Information Security Orientation - PowerPoint PPT Presentation

1 / 54
About This Presentation
Title:

Information Security Orientation

Description:

Do not place in detachable storage compartment, e.g. auto trailer, luggage rack, etc. ... Travel within your city of assignment does not require courier orders, except ... – PowerPoint PPT presentation

Number of Views:2661
Avg rating:3.0/5.0
Slides: 55
Provided by: DCS97
Category:

less

Transcript and Presenter's Notes

Title: Information Security Orientation


1
Information Security Orientation
2
Purpose
  • Produce a basic understanding of the nature of
    classified information and the importance of its
    protection to the national security.
  • Place employees on notice of their responsibility
    to play a role in the Information Security
    Program.
  • Provide enough information to ensure proper
    protection of classified/sensitive information in
    their possession.

3
Information Security Regulations
  • AR 380-5 Department of the Army Information
    Security Program, 29 SEP 00

4
The Nature of U.S. and Foreign Government
Classified Information
  • Information is classified, or protected as
    sensitive, when it is in the interests of
    national security.
  • Classified or sensitive information requires
    protection against unauthorized disclosure to
    safeguard national security.

5
Categories of Classified Information
  • Military plans, weapons systems, or operations.
  • Foreign government information.
  • Intelligence activities, intelligence sources or
    methods, and cryptology.
  • Foreign relations or foreign activities of the
    United States including confidential sources.
  • Scientific, technological, or economic matters
    relating to the national security.
  • United States programs safeguarding nuclear
    materials or facilities.

6
Categories of Classified Information
  • Vulnerabilities or capabilities of systems,
    installations, projects or plans relating to
    national security.

7
Classification Principles
  • Original Classification is the decision to
    designate a certain item of information as
    classified, at a particular level, and for a
    certain duration of time. This decision can only
    be made by an Original Classification Authority.
  • Derivative Classification is the incorporating,
    restating, paraphrasing, or generating in new
    form, information that has already been
    classified and ensuring that it is classified and
    handled at the level the Original Classification
    Authority has already determined will be done.

8
Original Classification Authority
  • SECARMY or DCSINT appoints in writing persons
    designated as Original Classification
    Authorities.
  • There are relatively few persons in the Army with
    Original Classification Authority (OCA).
  • The OCA will determine the length of time
    information will require classification and will
    determine an appropriate declassification date or
    event. This decision is based on the national
    security sensitivity of the information.

9
Levels of Classification
  • TOP SECRET applied to information in which the
    unauthorized disclosure could reasonably be
    expected to cause exceptionally grave damage to
    national security.
  • SECRET applied to information in which the
    unauthorized disclosure could reasonably be
    expected to cause serious damage to national
    security.
  • CONFIDENTIAL applied to information in which the
    unauthorized disclosure could reasonably be
    expected to cause damage to national security.

10
Classification Caveats
  • A CAVEAT is a supplemental handling instruction
    or limitation.
  • Common U.S. and KFOR Collateral Caveats
  • NOFORN not releasable to foreign nationals
  • REL KFOR releasable to properly cleared members
    of KFOR with a verifiable need to know.
  • REL NATO/KFOR releasable to properly cleared
    members of NATO and KFOR with a verifiable need
    to know.
  • REL NATO not releasable to non-NATO KFOR members.

11
Command Security Manager
  • The Command Security Manager (CSM) is the
    principle advisor on information security in the
    command.
  • The CSM is responsible to the commander for
    management of the program.
  • Commanders will appoint Command Security Managers
    in writing down to battalion level.
  • The 11BDE CSM is CPT Peters, Brigade S2.

12
The Supervisors ResponsibilitiesAR 380-5, Para
1-8
  • Ensure subordinate personnel who require access
    to classified information are properly cleared
    and are given access to only that information for
    which they have a need to know.
  • Ensure subordinate personnel are trained in,
    understand, and follow, the requirements in AR
    380-5, and local command policy and procedures,
    concerning the information security program.
  • Continually assess the eligibility for access to
    classified information of subordinate personnel
    and report to the CSM any information that may
    have a bearing on that eligibility.

13
The Supervisors ResponsibilitiesAR 380-5, Para
1-8
  • Supervise personnel in the execution of
    procedures necessary to allow the continuous
    safeguarding and control of classified and
    sensitive information.
  • Include the management of classified and
    sensitive information as a critical
    element/item/objective in personnel performance
    evaluations (counseling's, NCOERs or OERs).
  • Lead by example. Follow command and Army policy
    and procedures to properly protect classified and
    sensitive information.

