Chapter-19 Flashcards
What three types of security are essential to the AirForce mission? (457)
I) Information Assurance (IA); 2) installation security; and3) Antiterrorism (AT).
Who must protect information and information systemsand adhere to all information assurance and relatedsecurity policies and procedures? (457)
Personnel at all levels.
Information __ refers to the measures that protect,defend and ensure the availability, integrity, confidentiality,authentication and nonrepudiation of informationand information systems. (457)
Assurance.
What do Information Assurance’s (IA) protection,detection and reaction capabilities provide? (457)
Restoration of information and information systems.
Why is Information Assurance (IA) policy based onfact-based operational risk assessments? (457)
Because total risk avoidance is often not practical - risk assessmentand management are required instead.
Name the three core Information Assurance (IA)security disciplines. (457)
Communications Security (COMSEC), Computer Security(COMPUSEC) and Emissions Security (EMSEC).
The information assurance discipline __ ensuresthe confidentiality, integrity and availability of informationsystems assets, including hardware, software,firmware and information being processed, stored andcommunicated. (457)
Computer Security (COMPUSEC).
A(n) __ system is any telecommunications and/orcomputer-related equipment or interconnected system orsubsystems of equipment used in the acquisition, storage,manipulation, management, movement, control, display,switching interchange, transmission or reception of voices and/or data. (457)
Information. (This includes software, firmware and hardware.)
A Computer Security (COMPUSEC) __ is anyaction, device, procedure, technique or other measurethat reduces an information system’s vulnerability to anacceptable or manageable level. (457)
Countermeasure.
What enemy activities pose the greatest threats tocommunications and information systems? (457-458)
Information Operations (IO) and Information Warfare (IW)activities.
Information Operations (10) and Information Warfare(IW) attacks include introduction of malicious codes,trapdoors or viruses. What could result from these activities?(458)
1) Loss of information and information system confidentiality,integrity and availability; 2) disclosure of classified orsensitive information; 3) altered or deleted mission-essentialdata; and 4) destruction of communications and informationsystems.
Viruses, worms, Trojan horses and Botnets are examplesof __ logic. (458)
Malicious logic.
How does the Air Force protect information systemsfrom malicious logic attacks? (458)
Through preventive measures, including I) user awarenesstraining; 2) local policies; 3) configuration management; and4) antivirus software.
Prevent malicious logic by using antivirus softwareon all information systems. Name four other minimumsecurity measures. (458)
Any four of the following: I) Scan all incoming or downloadedelectronic traffic and files for viruses; 2) scan removableand fixed media prior to use; 3) report all virus attacks;4) preserve evidence of malicious incidents for ongoing investigations;5) use government-owned computer systems forofficial use only; and 6) do not surf unapproved websites ongovernment-owned computer systems.
Describe the minimum security requirements fordesktops and workstations used by one person at a time.(458)
1) Ensure each user’s access is based on security clearanceand need to know; 2) prevent unauthorized casual viewing ofinformation; and 3) protect against tampering, theft and loss.
Strong, two-factor, authentication for accessing systemsand networks combines a Common Access Card(CAC) with a(n) __ . (458)
PIN.
A Common Access Card (CAC) is a DoD identificationcard with an integrated circuit chip that holds what?(458)
Public Key Infrastructure (PKI) certificates and keys.
When may passwords be used in lieu of a CommonAccess Card (CAC)? (458)
When support for CAC or other strong, two-factor authenticationis unavailable.
Where should you place devices that display or outputclassified and sensitive information? (458)
In locations that deter unauthorized casual viewing.
Use a secure ____ and screen-lock to secureany unattended workstation. (458)
Screen saver. (Otherwise, log off completely.)
When using a Common Access Card (CAC), removeit if the workstation is unattended. T/F (458)
True
How can you protect information systems from tampering,theft and loss? (458)
1) Control physical access to facilities, information systemsand data; 2) use the Common Access Card (CAC) removallock feature, keyboard locks, secure screen savers, and addonsecurity software; and 3) control removal and secure storageof information on unattended systems.
Compact discs are an example of removable media.Provide two additional examples. (458)
1) USB drives; and 2) external storage drives.
How should you safeguard, mark and label removablemedia? (458)
Using the requirements for the highest level of information itever stored.
Why does storing large amounts of Personally IdentifiableInformation (PII) (500 or more records) on removablemedia require proper approval? (458)
Its loss or theft may lead to identity theft or adversely impactpersonnel.
What additional security measures apply when removablemedia contains sensitive information? (458-459)
1) Restrict its use to locations that meet information protectionand security policies; 2) report any loss or suspectedloss; and 3) clear, sanitize or destroy it before releasing it to Vunauthorized personnel or outside the DoD or Air Force.
What should you do before attaching any removablemedia or storage device to an information system? (459)
Refer to local security guidance.
Using disguised removable· media or storage devicesis prohibited. T/F (459)
True.
What are Portable Electronic Devices (PED)? (459)
Small electronic devices capable of recording, storing,transmitting or processing information. (Examples includePDAs, hand-held and laptop computers, cellular phones, emaildevices and audio or video recording devices.)
Most desktop and workstation protective measuresand even removable media also apply to Portable ElectronicDevices (PED). What additional measures apply towireless-enabled PEDs? (459)
1) Comply with Air Force wireless and wireless securitypolicies; 2) do not use to store, process or transmit classifiedinformation without proper approval and additional securitymechanisms and measures; 3) do not use in areas where classifiedinformation is discussed or processed without coordinatingwith the local security manager; 4) consider Opera- _.,tions Security (OPSEC) and force protection before adoptingor implementing any policy or procedure; and 5) do not connectpersonally owned PEDs to the Air Force network.
Who should you notify if classified information wasprocessed or maintained on an unclassified PortableElectronic Device (PED)? (459)
Your supervisor, security manager or Information AssuranceOfficer (!AO).
Connecting personally owned Portable ElectronicDevices (PED) to the Air Force network is forbidden, butyou may request a government-owned PED if required.T/F (459)
True.
What are three prohibitions on the use of personallyowned Information Technology (IT)? (459-460)
Do not use personally owned IT to I) process classified information;2) perform government work without justificationand approval; and 3) store or process Controlled UnclassifiedInformation (CUI) or Personally Identifiable Information(PII).
What might justify using personally owned InformationTechnology (IT) to perform government work?(459)
Mission requirements. government-owned IT availability andrationale.
Government-owned sensitive information must remainon government removable media or devices. T/F(460)
True. (Mark and protect it appropriately.)
What will happen to personally owned InformationTechnology (IT) with Controlled Unclassified Information(CUI), classified information or Personally IdentifiableInformation (PII)? (459)
It will be confiscated and sanitized or destroyed.
Never use __ computing facilities or services toprocess government-owned unclassified, sensitive or classifiedinformation, or access Web-based government services.(460)
Public.
Define phishing. (460)
Emails with embedded scripts and false links that allow accessfor a hacker to control your computer or install maliciouslogic programs.
How do our adversaries use phishing to compromisethe mission effectiveness of your organization? (460)
They use this form of social engineering to solicit informationfrom Air Force members.
What should you do with emails from financial institutionsasking for personal information? (460)
Delete and report it to the appropriate financial institution’sspam or phishing Point of Contact (POC).
At a minimum, what three things should you do tosafeguard your computer from phishing? (460)
1) Never click on a hyperlink inside an email from an unknownsource; 2) never download files attached to an emailfrom an unknown source; and 3) contact the sender of theemail to verify if it is authentic.
__ are measures and controls that deny unauthorizedpersons national security information derivedfrom US government information systems and ensuresthe authenticity of those systems. (460)
Communications Security (COMSEC).
What are the three components of CommunicationsSecurity (COMSEC)? (460)
1) Cryptosecurity; 2) transmission security; and 3) physicalsecurity.
__ is a component of Communications Security(COMSEC) that results from the provision and properuse of technically sound cryptosystems. (460)
Cryptosecurity.
__ is a component of Communications Security(COMSEC) resulting from measures that protect transmissionsfrom interception and exploitation by meansother than cryptoanalysis. (460)
Transmission security.
Give examples of transmission security. (460)
Using secured communications systems, registered mail,secure telephone and facsimile equipment, manual cryptosystems,call signs or authentication to transmit classified information.
Define physical security. (460)
Using all physical measures necessary to safeguard CommunicationsSecurity (COMSEC) material from unauthorizedaccess.
List the five common Communications Security(COMSEC) physical security measures. (460)
1) Verifying the need-to-know and clearance of personnelgranted access; 2) following proper storage and handlingprocedures; 3) accurately accounting for all materials; 4)transporting materials using authorized means; and 5) immediatelyreporting the loss or possible compromise of materials.
What Information Assurance (IA) security principlemeans denying unauthorized persons valuable informationderived from intercepting and analyzing compromisingemanations from cryptoequipment, informationsystems and telecommunication systems? (461)
Emissions Security (EMSEC).
