NSTSSI Security Education Standards |
5. ADMINISTRATIVE (DAA administrative responsibility) a. Responsibilities for Account Administration (1) specify local accreditation procedures; (2) identify accreditation authority; (3) state policy for ADP security documentation; (4) identify ADP security staff personnel and their location; (5) outline audit collection requirements; (6) recognize importance of audit tools; (7) describe business aspects of information systems security as they apply to proprietary information; (8) state procedures for disseminating information from the Computer Emergency Response Team (CERT); (9) state procedures for reporting to the CERT; (10) outline procedures for providing information to or gathering information from the CSTVRP, the ASSIST, the CIAC, or the CERT, as appropriate for the organization; (11) outline procedures for handling computer security incidents; (12) discuss contractor security standards; (13) outline procedures for contractor security safeguards under National Industrial Security Program Operations Manual (NISPOM); (14) outline DAA responsibilities for contracts, agreements, and other obligations; (15) discuss the importance of customer information technology security needs; (16) describe the results of a customer service orientation and whether they support information systems security policy and procedures; (17) outline policy for deletion of accounts; (18) outline policy for required documentation; (19) discuss the risks associated with electronic funds transfer; and (20) discuss issues associated with electronic monitoring. b. Administration (1) discuss the risks associated with electronic records management; (2) evaluate the significance of reliability testing; (3) plan procedures which protect against remanence; (4) discuss the purpose of security functional testing; (5) outline security inspection procedures; (6) describe the security product testing/evaluation process; (7) describe DAA responsibilities for security staffing requirements; (8) discuss the security principles related to separation of duties; and (9) explain the concept of electronic digital signature.