Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance (IA) … to the Security of Our Data

Published by빈우 피 Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Assurance (IA) … to the Security of Our Data"— Presentation transcript:

1 Information Assurance (IA) … to the Security of Our Data
UNCLASSIFIED Information Assurance (IA) User Training FY 05 You Share the Key… … to the Security of Our Data

2 Information Assurance
MNF-I and MNC-I IA User Training Overview: What is IA? References The Three Local Networks User Responsibilities Passwords Security Classified Spills Electronic Media Wireless Viruses Designated Approving Authority (DAA) Instant Messaging (IM) and Peer to Peer (P2P)

3 What is IA and Why is it Important?
In simple terms, IA means ensuring that the data to which you have been given access is there, correct, and available to you when you need it. We ensure the good guys get the information they need to fight the war and the bad guys don’t. You are an absolutely critical part of ensuring this happens.

4 References DOD Directive , “Information Assurance,” October 24, 2002 DOD Instruction , “Information Assurance (IA) Implementation,” February 6, 2003 CENTCOM CCR , “Information System Management, Command, Control, Communication, and Computer (C4) Services, and Support and Network Management,” December 27, 2001 MNF-I Directive R25-1, “Information Assurance Implementation,” Draft

5 The Three Local Networks
NIPRNET– The unclassified network to which most people have access. This network connects to the Internet and allows you to surf the web. SIPRNET– This is a closed network classified at a SECRET level, used by US personnel only. CENTRIXS-MCFI – This is a closed network classified at SECRET//REL TO USA AND MCFI. This network is the coalition classified network.

6 User Responsibilities
You, as the user, are responsible for the systems you operate. This includes all computers, components, peripherals, and electronic media you may have. If your system breaks or is used maliciously through your negligence, you are responsible. This means that if you are logged on to a computer and leave your computer unlocked, and someone uses your computer under your account, you are responsible for their actions. This is the same as if you gave them your password. (And don’t do that either!)

7 Passwords Strong passwords are the first line of defense
Passwords must have ALL the following parameters: At least 8 – 12 characters A combination of numbers and letter At least one special character UPPER and lower case Here’s an example : Passwords must be protected at the same classification as the systems they are used on. DO NOT GIVE YOUR PASSWORD TO ANYONE!

8 Security Computers and media must be clearly marked with the classification of the data carried on the device. Your SECRET diskette should have a SECRET label. Your CENTRIXS-MCFI computer should have a SECRET//REL TO USA AND MCFI label in a clearly marked area. These devices must be controlled at the level of their classification. The security classifications used are TOP SECRET, SECRET, SECRET//REL TO US AND MCFI, and UNCLASSIFIED.

9 Security (cont’d) You as the user are not authorized to move any data down in classification. You as the user CAN NOT move data from the SIPRNET to the CENTRIXS or NIPRNET network. If data needs to be moved, the only person authorized to do so is your foreign disclosure officer (FDO). FDOs have the ability to lower the classification of data, if possible, allowing the data to be placed on the lower classification network.

10 Classified Spills When information of a higher classification is placed on a network or device of lower classification, regardless of how it got there, that is known as a spill. When a classified information spill occurs, IA teams are sent to identify the those affected and remove the information from any computer involved. If the spill is sent over , the account of the originator, and all recipients will be locked down until they are cleaned, then all accounts except the originator’s will be released.

11 Classified Spills (cont’d)
The originator may be subject to a UCMJ article 92 investigation per MNF-I Policy 05-04 Originator of the spill will lose their domain privileges for a minimum of 14 days, The account will only be restored through authorization from the first General Officer in their chain of command. At that point, they will have limited privileges.

12 Electronic Media Thumb Drives (removable media USB, thumb, pen drives) will have a Read/Write switch and marked visibly, physically controlled, and safeguarded as required by it’s highest classification, until properly destroyed. This means that your classified thumb drive plugged into an unclassified computer is a SECURITY VIOLATION. You can move data up to a higher classified system while the lock on the device is enabled to prevent writing to the device, but you can’t go from a higher classification to a lower classification.

13 Wireless Devices Wireless devices such as cell phones or PDA’s are not authorized in areas that process classified materials. Exceptions to this policy must be written and approved by the DAA. This is why cell phones must be turned in prior to entering the JOC. Wireless devices are not authorized to connect to any of the theater computer networks.

14 Designated Approval Authority (DAA)
The MNF-I DCS CIS is the Iraqi theater DAA. The DAA is responsible for accepting the risks associated with running a tactical network. Changes to the security posture of the network must be approved by the DAA.

