Presentation is loading. Please wait.

Presentation is loading. Please wait.

2007 Computer End User Training

Published byCarole Blanchette Modified over 6 years ago

Similar presentations

Presentation on theme: "2007 Computer End User Training"— Presentation transcript:

1 2007 Computer End User Training
UNCLASSIFIED 2007 Computer End User Training 1 June 2007 UNCLASSIFIED

2 2007 Information Assurance Security Awareness Briefing
Army Aviation & Missile Research, Development & Engineering Center U.S. Army Research, Development and Engineering Command UNCLASSIFIED 2007 Information Assurance Security Awareness Briefing AMRDEC Information Assurance AMRDEC IA Team UNCLASSIFIED

3 • This Presentation is UNCLASSIFIED
Overview UNCLASSIFIED • This Presentation is UNCLASSIFIED What is Information Assurance • General Security Guidance • Protecting Information • Reporting Violations • What can you do? UNCLASSIFIED

4 Are You the Problem or the Solution?
UNCLASSIFIED UNCLASSIFIED

5 What is Information Assurance?
UNCLASSIFIED Information Assurance is: “Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation …providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” as defined by the CNSSI 4009, “ National Information Systems Security Glossary,” dated May 2003 UNCLASSIFIED

6 What is Information Assurance?
UNCLASSIFIED • AVAILABILITY: Making sure the computer and the information is there when we need it. • INTEGRITY: Making sure the information we use, transmit, process, or store has not been corrupted or adversely manipulated. • AUTHENTICATION: Making sure we know who is using our computers and accessing our data. • CONFIDENTIALITY: Making sure the information is protected from disclosure. • NONREPUDIATION: Making sure the information is ‘tagged’ so when we send it – we know it got there, and the recipient knows who sent it. UNCLASSIFIED

7 So, Why Are You Here? UNCLASSIFIED • DOD and Army policy requires annual information assurance awareness training. • Need to emphasize important security tasks and acceptable user practices. UNCLASSIFIED

8 • Recognize your computing responsibilities.
Your Mission UNCLASSIFIED • Recognize your computing responsibilities. • Accept responsibility for protecting government information. • Recognize the challenges and threats that can harm our National Security. UNCLASSIFIED

9 Do You Know What “OK” Means?
UNCLASSIFIED • When you login, you acknowledge that the information system you are using is for “Official Government Use Only”. • The server and all of its information are subject to inspection. • Your actions are subject to continuous audit. UNCLASSIFIED

10 General Workstation Security
UNCLASSIFIED Protect your identity (User Id) by using strong passwords. The following applies: User generated passwords must be 14 characters or longer. Must contain three of the four character types: uppercase, lowercase, numbers, and special characters. Passwords will be changed at least every 60 days. UNCLASSIFIED

11 General Workstation Security
UNCLASSIFIED Always log off of the Wiki, Jira, or Perforce when leaving your computer unattended! You are responsible for the data on your system at all times! UNCLASSIFIED

12 Prudent Network Security and Internet Practices
UNCLASSIFIED •AMRDEC prohibits the use of this server for: - Chain letters. - Private commercial activities. - Accessing pornographic or gambling sites. - Participating in online auction activity. - Political Activity. - Illegal fraudulent or malicious activities. - Any use which reflects adversely on AMRDEC or any other DOD element. Virus Protection: - Avoid attaching media from other computing environments. If unavoidable, at the least, ensure virus scan is performed on the media before utilizing data. - Ensure your workstation runs a daily virus scan. UNCLASSIFIED

13 DOD treats all media as documents.
Types of Information UNCLASSIFIED • Information can be stored on: Printers with Memory Backup Tapes Printed Documents CDs or Floppy Disks Handheld Devices Computer Hard Drives Fax Machines Web Pages DOD treats all media as documents. UNCLASSIFIED

