Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMSEC Awareness Training Security Solutions Group.

Similar presentations


Presentation on theme: "COMSEC Awareness Training Security Solutions Group."— Presentation transcript:

1 COMSEC Awareness Training Security Solutions Group

2 Why Are You Here? You are here because your current position has a bearing on the safeguarding of Communications Security (COMSEC) Equipment, Systems, or Materials.

3 Security Solutions Group Elements of COMSEC

4 Security Solutions Group Transmission Security Transmission Security or TRANSEC is the part of COMSEC that includes all measures taken to protect information from interception and exploitation while being electronically transmitted.

5 Security Solutions Group Types of Transmissions Radio: The most widely used form of electronic transmission. No matter the type of end equipment in use, in most cases at some time between transmittal and receipt, radio signals are used for delivery. Because radio signals are sent out through the open air, they are one of least secure forms of transmission.

6 Security Solutions Group Types of Transmissions Telephone: One of the most widely used, and most convenient forms of communication. Not only are telephone lines used for voice communications, but data is also transferred over these lines. Telephone lines are easily tapped, making the phone a very unsecure form of communication.

7 Security Solutions Group Types of Transmissions However they are even less secure than regular phones because their transmissions can be picked up just like radio signals. Cell Phones: Very popular and widely used today.

8 Security Solutions Group Types of Transmissions Email: This has become one of the most widely used forms of communications, and one of the greatest risks to the security of classified and sensitive information.

9 Security Solutions Group Types of Transmissions Messages sent via email can be easily intercepted or can be found stored on servers and copied. There are some methods for protecting emails but currently none are approved for protecting classified data.

10 Security Solutions Group Types of Transmissions Face to Face: This is when two or more parties meet and talk with each other. Hand Delivery: This is when data in written or hardcopy form is hand carried from point of transmission to point of receipt. NOTE: The security of face to face and hand delivery transmissions is totally dependent on the parties communicating.

11 Security Solutions Group Types of Transmissions US Postal & Courier Services: This is when data or materials are transferred through certified mail or hand delivered by bonded couriers. In most cases this is a very secure means of communication, but is not useful when time constraints exist.

12 Security Solutions Group Cryptographic Security Cryptographic Security or Cryptosecurity is the part of COMSEC that includes the design, implementation, protection and use of technically sound cryptographic systems.

13 Security Solutions Group Cryptographic Security Cryptographic Security includes correctly applying encryption equipment to protect voice and data communications. When properly applied, encryption can secure all electronic transmission.

14 Security Solutions Group Cryptographic Security Includes the development of Key Management Plans and Procedures that provide instructions for the operation and protection of the Cryptographic devices and their key material.

15 Security Solutions Group Cryptographic Security Includes all measures taken to ensure only authorized personnel install, operate and perform maintenance on cryptographic devices.

16 Security Solutions Group Physical Security Physical security is the part of COMSEC that results from taking all measures necessary to physically safeguard all COMSEC classified and sensitive materials and information.

17 Security Solutions Group Physical Security Includes Storage Facilities And Security Containers

18 Security Solutions Group Physical Security Storage of Classified Materials: The storage requirement for items classified as Secret and Confidential is preferably a Class B vault. When necessary, such items can be stored in a GSA approved security container

19 Security Solutions Group Physical Security Storage of FOUO and SBU These items may be stored using the same methods as classified materials. When other methods are not available, a filing cabinet equipped with a locking bar and GSA changeable combination lock is the most preferable. However, in most cases it is acceptable to use any lockable container or room, but you should check with your RCO.

20 Security Solutions Group Physical Security It includes applying methods to ensure only authorized persons have access to classified, sensitive and COMSEC materials and information. Badges,Guards And Alarm Systems These methods include but are not limited to:

21 Security Solutions Group Physical Security It includes the proper handling and accounting for all classified, sensitive or COMSEC information/materials on a continuous basis. Inventories of these materials must be taken once per shift, whenever the storage container is opened, or at a minimum of once a week, when the container remains closed.

22 Security Solutions Group Physical Security Whenever classified, sensitive or COMSEC materials are remove from storage, the person removing these materials or information must maintain constant control or surveillance over them.

23 Security Solutions Group Physical Security No matter how important a task may be, if it involves classified, sensitive or COMSEC materials or information: You may NEVER take it home or away from its secure area to be completed.

24 Security Solutions Group Physical Security Includes the proper disposal of classified and sensitive materials and information no longer needed. Some approved methods of destruction are:

25 Security Solutions Group Physical Security The proper disposal of classified and sensitive materials and information in electronic form is some what different. Two methods are:

26 Security Solutions Group Physical Security Most of you will not be performing the destruction of the materials. Most of you will place them in either a Burn Bag or a Classified/Sensitive Trash Receptacle.

27 Security Solutions Group Physical Security The destruction of COMSEC materials is even more strict than those of other classified materials. For this reason, there are even fewer personnel authorized to perform this destruction. For more information contact your RCO.

28 Security Solutions Group Emissions Security Emissions Security is the part of COMSEC that denies unauthorized persons the ability to derive classified/ sensitive information from the interception of unintentional emanations.

