Many factors determine the numbers and types of
people assigned to the AIS security staff. These factors
include the type of activity, its size, its hardware
configuration(s), types of work to be processed, and so
on. Your command’s AIS security staff may include
any one, several, or all of the following people:
Command security manager;
Information system security manager (ISSM);
Information system security officer (ISSO);
Network security officer (NSO);
Terminal area security officer (TASO).
These people are specialists. Some day you may be
one of them. They have been trained and are
knowledgeable in such areas as the following:
l
l
l
*
l
l
l
l
l
l
l
l
l
l
l
l
l
l
General security awareness;
User and customer security;
Security administration;
Security violation reporting;
Hardware and software security;
Systems design security;
Terminal and device related security;
Telecommunications security;
Physical security;
Personnel security;
Computer auditing;
Data security;
Risk assessment methodology;
Contingency and backup planning;
AIS security and Navy contractors;
Disaster recovery;
Security accreditation; and
Security test and evaluation.
From this list you can see that AIS security is a
complex area and requires many specialized skills and
knowledges. In addition, each member of the AIS
security staff is responsible for ensuring that you are
adequately trained in AIS security. Do you know the
name of your command ISSM? If not, seek him or her
out and find out what your responsibilities are, rather
than finding out the hard way through a bad experience.
That brings us to your responsibilities.
PERSONAL RESPONSIBILITY
You play an important role in the success of your
command’s security program. As we stated earlier,
security is everybody’s job, from seaman recruit to
admiral.
Do not leave listings unattended or files open for
unauthorized browsing. If you see a stranger in your
work area, it is your job to confront (challenge) that
individual regardless of his or her rate or rank, job title,
or status within or outside of your command. For the
most part, you know who is authorized to be in your
work area.
As a computer operator, you are responsible for
protecting hardware from fire, flood, sabotage, and
internal tampering. You are also concerned with
protecting applications software, systems software,
program and data files, and all forms of input and output
media with which you will be working.
If you are working in the magnetic media library,
you are responsible for protecting all library-related
equipment (tape/disk cleaners, tape degaussers,
tape/disk certifiers, and so on). If you are handling and
working with classified media and materials, you must
handle, store, and dispose of them in accordance with
established procedures. The same rules apply
regardless of what area you maybe working in; whether
you are a data entry operator, a control clerk in
production control (I/O), a computer programmer, or an
analyst. All positions require you to pay attention to
AIS security. The key word is protect.
Believe it or not, AIS security is not really that
difficult to understand, nor is it difficult to carry out.
Sixty-five percent of it is nothing more than using good
old common sense; the remaining thirty-five percent
comes from awareness that you get through proper
training.
Try thinking of AIS security and protecting its
related assets the same way you would protect your
home and personal effects. In AIS we are talking
millions of dollars, some of them yours. Think about
the kind of AIS security you would want to have
installed if that AIS facility were yours and what you
would do to protect all its assets.
From this point on, the rest is up to you. Stay alert,
keep your eyes and ears open to what is going on around
4-7
