Information Security Flashcards
What are the names of the policies that provide guidance for the DOD Information Security Program?
- E.O 13526
- 32 CFR 2, parts 2001 and 2003, CNSI Final Rule
- DODM 5200.01 VOL 1-4
- DODI 5230.09
- DODI 5230.29
What is the responisbility of the Information Security Oversight Office, or ISOO?
To oversee and manage the information security program, under the guidance of the National Security Council
What is the responsibility of the National Security Council (NSC)?
- To provide the overall policy direction for the informatin security program.
- It assists the President in develping and issuing National Security Policies, and it guides and directs the implementation and application of the Executive Order.
- The NSC exervises its guidance primarily through the ISOO
What is the USD(I) and their responsibility?
The Under Secretary of Defense for Intelligence has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govoern the DoD ISP (by issuing the DoD Instruction 5200.01)
The three levels of classified information are designated by what exectuive order?
EO 13526
What are the 5 requirements for dreivatie classification?
- Observe and respect the OCAs original class determination
- Apply the required markings
- Only use authorized sources
- Use caution when paraphrasing
- Always take the appropriate steps to resolve any doubts you have
What are the 4 tpes of Declassification systems?
- Systematic
- Automatic
- Mandatory
- Scheduled
What is a scheduled declassification?
Instructions consist of either a date or event for declassification.
What is automatic declassification?
Classified records that have been determined to have permanent historical value, will be automaticall declassified on December 31st of the year that is 25 years from data of its original classification.
There are 9 categories of Information that may be classified beyond 25 years. You can easily identify this information by the yse of 25X instruction for declassificaiton. The exemptions are annotated as 25X with the category nymber following the X, for example, 25X9.
What is Mandatory Declassification Review, or MDR?
It is another method of declassifiying information based on requesting a review of information to see if classification is still necessary.
What is Systematic Declassification?
A program to review classified records after a certain age.
What are the options an OCA has when determining declassification?
- Specific Date
- Specific Event
- 50X1-HUM Exception
What type of information does not provide declassification instructions?
- Restricted Data
- Formerly Restriced Data
What are the purposes of the SF 701 and SF 702?
The SF 701, or the Activity Security Checklist, is used to record your End of Day Checks.
The SF 702, or the Security Container Check Sheet, is used to record the opening and closing of your security container.
What does the term Information System refer to?
Refers to a set of Information Resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, dispoistion, display, or transmission of information.
What is COMSEC?
Communication Security, COMSEC, is defined as the protection resultinf from all measured designed to deny unauthorized persons, information of value that might be derived from the possession and study of telecommunications, and to ensure the authenticity of such communications.
COMSEC includes crypto security, emission security, transmission security, and physical security of COMSEC material and information.
How is classified information prepared for transmission?
Classified material needs to be prepared for shipment, packaged, and sealed in ways that minimize risk of accidental exposure and facilitates detection of tampering.
Requirments to hand carry classified information
- Should be done as a last resort
- Written authorization is required
- Courier must be briefed.
What must be included in the Courier Brief?
- Couriers liability for the materials.
- Material cannon be left unattended
- Should not be opened en route (unless customs)
- No public discussion
- Follow an authorized travel route and schedule
- In case of ER, protect classified materials
- All travel documents must be valid and current.
When can SECRET information be sent via USPS?
Only when it is the most effective means considering security, time, cost, and accountability.
List 3 approved methods for destroying classified material
- Burning
- Shredding
- Pulverizing
- Disintegrating
- Pulping
- Melting
- Chemical Decomposition
- Mutilation to preclude recognition
Which agency creates the desctruction standard that DoD users?
NSA
What is NATO?
The North Atlantic Treaty Organization is an alliance of 28 countries from North America and Europe, committed to fulfilling the goals of the North Atlantic Treaty signed on April 4, 1949.
The United States is a member of NATO, and as such, has access to NATO Classified documents.
NATO classified information, or documents prepared by for NATO and NATO member nation documents that have been released into the NATO security system, and that bear a NATO classification marking, needs to be safeguarded and marked in compliance with the United States Security Authority for NATO or USSAN.
List 3 FOIA exemption categories
- National Defense
- DoD personnel practices
- Statutes
- Trade Secrets
- Litigation
- Personal and Private
- Law Enforcement
- Regulation of financial institutions
- Well location