Custom Search
|
|
  |
|
|
You play an important role in the success of your command's security program. As we stated earlier, security is everybody's job, from seaman recruit to admiral. Do not leave listings unattended or files open for unauthorized browsing. If you see a stranger in your work area, it is your job to confront (challenge) that individual regardless of his or her rate or rank, job title, or status within or outside of your command. For the most part, you know who is authorized to be in your work area. As a computer operator, you are responsible for protecting hardware from fire, flood, sabotage, and internal tampering. You are also concerned with protecting applications software, systems software, program and data files, and all forms of input and output media with which you will be working. If you are working in the magnetic media library, you are responsible for protecting all library-related equipment (tape/disk cleaners, tape degaussers, tape/disk certifiers, and so on). If you are handling and working with classified media and materials, you must handle, store, and dispose of them in accordance with established procedures. The same rules apply regardless of what area you maybe working in; whether you are a data entry operator, a control clerk in production control (I/O), a computer programmer, or an analyst. All positions require you to pay attention to AIS security. The key word is protect. Believe it or not, AIS security is not really that difficult to understand, nor is it difficult to carry out. Sixty-five percent of it is nothing more than using good old common sense; the remaining thirty-five percent comes from awareness that you get through proper training. Try thinking of AIS security and protecting its related assets the same way you would protect your home and personal effects. In AIS we are talking millions of dollars, some of them yours. Think about the kind of AIS security you would want to have installed if that AIS facility were yours and what you would do to protect all its assets. From this point on, the rest is up to you. Stay alert, keep your eyes and ears open to what is going on around you, and never hesitate to challenge or question someone or something that you feel is wrong or out of character. PHYSICAL SECURITY MEASURES Physical security is the one area with which you are most likely to be familiar. It deals with such things as personnel, the environment, the facility and its power supply(ies), fire protection, physical access, and even the protection of software, hardware, and data files. Your command must provide physical security for your AIS facility. The degree of physical security at your installation or command depends on its physical characteristics, its vulnerability within the AIS environment, and the type of data processed. Minimum physical security requirements include four basic areas that your command must address: physical security protection, physical access controls, data file protection, and natural disaster protection. l Physical security protection. Physical security protection takes on two forms. The first is physical barriers, such as solid walls, caged-in areas, bulletproof glass, locked doors, and even continual surveillance of the controlled area. The second involves people and the procedures that you must follow, such as looking up names on the access list to determine who is authorized in a given space or area. There are also escort procedures you must follow to be sure that your party gets to the right place and/or person. l Physical access controls. Physical access controls are implemented to prevent unauthorized entry to your computer facility or remote terminal areas. Physical access controls can be accomplished in several ways: conventional key and lock set, electronic key system, mechanical combination lock, or electronic combination lock. Regardless of the type of system installed at your command, it is important to remember that keys belong on your key-ring or chain, electronic keys or cards should be in your possession at all times (except when sleeping), and combinations should be memorized, not written down somewhere for everyone to see. l Data file protection. Physical access to data files and media libraries (magnetic disks, tape files, microforms, and so on) is authorized only to those personnel requiring access to perform their job. l Natural disaster protection. The effects of natural disasters must be prevented, controlled, and minimized to the extent economically feasible by the use of detection equipment (heat sensors, smoke detectors), extinguishing systems, and well conceived and tested contingency plans. Environmental Security Temperature and humidity can affect the operation of your-computer facility. Whenever possible, computer equipment is operated within the manufacturer's optimum temperature and humidity range specification. Fluctuations in temperature and/or humidity over an extended period of time can cause serious damage to the equipment. So, with that in mind, you are probably asking yourself, "What are the acceptable levels for computer operation?" Normally, you can find this information in the command's standard operating procedures (SOPs), or you can check with your supervisor. If neither are available, a safe rule of thumb is a temperature of 72 Fahrenheit, 2, and a humidity of 55%, 5%. To maintain a constant temperature and humidity to the computer facility or remote terminal areas, keep all doors and windows closed. Because temperature and humidity are vitally important to computer performance, it