Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 19953.8 Incident and Violations ReportingSecurity incidents or violations are occurrences that may affect the security posture ofthe IS. Security incidents or violations include the following:· Suspected or confirmed viral infection· Intrusion attempts and successes within the IS, such as:- Remote users logging in with compromised passwords- Compromised administrative privileges, allowing the creation of and use of falseuser accounts.· Access denials, such as:- Incorrect password violations- Incorrect account/user names- Unauthorized access to certain files, directories, servers, or other resources on theIS.ResponsibilityAll suspected incidents or violations must be reportedimmediately, first by the ISSO to the ISSM, and then afteranalysis by the ISSM, to the NAVCIRT and the DAA. TheISSM is responsible for approving the incident reportingmechanism.ImplementationIncident ReportingMechanismThe ISSM ensures that the mechanism facilitates the reportingof:· All access denials, repeated failed logon attempts, andother unusual activities· Viruses or suspected viruses and the forwarding of allvirus reports to NAVCIRT· All intrusion attempts/successes.The ISSM ensures that the incident reporting mechanism meetsCommand and INFOSEC requirements. The mechanismshould include the following, at a minimum:· Warning message and warning report monitoring· Access denial proceedings· Security problem analysis· Investigation of actual or suspected compromise of34
NAVSO P-5239-04SEPTEMBER 1995classified information· Virus reporting.The ISSM participates in the preparation of the securityreporting mechanism through the following actions:· Prepares inputs to Security Operating Procedures· Reviews and approves the procedures for reporting,investigating, and resolving security incidents· Reviews reports of security incidents .Incident AnalysisThe ISSM must be aware of all security incidents andviolations. The ISSM participates in the incident analysisthrough the following actions:· Analyzes the effects of an incident as to risk and degreeof compromise· Reports results of analysis to the DAA· Recommends appropriate action to the DAA, such as:- Termination of user privileges- Increasing auditing activity- Increasing protection levels and security mechanisms- Suspension of all noncritical IS activity- Complete system shutdown.SecurityVulnerabilities andProblemsThe ISSM participates in the continuous assessment of thesecurity features of the IS. With respect to security incidentand violations reporting, the ISSM periodically assessespossible areas of security weakness within the IS , and viablesecurity threat prevention measures .Reference: See section 3.11, Documentation, for a descriptionof an incident report and NAVSO P -5239-19, ComputerIncident Response Guidebook.35
Page 1: Department of the Navy NAVSO P-5239
Page 5: NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9: NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 16 and 17: NAVSO P-5239-04SEPTEMBER 19953.0 IN
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61 and 62: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar

Information Systems Security Manager (ISSM) - Marine Corps ...

Create successful ePaper yourself

Delete template?

Save as template?