Building an Information Assurance Framework for a Small Defense Agency

As information security continues to capture headlines in our daily lives, it is imperative that businesses have an Information Assurance Framework - a solid plan of action with the required tools, trained personnel, and tested procedures - that is capable of protecting valuable information assets. However, many organizations with low risk data have not focused on information security and have not put adequate life-cycle controls in place to ensure continuous protection. That is the case at our small defense agency. This paper attempts to glean best practices from many sources to define the steps we must to take to implement and manage an Information Assurance Framework.