Strategic Security Intelligence


NSTSSI Security Education Standards

Standards

Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved 

5.    ADMINISTRATIVE (DAA administrative responsibility)
  

      a.    Responsibilities for Account Administration
            

            (1)     specify local accreditation procedures;
            (2)     identify accreditation authority;
            (3)     state policy for ADP security documentation;                                
            (4)     identify ADP security staff personnel and their location;
            (5)     outline audit collection requirements;
            (6)     recognize importance of audit tools;
            (7)     describe business aspects of information systems security as they apply to proprietary
                    information;
            (8)     state procedures for disseminating information from the Computer Emergency Response Team
                    (CERT);
            (9)     state procedures for reporting to the CERT;
            (10)    outline procedures for providing information to or gathering information from the CSTVRP, the
                    ASSIST, the CIAC, or the CERT, as appropriate for the organization;
            (11)    outline procedures for handling computer security incidents;
               (12)    discuss contractor security standards;
            (13)    outline procedures for contractor security safeguards under National Industrial Security Program
                    Operations Manual (NISPOM);
            (14)    outline DAA responsibilities for contracts, agreements, and other obligations;
            (15)    discuss the importance of customer information technology security needs;
            (16)    describe the results of a customer service orientation and whether they support information
                    systems security policy and procedures;
            (17)    outline policy for deletion of accounts;
            (18)    outline policy for required documentation;
            (19)    discuss the risks associated with electronic funds transfer; and
            (20)    discuss issues associated with electronic monitoring.

  
      b.    Administration

            
            (1)     discuss the risks associated with electronic records management;
            (2)     evaluate the significance of reliability testing;
            (3)     plan procedures which protect against remanence;
            (4)     discuss the purpose of security functional testing;                         
            (5)     outline security inspection procedures;
            (6)     describe the security product testing/evaluation process;
            (7)     describe DAA responsibilities for security staffing requirements;
            (8)     discuss the security principles related to separation of duties; and
            (9)     explain the concept of electronic digital signature.