NSTSSI Security Education Standards
1. LEGAL LIABILITIES ISSUES a. Legal Issues (1) explain the legal responsibilities of the DAA; (2) discuss the Computer Fraud and Abuse Act, P.L. 99-474, 18 U.S. Code 1030; (3) discuss Copyright Protection and License, Copyright Act of 1976, Title 17 U.S. Code, P.L. 102- 307, amended the Copyright Act of 1976, 1990; (4) discuss the Freedom of Information Act; (5) discuss the purpose and history of NSD 42; (6) discuss implications of the Privacy Act; (7) list and discuss the issues of Computer Security Act of 1987 (P.L. 100-235); and (8) list international legal issues which can affect INFOSEC. b. Liabilities (1) state the importance of annual loss expectancy; (2) list the damage which can occur when anti-virus programs are not used; (3) determine the responsibilities associated with the business aspects of INFOSEC; and (4) explain the legal responsibilities of the data owner. c. Crime (1) explain how audit analysis tools can be useful in crime analysis; (2) explain the importance of written procedures for evidence collection and preservation; (3) illustrate the importance of written procedures for investigation of security breaches; (4) describe how collection methods can affect evidence acceptability; (5) list the ways logs/journals can be important evidence in a suspected criminal investigation; and (6) describe the DAA role in witness interview and interrogation. d. Issues (1) explain the dangers of not using your agency's Computer Emergency Response Team (CERT); (2) discuss the effects of disregarding COMSEC policy and guidance; (3) illustrate the ramifications of improper disposition of classified information; (4) determine the effects of threats to electronic data interchange to systems in your agency; (5) explain the consequences of damage occurring to electronic funds transfer to systems in your agency; (6) explain how unauthorized modifications to electronic mail affect your agency; (7) outline the vulnerabilities associated with electronic records management; (8) describe the liabilities associated with electronic monitoring; (9) illustrate how fraud, waste, and abuse of computer resources can affect your agency's system security; (10) define the term "Information Warfare" (INFOWAR); (11) explain the DAA's role in information warfare through the use of INFOSEC; (12) describe ways in which connecting to the National Information Infrastructure can create risks to your systems; (13) define the term "national security information"; (14) explain the DAA's role in the security violations reporting process; (15) discuss the importance of separation of duties; (16) explain software piracy; and (17) explain DAA responsibility for preventing unauthorized disclosure of information. e. Contracts, Agreements, and Other Obligations (1) define for the contractor the DAA involvement in the development of new systems; (2) explain to the contractor the DAA involvement in maintenance agreements; and (3) describe to the contractor the DAA involvement in classified systems.