Revised September 2003

First published in March 2000, these guidelines are intended to assist agencies and institutions of higher education to achieve the goal of acceptable information resources risk management and to meet the state's standards for information security. Additionally, this and future issues of these guidelines will introduce information protection professionals and planners to a variety of approaches to protect their agency's information resources assets.

Download PDF files - Information about file formats
The files are set up for double-sided printing.

   Part 1 – Main Body of Report PDF –  76 pages, 1.02 MB

   Part 2 – Appendices PDF – 144 pages, 2.24 MB

Download MS Word files - Information about file formats
The files are set up for double-sided printing.

   Part 1 – Main Body of Report – 76 pages, 6 MS Word files

Front matter: Contents, Preface, Executive Summary, etc. - 12 pages, 373 KB
Chapter 1. Establishing an Information Security Policy – 6 pages, 227 KB 
Chapter 2. Identifying Critical Information Assets and Risks – 6 pages, 230 KB
Chapter 3. Tools and Practices for Critical Information Asset Protection – 44 pages, 458 KB
Chapter 4. Security Incident Planning – 6 pages, 234 KB
Chapter 5. Last Words... – 2 pages, 651 KB

   Part 2 – Appendices – 144 pages, 22 MS Word files

Appendix A-1. Bibliography – 4 pages, 83 KB
Appendix A-2. Glossary – 66 pages, 281 KB
Appendix B-1. Additional References and Sources – 2 pages, 72 KB
Appendix C-1. Example of Virus Handling Procedures – 4 pages, 319 KB
Appendix C-2. Perspective: Malicious Code and Other Security Threats – 2 pages, 70 KB
Appendix D-1. Checklist for Outsourcing Contracts – 2 pages – 59 KB
Appendix E-1. What to Do if You Think Your Installation Has Been Hacked – 2 pages, 66 KB
Appendix E-2. DoS Defense – 2 pages, 67 KB
Appendix E-3. Recipe for Developing a Successful Incident Handling Plan – 2 pages,  59 KB
Appendix E-4. Example of Agency Incident Response Plan – 14 pages, 214 KB
Appendix E-5. Emergency Steps for Incident Response – 2 pages, 61 KB
Appendix E-6. IDS Product Evaluation Criteria – 6 pages, 86 KB
Appendix E-7. Disruption Defense; Mitigation Checklist – 2 pages, 61 KB
Appendix F-1. LAN Security Checklist – 2 pages, 66 KB
Appendix G-1. Considering an Extranet? – 6 pages, 70 KB
Appendix H-1. Protecting Your Password – 2 pages, 63 KB
Appendix I-1. Low-Cost/No-Cost Computer Security Measures – 4 pages,  43 KB
Appendix J-1. A Snapshot in Time: Where are the Vulnerabilities Now? – 6 pages, 75 KB
Appendix J-2. Risk Analysis and Assessment – 4 pages, 77 KB
Appendix J-3. Automation Controls Self-Assessment Guide – 2 pages, 65 KB
Appendix K-1. Implementation of Transaction Safeguards – 6 pages, 72 KB
Appendix K-2. Questions to Consider When Assessing Transaction Security Risks – 2 pages, 59 KB