Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Solutions Group

Published byHolden Dowers Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Solutions Group"— Presentation transcript:

1 Security Solutions Group
COMSEC Awareness Training

2 Why Are You Here? You are here because your current position has a bearing on the safeguarding of Communications Security (COMSEC) Equipment, Systems, or Materials.

3 Elements of COMSEC

4 Transmission Security
Transmission Security or TRANSEC is the part of COMSEC that includes all measures taken to protect information from interception and exploitation while being electronically transmitted.

5 Types of Transmissions
Radio: The most widely used form of electronic transmission. No matter the type of end equipment in use, in most cases at some time between transmittal and receipt, radio signals are used for delivery. Because radio signals are sent out through the open air, they are one of least secure forms of transmission.

6 Types of Transmissions
Telephone: One of the most widely used, and most convenient forms of communication. Not only are telephone lines used for voice communications, but data is also transferred over these lines. Telephone lines are easily tapped, making the phone a very unsecure form of communication.

7 Types of Transmissions
Cell Phones: Very popular and widely used today. However they are even less secure than regular phones because their transmissions can be picked up just like radio signals.

8 Types of Transmissions
This has become one of the most widely used forms of communications, and one of the greatest risks to the security of classified and sensitive information.

9 Types of Transmissions
Messages sent via can be easily intercepted or can be found stored on servers and copied. There are some methods for protecting s but currently none are approved for protecting classified data.

10 Types of Transmissions
Face to Face: This is when two or more parties meet and talk with each other. Hand Delivery: This is when data in written or hardcopy form is hand carried from point of transmission to point of receipt. NOTE: The security of face to face and hand delivery transmissions is totally dependent on the parties communicating.

11 Types of Transmissions
US Postal & Courier Services: This is when data or materials are transferred through certified mail or hand delivered by bonded couriers. In most cases this is a very secure means of communication, but is not useful when time constraints exist.

12 Cryptographic Security
Cryptographic Security or Cryptosecurity is the part of COMSEC that includes the design, implementation, protection and use of technically sound cryptographic systems.

13 Cryptographic Security
Cryptographic Security includes correctly applying encryption equipment to protect voice and data communications. When properly applied, encryption can secure all electronic transmission.

14 Cryptographic Security
Includes the development of Key Management Plans and Procedures that provide instructions for the operation and protection of the Cryptographic devices and their key material.

15 Cryptographic Security
Includes all measures taken to ensure only authorized personnel install, operate and perform maintenance on cryptographic devices.

16 Physical Security Physical security is the part of COMSEC that results from taking all measures necessary to physically safeguard all COMSEC classified and sensitive materials and information.

17 Physical Security Includes Storage Facilities And Security Containers

18 Physical Security Storage of Classified Materials:
The storage requirement for items classified as Secret and Confidential is preferably a Class B vault. When necessary, such items can be stored in a GSA approved security container

19 Physical Security Storage of FOUO and SBU
These items may be stored using the same methods as classified materials. When other methods are not available, a filing cabinet equipped with a locking bar and GSA changeable combination lock is the most preferable. However, in most cases it is acceptable to use any lockable container or room, but you should check with your RCO.

20 Physical Security Badges, Guards And Alarm Systems
It includes applying methods to ensure only authorized persons have access to classified, sensitive and COMSEC materials and information. These methods include but are not limited to: Badges, Guards And Alarm Systems

21 Physical Security It includes the proper handling and accounting for all classified, sensitive or COMSEC information/materials on a continuous basis. Inventories of these materials must be taken once per shift, whenever the storage container is opened, or at a minimum of once a week, when the container remains closed.

22 Physical Security Whenever classified, sensitive or COMSEC materials are remove from storage, the person removing these materials or information must maintain constant control or surveillance over them.

23 Physical Security No matter how important a task may be, if it involves classified, sensitive or COMSEC materials or information: You may NEVER take it home or away from its secure area to be completed.

24 Physical Security Includes the proper disposal of classified
and sensitive materials and information no longer needed. Some approved methods of destruction are:

25 Physical Security The proper disposal of classified and sensitive materials and information in electronic form is some what different. Two methods are:

26 Physical Security Most of you will not be performing the destruction of the materials. Most of you will place them in either a Burn Bag or a Classified/Sensitive Trash Receptacle.

27 Physical Security The destruction of COMSEC materials is even more strict than those of other classified materials. For this reason, there are even fewer personnel authorized to perform this destruction. For more information contact your RCO.

28 Emissions Security Emissions Security is the part of COMSEC that denies unauthorized persons the ability to derive classified/ sensitive information from the interception of unintentional emanations.

29 Emissions Security All electronic equipment produces and radiates RF signals.

30 Emissions Security How do we control these radiated RF signals from being intercepted by unauthorized parties? TEMPEST Rated 1. We use TEMPEST rated equipment. 2. We use Red/Black separation. 3. We shield and filter our facilities and sensitive areas.

31 Information Classifications
Information is classified based on the amount of damage it could cause if disclosed to the wrong parties.

32 Information Classifications
Top Secret This classification is given to information when its loss or compromise would cause exceptionally grave damage to the security of United States. Secret This classification is given to information when its loss or compromise would cause serious damage to the security of the United States. Confidential This classification is given to information when its loss or compromise would cause damage to the security of the United States.

