Information Security Flashcards Preview

SPeD SFPC Certification > Information Security > Flashcards

Flashcards in Information Security Deck (71)
Loading flashcards...
1

What are the phases of the Information Security Program (ISP)?

Classification

Safeguarding

Dissemination

Declassification

Destruction

2

What is the purpose of the Information Security Program (ISP)?

Introduces the proper and effective way to:

-classify, protect and share information

-apply downgrading

-apply declassification instructions

-use authorized destruction methods

3

Information Security Policies

E.O. 13526

32 CFR 2; Parts 2001 and 2003 CNSI, Final Rule

DoDM 5200.01 v1-3

DoDI 5230.09

DoDI 5230.29

4

Name the two parts of National Security

National Defense

Foreign Relations

5

First Step of Classification

Determine if materials are controlled by the U.S. Government and if disclosure of the information could cause damage to national security

6

Classification Levels and Definitions

Levels - Top Secret, Secret and Confidential

Unauthorized disclosure may cause...

Top Secret - exceptionally grave damage

Secret - serious damage

Confidential - damage

7

What is required for access to classified information?

1. National security eligibility

2. Need-to-know

3. SF-312 Classified Information Nondisclosure Agreement

 

*Eligibility + Need-to-know + SF-312 = Authorized Access

8

What is Eligibility?

Determinations made by adjudicative authorities that examine a sufficient period of an individual’s life and background

9

What is Need-to-know?

- Determination that an individual needs access to classified in order to perform lawful and authorized governmental functions

- Determination made by an authorized holder of classified information (custodian)

10

What is an SF-312?

- Advises cleared employees of their responsibility to protect classified and the possible consequences of failure to protect

- Must be executed as a condition of access to classified information

11

Define Original Classification

Making an initial classification decision for government information

12

Who can make an original classification determination?

A designated Original Classification Authority (OCA)

13

Who can authorize an OCA?

President

Vice President

Agency Heads

Officials designated by the President *Authorized in writing

14

How are OCA duties delegated?

- OCA is delegated to a position, not an individual person!

- The person occupying the position that is granted OCA holds OCA authority

15

Of the categories in E.O. 13526, how many is each OCA responsible for?

Only one of the categories

16

What are the steps in the Original Classification Process?

1. Ensure information is official government information

2. Determine if information is eligible for classification

3. Determine if info could cause damage to national security

4. Assign level of classification

5. Determine how long the classification should last

6. Document the level of classification

7. Communicate decision

17

How does the OCA communicate classification decisions?

The SCG and properly marked source documents

18

Define Derivative Classification

The creation of new materials based on existing classification guidance

19

Who is responsible for derivatively classifying information?

All cleared personnel within the DoD

20

What are the responsibilities of Derivative Classifiers?

1. Respect the OCA’s initial classification

2. Apply required markings

3. Use authorized sources of classification guidance

4. Use caution when paraphrasing/restating classified information, as these can change the classification

5. Take steps to resolve doubts or conflicts about the classification/level/duration

21

Classification Concept: Contained In

- Derivative classifiers incorporate classified, word for word from an authorized source

- No additional interpretation or analysis is needed to determine the classification of that information

22

Classification Concept: Compilation

If compiled information reveals an additional association or relationship, but it is individually...

-Unclassified

-Classified at a lower level

-May be classified

-Classified at a higher level

23

Classification Concept: Revealed By

Classification is deduced from interpretation or analysis via paraphrased or restated information

24

What are the basic rules of Portion Marking?

- Complete before banner markings

- Indicate highest level of classification in every portion

- Place at beginning of the portion

- Utilize abbreviations

25

What are the basics of Banner Marking?

- Highest level of classification of the overall document

- Determined by highest level of any one portion

- Top and bottom of each page

- Classification level spelled out in all capital letters

26

What information is in the Derivative Classification Authority Block?

Classified By

Derived From

Downgrade To (if applicable)

Declassify On

 

*Block is placed on the face of each classified document near the bottom

27

What is the purpose of the SCG?

- Provide derivative classification instructions

- Facilitate proper and uniform derivative classification

28

Who issues the SCG?

The OCA

29

What basic information is provided in the SCG?

- Classification level for each element

- Reason for classification

- Duration of classification

- Applicable downgrading instructions

- Special control notices

- OCA contact information (front cover)

30

What are the four Authorized Storage Methods?

1. Authorized individual’s head

2. Authorized individual’s hands

3. GSA approved security container

4. Authorized information technology