14
The Individuals ResponsibilitiesAR 380-5, Para
1-9
  • Safeguard information, related to national
    security, that you have access to.
  • Report, to the proper authority, the violations
    of others that could lead to unauthorized
    disclosure of classified or sensitive
    information.
  • These responsibilities cannot be waived,
    delegated, or in any other respect, excused.
  • All DA personnel will safeguard all information
    and material, related to national security,
    especially classified information, which they
    access, and will follow AR 380-5 and other
    applicable regulations.

15
Who is Authorized Access to Classified
Information?
  • Persons with appropriate security clearance and a
    need-to-know.
  • The CSM, SSO or their staffs are the only persons
    authorized to verify an individuals security
    clearance and access level.
  • Verification methods
  • Activity Security Clearance Access Roster
  • Check full name
  • Verify SSN
  • Verify Clearance Level
  • Official clearance verification credential with
    photo (SSO V Corps badge, etc.)

16
Reproduction of Classified Materials
  • Use machines for which classified reproduction
    has been specifically authorized and so
    designated.
  • If reproduction is authorized on an unclassified
    machine, 6 blank pages must be copied and
    shredded.
  • Limitations and control procedures that apply to
    the originals must also be applied to the copies.
  • Waste copies will be controlled and destroyed as
    classified material.
  • Do not copy NATO materials.

17
Storage of Classified Information or Material
  • Classified information must be stored in a
    locked, GSA approved, security container when not
    under the control of someone properly cleared and
    authorized access to it.
  • SF 702 (security container check sheet) must be
    used for each security container with the time
    and initials noted each time you
  • Open
  • Close, or
  • Check
  • the container.

18
Storage of Classified Information or Material
  • Combinations to security containers used to store
    classified information will be recorded on SF
    Form 700 and stored in the master safe for your
    command.
  • Combinations will be safe guarded at the same
    level as the highest classification of
    information stored within the security container.
  • Only properly cleared personnel, with a need to
    know, will be given security container
    combinations.
  • DO NOT mark security containers with a
    classification level.

19
Classification Marking Policy
  • Marking is the principle means of informing
    holders of classified and sensitive information
    of the classification/sensitivity level and
    protection requirements.
  • Within DA, classified and sensitive material will
    be identified clearly by marking, designation or
    electronic labeling.

20
Purpose of Classification Marking
  • Alerts holders to the presence of classified and
    sensitive information.
  • Identifies, as specifically as possible, the
    exact information needing protection.
  • Indicates the level of classification/sensitivity
    assigned to the information.
  • Provides guidance on downgrading (if any) and
    declassification.
  • Gives information on the source and reason for
    classification of the information.
  • Warns holders of special access, control,
    dissemination, or safeguarding requirements.

21
Overall Classification Marking Concept
  • Classified and sensitive documents will be marked
    to show the highest classification/sensitivity of
    information contained in the document.
  • Document containing classifications at more then
    one level will have an overall marking of the
    highest level.
  • Overall classifications marking will be placed at
    the top and bottom of documents, slides or
    overlays.
  • Computers, external drives, floppy diskettes, ZIP
    disks, and CD-Rs will be marked with the highest
    classification level authorized for processing on
    that system.
  • Note a disk used in a SECRET computer becomes
    SECRET despite the level of information stored on
    it.

22
Marking of Computer Disks
  • Disks containing classified information will be
    marked with an SF 707 SECRET label
  • Disks which are Unclassified but used in an
    environment where classified information is
    created or used must be labeled with a SF 710
    UNCLASSIFIED label.
  • CD-Rs will have their classification written on
    them, labels should be affixed to their cases.
  • If SF security labels are not available, the
    classification level will be clearly written on
    the disk label.

23
Handling of Classified Computer Disks
  • Place the proper classification label on the
    diskette
  • Store the diskette in a proper security container
    when
  • You leave the area and no authorized persons are
    there (if there is an authorized person around,
    tell them that the classified diskette is there)
  • You are not using the diskette
  • Keep materials in your possession.

24
Marking of Documents
  • Pages will be marked on the top and bottom with
    the highest classification of information on that
    page.
  • Paragraphs will contain a portion marking of the
    highest classification of information in that
    paragraph.
  • Pictures or diagrams must be marked with the
    level of classification.
  • Titles of classified documents will be marked
    with a portion marking. Example of an
    unclassified title
  • (U) 2BDE Information Security Program

25
Classified Markings for Drafts/Notes/etc
  • Drafts or notes based on classified information
    must be marked.
  • Failure to mark notes may result in a compromise
    of classified information and cause damage to
    national security.
  • All notes taken in a work environment where
    classified information is processed, which are
    not properly marked, should be considered to be
    classified and destroyed as such.

