in a Library
Title: Law Enforcement Tech Guide for Information Technology Security: How To Assess Risk and Establish Effective Policies
  Document URL: Text PDF 
  Agency Summary: Agency Summary 
Author(s): Kelly J. Harris ; Todd G. Shipley CFE
Corporate Author: SEARCH Group Inc.
United States of America
Date Published: 2006
Page Count: 202
  Annotation: This guide provides law enforcement agencies with strategies, best practices, and recommendations for developing and implementing information technology (IT) security policies.
Abstract: The guide presents general steps for achieving four objectives. First, it will help agencies understand and identify security "exposures" for their IT. Second, it will assist agencies in developing and implementing controls that will address identified security risks. Third, it guides agencies in creating and implementing a program for measuring the effectiveness of these security controls. Fourth, using the work done in the previous steps, this guide will help agencies develop and implement security policies. In presenting these four steps, the guide first provides an overview of security risk management, the importance of implementing an information-security policy, and the critical leadership role of managers in policy initiatives. It also suggests whom to involve in the security project and how to develop the Security Policy Development Team. The four key phases of the information technology security development and implementation process are then explained. The first phase involves learning how to conduct a self-assessment, which provides a status report on the current security system. The second phase is a risk assessment that determines security vulnerabilities in the IT systems, using findings from the self-assessment. Phase II involves learning how to develop and implement security controls in order to mitigate identified risks. The final phase is the development and implementation of an ongoing measurement process that ensures the controls are effective. A hands-on process for writing information-security policies is included. Appended sample tools, a glossary of security terms, and a listing of security resources
Main Term(s): Police management
Index Term(s): Automated police information systems ; Police information systems ; Computer privacy and security ; Security systems ; Security training ; Security surveys ; Computer facility security ; Computer security training
Sponsoring Agency: Office of Community Oriented Policing Services (COPS)
US Dept of Justice
United States of America
Grant Number: 2003CKWXK054
Sale Source: NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America

Office of Community Oriented Policing Services (COPS)
US Dept of Justice
Two Constitutional Square
145 N Street, N.E.
Washington, DC 20530
United States of America
Type: Guideline
Country: United States of America
Language: English
Note: Downloaded February 27, 2007.
  To cite this abstract, use the following link:

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.