29 Security Solutions Group Emissions Security All electronic equipment produces and radiates RF signals.

30 Security Solutions Group Emissions Security How do we control these radiated RF signals from being intercepted by unauthorized parties? 1. We use TEMPEST rated equipment. 2. We use Red/Black separation. 3. We shield and filter our facilities and sensitive areas. TEMPEST Rated

31 Security Solutions Group Information Classifications Information is classified based on the amount of damage it could cause if disclosed to the wrong parties.

32 Security Solutions Group Information Classifications Top Secret This classification is given to information when its loss or compromise would cause exceptionally grave damage to the security of United States. Secret This classification is given to information when its loss or compromise would cause serious damage to the security of the United States. Confidential This classification is given to information when its loss or compromise would cause damage to the security of the United States.

33 Security Solutions Group Information Classifications For Official Use Only This classification is given to information when its loss or compromise would pose a threat to the operations or missions of the Classifying Agency. Sensitive But Unclassified COMSEC This classification is given to COMSEC information that is not classified but its loss or compromise would pose a threat to the operations or missions of the holding agency.

34 Security Solutions Group Disclosure of Information Disclosure of information, quite simply is when information passes from one party to another. When dealing with classified, sensitive or COMSEC information, it is the responsibility of the party possessing the information to ensure it is not disclosed to parties who do not have a need for or a right to the information.

35 Security Solutions Group Authorized Disclosure Disclosure of classified, sensitive or COMSEC information is authorized only when the party receiving the information has the proper clearance or background check, can be properly identified and has a need to know. Need to Know does not mean, because a person holds a high management position, he or she automatically needs access to the information.

36 Security Solutions Group Unauthorized Disclosure Unauthorized disclosure of classified, sensitive or COMSEC information is when the party receiving the information does not have the proper clearance or in most cases a need to know. In most cases, unauthorized disclosures are unintentional and due to poor planning or a failure to think by the possessing party.

37 Security Solutions Group Unaware of Surroundings One of the leading causes of unintentional disclosures is simply people not being aware of what is happening around them. Discussing classified, sensitive or COMSEC information when you are unsure or unaware of your surroundings can quickly lead to this information being disclosed to the wrong people.

38 Security Solutions Group Awe Of Position We all want to please our management, and work very hard each day to do so. We must remember, just because they are our supervisors, we can’t always give them the information they request. If a higher-up requests anything that is classified, sensitive or COMSEC in nature, we must make sure they meet all the requirements for access to this information just like everyone else.

39 Security Solutions Group Trapped by Time When ever we feel rushed, or have a deadline that we can’t see ourselves making, we tend to cut corners. When we are in this type of situation and working with classified, sensitive or COMSEC information, the corners we cut could very likely lead to an unintentional disclosure. We must remember when working with classified, sensitive or COMSEC information, the job must be done by the book, no matter how long it takes.

40 Security Solutions Group Emotional Hazard Emotions play a very big part in our lives, and affect each of us on a daily basis. When we let emotions cloud our thinking, the classified, sensitive or COMSEC information we are working with is at risk of an unintentional disclosure. Note: Emotions are one of the most difficult of all the unintentional disclosure risks to control.

41 Security Solutions Group Security Incidents Security Incidents are events or incidents that may jeopardize the security of any of the COMSEC Elements, classified or sensitive information or materials.

42 Security Solutions Group Security Incidents Security incidents can be broken into three categories that are: PersonnelPhysicalCryptographic

43 Security Solutions Group Personnel Security Incidents Personnel security incidents are events or incidents that involve acts of espionage and sabotage, or the willful or unwillful disclosure of information to hostile or foreign agents by personnel having authorized access to the information.

44 Security Solutions Group Physical Security Incidents Physical security incidents occur when the control over classified, sensitive, and/or COMSEC equipment, materials or information is lost.

45 Security Solutions Group Cryptographic Security Incidents Cryptographic security incidents are willful or unwillful actions or inactions that place any element of a Cryptosystem in jeopardy of compromise.

46 Security Solutions Group Security Incidents Also includes: Reporting the incident Investigating the cause Correcting the problem Performing preventive measures

47 Security Solutions Group Reporting the Incident Any event or incident that jeopardizes any of the COMSEC Elements, classified or sensitive information or materials must be reported immediately.

48 Security Solutions Group Reporting the Incident Don’t Report in This Manner I left the safe open and now I can’t find the Crypto Keys! Do Report in this Manner I have an issue, could you come see me! We must be careful when reporting an incident, because, on most occasions, the initial report will be made over some type of unsecure means of communications.

49 Security Solutions Group Correcting the Problem The first priority is to correct the problem. This could mean anything from: To taking the affected equipment or system out of service Securing an unsecure area or container

50 Security Solutions Group Incident Investigation The RCO and CAM will perform an investigation into the cause of the incident. All involved persons are expected to cooperate fully with the investigation.

51 Security Solutions Group Incident Investigation The investigation determines the severity of the incident. There four levels of severity: Dangerous PracticeCompromise ImprobableCompromise Not Ruled OutCOMPROMISE

52 Security Solutions Group Preventive Measures Preventive Measures are anything performed to help stop a reoccurrence of the same type of incident. Changing Procedures Personnel Changes Arrest and Conviction

53 Security Solutions Group Conclusion This concludes the COMSEC Awareness Training. If you have any further questions with regard to the protection of COMSEC, classified and sensitive information and materials, contact your Responsible COMSEC Officer.


Download ppt "COMSEC Awareness Training Security Solutions Group."

Similar presentations


Ads by Google