Army Information Assurance Training Jko

Information Assurance (IA) is defined by the techniques and methods we use to protect and defend automated information and information systems through risk management techniques in order to provide reasonable stratums of availability, integrity, authentication, confidentiality, and non-repudiation.

The Army Information Assurance Program (AIAP) is a unified approach to protect unclassified, sensitive, or classified information stored, processed, accessed, or transmitted by Army ISs, and is established to consolidate and focus Army efforts in securing that information, including its associated systems and resources, to increase the level of trust of this information and the originating source. The AIAP will secure Army ISs through IA requirements, and does not extend access privileges to Special Access Programs (SAPs), classified, or compartmentalized data; neither does it circumvent need-to-know requirements of the data or information transmitted.

AR 25-2: AR 25-2, para. 1-4a

The most effective and economical policy possible for all ISs using the risk management approach for implementing security safeguards. To attain an acceptable level of risk, a combination of staff and field actions are necessary to: Develop local policy and guidance. Identify threats. Identify problems and resource requirements. Adequately plan for identified resource requirements.

Through the use of IA best business practices (BBPs) the best ideas, concepts, and methodologies acquired from industry and Army resources will be used to define specific standards, measures, practices, or procedures necessary to meet rapidly changing technology (or IA requirements) in support of Army policy requirements. IA BBPs allow rapid transitional implementation of IA initiatives to integrate technological or procedural changes as required by policy.

1. Respond to the Army's widespread use of Information Systems. 2. Respond to increases in risk. 3. Reduce security risks to acceptable levels. 4. Comply with applicable laws and regulations(AR 25-2, Appendix A). 5. Implement a unified approach to protecting information. 6. Consolidate and focus Army efforts. 7. Assure operational continuity. 8. Achieve the most effective and economical policy possible for all Information Systems.

Responsible for maintaining a practical level of familiarity and compliance with appropriate legal requirements. It is important to note that laws and regulations do not customarily provide detailed instructions for protecting computer-related assets. Instead they specify broad nonspecific solutions for integrating information assurance activities into your automated information systems.

It is DoD policy that all national security information shall be classified, declassified, and safeguarded in accordance with national-level policy issuances.

It is DoD policy that the objective of the personnel security program is that military, civilian, and contractor personnel assigned to and retained in sensitive positions, in which they could potentially damage national security, are and remain reliable and trustworthy, and there is no reasonable basis for doubting their allegiance to the United States.

It is DoD policy that known or suspected instances of unauthorized public disclosure of classified information shall be reported promptly and investigated to decide: 1. The nature and circumstances of the disclosure. 2. The extent of damage to national security. 3. The corrective and disciplinary action to be taken

This directive establishes policy and assigns responsibilities for the security and policy review and clearance of official DoD information proposed for official public release by the Department of Defense and its employees.

Establishes policy and assigns responsibility for GIG configuration management, architecture, and the relationships with the Intelligence Community (IC) and defense intelligence components.

This directive establishes policy and assigns responsibilities for the use of commercial wireless devices, services, and technologies in the DoD Global Information Grid (GIG). It includes: 1. Commercial wireless networks. 2. Portable Electronic Devices (PED) such as laptop computers with wireless capabilities. 3. Cellular/Personal Communication System (PCS) devices. 4. Audio/Video recording devices. 5. Scanning devices. 6. Remote sensors. 7. Messaging devices. 8. Personal Digital Assistants (PDA). 9. Any other commercial wireless devices capable of storing, processing, or transmitting information

These directives establish policy and assigns responsibilities to achieve Department of Defense (DoD) Information Assurance through a defense-in-depth approach that integrates the capabilities of personnel, operations, technology, and supports the evolution to network centric warfare.

MAC I: High Integrity, High Availability for DoD information systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. MAC II: High Integrity, Medium Availability for DoD information systems handling information that is important to the support of deployed and contingency forces. MAC III: Basic Integrity, Basic Availability for DoD information systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short term .

High Confidentiality for systems processing classified information. Medium Confidentiality for systems processing sensitive information as defined in DoD Directive 8500.1. Basic Confidentiality for systems processing public information as defined in DoD Directive 8500.1.

Persistent cookies. Third-party cookies. Web bugs.

It is a multinational effort to write a successor to the Trusted Computer System Evaluation Criteria (TCSEC) and Information Technology Security Evaluation Criteria (ITSEC) that combines the best aspects of both.

It is a collection of criteria that was previously used to grade or rate the security offered by a computer system product and was known as the Orange Book of the DoD Rainbow Series.

They are European developed criteria. Its aim is to demonstrate conformance of a product or system, referred to as a Target of Evaluation (TOE) against its security target.

1. Classified defense or foreign relations information. 2. Records of financial institutions or credit reporting agencies. 3. Government computers.

1. Without your express consent. 2. Unless it is required directly for their job and will not be disclosed publicly 3. Unless requested officially by a court of the jurisdiction

It is to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes.