skip navigation

Add your conference to our Justice Events calendar


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection. To conduct further searches of the collection, visit the NCJRS Abstracts Database. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

  NCJ Number: NCJ 217581     Find in a Library
  Title: Law Enforcement Tech Guide for Information Technology Security: How To Assess Risk and Establish Effective Policies
  Document URL: Text PDF 
  Agency Summary: Agency Summary 
  Author(s): Kelly J. Harris ; Todd G. Shipley CFE
  Corporate Author: SEARCH Group Inc.
United States of America
  Date Published: 2006
  Page Count: 202
  Annotation: This guide provides law enforcement agencies with strategies, best practices, and recommendations for developing and implementing information technology (IT) security policies.
  Abstract: The guide presents general steps for achieving four objectives. First, it will help agencies understand and identify security "exposures" for their IT. Second, it will assist agencies in developing and implementing controls that will address identified security risks. Third, it guides agencies in creating and implementing a program for measuring the effectiveness of these security controls. Fourth, using the work done in the previous steps, this guide will help agencies develop and implement security policies. In presenting these four steps, the guide first provides an overview of security risk management, the importance of implementing an information-security policy, and the critical leadership role of managers in policy initiatives. It also suggests whom to involve in the security project and how to develop the Security Policy Development Team. The four key phases of the information technology security development and implementation process are then explained. The first phase involves learning how to conduct a self-assessment, which provides a status report on the current security system. The second phase is a risk assessment that determines security vulnerabilities in the IT systems, using findings from the self-assessment. Phase II involves learning how to develop and implement security controls in order to mitigate identified risks. The final phase is the development and implementation of an ongoing measurement process that ensures the controls are effective. A hands-on process for writing information-security policies is included. Appended sample tools, a glossary of security terms, and a listing of security resources
  Main Term(s): Police management
  Index Term(s): Automated police information systems ; Police information systems ; Computer privacy and security ; Security systems ; Security training ; Security surveys ; Computer facility security ; Computer security training
  Sponsoring Agency: Office of Community Oriented Policing Services (COPS)
US Dept of Justice
United States of America
  Grant Number: 2003CKWXK054
  Sale Source: NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America

Office of Community Oriented Policing Services (COPS)
US Dept of Justice
Two Constitutional Square
145 N Street, N.E.
Washington, DC 20530
United States of America
  Type: Guideline
  Country: United States of America
  Language: English
  Note: Downloaded February 27, 2007.
  To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.