NCJ Number
16250
Date Published
1974
Length
77 pages
Annotation
A SET OF RECOMMENDATIONS, PRESENTED IN OUTLINE FORM, CONCERNING SAFEGUARDS FOR INFORMATION AS WELL AS THE PHYSICAL ASPECTS OF INFORMATION SYSTEMS INSTALLATIONS.
Abstract
THESE GUIDELINES ARE ABOUT PREVENTION. THEY ARE DIRECTED PRIMARILY TO THE EXECUTIVES AND MANAGERS WHO ARE RESPONSIBLE FOR DATA PROCESSING OPERATIONS AND TO DATA CENTER MANAGERS. THEY ARE DIRECTED AS WELL TO USERS OF DATA PROCESSING SERVICES WHO PROCURE THOSE SERVICES FROM SOURCES OUTSIDE THEIR OWN ORGANIZATIONS. THE PURPOSE IS TO MAKE THE READER AWARE OF THE DANGERS AND RISKS, TO FOCUS ATTENTION ON THE THREATS TO SECURITY, CONFIDENTIALITY, AND PRIVACY, AND TO SUGGEST PREVENTIVE STEPS TO ELIMINATE OR MINIMIZE POSSIBILITIES OF LOSS. THE AUTHORS RECOGNIZE THAT REQUIREMENTS DIFFER WIDELY FROM ONE INSTALLATION TO ANOTHER, SO THE GUIDELINES DO NOT ATTEMPT TO TELL IN DETAIL 'HOW-TO-DO-IT'. INSTEAD, THERE IS A BIBLIOGRAPHY APPENDED TO EACH SECTION WHICH IS A GUIDE TO FURTHER INFORMATION ON SUBJECTS WHICH ARE OF CONCERN TO THE READER. SINCE THE SECURITY AND CONFIDENTIALITY OF INFORMATION, AS WELL AS THE PHYSICAL SECURITY OF THE INSTALLATION, IS SUCH A VITAL REQUIREMENT OF ANY INSTALLATION, REGARDLESS OF SIZE, IT IS RECOMMENDED THAT A STAFF FUNCTION RESPONSIBLE FOR OVERALL SECURITY PROTECTIVE MEASURES BE ESTABLISHED. IN SMALL INSTALLATIONS THIS MAY BE THE RESPONSIBILITY OF ONE INDIVIDUAL, WHILE IN LARGE INSTALLATIONS, INDIVIDUALS FAMILIAR WITH VARIOUS OPERATIONS MAY BE ASSIGNED TO ASSIST. IN ANY CIRCUMSTANCE, IT IS RECOMMENDED THAT THIS RESPONSIBILITY BE ASSIGNED AT A SUFFICIENTLY HIGH LEVEL TO ENSURE COMPLIANCE. (AUTHOR ABSTRACT MODIFIED)