15 Virus Virus and worm activity are always a present danger on any network. Many of these malicious programs will open holes into the network that allow control from outside or delete data. Each computer should have an anti-virus program on it, watching for and stopping virus activity before they cause any harm. Contact your IMO or IA shop if your anti-virus is out of date. When a new virus is found, automatic updates are sent to your computer to provide you protection from any new threats.

16 Virus (cont’d) The most common way for computers to be infected with a virus is via . DO NOT open attachments from someone you don’t know. with suspicious content or attachments should be reported to your IMO and the help desk. Should your computer become infected with a virus, or you are notified that your computer is infected, immediately contact your local IMO and the help desk and follow their instructions.

17 Instant Messenger IM applications (AOL, MSN, Yahoo!, etc.) are PROHIBITED Exceptions: Intelligence collections assets AKO, Air Force Portal, DCTS, IWS, CENTRIXS-MCFI and SIPRNET

18 Peer-to-Peer (P2P) P2P Networking applications (Gnutella, KaZaa, Morpheus, Napster, Limewire, etc.) OR any file sharing applications for movies, music, pictures, gaming, etc. are PROHIBITED. P2P applications are treated as viruses. These applications are known to contain spyware and other malicious payloads.

19 Click NEXT to see the correct answer.
User Test What is the most common way for computers to be infected with a virus? A. Surfing the Web B. Transmissions from cell phone towers C. D. Downloading music Click NEXT to see the correct answer.

20 User Test (cont’d) What is the most common way for computers to be infected with a virus? A. Surfing the Web B. Transmissions from cell phone towers C. D. Downloading music

21 Click NEXT to see the correct answer.
User Test (cont’d) Can you give your password to your colleague before going on R&R? A. Yes B. No Click NEXT to see the correct answer.

22 User Test (cont’d) Can you give your password to your colleague before going on R&R? A. Yes B. No

23 Click NEXT to see the correct answer.
User Test (cont’d) If you open your Hotmail account and have an electronic greeting card from someone you do not know, what do you do? A. Do not open attachments from unknown addressees on government computers B. Download it, and scan “BEFORE” opening C. Call your Help Desk D. Any of the above Click NEXT to see the correct answer.

24 User Test (cont’d) If you open your Hotmail account and have an electronic greeting card from someone you do not know, what do you do? A. Do not open attachments from unknown addressees on government computers B. Download it, and scan “BEFORE” opening C. Call your Help Desk D. Any of the above

25 Click NEXT to see the correct answer.
User Test (cont’d) Why can’t you load music, movies, photos and games using P2P software? A. You cannot install unapproved software B. You cannot download freeware or shareware or other non-approved executable programs for P2P file-sharing for music/movies/photos/gaming, instant messaging or Unlicensed software C. You cannot take a chance on disrupting the network or introducing a virus D. All of the above Click NEXT to see the correct answer.

26 User Test (cont’d) Why can’t you load music, movies, photos and games using P2P software? A. You cannot install unapproved software B. You cannot download freeware or shareware or other non-approved executable programs for P2P file-sharing for music/movies/photos/gaming, instant messaging or Unlicensed software C. You cannot take a chance on disrupting the network or introducing a virus D. All of the above

27 Click NEXT to see the correct answer.
User Test (cont’d) If you receive a message that your system is infected with a virus, what do you do? A. Ignore it B. Contact your IMO or the helpdesk immediately C. Reboot your system D. Keep working until you have time to deal with it Click NEXT to see the correct answer.

28 User Test (cont’d) If you receive a message that your system is infected with a virus, what do you do? A. Ignore it B. Contact your IMO or the helpdesk immediately C. Reboot your system D. Keep working until you have time to deal with it

29 Click NEXT to see the correct answer.
User Test (cont’d) What forms of instant messaging are authorized on the MNF-I network? A. Yahoo! B. AKO C. Air Force Portal D. B and C Click NEXT to see the correct answer.

30 User Test (cont’d) What forms of instant messaging are authorized on the MNF-I network? A. Yahoo! B. AKO C. Air Force Portal D. B and C

31 Click NEXT to see the correct answer.
User Test (cont’d) IA is: A. Ensuring information’s Confidentiality, Integrity, Availability, Non-Repudiation, and Authentication B. A pain C. only interested in shutting things down D. only important to the communications personnel Click NEXT to see the correct answer.