14 • It is a form of System Contamination.
What is Spillage? UNCLASSIFIED • It is a form of System Contamination. • It is the unintentional improper storage, transmission or processing of CLASSIFIED information on an UNCLASSIFIED system or via a communications path. Most common occurrence is transmission via or embedded in Power Point Presentations or other non-redacted files. UNCLASSIFIED

15 Bottom Line: THESE INCIDENTS MUST STOP!
Why is This Happening? UNCLASSIFIED • Users are not reading completely. • Electronic media is not being marked properly. • File names or subject headers do not reveal content sensitivity of information. • Rules for “data aggregation” / derivatively classifying are not well understood. • Individuals are unaware of classification guides / guidance. • Improper storage, cleansing, transmission, processing of classified information. • All AMRDEC personnel are PERSONALLY responsible for protecting sensitive and classified information. Bottom Line: THESE INCIDENTS MUST STOP! UNCLASSIFIED

16 Processing Classified Information
UNCLASSIFIED • The Army Game Studio servers are not accredited for Classified processing! DO NOT STORE ANY CLASSIFIED DATA ON THE AGS SERVERS! UNCLASSIFIED

17 Reporting Computer Security Incidents
UNCLASSIFIED Security Incident: • An attempt to exploit a national security system; may involve fraud, waste, or abuse; compromise of information; loss or damage of property or information; or denial of service. – Security incidents include: • penetration of computer systems. • exploitation of vulnerabilities. • introduction of computer viruses or other forms of malicious code. If an incident occurs: • Gather all pertinent information: – time, details, person(s) involved, actions taken, etc. • Report it to your IASO, SA, IAM and the AMRDEC Help Desk. • Site administrators should notify LCIRT • If a violation of law is evident or suspected, the incident must also be reported to both security and law enforcement organizations for appropriate action. Report ALL Suspicious Activity!! UNCLASSIFIED

18 Reporting Suspicious Activities
UNCLASSIFIED • Report suspicious persons or circumstances immediately to your Supervisor, IASO, the Information Assurance Team, or the AMRDEC Security and Intelligence Division. • Be alert for: – surveillance attempts. – suspicious persons or activities. – individuals using unauthorized recording devices. UNCLASSIFIED

19 To Improve our Security Program
UNCLASSIFIED Be a strong link in the security chain! Adhere to password standards. Keep passwords safe! Do not share your username or password with anyone! Separate government work from personal activities. UNCLASSIFIED

20 To Improve our Security Program (cont)
UNCLASSIFIED • Separate classified from unclassified information. Use classification guidance when regrading classified information. Label your diskettes! • Keep track of your removable media. Store them when not in use. • Watch your file transmissions! Make sure the files you transfer or the you send is appropriate for the sensitivity of that network! • Report anomalies. Requests for information from unknown sources (foreign countries), destroyed, infected or corrupted files, missing computer hardware, etc. Report this to your IASO and to the Help Desk. UNCLASSIFIED

21 Pay Attention to Detail. Security is your responsibility!
Conclusion UNCLASSIFIED • Strictly follow Army and AMRDEC security guidance. If you don’t know - ask! • Contact your Information Assurance Security Officer (IASO), Information Assurance Manager (IAM) or the Information Assurance Team at / for assistance. Pay Attention to Detail. Be Alert. Be Aware! Security is your responsibility! UNCLASSIFIED

22 https://intranet.amrdec.army.mil/Training
Additional Training UNCLASSIFIED AMRDEC Training: Fort Gordon Information Assurance (IA) Training: AMRDEC IA Training links and information: AMRDEC IA Frequently Asked Questions: UNCLASSIFIED

23 AGS SED Information Assurance Team
Contact Information UNCLASSIFIED AGS SED Information Assurance Team UNCLASSIFIED

Download ppt "2007 Computer End User Training"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:

Information Security Awareness:
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Information Governance Jym Bates Head of Information Assurance.

Information Governance Jym Bates Head of Information Assurance.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Similar presentations

Ads by Google