Year
1992
Abstract
The protection of classified and sensitive information is accomplished through a number of related programs, to include: information security, personnel security, education and awareness, computer security, and technical surveillance countermeasures. Determining the synergistic effect of these efforts in protecting information is a challenge. This paper provides a methodology for evaluating the effectiveness of a site's efforts to protect classified and sensitive information. Standard threat definitions normally used to determine system effectiveness are difficult to apply to the protection of information; hence, the first part of the paper defines the threat and five generic threat acts. Next, an overview of the protection strategy that encompasses information security, personnel security, education and awareness, computer security, and technical surveillance countermeasures is provided. Finally, a three step methodology for evaluating a facility information protection program is presented.