NCJ Number
192804
Date Published
November 1999
Length
50 pages
Annotation
This is a guide to help Federal managers implement an ongoing information security risk assessment process.
Abstract
The Federal Government increasingly relies on automated and interconnected systems to perform functions essential to the national welfare. These systems, which provide rapid data processing and access to information, also increase the risks of computer intrusion, fraud, and disruption. The guide claims that Federal automated operations and electronic data are inadequately protected against these risks, and that poor security program management is one of the major underlying problems. The guide provides examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations: a multinational oil company, a financial services company, a regulatory organization, and a computer hardware and software company. It also identifies factors important to the success of any risk assessment program, regardless of specific methodology. Figures, tables, appendixes