A Qualitative, High Level INFOSEC Assessment Methodology (IAM)

Author:
Robert K. Smith
File Size:
52.27 kB
Date:
24 May 2001
Downloads:
803 x

In May 1998, the INFOSEC community became aware of the White Paper titled "The Clinton Administration’s Policy on Critical Infrastructure Protection: Presidential Decision Directive 63 (PDD-63). Shortly after this date, the National Security Agency (NSA) using its technology transfer charter, took a proactive stance to the PDD-63 by offering an INFOSEC Assessment Methodology (IAM) course to government and private sector security professionals. The intent of the course is to make available a qualitative (not quantitative) approach for carrying out a high-level policy/documentation review that is non-intrusive, uses non-attribution (the process is not an inspection or an audit), yet produces an analysis of an organization’s overall security posture.

A Qualitative, High Level INFOSEC Assessment Methodology (IAM)