U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Law Enforcement Tech Guide for Information Technology Security - How to Assess Risk and Establish Effective Policies: A Guide for Executives, Managers, and Technologists

NCJ Number
Kelly J. Harris; Todd G. Shipley, CFE, CFCE
Date Published
202 pages
Intended to be used as a companion guide to Law Enforcement Tech Guide: How To Plan, Purchase, and Manage Technology (Successfully!), this guide provides law enforcement leaders with strategies, best practices, and recommendations for developing and implementing information technology security policies.
This "how-to" guide presents general steps in understanding and identifying technology security vulnerabilities; developing and implementing controls that mitigate the identified security risks; creating and implementing a program that measures the effectiveness of these controls; and using the work done in the previous steps to develop and implement security policies for an agency. The first of seven chapters reviews features of a law enforcement leader's responsibilities for addressing security policies and risks. It discusses the nature of a security policy, identifies the risk factors to an information technology (IT) system, and explains how security policies control risk. This is followed by a chapter that presents the seven steps for organizing and charging the security policy development team. The four steps for conducting a security self-assessment are outlined in the next chapter. Another chapter reviews how to assess security risks, followed by a chapter that presents a step-by-step approach for developing a risk-mitigation strategy. A chapter on the measurement of security controls first defines "security measures" and then suggests how to develop and select measurement methods, before outlining seven steps for building an agency's security measures. The concluding chapter explains how to write an information security policy in six steps. Appended worksheets, a glossary of security terms, and a list of security resources