Custom Search
|
|
  |
|
|
SCOPE OF AIS SECURITY As the Navy has become increasingly dependent on the use of AIS for its payroll, supply functions, tactical information, and communications, the need to protect AIS assets has taken on greater importance. Risk management is an ongoing effort. Whether you are in a large AIS facility with a full-time information system security manager (ISSM) or a facility where the functions of the ISSM are a collateral duty, your installation will have established security measures to protect its AIS assets. The five areas of consideration for the Navy's AIS security program are hardware (I), data (II), human resources (III), software (IV), and communications (COMM) (V). These are shown in figure 4-7. Because each AIS facility is different, each facility has its own AIS security risk management program. You'll be responsible for following the requirements of your facility's AIS security program. In the next paragraphs, you will learn about management responsibilities, your responsibilities, physical security measures, and data security measures. Again, our goal in AIS security is to prevent or minimize the opportunity for modification, destruction, disclosure, or denial of service. MANAGEMENT RESPONSIBILITY AIS security is everyone's responsibility, and only the commanding officer (CO) can ensure that AIS security receives the support required at every level. The success of your command's AIS security program depends upon the support of the CO. The CO and the AIS security staff are responsible for taking the necessary steps to provide an adequate level of security for all AIS-related activities, automated information systems, and networks, including those developed, operated, maintained, or provided by contractors. Each AIS facility has an information system security manager (ISSM). His or her primary duty is to serve as the single point of contact for all matters relating to AIS security at your command. The ISSM usually reports directly to the CO. Now, let's talk a little about the security staff.
Figure 4-7.-Department of the Navy AIS security areas. Many factors determine the numbers and types of people assigned to the AIS security staff. These factors include the type of activity, its size, its hardware configuration(s), types of work to be processed, and so on. Your command's AIS security staff may include any one, several, or all of the following people: Command security manager; Information system security manager (ISSM); Information system security officer (ISSO); Network security officer (NSO); Terminal area security officer (TASO). These people are specialists. Some day you may be one of them. They have been trained and are knowledgeable in such areas as the following: l General security awareness; l User and customer security; l Security administration; * Security violation reporting; l Hardware and software security; l Systems design security; l Terminal and device related security; l Telecommunications security; l Physical security; l Computer auditing; l Data security; l Risk assessment methodology; l Contingency and backup planning; l AIS security and Navy contractors; l Disaster recovery; l Security accreditation; and l Security test and evaluation. From this list you can see that AIS security is a complex area and requires many specialized skills and knowledges. In addition, each member of the AIS security staff is responsible for ensuring that you are adequately trained in AIS security. Do you know the name of your command ISSM? If not, seek him or her out and find out what your responsibilities are, rather than finding out the hard way through a bad experience. That brings us to your responsibilities. |
 
|
|
|
