《信息资产保护（IAP）指南》可以帮助雇主制定和实施全面的基于风险的信息资产保护战略。这种策略可能包括以下基本概念:（1）对信息进行分类和标记；（2）指定使用、分发、存储、安全预期、解密、归还和销毁/处置方法的处理协议；（3）培训；（4）事件报告和调查；（5）审计/合规流程和特殊需求（灾难恢复）。该指南的范围很广，适用于所有规模的组织和所有行业部门，包括非营利组织、教育机构和政府机构。

The Information Asset Protection (IAP) Guideline can aid employers in developing and implementing a comprehensive risk-based strategy for information assets protection. Such a strategy may include the fundamental concepts of(1) classifying and labeling information,(2) handling protocols to specify use, distribution, storage, security expectations, declassification, return, and destruction/disposal methodology,(3) training,(4) incident reporting and investigation, and(5) audit/compliance processes and special needs (disaster recovery).The scope of the guideline is broad in that it can be applied to all sizes of organizations and all industry sectors to include non-profits, educational institutions, and government agencies.