Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Information Protection Assessment

Similar presentations


Presentation on theme: "An Information Protection Assessment"— Presentation transcript:

1 An Information Protection Assessment
Getting Started & How to Complete An Information Protection Assessment v.1.0 2016

2 Table of Contents Getting Started Creating a New Assessment
Conducting an Assessment Appendix A

3 Introduction The Information Protection module within EPRM allows users to conduct assessments across three core security disciplines (Personnel, Industrial, and Information Security). Information Protection is a subset of the Air Force Security Enterprise. Air Force Policy Directive defines the Air Force Security Enterprise as the organizations, infrastructure, and measures (to include policies, processes, procedures, and products) in place to safeguard Air Force (AF) personnel, information, operations, resources, technologies, facilities, and assets against harm, loss, or hostile acts and influences. Personnel Security – The dataset within EPRM consists of assets, threats, vulnerabilities, and countermeasures related to the initial, periodic, and continuing evaluation of AF personnel (military, civilian, and contractor) to ensure they are trustworthy and/or suitable for sensitive positions and/or access to classified information. Guidance sources include AF and DoD policies which detail procedures for the conduct of individual security clearance investigations and identify what types of investigations are appropriate for which positions. The dataset also covers requirements for suitability determinations and fitness adjudication for AF civilians and contractors which must be met in addition to the granting of security clearances. The dataset is applicable to any AF unit (typically at the squadron level and above) having some level of responsibility or involvement in clearing its personnel. Industrial Security – The dataset content allows organizations to conduct assessments of information storage, processing, and classification requirements, in support of the National Industrial Security Program (NISP). It focuses on the protection of industrial installations, resources, utilities, materials, and classified information from loss or damage. This dataset within EPRM provides novice Industrial Security professionals a consistent, objective, automated means to collect valuable data in of support decision makers who must weigh how much risk they are willing to accept, based on identified risk factors. Information Security - The information security dataset supports effective execution of a robust information security program which includes accurate, accountable application of classification standards and routine, secure, and effective declassification as a national security imperative. This dataset within EPRM provides novice Information Security professionals a consistent, objective, automated means to collect valuable data in support of decision makers who must weigh how much risk they are willing to accept based on identified risk factors. Angela Ivey, EPRM Program Manager

4 Getting Started: On SIPRNET, navigate to: If you already have an EPRM user profile, login with your SIPRNET address. To request a user profile, click on the Request a User Profile button at the bottom of the page. Click on Compose to request a user profile. Ensure you include all of the required information. You may also request an account by sending all of the information in the box to the left to from your NIPRNET . You will receive an auto-generated with your temporary password within 7-10 business days. Once you receive your auto-generated , follow step 2 on how to login to EPRM.

5 Getting started (continued):
Once you are logged in, select Change Password from the drop-down menu in the top right corner of the screen.

6 Creating a New Assessment:
To create a new assessment, click the red Create a New Assessment button.

7 Creating a New Assessment (continued):
Name your assessment Enter what organization you are assessing Select EPRM Information Protection as your assessment type Choose your unit or organization’s node. This allows for the assessment to be viewed by your organization and is essential for higher level analysis and the control of unit information. NOTE: *You have privileges to nodes in Black *You do not have privileges to nodes in Red *Gray nodes are expired and assessment cannot be created on them. Creating a New Assessment (continued):

8 Creating a New Assessment (continued):
This page will only display if you have previously created an assessment or have permission to view previously created assessments or there are templates that can be inherited from. On this page you will be given the option to either start a new assessment from scratch or copy all of the responses from an existing assessment or inherit from one or more templates. These features reduce the amount of data entry required for recurring assessments. Once you click the radio button next to Copy from an existing assessment, all of the available assessments will appear. Double click on the assessment that you would like to copy.

