NSTSSI Security Education Standards
8. GENERAL a. Introductory (1) explain information security problems which may occur at an access node; (2) explain the property of accountability to include: traceability of activities to individual users; assigning responsibility for violations, attempted violations, and activities; (3) explain the purpose for the Assessed Products List (APL); (4) define the term "approved circuit"; (5) discuss why authentication is an important process in INFOSEC to include: (a) positive validation for a claimed identity which may be: station, originator, individual, transmission, message, user, device; (b) positive validation may also be called: identification or verification; and (c) protective measure used to deter fraudulent transmissions. (6) identify who is involved in the Authorization process (the DAA, his/her designee(s), and the extent of their authority) in your organization; (7) describe the resources and methods of an automatic message processing system; and (8) list general operations security (OPSEC) principles and sources of information. b. DAA Authority (1) explain the objectives of the information systems security program: availability, denial of servi$ confidentiality, integrity; (2) outline the business aspects of information security; (3) describe the components of a classified COMSEC program; (4) explain why compartmentalization is an important aspect of INFOSEC; (5) describe how connectivity impacts both your systems and external systems; (6) define the term "critical processing"; (7) identify critical systems within your purview; (8) describe how criticality is a parameter which indicates the degree of dependence of your organization on an asset; (9) explain the purposes for a computer security working group; (10) define the term "data owner"; (11) explain the purpose for degaussing magnetic media; (12) explain why the disposition of classified data is important for secure processing; (13) demonstrate the differences between INFOSEC education, training, and awareness (ET&A); (14) illustrate how electronic data interchange (EDI) is susceptible to security incidents; (15) describe the contents of the Evaluated Products List (EPL); (16) outline the principles of ethics as they apply to INFOSEC; (17) identify the ISSO in your agency; (18) define the term "INFOWAR"; (19) outline the INFOSEC dangers in the National Information Infrastructure; (20) compare open system security and closed security; (21) describe operating system security features; (22) define the term "platform specific security;" (23) list the importance of maintaining professional interfaces; (24) identify professional interfaces; (25) illustrate the importance of quality assurance to INFOSEC; (26) explain the importance of security architecture in a distributed system; (27) list the forms in which security products are available: hardware, firmware, software; (28) identify sensitive systems for which you are responsible; (29) outline the components of technical security as listed in NSD 42: equipment, components, devices, associated documentation, media; (30) define the term "trust" as it applies to INFOSEC; (31) apply the term "warranties (assurance)" to the concept of INFOSEC; and (32) explain the consequences of improper or damaged cabling.