Accession Number : ADA391082

Title :   INFORMATION SECURITY RISK ASSESSMENT: Practices of Leading Organizations. Exposure Draft

Corporate Author : GENERAL ACCOUNTING OFFICE WASHINGTON DC ACCOUNTING AND INFORMATION MANAGEMENT DIV

Handle / proxy Url :             Check NTIS Availability...

Report Date : AUG 1999

Pagination or Media Count : 52

Abstract : Managing the security risks associated with our government's growing reliance on information technology is a continuing challenge. In particular, federal agencies, like many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. This guide, which we are initially issuing as an exposure draft, is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices. More importantly, it identifies, based on the case studies, factors that are important to the success of any risk assessment program, regardless of the specific methodology employed.

Descriptors :   *INFORMATION SECURITY, UNITED STATES GOVERNMENT, INFORMATION SYSTEMS, DATA PROCESSING SECURITY, CASE STUDIES, RISK ANALYSIS.

Subject Categories : COMPUTER SYSTEMS MANAGEMENT AND STANDARDS

Distribution Statement : APPROVED FOR PUBLIC RELEASE

Search DTIC's Public STINET for similiar documents.

Members of the public may purchase hardcopy documents from the National Technical Information Service.