9 Creating a New Assessment (continued):
If there are templates that can be inherited from, you can view them by selecting the “Inherit from one or more previously created templates” button. You can then select the templates you wish to inherit from the box on the left. Inherited templates will then display in the box on the right. Creating a New Assessment (continued):

10 Conducting an Assessment:
You are now at the assessment home page and are ready to begin your assessment. To begin your assessment click on the Profile icon where you will enter data about yourself and your organization. The YOU ARE HERE medallion will show you which step you are currently on. This is the basic assessment information, it includes: The assessment name and number. The name of the entity being assessed. The date the assessment was created and it’s status. The owner of the assessment. The dataset the assessment is using. You may use these administrative functions at anytime during your assessment. See Appendix A for specific instructions on how to use these functions.

11 Icons will remain locked until the previous step is completed.
Conducting an Assessment (continued): Click on the Assessor Information icon to begin entering information about yourself and your organization. Icons will remain locked until the previous step is completed.

12 Conducting an Assessment (continued):
This page captures contact information of the individual conducting the assessment. Be sure to enter information into all of the required fields.

13 Conducting an Assessment (continued):
The Additional POCs page allows you to store contact information for individuals that provide answers or assist you while conducting the assessment. Click Add New Entry to add additional POCs and be sure to include all required information. Once you are finished, click Finished Adding POCs then Continue. Conducting an Assessment (continued): Individuals listed in this section do not necessarily have or need to have accounts, they can obtain one by following the directions on page 1.

14 Conducting an Assessment (continued):
The About the Organization page asks questions to filter the content you will use to conduct the assessment. Answer all of the required questions then click Continue. The Answer ‘No’ to All Unanswered button will help you save time on screens where every item or question requires an answer to proceed. Choose Yes for items or questions that apply to you, then click the Answer ‘No’ to All Unanswered button to quickly answer the remaining items or questions. The Answer ‘No’ to All Unanswered button will help you save time on screens where every item or question requires an answer to proceed. Choose Yes for items or questions that apply to you, then click the Answer ‘No’ to All Unanswered button to quickly answer the remaining items or questions.

15 Conducting an Assessment (continued):
The Operating Environment page allows you to select which protection areas you will be assessing. You may select one or multiple protection areas for your assessment. Answer all questions then click Continue.

16 Conducting an Assessment (continued):
You are now ready to choose your critical assets. Click on the Critical Assets icon.

17 Conducting an Assessment (continued):
You may now select your critical assets. This section is where you will select which assets you want to include in your assessment and rate their criticality. In the Critical Assets section you can view assets by individual category or Show All Critical Asset Types in one list. Conducting an Assessment (continued):

18 Open (same as double clicking on row)
Conducting an Assessment (continued): Throughout the assessment process data is displayed in grids. The girds provide you the ability to sort, query, export, and print the contents to make the assessment process more efficient. The text fields above each column allow you to query the contents. You may query multiple columns at one time. Click on the arrow to the right of each column name to sort the contents. Print Preview Open (same as double clicking on row) Export to Excel Reload GridData

19 Conducting an Assessment (continued):
Click Yes to include an asset in your assessment or No to exclude it. When you select Yes, a pop-up box will appear, use the four question rating scale to assign criticality, then click Submit to proceed to the next critical asset. Conducting an Assessment (continued):

20 Conducting an Assessment (continued):
If desired, you may add a comment to a specific critical asset. You will also have the ability to add a comment to threats and countermeasures. To add a comment, click on the critical asset(1) to highlight the row then click the Add/View Comment button above the grid.(2) Type your comment in the text box, then click Save to continue.(3) A comment icon, “ ” will appear in the comment column. To view or edit your comment, double click on the comment icon.(4) Once you have selected responses for all of the critical assets, click Continue. Conducting an Assessment (continued): (2) (1) (3) (4)

21 Conducting an Assessment (continued):
After you have completed the Critical Assets section the category icons will be green. Click the Continue button to return to the assessment home page.

22 Conducting an Assessment (continued):
You are now ready to choose the threats to include in your assessment. Click on the Threat Characterization icon.

