Link to the home page.
Print from PDF version
 

"Trust and integrity are absolute requirements for information sharing among justice professionals and for the information technology systems they depend on. Anyone responsible for deploying information security best practices within the justice community should take careful note of the content of Global's Applying Security Practices document."

John E. Vinson
Director, Rocky Mountain Information Network (RMIN); Chairman, Regional Information Sharing Systems (RISS) Information Technology Policy Group

Applied Security Joint Task Force Model Central Information Repository Model Peer Group Model Justice Interconnection Services Network Model

Models for Justice Information Sharing

Introduction

The appropriate application of security practices is highly dependent upon the specifics of the information systems to be protected. Characteristics such as connectivity to public networks, the scope and composition of the user community, the sensitivity of the information, and the level of acceptable risk should all have strong influences on the security approach used. This section provides further guidance to justice information system managers and owners by defining general models for justice information sharing, recommending security guidelines, and citing usage examples.

The following sections describe four justice information sharing models that are frequently encountered in justice applications:

  • The Joint Task Force (JTF) Model
  • The Centralized Information Repository (CIR) Model
  • The Peer Group (PG) Model
  • The Justice Interconnection Services Network (JISN) Model

These four models are simplified representations of the organizational relationships, computer systems, and the flow of information encountered in the justice and public safety communities. They serve as illustrations of “best-of-breed” security practices. In application, most “real life” justice information systems are a combination of these models, although they are described here individually. The justice information systems professionals faced with an enterprise that combines several of the models will need to identify common security services that can apply to all of their systems. It should be noted that some justice information systems professionals may unpredictably encounter a fifth model: the disorganized, fragmented, run-by-another-part-of-the-city model.

Readers are encouraged to compare the four models against operational systems under their management so that the security guidelines may serve to provide useful advice on how to improve the protection of shared justice information.

In general, each justice information sharing model section is constructed as follows:

  • Introduction
  • Security Guidelines

Guidelines for Applying Information Security Practices

Each justice information sharing model includes guidelines for security practices. The guidelines are organized around the following: (1) the flow of information for each model and (2) the security disciplines. The flow of information represents the principal sharing transactions in each of the models. There are many other aspects to securing computer systems, such as protecting the confidentiality and integrity of data storage. The focus of these guidelines is on secure information sharing in terms of the flow of information. With regard to the security disciplines, these sections address only those elements that are unique and specific to each model.

It should also be noted that within these models, the issue of size and scope will also influence the selection of security practices—for small systems it may be impractical and/or prohibitively costly to apply the same level of security rigor appropriate to a large system. Since we have not provided a spectrum of guidelines based on available funding, it is incumbent upon system owners and designers to make the trade-offs between risk; information asset value; and investment in security technology, process, and procedure. Where possible, we provide ways that cost may be trimmed to accommodate budget constraints.