What is Emissions Security’s (EMSEC) objective?(461)
To deny unauthorized access to classified and, in some instances,unclassified information that contains compromisingemanations within an inspectable space.
Why does Operations Security (OPSEC) identify,analyze and control critical information indicatingfriendly actions, whether military operations or otheractivities? (461)
To 1) identify actions that can be observed by adversary intelligencesystems; 2) determine what indicators could beused to derive critical information useful to adversaries; 3)eliminate (or reduce to an acceptable level) the vulnerabilitiesof friendly actions to adversary exploitation; and 4)closely integrate and synchronize with other influence operationscapabilities.
___ must be closely integrated and synchronizedwith other influence operations capabilities and all aspectsof the protected operations. (461)
Operations Security (OPSEC).
Operations Security (OPSEC) is not a collection ofspecific rules and instructions applicable to every operation.T/F (461)
True. (It is a process.)
What is Operations Security’s (OPSEC) purpose?(461)
To eliminate or reduce adversary collection and exploitationof critical information.
Operations Security (OPSEC) applies to all activitiesthat prepare, sustain or employ forces during whichphases of operations? (461)
All phases.
Why should commanders and other decisionmakersapply Operations Security (OPSEC) analysis to the planning,preparation, execution and post execution phases ofany operation or activity from the earliest stages of planning?(461)
To enhance operational effectiveness.
Operations Security (OPSEC) analysis helpsdecisionmakers weigh the __ they will accept in specificoperational circumstances. (461)
Risks.
In what four situations are Air Force forces vulnerableto observation? (461)
1) At peacetime bases and locations; 2) in training or exercises;3) while moving; and 4) when deployed during actualoperations.
Why is Operations Security (OPSEC) incorporatedinto day-to-day operations? (461)
To ensure a seamless transition to contingency operations.
What five distinct steps constitute the OperationsSecurity (OPSEC) process? (461)
1) Identify critical information; 2) analyze threats; 3) analyzevulnerabilities; 4) assess risk; and 5) apply appropriateOPSEC measures.
What five basic characteristics of Operations Security(OPSEC) indicators make them potentially valuable toan adversary? (461-462)
1) Signatures (what identifies it or causes it to stand out); 2)associations (its relationship to other information or activities);3) profiles (the sum of each activity’s signatures andassociations); 4) contrasts (observable differences from an activity’s standard profile and its most recent or current actions);and 5) exposure (when and how long an indicator isobserved)
The Air Force handles its classified information andControlled Unclassified Information (CUI) according toAir Force-specific policies. T/F (462)
False. (It is consistent with national policy.)
What documents provide guidance for managingclassified information and Controlled Unclassified Information(CUI)? (462)
DoDM 5200.01, Volumes 1 through 4, DoD lnfonnationSecurity Program, and AFI 31-401, Information SecurityProgram Management.
______ classification is the initial decision that 1) anitem of information meets classification requirements inEO 13526, Classified National Security Information; and2) unauthorized disclosure could reasonably result indamage to national security. (462)
Original classification. (An Original Classification Authority(OCA) makes this decision.)
Who may originally classify information? (462)
Only the SecDef, the secretaries of the military departmentsand other officials who are specifically delegated the authority in writing.
Who appoints Original Classification Authorities(OCA)? (462)
The SECAF appoints them to Top Secret-and-below levels;the SECAF’s Administrative Assistant appoints them to Secret-and-below levels.
Original Classification Authorities (OCA) receivetraining in the exercise of their authority and have programresponsibility or __ over classified information.(462)
Cognizance.
A documents the details of an original classificationdecision and specifies items or categories that mustbe classified. (462)
Security Classification Guide (SCG).
What does a Security Classification Guide (SCG)identify? (462)
The applicable classification level, the reason for classifying,any special handling caveats, downgrading and declassificationinstructions, declassification exemptions, the OriginalClassification Authority (OCA) and a Point of Contact(POC).
When is information derivatively classified? (462)
When it is extracted, paraphrased, restated or generated in anew form.
Photocopying or mechanically reproducing classifiedmaterial is not derivative classification. T/F (462)
True.
What provides derivative classification guidance?(462)
Source documents and Security Classification Guides (SCG).
All cleared DoD personnel who create and derivativelyclassify material must mark it according to DoDM5200.01 and AFI 31-410. T/F (462)
False. (Mark them according to DoDM 5200.01 and AFI 31-401.)