is essential that only designated personnel be allowed to regulate these types of environmental controls. If your workspace has a recording instrument to monitor the temperature and humidity, by all means check it periodically to be sure it is within the prescribed limits. If you notice a significant fluctuation (up or down), notify your supervisor. Some devices have built-in warning signals (a light, audible sound, or both) to warn you of near-limit conditions for temperature and/or humidity. Lighting You are responsible for ensuring that adequate lighting is maintained. Be particularly attentive to emergency lights. If they are not functioning properly, report the problem to your supervisor as soon as possible. Emergency lights are installed for your protection and safety, not for the safety of the equipment. They are there to ensure a quick exit if you must evacuate in a hurry. Physical Structure Security In the Navy we often decide we need computer equipment and then wonder where we are going to install it. The existing building (or shipboard compartment) may not lend itself to the physical security requirements needed to protect the system. Things like false overheads (ceilings) can conceal water and steam pipes. The pipes should be checked on a regular basis and any irregularities reported immediately. Personnel should be familiar with the locations and operation of the cut-off valves for the pipes. Air-conditioning ducts in the overhead, if not properly insulated, can result in condensation, causing water to drip down on the computer. When repair work is scheduled within the computer spaces (working under the raised floor or in the overhead), be sure to take all necessary precautions to protect the equipment. Use plastic sheeting to cover the system (particularly the CPU). Watch out for overhead water or steam pipe bursts and for activated sprinkler systems. Ensure maximum personnel safety, while keeping disruption to a minimum. Dust coming from the work area can damage the equipment: clogged filters result in overheated components, a head crash on a disk drive, dirty read/write heads on tape drives, and so on. Remember, the key word is to protect all AIS assets. WARNING Should your equipment be exposed to water, do not turn it on until it has been thoroughly checked out by qualified maintenance personnel. Power Supply Protection Your computer facility and remote terminal areas require adequate power. Variations in electrical power can affect the operation of computer equipment. Most computer equipment is designed in such away that it is able to rectify the incoming ac current, filter it, and regulate the resulting dc current before it is applied to the computer circuitry. However, this filtering and regulation cannot be expected to eliminate voltage variations beyond a reasonable range. Power fluctuations can cause unpredictable results on hardware, logic, and data transfer. Should your system encounter such fluctuations, it is highly recommended that the equipment be shut down at once until the problem is corrected. Some computer systems are equipped with an uninterrupted power source (UPS). A UPS provides the auxiliary power for your equipment that may be required if your command's mission dictates continuous AIS support to fulfill its obligations or if your computer system is in an area where there are frequent brownouts. Auxiliary power should be checked on a periodic basis. Fire Protection Fire protection is one of the major elements of any command's physical security program. All personnel (military and civilian) receive periodic training in emergency procedures in case of fire. The training usually includes, at a minimum, proper equipment shutdown and startup procedures, information about your fire detection and alarm systems, use of emergency power (especially aboard ship), use of fire-fighting equipment, and evacuation procedures. Master control switches are used to shut off all power to your AIS spaces in the event of fire. If your air-conditioning system is not setup for smoke removal, it is probably connected to the master control switches. The master control switches are normally located at the exit doors, so in an actual emergency you do not have to pass through a dangerous area to activate the switches. These switches should be easily recognizable. They are clearly labeled and protected to prevent accidental shutdown. Commands that process critical applications will have master control switches that allow for a sequential shutdown procedure of your equipment. Learn the location of the switches and procedures used in your computer spaces. There will be enough portable fire extinguishers for you to fight a relatively small or self-contained fire. Extinguishers are placed within 50 feet of the computer equipment. Prominently displayed markings and/or signs are above each extinguisher, and each is easily accessible for use. WARNING Be sure to use only carbon dioxide or inert-gas fire extinguishers on electrical fires. One final note. Experience has shown repeatedly that prompt detection is a major factor in limiting the amount of fire damage. Computer areas require a fire detection system capable of early warning and with an automatic fire extinguishing system. Hardware Protection Hardware security is defined in the Department of the Navy Automatic Data Processing Security Program, OPNAVINST 5239.1, as "Computer equipment features or devices used in an AIS system to preclude unauthorized, accidental or intentional modification, disclosure, or destruction of AIS resources." |
 
|
|
|
