Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 19953.5 Training and AwarenessThe ISSM is responsible for developing security training. This training will includetraining for INFOSEC personnel, training for IS users, and fostering INFOSEC awareness .The ISSM plans and develops Command and IS-specific training based on the securitypolicies and procedures documented in the Activity ISSP. The ISSM ensures that all newpersonnel are trained shortly after induction and that refresher training is providedperiodically to all personnel.ResponsibilityThe ISSM is responsible for developing two types of securitytraining: training for INFOSEC personnel (ISSOs and NSOs)and training for IS users. The ISSM is also responsible forfostering IS user security awareness.ImplementationINFOSEC PersonnelTrainingTraining for ISSOs and NSOs addresses all task areas requiredof the specific position.· Format: The format for training INFOSEC personneldepends on the Command structure and number ofsecurity personnel, as described below:- For large Commands with many ISSOs/NSOs, f ormaltraining sessions, using a brief-style format withhands-on demonstrations is beneficial- For small Commands having only one or twoISSOs/NSOs, informal or on-the-job training, usinghandbooks and/or handouts may be desired.When using either format, the ISSM should provide writtenguidelines of the responsibilities of the ISSO/NSO tailored forthe specific IS. Softcopy of documents on removable computermedia can be a cost effective substitute for hard copy versions.· Curriculum: Training curriculum should i nclude thefollowing:- Instruction for the performance of all CommandspecificINFOSEC procedures and duties- Samples of documentation to be developed by theISSO/NSO, as required by the specific Command,such as:24
NAVSO P-5239-04SEPTEMBER 1995· Security Operating Procedures· Risk Assessments· Test Plans, Procedures, and Reports· Security Checklists· User Warning Messages· Authorized User Lists- Command- and IS-specific security procedures andfeatures, as documented in the Activity ISSP andSSPs.The ISSM ensures that all INFOSEC personnel (including theISSM) attend DOD- and DON-level security training, such asthe DON Introduction to Computer Security Program Courseoffered by the Naval Computer and TelecommunicationsCommand, the DOD Computer Institute Information ResourceProtection Course, and National Institute of Standards andTechnology/National Computer Security Center NationalInformation System Security Conferences.IS User SecurityTrainingIn accordance with the Computer Security Act of 1987, theISSM is responsible for ensuring that all IS personnel who workwith or in the vicinity of the IS receive INFOSEC training. TheISSOs/NSOs may assist in the development of trainingcurriculumand may conduct training sessions under the guidance of theISSM.· Format: The ISSM develops formal training sessionsusing a brief-style format with hands-on demonstrations.Written guidelines, handbooks, or hard copies of the briefshould be provided to and retained by attendees forreference purposes. Softcopy of documents onremovable computer media can be a cost effectivesubstitute for hard copy versions.· Curriculum: The training curriculum should be tailoredto the specific Command and IS, and should include:- Value of computer-based information- Computer vulnerabilities- Basic safe computing- Password management- Virus prevention and detection- Command-specific security procedures25
Page 1: Department of the Navy NAVSO P-5239
Page 5: NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9: NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61 and 62: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar

Information Systems Security Manager (ISSM) - Marine Corps ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?