26
Handling Classified Materials When They are Not
in a Security Container
  • Ensure classified information or material is
    under your direct control or that of someone who
    has appropriate clearance and is authorized
    access.
  • Use of the appropriate cover sheets are mandatory
  • SF 703 for Top Secret (orange)
  • SF 704 for Secret (red)
  • SF 705 for Confidential (blue)

27
Classified Conversations and Unsecure Phones Do
Not Mix
  • Do not discuss classified information near
    someone who is talking on an unsecure phone.
  • Place phones on mute when notifying personnel of
    incoming calls.
  • Briefings are a particular Info-Sec hazard.

28
Using Distribution Systems
  • Ensure classified materials are not left alone in
    distribution boxes.
  • Ensure only authorized personnel (with
    appropriate clearance and need-to-know) pick up
    classified materials.

29
Faxing Classified Information
  • Use secure FAX unit.
  • Follow the encryption procedures for that piece
    of equipment.
  • Before transmitting, call the receiving office to
    ensure an authorized person is available to
    receive the transmission.
  • Remain with the unit until the transmission or
    reception is complete.

30
End of the Day Security Check
  • Activity chiefs are responsible for establishing
    a system of security checks at the close of each
    working day to ensure that all classified
    material is properly secured.
  • Check the entire work area for classified
    materials.
  • Check each security container to ensure it is
    locked
  • Record this check on SF 701 (activity security
    checklist).

31
Preparation of Material for Transmission
(Mailing or Hand Carrying)
  • When classified information is transmitted,
    it will be enclosed in two opaque, sealed
    envelopes, wrappings, or containers, durable
    enough to properly protect the material from
    accidental exposure and to ease in detecting
    tampering. (AR 380-5, Para 8-9)

32
Preparation of Classified Materials for Movement
Outside of Your TOC
  • Double wrap (use opaque materials like brown
    paper or cardboard).
  • The outer envelope or container must be addressed
    to an official government activity or to a DOD
    contractor with a facility clearance and an
    appropriate storage capability. E.g. Top Secret
    information cannot be sent to the Commander, 2
    BDE, 1 AD because the Brigade does not have a
    facility authorized to store that level of
    information.
  • The inner envelope or container will show the
    address of the receiving activity, the address of
    the sender, and the highest classification of
    its contents.

33
Preparation of Classified Materials for Movement
Outside of Your TOC
  • Place a layer of plain paper or cardboard between
    the classified document and the inner layer.
  • Do not indicate classification on outside layer.
  • Seal package in such a way that tampering can be
    detected (use paper tape along seams).
  • A locked briefcase can be used as the outer wrap.

34
Example of the Inner Wrap in a Double Wrap System
for Secret Information
Both To and From addressees Must be placed on
both wrappers.
Note classification markings on top and bottom of
package.
Unclassified Example
35
Example of the Outer Wrap in a Double Wrap System
for Secret Information
Do not place classification markings on the outer
wrapper.
36
Handcarrying
  • Use handcarrying as your last means for
    transmitting classified materials. Use it only
    after all other transmission methods have been
    found inadequate.
  • Double wrap the materials.
  • Keep materials under constant surveillance and
    personal possession.
  • Do not place in detachable storage compartment,
    e.g. auto trailer, luggage rack, etc.
  • Store overnight only at a U.S. government
    facility or cleared contractor facility with
    classified information storage capability.

37
Handcarrying (continued)
  • Leave a record (DA 3964) of materials being
    handcarried with your activity.
  • Get briefing prior to departure.
  • If using a commercial airline
  • Coordinate with the airline before leaving
  • Have ID and letter of authorization
  • Allow x-raying but do not allow direct access to
    the information
  • Use U.S. flag carrier or allied flag carrier if
    U.S. is not available
  • Check with your security office for more
    information on hand-carrying.

38
Courier Orders
  • Courier orders are required when you travel
    outside your assigned military area or base camp.
    The courier will be in possession of the
    appropriate courier authorization form as
    indicated below
  • - Travel within the country of assignment
  • (use the DD form 2501, Courier
    Authorization Card)
  • - Travel across international boundaries
  • (use the AR 380-5E-R in English plus the
    appropriate German, Italian, Turkish or Greek,
    translation.)
  • - Couriers of SCI
  • (use USAREUR Form 32)
  • Travel within your city of assignment does not
    require courier orders, except for SCI however,
    you must have permission from your supervisor to
    transport classified material within your area.

