Information Assurance (IA) … to the Security of Our Data

Slides:



Advertisements
Similar presentations
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Advertisements

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Using SWHS: The AUP [Acceptable Use Policy]
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
1.1 System Performance Security Module 1 Version 5.
IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Topic 5: Basic Security.
Internet Safety Internet Safety LPM
Incident Security & Confidentiality Integrity Availability.
tool kit. USER GUIDE Etiquette (Acceptable use policy) – a list of rules that we observe Use a suitable subject in the - this helps.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
W elcome to our Presentation. Presentation Topic Virus.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Woodland Hills School District Computer Network Acceptable Use Policy.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Security Awareness Our security depends on you. What IT Security Protects ECU Campus network and everything attached to it Information –personal data.
Latest Issues Related To The AVG Antivirus 2017
bitdefender virus protection
ISMS Information Security Management System
Account & Google Message Center Guide August 2015 Prepared by: Angela Mars IT Education and Training.
Security Issues in Information Technology
Chapter 40 Internet Security.
What is Information Security?
Crosby ISD Acceptable Use Policy Training
Trend Micro Consumer 2010 Easy. Fast. Smart.
Technology Skills for Life, Career, and Academic Success
Malware and Computer Maintenance
Unit 4 IT Security.
Student Monmouth College
How to build a good reputation online
Cyber Security By: Pratik Gandhi.
Home Computer Security
Information Security 101 Richard Davis, Rob Laltrello.
Business Risks of Insecure Networks
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Staying Austin College
Tool Server Workstation Router Universal
Computer Technology Notes 5
Robert Leonard Information Security Manager Hamilton
HQMC ISC BRIEF FEBRUARY 6, 2007
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
2007 Computer End User Training
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
Spyware. By: Katheryn L. Gaston.
County HIPAA Review All Rights Reserved 2002.
Lesson 2: Epic Security Considerations
Part 3.
Epic Introduction Basics
Internet Safety and Security Curtis Shaw nwtel.ca November 2012
King Saud University- College OF Applied Studies
Cybersecurity Am I concerned?
9 ways to avoid viruses and spyware
Epic Introduction Basics
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
24/7/365 Remote Computer Support
King Saud University- College OF Applied Studies
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
Introduction to the PACS Security
G061 - Network Security.
Woodland Hills School District
Presentation transcript:

Information Assurance (IA) … to the Security of Our Data UNCLASSIFIED Information Assurance (IA) User Training FY 05 You Share the Key… … to the Security of Our Data

Information Assurance MNF-I and MNC-I IA User Training Overview: What is IA? References The Three Local Networks User Responsibilities Passwords Security Classified Spills Electronic Media Wireless Viruses Designated Approving Authority (DAA) Instant Messaging (IM) and Peer to Peer (P2P)

What is IA and Why is it Important? In simple terms, IA means ensuring that the data to which you have been given access is there, correct, and available to you when you need it. We ensure the good guys get the information they need to fight the war and the bad guys don’t. You are an absolutely critical part of ensuring this happens.

References DOD Directive 8500.1, “Information Assurance,” October 24, 2002 DOD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 CENTCOM CCR 25-206, “Information System Management, Command, Control, Communication, and Computer (C4) Services, and Support and Network Management,” December 27, 2001 MNF-I Directive R25-1, “Information Assurance Implementation,” Draft

The Three Local Networks NIPRNET– The unclassified network to which most people have access. This network connects to the Internet and allows you to surf the web. SIPRNET– This is a closed network classified at a SECRET level, used by US personnel only. CENTRIXS-MCFI – This is a closed network classified at SECRET//REL TO USA AND MCFI. This network is the coalition classified network.

User Responsibilities You, as the user, are responsible for the systems you operate. This includes all computers, components, peripherals, and electronic media you may have. If your system breaks or is used maliciously through your negligence, you are responsible. This means that if you are logged on to a computer and leave your computer unlocked, and someone uses your computer under your account, you are responsible for their actions. This is the same as if you gave them your password. (And don’t do that either!)

Passwords Strong passwords are the first line of defense Passwords must have ALL the following parameters: At least 8 – 12 characters A combination of numbers and letter At least one special character (*&^%$#@!) UPPER and lower case Here’s an example : Z4af$Qk@m1 Passwords must be protected at the same classification as the systems they are used on. DO NOT GIVE YOUR PASSWORD TO ANYONE!

Security Computers and media must be clearly marked with the classification of the data carried on the device. Your SECRET diskette should have a SECRET label. Your CENTRIXS-MCFI computer should have a SECRET//REL TO USA AND MCFI label in a clearly marked area. These devices must be controlled at the level of their classification. The security classifications used are TOP SECRET, SECRET, SECRET//REL TO US AND MCFI, and UNCLASSIFIED.

