 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
8. GENERAL
a. Introductory
(1) explain information security problems which may occur at an access node;
(2) explain the property of accountability to include: traceability of activities to individual users;
assigning responsibility for violations, attempted violations, and activities;
(3) explain the purpose for the Assessed Products List (APL);
(4) define the term "approved circuit";
(5) discuss why authentication is an important process in INFOSEC to include:
(a) positive validation for a claimed identity which may be: station, originator, individual,
transmission, message, user, device;
(b) positive validation may also be called: identification or verification; and
(c) protective measure used to deter fraudulent transmissions.
(6) identify who is involved in the Authorization process (the DAA, his/her designee(s), and the
extent of their authority) in your organization;
(7) describe the resources and methods of an automatic message processing system; and
(8) list general operations security (OPSEC) principles and sources of information.
b. DAA Authority
(1) explain the objectives of the information systems security program: availability, denial of servi$
confidentiality, integrity;
(2) outline the business aspects of information security;
(3) describe the components of a classified COMSEC program;
(4) explain why compartmentalization is an important aspect of INFOSEC;
(5) describe how connectivity impacts both your systems and external systems;
(6) define the term "critical processing";
(7) identify critical systems within your purview;
(8) describe how criticality is a parameter which indicates the degree of dependence of your
organization on an asset;
(9) explain the purposes for a computer security working group;
(10) define the term "data owner";
(11) explain the purpose for degaussing magnetic media;
(12) explain why the disposition of classified data is important for secure processing;
(13) demonstrate the differences between INFOSEC education, training, and awareness (ET&A);
(14) illustrate how electronic data interchange (EDI) is susceptible to security incidents;
(15) describe the contents of the Evaluated Products List (EPL);
(16) outline the principles of ethics as they apply to INFOSEC;
(17) identify the ISSO in your agency;
(18) define the term "INFOWAR";
(19) outline the INFOSEC dangers in the National Information Infrastructure;
(20) compare open system security and closed security;
(21) describe operating system security features;
(22) define the term "platform specific security;"
(23) list the importance of maintaining professional interfaces;
(24) identify professional interfaces;
(25) illustrate the importance of quality assurance to INFOSEC;
(26) explain the importance of security architecture in a distributed system;
(27) list the forms in which security products are available: hardware, firmware, software;
(28) identify sensitive systems for which you are responsible;
(29) outline the components of technical security as listed in NSD 42: equipment, components,
devices, associated documentation, media;
(30) define the term "trust" as it applies to INFOSEC;
(31) apply the term "warranties (assurance)" to the concept of INFOSEC; and
(32) explain the consequences of improper or damaged cabling.