Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


      a.    Introductory

            (1)    explain information security problems which may occur at an access node;
            (2)    explain the property of accountability to include:  traceability of activities to individual users;
                   assigning responsibility for violations, attempted violations, and activities;
            (3)    explain the purpose for the Assessed Products List (APL);
            (4)    define the term "approved circuit";
            (5)    discuss why authentication is an important process in INFOSEC to include:
                   (a)      positive validation for a claimed identity which may be:  station, originator, individual,
                            transmission, message, user,  device;
                   (b)      positive validation may also be called:  identification or verification;  and
                   (c)      protective measure used to deter fraudulent transmissions.
            (6)    identify who is involved in the Authorization process (the DAA, his/her designee(s), and the
                    extent of their authority) in your organization;
            (7)     describe the resources and methods of an automatic message processing system; and
            (8)     list general operations security (OPSEC) principles and sources of information.
      b.    DAA Authority
            (1)     explain the objectives of the information systems security program:  availability, denial of servi$
                    confidentiality, integrity;
            (2)     outline the business aspects of information security;
            (3)     describe the components of a classified COMSEC program;
            (4)     explain why compartmentalization is an important aspect of INFOSEC;
            (5)     describe how connectivity impacts both your systems and external systems;
            (6)     define the term "critical processing";
            (7)     identify critical systems within your purview;
            (8)     describe how criticality is a parameter which indicates the degree of dependence of your
                    organization on an asset;
            (9)     explain the purposes for a computer security working group;
            (10)    define the term "data owner";
            (11)    explain the purpose for degaussing magnetic media;
            (12)    explain why the disposition of classified data is important for secure processing;
            (13)    demonstrate the differences between INFOSEC education, training, and awareness (ET&A);

            (14)    illustrate how electronic data interchange (EDI) is susceptible to security incidents;
            (15)    describe the contents of the Evaluated Products List (EPL);
            (16)    outline the principles of ethics as they apply to INFOSEC;
            (17)    identify the ISSO in your agency;
            (18)    define the term "INFOWAR";
            (19)    outline the INFOSEC dangers in the National Information Infrastructure;
            (20)    compare open system security and closed security;
            (21)    describe operating system security features;
            (22)    define the term "platform specific security;"
            (23)    list the importance of maintaining professional interfaces;
            (24)    identify professional interfaces;
            (25)    illustrate the importance of quality assurance to INFOSEC;
            (26)    explain the importance of security architecture in a distributed system;
            (27)    list the forms in which security products are available:  hardware, firmware, software;
            (28)    identify sensitive systems for which you are responsible;
            (29)    outline the components of technical security as listed in NSD 42:  equipment, components,
                    devices, associated documentation, media;
            (30)    define the term "trust" as it applies to INFOSEC;
            (31)    apply the term "warranties (assurance)" to the concept of INFOSEC; and
            (32)   explain the consequences of improper or damaged cabling.