Security (cont’d) You as the user are not authorized to move any data down in classification. You as the user CAN NOT move data from the SIPRNET to the CENTRIXS or NIPRNET network. If data needs to be moved, the only person authorized to do so is your foreign disclosure officer (FDO). FDOs have the ability to lower the classification of data, if possible, allowing the data to be placed on the lower classification network.

Classified Spills When information of a higher classification is placed on a network or device of lower classification, regardless of how it got there, that is known as a spill. When a classified information spill occurs, IA teams are sent to identify the those affected and remove the information from any computer involved. If the spill is sent over email, the account of the originator, and all recipients will be locked down until they are cleaned, then all accounts except the originator’s will be released.

Classified Spills (cont’d) The originator may be subject to a UCMJ article 92 investigation per MNF-I Policy 05-04 Originator of the spill will lose their domain privileges for a minimum of 14 days, The account will only be restored through authorization from the first General Officer in their chain of command. At that point, they will have limited privileges.

Electronic Media Thumb Drives (removable media USB, thumb, pen drives) will have a Read/Write switch and marked visibly, physically controlled, and safeguarded as required by it’s highest classification, until properly destroyed. This means that your classified thumb drive plugged into an unclassified computer is a SECURITY VIOLATION. You can move data up to a higher classified system while the lock on the device is enabled to prevent writing to the device, but you can’t go from a higher classification to a lower classification.

Wireless Devices Wireless devices such as cell phones or PDA’s are not authorized in areas that process classified materials. Exceptions to this policy must be written and approved by the DAA. This is why cell phones must be turned in prior to entering the JOC. Wireless devices are not authorized to connect to any of the theater computer networks.

Designated Approval Authority (DAA) The MNF-I DCS CIS is the Iraqi theater DAA. The DAA is responsible for accepting the risks associated with running a tactical network. Changes to the security posture of the network must be approved by the DAA.

Virus Virus and worm activity are always a present danger on any network. Many of these malicious programs will open holes into the network that allow control from outside or delete data. Each computer should have an anti-virus program on it, watching for and stopping virus activity before they cause any harm. Contact your IMO or IA shop if your anti-virus is out of date. When a new virus is found, automatic updates are sent to your computer to provide you protection from any new threats.

Virus (cont’d) The most common way for computers to be infected with a virus is via email. DO NOT open email attachments from someone you don’t know. Email with suspicious content or attachments should be reported to your IMO and the help desk. Should your computer become infected with a virus, or you are notified that your computer is infected, immediately contact your local IMO and the help desk and follow their instructions.

Instant Messenger IM applications (AOL, MSN, Yahoo!, etc.) are PROHIBITED Exceptions: Intelligence collections assets AKO, Air Force Portal, DCTS, IWS, CENTRIXS-MCFI and SIPRNET

Peer-to-Peer (P2P) P2P Networking applications (Gnutella, KaZaa, Morpheus, Napster, Limewire, etc.) OR any file sharing applications for movies, music, pictures, gaming, etc. are PROHIBITED. P2P applications are treated as viruses. These applications are known to contain spyware and other malicious payloads.

Click NEXT to see the correct answer. User Test What is the most common way for computers to be infected with a virus? A. Surfing the Web B. Transmissions from cell phone towers C. E-mail D. Downloading music Click NEXT to see the correct answer.

User Test (cont’d) What is the most common way for computers to be infected with a virus? A. Surfing the Web B. Transmissions from cell phone towers C. E-mail D. Downloading music

Click NEXT to see the correct answer. User Test (cont’d) Can you give your password to your colleague before going on R&R? A. Yes B. No Click NEXT to see the correct answer.

User Test (cont’d) Can you give your password to your colleague before going on R&R? A. Yes B. No

Click NEXT to see the correct answer. User Test (cont’d) If you open your Hotmail account and have an electronic greeting card from someone you do not know, what do you do? A. Do not open attachments from unknown addressees on government computers B. Download it, and scan “BEFORE” opening C. Call your Help Desk D. Any of the above Click NEXT to see the correct answer.

User Test (cont’d) If you open your Hotmail account and have an electronic greeting card from someone you do not know, what do you do? A. Do not open attachments from unknown addressees on government computers B. Download it, and scan “BEFORE” opening C. Call your Help Desk D. Any of the above

Click NEXT to see the correct answer. User Test (cont’d) Why can’t you load music, movies, photos and games using P2P software? A. You cannot install unapproved software B. You cannot download freeware or shareware or other non-approved executable programs for P2P file-sharing for music/movies/photos/gaming, instant messaging or Unlicensed software C. You cannot take a chance on disrupting the network or introducing a virus D. All of the above Click NEXT to see the correct answer.

