CHAPTER 4
AIS SECURITY
LEARNING OBJECTIVES
Upon completing this chapter, you should be able to do the following:
l
l
l
l
l
l
l
Identify the procedures for issuing and updating user identification and
passwords and for validating customer authorization.
Identify the procedures for performing, directing, and validating security
inspections and for reporting and investigating security violations.
Identify the procedures for developing and updating security plans.
Recognize how to implement and evaluate countermeasures and
contingency plans.
Identify the procedures for preparing and updating emergency action
plans.
Explain how to implement and evaluate security test and evaluation
procedures.
Explain how to safeguard AIS classified material.
AIS security is a cycle of events that never ends.
You start with the development of a security plan for the
facility. This plan includes conducting an in-depth risk
assessment covering different types of disasters that
threaten the security of the AIS facility. Once the
security plan is in place, the inspections begin. You will
be responsible for preparing the inspection plan and
conducting the inspection using the guidelines provided
in the security instructions.
In this chapter, you will learn about AIS
security—from the implementation of the security plan
through conducting security inspections. This includes
AIS threat and risk analysis, disaster protection,
contingency planning, inspection preparation, and data
privacy.
WHAT IS AIS SECURITY?
AIS security is more than protecting classified
information and keeping unauthorized personnel out of
4-1
your AIS facility. It is protecting equipment, media,
data and people. AIS security is limiting access,
avoiding misuse, and preventing destruction. It is
preventing changes to data that would make the data
unreliable. It covers the denial of service and the
destruction of computer rooms, the loss of
confidentiality, fraud, the theft of computer time as well
as the computer itself. AIS security is a critical part of
your job.
As you probably noticed from reading the learning
objectives, AIS security has its own terminology and
jargon. To carry out your AIS responsibilities, you need
to be familiar with these terms and their meanings.
AIS SECURITY CONCEPTS
Our AIS security goal is to take all reasonable
measures to protect our AIS assets. Keep in mind that
AIS assets (hardware, software, data, supplies,
documentation, people, and procedures) have value.
