Publications

The CJIS GROUP Publications resource contains reports pertaining to technology in the Criminal Justice, Public Safety, Homeland Security, and Health and Human Services communities. Documents are generally gathered through the public domain and include industry trends, agency surveys, technical standards and models, case studies, white papers, and guides.

Titlesort descending Summary Subject Category Date Published
Framework for Improving Critical Infrastructure Cybersecurity version 1.1

Version 1.1 of this Cybersecurity Framework refines, clarifies, and enhances Version 1.0, which was issued in February 2014. It incorporates comments received on the two drafts of Version 1.1. Version 1.1 is intended to be implemented by first-time and current Framework users. Current users should be able to implement Version 1.1 with minimal or no disruption; compatibility with Version 1.0 has been an explicit objective.

Cyber Security Security April 2018
Fusion Center Guidelines: Law Enforcement Intelligence, Public Safety, and the Private Sector

The U.S. Department of Justice (DOJ) and the U.S. Departmentof Homeland Security (DHS) collaborated in the developmentof these fusion center guidelines. The intent of the partnershipis to provide a consistent, unified message and to provide acomprehensive set of guidelines for developing and operating afusion center within a state or region.

Fusion Center Guidelines Data Management January 2007
Fusion Center Guidelines: Law Enforcement Intelligence, Public Safety, and the Private Sector - Executive Summary

The U.S. Department of Justice (DOJ) and the U.S. Departmentof Homeland Security (DHS) Executive Summary of the Fusion Center Guidelines: Law Enforcement Intelligence, Public Safety and Private Sector report.

Fusion Center Guidelines Data Management January 2007
GAO Testimony- Homeland Security Information Sharing

US General Accounting Office: Homeland Security Information Sharing Responsibilities,Challenges, and Key Management Issues

Homeland Security Information Sharing Data Management September 2003
Global Data Breach Notification Laws: Meeting Requirements and Mitigating Risks with Endpoint Security

A common nightmare scenario for security leaders today is having a laptop, tablet, or smartphone – loaded with sensitive information – go missing. When devices are lost or stolen and
personal data is breached, organizations face increasing obligations to disclose incidents to the affected individuals and/or government agencies. Disclosure requirements partly explain
why, according to recent research, 72% of business and security professionals say their top mobile security concern is data loss due to lost or stolen devices.

Rooted in privacy law, data breach notification requirements are based on the philosophy that notification can mitigate the risks for individuals who are affected by breaches. With notification, individuals or government agencies may be able to take actions to protect those affected and avert for example, identity theft, financial loss, or injury to personal character. Another major driver behind these rules is to compel organizations to prevent breaches by implementing security controls that adequately protect information.

Data Security Data Management, Security December 2015
Governance of Geospatial Resources: Where's the Data? Show Me - Maximizing the Investment in State Geospatial Resources

This issue brief explores government’s demand for geospatial resources and offers recommendations and calls to action for the state Chief Information Officer to meet that demand.

Geospatial Resources Data Management June 2008
Government and Public Sector Customer Engagement Optimization Solution Strategy

Customer engagement describes the level of interaction that individual customers have, either directly or indirectly, with a specific government or public sector organization over time. The term includes all of the interactions that occur along the customer journey, whether those “touches” happen before, during or after an interaction, and whether they occur by phone, online or in person. It can also include customer interactions that may be independent of specific transactions, such as criticisms in social media or comments posted on blogs.

Customer engagement should not be confused with customer experience, since engagement encompasses an ongoing relationship with a specific government or public sector organization, as opposed to an experience at a single point in time. It is also important to note that customer engagement is proactive. Government and public sector organizations do not have to wait for a customer to act before they engage—they can reach out to customers to renew permits and licenses, deliver personalized and location-specific services, and solicit feedback. Examples of proactive customer engagement tactics include surveys not tied to specific transactions or educational outreach programs. The idea is to build an ongoing dialog with customers that engenders familiarity and some level of emotional attachment to your services.

Customer Engagement Data Management December 2015
Government Social Command Center - Connect and Engage with Citizens Everywhere
In the 21st century, government agencies cannot be effective if they do not maintain a consistent social media presence. In order to be fully in touch with their citizens, agencies need to be able to monitor trending topics and analyze public sentiment around key issues. Then, they need to participate in these ongoing conversations, identify and engage top influencers, publish relevant multimedia content and respond to adverse events and crises instantaneously.
 
Millions of conversations about government are happening on social channels every day. Is your agency engaging?
 
Sponsored by CarahSoft
Data Management Data Management September 2015
Guide for Cybersecurity Event Recovery

As the number of cybersecurity incidents climbs, and the variety of types of attacks grows, “It’s no longer if you are going to have a cybersecurity event, it is when,” said computer scientist Murugiah Souppaya, one of the guide’s authors. 

NIST computer researchers wrote the Guide for Cybersecurity Event Recovery to consolidate existing NIST recovery guidance such as on incident handling and contingency planning. It also provides a process that each organization—federal or otherwise—can use to create its own comprehensive recovery plan to be ready when a cybersecurity event occurs. 

Data Security Security January 2017
Guide to Application Whitelisting

A whitelist is a list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications that are authorized to be present or active on a system according to a welldefined baseline. A blacklist is a list of discrete entities that have been previously determined to be associated with malicious activity. A graylist is a list of discrete entities that have not yet been established as benign or malicious; more information is needed to move graylist items onto a whitelist or a blacklist. Whitelists, blacklists, and graylists are primarily used as a form of access control: permitting activity corresponding to the whitelist and not permitting activity corresponding to the blacklist.

Data Security Data Management October 2015

Pages