1 / 11

Information Assurance

MIDN SPICHER 9 FEBRUARY 2012. Information Assurance. Directives & Laws. Public Law 100-235 security plans for all Federal computer systems containing sensitive information.

renee
Télécharger la présentation

Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIDN SPICHER 9 FEBRUARY 2012 Information Assurance

  2. Directives & Laws • Public Law 100-235 • security plans for all Federal computer systems containing sensitive information. • mandatory periodic training for all persons involved in management, use, or operation of Federal computer systems that contain sensitive information. • OMB Circular A-130 • The Office of Management and Budget (OMB) Circular A-130 sets basic guidelines for the collection, processing, and dissemination of information by Federal agencies and the management of Federal information systems and technology. It establishes policy for management of Federal information resources. • DODD 5200.28 • DOD Directive 5200.28 defines mandatory minimum security requirements to promote the use of cost-effective, computer-based security features for Automated Information Systems (AISs).

  3. What is Information Assurance? • Information Assurance (IA) processes protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. • Your ability to complete mission requirements is directly tied to IA

  4. Actions that Promote IA • Never put classified information on an unclassified system. • Secure your workstation by logging off before you leave your area. • Lock up media containing sensitive information. • Do not e-mail classified information across unclassified networks.

  5. Concerning Passwords • Use a combination of letters, numbers, and symbols in your password. • Do not use obvious names for your password. • Memorize your password. • Don't share passwords with other co-workers. • Change your password often. • Use numbers/symbols within the first and second half of your password, not just at the beginning or end.

  6. What You're Protecting • Operational processes • Defense Message System (DMS) • Electronic Key Management System (EKMS) • Secret Internet Protocol Router Network (SIPRNET) • CASREPS • OPREPS • Administrative processes • Intranet Operations • E-mail Delivery • Plan of the Week/Day • Record Message Delivery

  7. Phishing • SOCIAL ENGINEERING IS A COLLECTION OF TECHNIQUES INTENDED TO TRICK PEOPLE IN DIVULGING PRIVATE INFORMATION • NEVER PARTICIPATE IN UNAPPROVED SURVEYS ON THE TELEPHONE OR ONLINE • DON'T OPEN UNAPPROVED LINKS

  8. Spillage • CHECK ALL DOCUMENTS FOR CLASSIFICATION LEVEL • NIPRNet: unclassified • SIPRNet: classified • Be aware of which network you are on • IF YOU SPILL • IMMEDIATELY NOTIFY SECURITY POC • DO NOT DELETE SUSPECTED FILES • DO NOT FORWARD FURTHER READ OR MANIPULATE FILES • SECURE AREA

  9. Protecting Against Viruses • One way to protect an information system such as NMCI against viruses, is to use anti-virus software. The purpose of the anti-virus software is to perform three main tasks: • virus detection • virus removal • preventive protection

  10. CAC 101 • Common Access Cards (CAC) • The Common Access Card (CAC) will be used in NMCI for all unclassified smart card functions. A smart card is a plastic card about the size of a credit card that has an integrated circuit chip (ICC) embedded within. • What is Stored on a CAC? • The integrated circuit chip (ICC) can be updated or erased at any time. On average, the ICC is updated every 3 years. • Just as your ATM or debit card provides access to your bank account, the CAC combined with your personal identification number (PIN) will allow you to access your NMCI workstation and use the various NMCI features.

  11. CAC 102 • Who uses the CAC? • Common Access Cards (CACs) are issued to eligible Active Duty military personnel including the Selected Reserves, DOD Civilian employees, and eligible contractor personnel. • The CAC serves as the: • standard DOD ID card, • principal card to enable access to the buildings, controlled spaces, computer network and system access, and • primary storage area of PKI certificates. • What Do I Do If I Lose My CAC or Forget My PIN? • If you lose your CAC or forget your PIN, contact your supervisor immediately. The DEERS/RAPIDS is the only entity who can reissue your CAC

More Related