Link to the home page.
Print from PDF version
Wireless Security Practices PDF Document
Support Prevention Detection and Recovery
 

Security Disciplines

Introduction

This section discusses the following security disciplines for each of these objectives: Support, Prevention, and Detection and Recovery.

Applying Security Practices to Justice Information Sharing Disaster Recovery and Business Continuity Security Auditing Critical Incident Response Intrusion Detection System Detection and Recovery Prevention Data Integrity Data Classification Change Management Public Access, Privacy, and Confidentiality Firewalls, VPNs, and Other Network Safeguards Support Governance Physical Security Personnel Security Screening Separation of Duties

Section Structure

In general, each security discipline section is constructed as follows:

  • Description and Purpose—a summary of the discipline and the role it plays in securing information.
  • Principles—the qualities that define an organization that responsibly and securely manages justice information.
  • Policies—guidance and, when applicable, references to sample policies in order to assist organizations in establishing good internal policies for securing information.
  • Best Practices—tutorials and an overview of the best ways to apply the tools, technologies, and processes within each discipline.
  • References—resources to assist justice organizations in designing their security practices to meet well-established industry standards.
Table 1: Information Security Disciplines
Information Security Disciplines Definition and Relevance
Governance
Identifies the practices applied to establish, manage, and enforce information security policy.
Physical Security
Protects against compromises in security that may arise from facility and environmental vulnerabilities.
Personnel Security Screening
Includes the processes applied to determine whether personnel warrant the level of trust required to access sensitive justice information and systems.
Separation of Duties
Requires the segregation of administrative, development, security, and user functions to provide security checks and balances.
Identification and Authentication
Ensures that those wishing to gain access to information resources are who they represent themselves to be. Typical methods include passwords, smart cards, and biometrics.
Authorization and Access Control
Determines what permissions and access authorization an information system user holds.
Data Integrity
Safeguards information content and protects against inadvertent or intentional information modification or loss.
Public Access, Privacy, and Confidentiality
Outlines tools and procedures to protect the privacy of individuals and information in light of the increased accessibility offered by networked information systems.
Firewalls, VPNs,
and Other Network Safeguards
Identifies the tools employed to establish a barrier between private and public information in a justice organization.
Attack Detection
and Prevention
Monitors computing and communications facilities for evidence of inappropriate access or use.
Security Auditing
Examines and verifies that organizational practices meet security policies and applicable regulations.
Risk Management
Protects critical information assets and its ability to perform the organizational mission.
Disaster Recovery and Business Continuity
Establishes and documents the procedures to follow in the event of a disaster that will allow operations that depend on the accuracy and availability of information can continue and be restored.