33 Information Classifications
For Official Use Only This classification is given to information when its loss or compromise would pose a threat to the operations or missions of the Classifying Agency. Sensitive But Unclassified COMSEC This classification is given to COMSEC information that is not classified but its loss or compromise would pose a threat to the operations or missions of the holding agency.

34 Disclosure of Information
Disclosure of information, quite simply is when information passes from one party to another. When dealing with classified, sensitive or COMSEC information, it is the responsibility of the party possessing the information to ensure it is not disclosed to parties who do not have a need for or a right to the information.

35 Authorized Disclosure
Disclosure of classified, sensitive or COMSEC information is authorized only when the party receiving the information has the proper clearance or background check, can be properly identified and has a need to know. Need to Know does not mean, because a person holds a high management position, he or she automatically needs access to the information.

36 Unauthorized Disclosure
Unauthorized disclosure of classified, sensitive or COMSEC information is when the party receiving the information does not have the proper clearance or in most cases a need to know. In most cases, unauthorized disclosures are unintentional and due to poor planning or a failure to think by the possessing party.

37 Unaware of Surroundings
One of the leading causes of unintentional disclosures is simply people not being aware of what is happening around them. Discussing classified, sensitive or COMSEC information when you are unsure or unaware of your surroundings can quickly lead to this information being disclosed to the wrong people.

38 Awe Of Position We all want to please our management, and work very hard each day to do so. We must remember, just because they are our supervisors, we can’t always give them the information they request. If a higher-up requests anything that is classified, sensitive or COMSEC in nature, we must make sure they meet all the requirements for access to this information just like everyone else.

39 Trapped by Time When ever we feel rushed, or have a deadline that we can’t see ourselves making, we tend to cut corners. When we are in this type of situation and working with classified, sensitive or COMSEC information, the corners we cut could very likely lead to an unintentional disclosure. We must remember when working with classified, sensitive or COMSEC information, the job must be done by the book, no matter how long it takes.

40 Emotional Hazard Emotions play a very big part in our lives, and affect each of us on a daily basis. When we let emotions cloud our thinking, the classified, sensitive or COMSEC information we are working with is at risk of an unintentional disclosure. Note: Emotions are one of the most difficult of all the unintentional disclosure risks to control.

41 Security Incidents Security Incidents are events or incidents that may jeopardize the security of any of the COMSEC Elements, classified or sensitive information or materials.

42 Security Incidents Security incidents can be broken into three categories that are: Personnel Physical Cryptographic

43 Personnel Security Incidents
Personnel security incidents are events or incidents that involve acts of espionage and sabotage, or the willful or unwillful disclosure of information to hostile or foreign agents by personnel having authorized access to the information.

44 Physical Security Incidents
Physical security incidents occur when the control over classified, sensitive, and/or COMSEC equipment, materials or information is lost.

45 Cryptographic Security Incidents
Cryptographic security incidents are willful or unwillful actions or inactions that place any element of a Cryptosystem in jeopardy of compromise.

46 Security Incidents Also includes: Reporting the incident
Correcting the problem Investigating the cause Performing preventive measures

47 Reporting the Incident
Any event or incident that jeopardizes any of the COMSEC Elements, classified or sensitive information or materials must be reported immediately.

48 Reporting the Incident
We must be careful when reporting an incident, because, on most occasions, the initial report will be made over some type of unsecure means of communications. Don’t Report in This Manner I left the safe open and now I can’t find the Crypto Keys! Do Report in this Manner I have an issue, could you come see me!

49 Correcting the Problem
The first priority is to correct the problem. This could mean anything from: Securing an unsecure area or container To taking the affected equipment or system out of service

50 Incident Investigation
The RCO and CAM will perform an investigation into the cause of the incident. All involved persons are expected to cooperate fully with the investigation.

51 Incident Investigation
The investigation determines the severity of the incident. There four levels of severity: COMPROMISE Compromise Not Ruled Out Compromise Improbable Dangerous Practice

52 Preventive Measures Preventive Measures are anything performed to help stop a reoccurrence of the same type of incident. Changing Procedures Personnel Changes Arrest and Conviction

53 Conclusion This concludes the COMSEC Awareness Training.
If you have any further questions with regard to the protection of COMSEC, classified and sensitive information and materials, contact your Responsible COMSEC Officer.

Download ppt "Security Solutions Group"

Similar presentations

Merlin RAMCo Inc. 2012 Initial Security Education.

Merlin RAMCo Inc Initial Security Education.
CRYPTO Users Briefing.

CRYPTO Users Briefing.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Training. What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It provides the ability to transfer.

HIPAA Training. What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in It provides the ability to transfer.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Department of the Navy Information Security Program

Department of the Navy Information Security Program
MU Building Emergency Coordinator Training

MU Building Emergency Coordinator Training
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!

HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!
UNCLASSIFIED1 COMSEC BRIEFING Having been selected to perform duties which will require access to classified COMSEC information, it is essential you be.

UNCLASSIFIED1 COMSEC BRIEFING Having been selected to perform duties which will require access to classified COMSEC information, it is essential you be.
COMSEC (Communications Security)

COMSEC (Communications Security)
CASH HANDLING Training Presentation

CASH HANDLING Training Presentation
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”

1 Cash Handling – It’s my job Whether you take in lots of money or … you collect “pennies”
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Virginia Army National Guard Personnel Security

Virginia Army National Guard Personnel Security

Similar presentations

Ads by Google