skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 217581 Add to Shopping cart Find in a Library
Title: Law Enforcement Tech Guide for Information Technology Security: How To Assess Risk and Establish Effective Policies
Author(s): Kelly J. Harris; Todd G. Shipley CFE
Corporate Author: SEARCH Group Inc.
United States of America
Date Published: 2006
Page Count: 202
Sponsoring Agency: NCJRS Photocopy Services
Rockville, MD 20849-6000
Office of Community Oriented Policing Services (COPS)
Washington, DC 20530
SEARCH Group Inc.
Sacramento, CA 95831
Grant Number: 2003CKWXK054
Sale Source: NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America

Office of Community Oriented Policing Services (COPS)
US Dept of Justice
Two Constitutional Square
145 N Street, N.E.
Washington, DC 20530
United States of America
Document: Agency Summary|PDF|Text
Agency Summary: 
Type: Guideline
Format: Document (Online)
Language: English
Country: United States of America
Annotation: This guide provides law enforcement agencies with strategies, best practices, and recommendations for developing and implementing information technology (IT) security policies.
Abstract: The guide presents general steps for achieving four objectives. First, it will help agencies understand and identify security "exposures" for their IT. Second, it will assist agencies in developing and implementing controls that will address identified security risks. Third, it guides agencies in creating and implementing a program for measuring the effectiveness of these security controls. Fourth, using the work done in the previous steps, this guide will help agencies develop and implement security policies. In presenting these four steps, the guide first provides an overview of security risk management, the importance of implementing an information-security policy, and the critical leadership role of managers in policy initiatives. It also suggests whom to involve in the security project and how to develop the Security Policy Development Team. The four key phases of the information technology security development and implementation process are then explained. The first phase involves learning how to conduct a self-assessment, which provides a status report on the current security system. The second phase is a risk assessment that determines security vulnerabilities in the IT systems, using findings from the self-assessment. Phase II involves learning how to develop and implement security controls in order to mitigate identified risks. The final phase is the development and implementation of an ongoing measurement process that ensures the controls are effective. A hands-on process for writing information-security policies is included. Appended sample tools, a glossary of security terms, and a listing of security resources
Main Term(s): Police management
Index Term(s): Automated police information systems; Computer facility security; Computer privacy and security; Computer security training; Police information systems; Security surveys; Security systems; Security training
Note: Downloaded February 27, 2007.
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.