User Test (cont’d) Why can’t you load music, movies, photos and games using P2P software? A. You cannot install unapproved software B. You cannot download freeware or shareware or other non-approved executable programs for P2P file-sharing for music/movies/photos/gaming, instant messaging or Unlicensed software C. You cannot take a chance on disrupting the network or introducing a virus D. All of the above

Click NEXT to see the correct answer. User Test (cont’d) If you receive a message that your system is infected with a virus, what do you do? A. Ignore it B. Contact your IMO or the helpdesk immediately C. Reboot your system D. Keep working until you have time to deal with it Click NEXT to see the correct answer.

User Test (cont’d) If you receive a message that your system is infected with a virus, what do you do? A. Ignore it B. Contact your IMO or the helpdesk immediately C. Reboot your system D. Keep working until you have time to deal with it

Click NEXT to see the correct answer. User Test (cont’d) What forms of instant messaging are authorized on the MNF-I network? A. Yahoo! B. AKO C. Air Force Portal D. B and C Click NEXT to see the correct answer.

User Test (cont’d) What forms of instant messaging are authorized on the MNF-I network? A. Yahoo! B. AKO C. Air Force Portal D. B and C

Click NEXT to see the correct answer. User Test (cont’d) IA is: A. Ensuring information’s Confidentiality, Integrity, Availability, Non-Repudiation, and Authentication B. A pain C. only interested in shutting things down D. only important to the communications personnel Click NEXT to see the correct answer.

User Test (cont’d) IA is: A. Ensuring information’s Confidentiality, Integrity, Availability, Non-Repudiation, and Authentication B. A pain C. only interested in shutting things down D. only important to the communications personnel

Click NEXT to see the correct answer. User Test (cont’d) Who is authorized to move information from a higher classification network (SIPRNET) to a lower classification network? A. Any O-6 or above B. Me, because I’m the subject matter expert C. The Foreign Disclosure Officer (FDO) D. Any IMO Click NEXT to see the correct answer.

User Test (cont’d) Who is authorized to move information from a higher classification network (SIPRNET) to a lower classification network? A. Any O-6 or above B. Me, because I’m the subject matter expert C. The Foreign Disclosure Officer (FDO) D. Any IMO

Click NEXT to see the correct answer. User Test (cont’d) Wireless devices are authorized to connect to the MNF-I network if: A. Wireless devices are not authorized on the MNF-I network B. Approved by an O-6 or above C. I don’t get caught Click NEXT to see the correct answer.

User Test (cont’d) Wireless devices are authorized to connect to the MNF-I network if: A. Wireless devices are not authorized on the MNF-I network B. Approved by an O-6 or above C. I don’t get caught

Click NEXT to see the correct answer. User Test (cont’d) Who is authorized to grant a waiver to security requirements on the MNF-I network? A. Any IMO B. System Administrators C. Only the DAA for the network is authorized to accept the risk D. Any commander Click NEXT to see the correct answer.

User Test (cont’d) Who is authorized to grant a waiver to security requirements on the MNF-I network? A. Any IMO B. System Administrators C. Only the DAA for the network is authorized to accept the risk D. Any commander

Click NEXT to see the correct answer. User Test (cont’d) What should you do if a message pops up on your computer saying your anti-virus definitions are out of date? A. Contact your IMO B. If your IMO isn’t available, contact your IA shop C. Ignore it and keep working as there is no affect on your computer D. A and B Click NEXT to see the correct answer.

User Test (cont’d) What should you do if a message pops up on your computer saying your anti-virus definitions are out of date? A. Contact your IMO B. If your IMO isn’t available, contact your IA shop C. Ignore it and keep working as there is no affect on your computer D. A and B

Click NEXT to see the correct answer. User Test (cont’d) Who is responsible for the computer you work on? A. IMO B. The C6/S6/G6 C. The DAA D. The user of the computer Click NEXT to see the correct answer.

User Test (cont’d) Who is responsible for the computer you work on? A. IMO B. The C6/S6/G6 C. The DAA D. The user of the computer

IA Points of Contact IA CELL 822-2018 Camp Adder IA Team Brian Brooks (IAM) 833-1721 brian.brooks@adder.arfor.army.mil Walter Hodges (IASO) 833-1721 Walter.hodges@adder.arfor.army.mil MNF-I CIS IA Branch Lloyd Samples (Theater IA Manger) 822-2497 Lloyd.samples@iraq.centcom.mil IA CELL 822-2018

Certificate of Completion Click NEXT to open your Information Assurance Awareness Training Certificate of Completion. Print the certificate as it appears on the monitor Handwrite your name and unit on the line below the “is hereby granted to” block Write in the date you completed the training on the line below the “Date Granted” block, Sign at Signature. Have your IMO sign your completion certificate Make a copy for your records Turn in the completed certificate to the Help Desk

MNC/F-I Camp Cedar Certificate of Completion is hereby granted to _________________________________________ (Type Name and Unit) to certify that he/she has completed to satisfaction Information Assurance Awareness Training Date Granted ________________ __________________________ User Signature __________________________ IMO Signature