23 Conducting an Assessment (continued):
You may now select the threats your organization may encounter and rate their severity. To view all of the available threats click on the Show All Threats icon or to view threats by method click on one of the icons below. Conducting an Assessment (continued):

24 Conducting an Assessment (continued):
Click Yes to include a threat in your assessment, or No to exclude it. When you select Yes, a pop-up box will appear, select the threat severity. Once you have selected responses for all of the threats, click Continue. Conducting an Assessment (continued):

25 Conducting an Assessment (continued):
After you have completed the Threat Characterization section the category icons will be green. Click the Continue button to return to the assessment home page. Conducting an Assessment (continued):

26 Conducting an Assessment (continued):
You are now ready to select the countermeasures that you currently have in place. Click on the Countermeasures icon.

27 Conducting an Assessment (continued):
You may now select the countermeasures your organization currently has in place to determine your vulnerability. To view all of the available countermeasures click on the Show All Countermeasures icon or to view countermeasures by type click on one of the icons below. Conducting an Assessment (continued):

28 Conducting an Assessment (continued):
You may select Yes, No, or N/A (Not Applicable) to any question. If you select N/A, you will be required to enter an explanation. Once you have answered all of the questions, click Continue to proceed. For guidance while completing the Countermeasures section, double click on the countermeasure to be presented with a pop-up box containing guidance, explanations, and references.

29 Conducting an Assessment (continued):
After you have completed the Countermeasures section the category icons will be green. Click the Continue button to return to the assessment home page. Conducting an Assessment (continued):

30 Conducting an Assessment (continued):
You are now ready to finish the assessment. You will only have the ability to finish the assessment if you are the assessment owner or manager. Click on the Finish Assessment icon. After you have finished the assessment, click the Analysis icon to proceed to Analysis. 21. 22.

31 Appendix A Page: Rename 2-3. Share This Assessment 4-5. Change Owner Delete 7-8. File/Image Upload Reports

32 Rename: The Rename feature allows you to change the name of the assessment. Click Rename, enter the new name in the box provided, then click OK to save the change.

33 Share This Assessment:
The Share feature allows you to give other EPRM users in your Subscriber Account access to your assessment. You may allow others to read, edit, and/or conduct analysis depending on the privileges you allow. Click Share This Assessment then proceed to the next slide for additional instructions.

34 1. Find the user you want to share the assessment with.
Share This Assessment (continued): When you share an assessment with another user you will have to select what privileges you want them to have. “Read Only” privileges allow another user to view all of the assessments’ critical assets, threats, countermeasures, and analysis. “Read/Write” privileges allow another user to view and edit all of the assessments’ critical assets, threats, countermeasures, and analysis. 2. Assign the privileges you want the user to have on the assessment you are sharing 1. Find the user you want to share the assessment with.

35 Change Owner: The Change Owner feature allows you to transfer ownership of the assessment to another EPRM user. Once ownership is transferred to a new owner, the original owner no longer has any access to the assessment. Click Change Owner then proceed to the next slide for additional instructions.

36 Change Owner (continued):
Select a user to transfer ownership to from the drop down list, then click Change to complete. Once you click the Change button the new owner will be notified by and you will no longer have access to the assessment.

37 Delete: The Delete feature allows you to permanently delete an assessment. Once the assessment has been deleted it will not be recoverable. Click Delete, then a pop-up box will appear to ensure you want to delete the assessment. If you click Yes, the assessment will be deleted and you will be returned to the EPRM home page.

38 File/Image Upload: The File/Image Upload feature allows you to attach supporting documents and pictures to the assessment. Click File/Image Upload then proceed to the next slide for additional instructions.

39 All uploaded files will appear in the grid at the bottom of the page.
File/Image Upload (continued): The maximum file size is 10MB per uploaded file. Double click Browse to select the file you wish to upload. Once you have selected the file, click Upload. Your file will now appear in the grid. A message will let you know when the file has been successfully uploaded. All uploaded files will appear in the grid at the bottom of the page.

40 Reports: The Reports feature allows you to generate reports in Excel, Word, or PowerPoint from the assessments information. Click Reports to view all of the available reports.

41 Reports: The links to specific reports will be grayed out and unavailable when an assessment is started. As you progress through the assessment, reports for completed sections will turn blue as they become available.


Download ppt "An Information Protection Assessment"

Similar presentations


Ads by Google