Submitted by: Submitted by zamy756
Views: 10
Words: 14063
Pages: 57
Category: Business and Industry
Date Submitted: 03/18/2016 05:04 AM
Information Security
Program Guide
For State Agencies
April 2008
Table of Contents
INTRODUCTION .......................................................................................................................................................3
A SUGGESTED IMPLEMENTATION STRATEGY .............................................................................................5
SECURITY COMPONENTS ...................................................................................................................................12
RISK MANAGEMENT ................................................................................................................................................12
POLICY MANAGEMENT ............................................................................................................................................14
ORGANIZING INFORMATION SECURITY ....................................................................................................................16
ASSET PROTECTION .................................................................................................................................................18
HUMAN RESOURCES SECURITY ...............................................................................................................................20
PHYSICAL AND ENVIRONMENTAL SECURITY ...........................................................................................................22
COMMUNICATIONS AND OPERATIONS MANAGEMENT .............................................................................................24
ACCESS CONTROL ...................................................................................................................................................26
INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE ..........................................................28
INFORMATION SECURITY INCIDENT MANAGEMENT...