Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

5.    ADMINISTRATIVE (DAA administrative responsibility)

      a.    Responsibilities for Account Administration

            (1)     specify local accreditation procedures;
            (2)     identify accreditation authority;
            (3)     state policy for ADP security documentation;                                
            (4)     identify ADP security staff personnel and their location;
            (5)     outline audit collection requirements;
            (6)     recognize importance of audit tools;
            (7)     describe business aspects of information systems security as they apply to proprietary
            (8)     state procedures for disseminating information from the Computer Emergency Response Team
            (9)     state procedures for reporting to the CERT;
            (10)    outline procedures for providing information to or gathering information from the CSTVRP, the
                    ASSIST, the CIAC, or the CERT, as appropriate for the organization;
            (11)    outline procedures for handling computer security incidents;
               (12)    discuss contractor security standards;
            (13)    outline procedures for contractor security safeguards under National Industrial Security Program
                    Operations Manual (NISPOM);
            (14)    outline DAA responsibilities for contracts, agreements, and other obligations;
            (15)    discuss the importance of customer information technology security needs;
            (16)    describe the results of a customer service orientation and whether they support information
                    systems security policy and procedures;
            (17)    outline policy for deletion of accounts;
            (18)    outline policy for required documentation;
            (19)    discuss the risks associated with electronic funds transfer; and
            (20)    discuss issues associated with electronic monitoring.

      b.    Administration

            (1)     discuss the risks associated with electronic records management;
            (2)     evaluate the significance of reliability testing;
            (3)     plan procedures which protect against remanence;
            (4)     discuss the purpose of security functional testing;                         
            (5)     outline security inspection procedures;
            (6)     describe the security product testing/evaluation process;
            (7)     describe DAA responsibilities for security staffing requirements;
            (8)     discuss the security principles related to separation of duties; and
            (9)     explain the concept of electronic digital signature.