• Revision:2007 Edition, 2007
  • Published Date:January 2007
  • Status:Active, Most Current
  • Document Language:
  • Published By:American Society for Industrial Security (ASIS)
  • Page Count:47
  • ANSI Approved:No
  • DoD Adopted:No

  • The scope of the Information Asset Protection (IAP) Guideline isbroad in that it can be applied to all sizes of organizations andall industry sectors to include non-profits, educationalinstitutions, and government agencies. The guideline can aidemployers in developing and implementing a comprehensive risk-basedstrategy for information assets protection. Such a strategy mayinclude the fundamental concepts of (1) classifying and labelinginformation, (2) handling protocols to specify use, distribution,storage, security expectations, declassification, return, anddestruction/disposal methodology, (3) training, (4) incidentreporting and investigation, and (5) audit/compliance processes andspecial needs (disaster recovery).


    This guideline is organized into three primary sections. Thefirst section offers a general framework and some guidingprinciples for developing an effective Information AssetsProtection (IAP) policy within any organizational setting. Thesecond section proposes recommended practices that may be appliedin the implementation of a high-quality IAP program. The thirdsection consists of two appendices that provide useful tools forany size organization. Appendix A consists of aSample Policy on IAP. Appendix B is a QuickReference Guide, a sample flow chart for assessing informationprotection needs that can be modified and customized to meet anorganization's needs.


    An organization's competitive edge often is the result ofinformation derived from the creativity and innovation of itspersonnel. Consequently, the loss of this information wouldnegatively impact the organization's investment in personnel, time,finances, product, and/ or property. Whether it is a trade secret,patent information, or other intellectual property; a simpleimprovement in the way an organization produces a product orconducts its business; a technical modification, new technique, ormanagement concept; or employee/ personnel human resourcesinformation, the importance of these assets cannot beunderestimated. In order to safeguard its information assets, anorganization should establish a policy that requires specificmeasures be taken to protect information assets. This policy shouldoutline organizational roles, responsibilities, andaccountabilities, since it will be critical to the defense of anorganization should a regulatory or legal matter ensue. The policyshould be defined in terms that are easily understood andmaintained.

     Effective protection of information assets, whether inelectronic, verbal, written, or any other form, involves thesebasic principles:

    1. Classification and labeling information.

    2. Handling protocols to specify use, distribution, storage,security expectations, declassification, return, anddestruction/disposal methodology.

    3. Training.

    4. Incident reporting and investigation.

    5. Audit/compliance processes and special needs (disasterrecovery).


    • Product Code: ASIS
    • Availability: In Stock
    • $88.00
    • $44.00