The IT Law Wiki


Critical Infrastructure Assurance Office, Practices for Securing Critical Information Assets (Jan. 2000) (full-text).



This publication provides initial guidance to Federal agencies in their effort to assure the security of the increasingly vulnerable and interconnected infrastructure of the United States, especially the cyber-based infrastructure. This guidance is intended to assist agency personnel who are responsible for developing and implementing information security policy, rather than those involved in devising actual technical solutions. It is also intended to complement, not supplant, existing guidance and authority of other organizations responsible for issuance of security standards and guidelines.

This guide includes chapters on establishing a security policy, identifying critical assets and performing vulnerability assessments, understanding the tools and practices available to improve security, and developing an effective incident response capability; a glossary of terms and acronyms; and appendices.