lessen damage or assist recovery. The action phase
includes the steps to be taken after a successful attack
or adverse event to minimize the cost and disruption to
the AIS environment.
SCOPE OF AIS SECURITY
As the Navy has become increasingly dependent on
the use of AIS for its payroll, supply functions, tactical
information, and communications, the need to protect
AIS assets has taken on greater importance. Risk
management is an ongoing effort. Whether you are in a
large AIS facility with a full-time information system
security manager (ISSM) or a facility where the
functions of the ISSM are a collateral duty, your
installation will have established security measures to
protect its AIS assets.
The five areas of consideration for the Navy’s AIS
security program are hardware (I), data (II), human
resources (III), software (IV), and communications
(COMM) (V). These are shown in figure 4-7. Because
each AIS facility is different, each facility has its own
AIS security risk management program. You’ll be
responsible for following the requirements of your
facility’s AIS security program.
In the next paragraphs, you will learn about
management responsibilities, your responsibilities,
physical security measures, and data security measures.
Again, our goal in AIS security is to prevent or
minimize the opportunity for modification, destruction,
disclosure, or denial of service.
MANAGEMENT RESPONSIBILITY
AIS security is everyone’s responsibility, and only
the commanding officer (CO) can ensure that AIS
security receives the support required at every level.
The success of your command’s AIS security program
depends upon the support of the CO. The CO and the
AIS security staff are responsible for taking the
necessary steps to provide an adequate level of security
for all AIS-related activities, automated information
systems, and networks, including those developed,
operated, maintained, or provided by contractors.
Each AIS facility has an information system
security manager (ISSM). His or her primary duty is to
serve as the single point of contact for all matters
relating to AIS security at your command. The ISSM
usually reports directly to the CO. Now, let’s talk a little
about the security staff.
Figure 4-7.—Department of the Navy AIS security areas.
4-6
