Practices for Securing Critical Information Assets
Author
Critical Infrastructure Assurance Office
Key alpha
Critical Infrastructure Assurance Office
Publication Date
1970-01-01
Contents
Acknowledgements....................iii
Executive Summary.....................1
Chapter 1
Establishing Information
Security Policy.........................3
Information Security Policy......3
Education, Training, and
Awareness.................................5
Tips on Successful Policy
Development and
Implementation......................7
Chapter 2
Identifying Critical Assets and
Conducting a Vulnerability
Assessment...........................9
Key Terms..................................9
Introduction................................9
Task 1: Identify Critical
Information Assets..............10
Task 2: Perform a
Vulnerability Audit of Critical
Information Assets..............17
Task 3: Perform Risk
Management Analysis........26
Chapter 3
Tools and Practices for
Critical Information Asset
Protection..............................27
Introduction..............................27
Physical Security of
Information Assets..............27
Environmental Control
Systems Malfunctions........28
Information Security...............29
Good Management Practices
for Critical Information Asset
Protection..............................45
Chapter 4
Security Incident Planning....47
Before the Worst Happens...47
Establishing a Computer
Security Incident Response
Capability (CSIRC)..............47
Developing Communications
Channels and Information
Resources............................48
Handling a Security
Incident..................................49
Glossary......................................51
Definitions...................................51
Acronyms....................................60
Keywords
Critical information assets, information security policy, incident planning, asset protection
Location
A hard-copy of this is in the CERIAS Library
Subject
Securing Critical Information Assets