39
Transporting from Office to Office
  • Do not attract attention to yourself when
    carrying classified materials from one office to
    another. Place the materials in a nondescript
    envelope or container.
  • Place cover sheet (SF 701, 704, or 705) on
    materials prior to placing into envelope to
    remind yourself and recipient that materials are
    classified.

40
Methods for Transmitting Classified Materials
  • Confidential
  • Authorized electronic system, e.g, a Stu-III or
    STE in secure mode
  • Handcarry (with proper authorization)
  • Defense Courier service (not routinely but under
    certain circumstances)
  • Registered mail (for APO/FPO outside U.S. and
    Puerto Rico for NATO outside U.S. when
    uncertain if destination within U.S. to DOD
    contractor or other executive branch agency, when
    appropriate)

41
Methods for Transmitting Classified Materials
  • Confidential, continued
  • U.S. postal service registered mail to/from
    APO/FPO
  • U.S. postal service first class mail inside the
    continental United States with restrictions
  • Use of postal collection boxes are prohibited!

42
Methods for Transmitting Classified Materials
  • Secret
  • - Authorized electronic system, e.g., a
    STU-III or STE in secure mode.
  • - Handcarrying (with proper authorization)
  • - Defense courier service (not routinely but
    under certain circumstances)
  • - Registered mail (within U.S. and Puerto
    Rico)
  • - Registered mail to APO/FPO but only if
    mail will not pass out of U.S. control during
    entire mail process.

43
Methods for Transmitting Classified Materials
  • Secret, continued
  • - Protective security service within U.S.
    boundaries if item is large and bulky (check with
    MTMC for information on the companies that
    provide this service).
  • - U.S. Postal service express mail (within
    U.S. and Puerto Rico). Do not use to send to an
    APO/FPO address and do not use street-side
    collection box.
  • - GSA contract holder for overnight delivery
    (currently FedEx) (within US and territories).
    See your security office for limitations and
    procedures. Do not send to an APO/FPO address.

44
Methods for Transmitting Classified Materials
  • Top Secret
  • - Defense courier service
  • - Department of State courier service, only
    under rare conditions
  • - Authorized electronic system, e.g. a
    STU-III or STE cleared for TOP SECRET
    communication
  • - Handcarrying (with proper authorization)

45
Handling of Mail
  • Protect mail until it has been determined whether
    or not classified materials are contained within.
  • For DOD contractors ensure only cleared
    personnel receive and sign for all certified and
    registered mail.

46
Who Can Destroy Classified Materials
  • User (or custodian) of the materials
  • Designated destruction official(s) for your
    activity, if used
  • Witness required for the destruction of Top
    Secret and NATO Secret information
  • Use DA Form 3964 as Destruction Certificate
  • Keep Destruction Certificate on file

47
Authorized Methods for Destruction of Classified
Materials
  • Shredding, crosscut shredders are the only
    authorized shredders for destruction of
    classified information (shredding machine must
    reduce the material to shreds no greater than
    1/32nd of an inch by ½ inch crosscut)
  • It is recommended that the S2 establish a shred
    bin that is shredded daily.
  • Burning, (when allowed by your local
    environmental agency)
  • Pulverizing
  • Pulping
  • Check with your security office for location of
    equipment and information on other
    methods

48
Processing Classified Information on Computer
  • Computers must be accredited for processing of
    classified information.
  • Secret Internet Protocol Router Network (SIPRNET)
    is authorized for processing of levels up to
    SECRET.
  • Do Not process classified information on
    Unclassified Computer systems.
  • The Non-Secure Internet Protocol Router Network
    (NIPRNET) is authorized to process up to
    sensitive but unclassified information.

49
Automated Information System Threat
  • 126 countries have computer espionage programs
  • Reported computer break-ins are expanding at over
    52
  • DoD considered easy pickings by computer
    underground
  • Computer crime recognized as fastest growing
    component of global organized crime
  • Insiders pose a major threat to systems
  • Malicious codes cause loss of information and time

50
Types of Threats
51
Information System Threat is Global
Threats to information systems do not recognize
either physical or political boundaries.
52
Where is the Threat?
  • Foreign Intelligence Services
  • Industrial Espionage
  • Media
  • Drug Smugglers
  • Criminals
  • Hobbyists

53
What Type of Information Do We Disclose Through
our Negligence?
  • Real world contingency operations
  • Exercise information
  • VIP itineraries
  • Logistical information
  • Communication architecture
  • New systems
  • Special operations

54
Thanks for Your Attention
BRIEFING COMPLETED
Write a Comment
User Comments (0)
About PowerShow.com