skip navigation

PUBLICATIONS

Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

 

NCJ Number: 81546 Find in a Library
Title: Managing Information Security - A Program for the Electronic Information Age
Author(s): J A Schweitzer
Date Published: 1982
Page Count: 133
Sponsoring Agency: Butterworth-Heinemann
Woburn, MA 01801-2041
Sale Source: Butterworth-Heinemann
225 Wildwood Ave
Woburn, MA 01801-2041
United States of America
Language: English
Country: United States of America
Annotation: This book presents a model data security program, based on the author's experience with a total information protection system for the Xerox Corporation.
Abstract: The volume focuses on computer-processed information, but also discusses all electronically generated information. The author views protecting computers in data centers as a small part of electronic information security. The book describes the interface of electronic information security with traditional business security emphasizing new requirements for electronic information processing. The book explains information security needs: (1) physical and logical controls of information access; (2) records of all accesses and resistance to attack; (3) effective controls and storage systems; and (4) employee indoctrination regarding their responsibilities relative to the electronic information processing system. The author defines the roles of the electronic security manager and the coordinator. An information security program is a complex matrix consisting of user groups; levels of directive, including executive direction, program management, and local procedures; and protection levels encompassing physical, organizational, logical (software and hardware), and transformational levels (cryptography, passwords). The book gives detailed examples of policy statements and specific standards. It delineates the steps in conducting a security requirements survey and presents a sample survey instrument. The sequence of activities involved in implementing and operating the total security program is discussed, including continuing program development, security reviews, auditing, and planning for emergencies. Probable future developments in computing hardware technology and their impact on security programs are briefly explored. The program described in the volume is currently in operation. Diagrams, an index, 14 references, and 8 recommended readings are provided.
Index Term(s): Classified information; Computer privacy and security; Data security; Information Systems and Technology; Science and Technology
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=81546

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.