32 User Test (cont’d) IA is:
A. Ensuring information’s Confidentiality, Integrity, Availability, Non-Repudiation, and Authentication B. A pain C. only interested in shutting things down D. only important to the communications personnel

33 Click NEXT to see the correct answer.
User Test (cont’d) Who is authorized to move information from a higher classification network (SIPRNET) to a lower classification network? A. Any O-6 or above B. Me, because I’m the subject matter expert C. The Foreign Disclosure Officer (FDO) D. Any IMO Click NEXT to see the correct answer.

34 User Test (cont’d) Who is authorized to move information from a higher classification network (SIPRNET) to a lower classification network? A. Any O-6 or above B. Me, because I’m the subject matter expert C. The Foreign Disclosure Officer (FDO) D. Any IMO

35 Click NEXT to see the correct answer.
User Test (cont’d) Wireless devices are authorized to connect to the MNF-I network if: A. Wireless devices are not authorized on the MNF-I network B. Approved by an O-6 or above C. I don’t get caught Click NEXT to see the correct answer.

36 User Test (cont’d) Wireless devices are authorized to connect to the MNF-I network if: A. Wireless devices are not authorized on the MNF-I network B. Approved by an O-6 or above C. I don’t get caught

37 Click NEXT to see the correct answer.
User Test (cont’d) Who is authorized to grant a waiver to security requirements on the MNF-I network? A. Any IMO B. System Administrators C. Only the DAA for the network is authorized to accept the risk D. Any commander Click NEXT to see the correct answer.

38 User Test (cont’d) Who is authorized to grant a waiver to security requirements on the MNF-I network? A. Any IMO B. System Administrators C. Only the DAA for the network is authorized to accept the risk D. Any commander

39 Click NEXT to see the correct answer.
User Test (cont’d) What should you do if a message pops up on your computer saying your anti-virus definitions are out of date? A. Contact your IMO B. If your IMO isn’t available, contact your IA shop C. Ignore it and keep working as there is no affect on your computer D. A and B Click NEXT to see the correct answer.

40 User Test (cont’d) What should you do if a message pops up on your computer saying your anti-virus definitions are out of date? A. Contact your IMO B. If your IMO isn’t available, contact your IA shop C. Ignore it and keep working as there is no affect on your computer D. A and B

41 Click NEXT to see the correct answer.
User Test (cont’d) Who is responsible for the computer you work on? A. IMO B. The C6/S6/G6 C. The DAA D. The user of the computer Click NEXT to see the correct answer.

42 User Test (cont’d) Who is responsible for the computer you work on?
A. IMO B. The C6/S6/G6 C. The DAA D. The user of the computer

43 IA Points of Contact IA CELL 822-2018 Camp Adder IA Team
Brian Brooks (IAM) Walter Hodges (IASO) MNF-I CIS IA Branch Lloyd Samples (Theater IA Manger) IA CELL

44 Certificate of Completion
Click NEXT to open your Information Assurance Awareness Training Certificate of Completion. Print the certificate as it appears on the monitor Handwrite your name and unit on the line below the “is hereby granted to” block Write in the date you completed the training on the line below the “Date Granted” block, Sign at Signature. Have your IMO sign your completion certificate Make a copy for your records Turn in the completed certificate to the Help Desk

45 MNC/F-I Camp Cedar Certificate of Completion is hereby granted to _________________________________________ (Type Name and Unit) to certify that he/she has completed to satisfaction Information Assurance Awareness Training Date Granted ________________ __________________________ User Signature __________________________ IMO Signature

Download ppt "Information Assurance (IA) … to the Security of Our Data"

Similar presentations

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Using SWHS: The AUP [Acceptable Use Policy]

Using SWHS: The AUP [Acceptable Use Policy]
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
1.1 System Performance Security Module 1 Version 5.

1.1 System Performance Security Module 1 Version 5.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Topic 5: Basic Security.

Topic 5: Basic Security.
Internet Safety Internet Safety LPM

Internet Safety Internet Safety LPM
Incident Security & E-Mail Confidentiality Integrity Availability.

Incident Security & Confidentiality Integrity Availability.
Email tool kit. E-MAIL USER GUIDE Etiquette (Acceptable use policy) – a list of rules that we observe Use a suitable subject in the e-mail - this helps.

tool kit. USER GUIDE Etiquette (Acceptable use policy) – a list of rules that we observe Use a suitable subject in the - this helps.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
W elcome to our Presentation. Presentation Topic Virus.

W elcome to our Presentation. Presentation Topic Virus.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Woodland Hills School District Computer Network Acceptable Use Policy.

Woodland Hills School District Computer Network Acceptable Use Policy.

Similar presentations

Ads by Google