Critical Infrastructure Assurance Office

booklet

Critical Infrastructure Assurance Office

1970-01-01

Acknowledgements....................iii Executive Summary.....................1 Chapter 1 Establishing Information Security Policy.........................3 Information Security Policy......3 Education, Training, and Awareness.................................5 Tips on Successful Policy Development and Implementation......................7 Chapter 2 Identifying Critical Assets and Conducting a Vulnerability Assessment...........................9 Key Terms..................................9 Introduction................................9 Task 1: Identify Critical Information Assets..............10 Task 2: Perform a Vulnerability Audit of Critical Information Assets..............17 Task 3: Perform Risk Management Analysis........26 Chapter 3 Tools and Practices for Critical Information Asset Protection..............................27 Introduction..............................27 Physical Security of Information Assets..............27 Environmental Control Systems Malfunctions........28 Information Security...............29 Good Management Practices for Critical Information Asset Protection..............................45 Chapter 4 Security Incident Planning....47 Before the Worst Happens...47 Establishing a Computer Security Incident Response Capability (CSIRC)..............47 Developing Communications Channels and Information Resources............................48 Handling a Security Incident..................................49 Glossary......................................51 Definitions...................................51 Acronyms....................................60

Critical information assets, information security policy, incident planning, asset protection

English

A hard-copy of this is in the CERIAS Library

Securing Critical Information Assets