All classified information, whether hard copy or electronic,must be properly marked. Why are the markingsconspicuous? (462)
They are the primary way to inform holders of protectionrequirements.
What are the purposes of markings on classified material?(462)
To 1) alert holders to the presence of classified information;2) identify the exact information needing protection; 3) indicatethe assigned classification level; 4) provide any guidanceon downgrading and declassification; 5) give informationon the sources and reasons for classification; and 6)warn of special access, control or safeguarding requirements.
Every classified document must be marked to showthe _______classification of information it contains. (462)
Highest.
Where is the overall classification of a documentidentified? (462)
On the first page and, if applicable, on the front cover, titlepage and outside back cover.
Where must every classified document show theagency, office of origin and date of origin? (462)
On the first page, title page or front cover.
In addition to the agency, office of origin and date oforigin, what must you include on the first page, title pageor front cover of every originally classified document?Every derivatively classified document? (462-463)
Include a “Classified by” line that identifies the OriginalClassification Authority (OCA). Mark “Derived from,” withthe source document and date derived. If derived from multiplesources, note “Multiple Sources” and attach a completelist.
When is information declassified? (463)
As soon as it no longer meets classification standards orwhen public interest in its disclosure outweighs the need toprotect it.
List the four separate and parallel systems that canlead to the declassification of information. ( 463)
1) When the declassification date, determined at the time ofclassification by the original classifier, is reached; 2) automaticallyon the 25th anniversary of classification, for informationof permanent historical value (unless specifically keptclassified); 3) after review for possible declassification, uponrequest; and 4) during systematic reviews for possible declassification.
What should you do if there is substantial evidencethat a document has been classified erroneously? (463)
Submit challenges of classification to the security manageror the classifier of the information.
Who is responsible for protecting classified informationand material in their possession or control? (463)
Everyone granted access to it.
Classified information must be protected at all timesby doing what? (463)
Storing it in an approved security container or facility orhaving it under the personal observation and control of anauthorized individual.
What should you do with items containing classifiedinformation? (463)
Destroy them immediately after they have served their purposeor protect them as required for the level of classifiedinformation they contain.
Who establishes a system of security checks at theclose of each work day to ensure area security? (463)
Heads of activities that deal with classified information.
What forms are used to record end-of-day securitychecks of classified material? (463)
SF 701, Activity Security Checklist, and SF 702, SecurityContainer Check Sheet.
When may a person have access to classified information?(463)
When he or she has the proper security clearance, need toknow and a signed nondisclosure agreement.
Who has the final responsibility for determining if aperson’s official duties require access to classified informationand if the person is granted the appropriate securityclearance? (463)
The individual authorized possession, knowledge or controlof the information.
How is Top Secret information controlled and accountedfor? (463)
Through Top Secret control account systems established byunit commanders and staff agency chiefs.
All transactions for Top Secret material must beconducted through the Top Secret Control Officer(TSCO). T/F (463)
True. (The unit commander or staff agency chief designatesthe TSCO.)
How is secret information controlled? (463)
Internally according to Air Force policy, as specified by unitcommanders or staff agency chiefs.
When are receipts necessary for secret information?(463)
When transm1ttmg through the US Postal Service or approvedpackage delivery services, or when an employee isdesignated as a courier to hand-carry information.
How is Confidential information controlled? (464)
Through routine administrative procedures.
What must you do if you find classified material outof proper control? (464)
1) Take custody of and safeguard the material, if possible;and 2) immediately notify the appropriate security authorities.
What should you do if classified information appearsin the public media? (464)
Be careful not to make any statement or comment that wouldconfirm the accuracy or verify the classified status of theinformation.
What sanctions are DoD military and civilian personnelsubject to if they knowingly, willfully or negligentlydisclose classified information to unauthorized persons?(464)
Sanctions include, but are not limited to: warning, reprimand,suspension without pay, forfeiture of pay, removal,discharge, loss or denial of access to classified information,removal of classification authority, and actions taken underthe UCMJ and under applicable criminal laws.
Action for unauthorized disclosure of classified informationmay be taken under the UCMJ. T/F (464)
True. (It may also be taken under applicable criminal law.)
What program determines the reliability, trustworthiness,good conduct and character of individuals beforethey have access to classified information or are assignedto sensitive duties? (464)
The Personnel Security Program.
Once you receive a security clearance, are you subjectto continuing assessment of trustworthiness? (464)
Yes. (Commanders and supervisors continually observe andevaluate subordinates and immediately report any unfavorableconduct or conditions that may bear on subordinates’trustworthiness or eligibility.)