The NRL IS Security Course Handbook

Computer Security Training and Awareness

For ISs which process classified information, proper training and awareness for the user are key integrity factors. Awareness by the end-user of good security techniques can cut down on security incidents. Security starts with the custodian of the machine.

Briefings and Training Requirements

Annual computer security briefings are available on the IS Security Group's web page for networked users and are sent to all NRL workers who use a computer not connected to NICENET. NRL uses an enhanced briefing form which is intended to provide both a registration vehicle and to meet the requirement for annual computer security training. All individuals who use a computer at NRL, contractor and Government employees alike, must read and return the web notice or the signed form sent with the briefing to be authorized to perform processing each year.
Briefings define what an IS is, identify the responsibilities of managers, users, and IS Security Group individuals, and describe storage requirements, processing modes, access controls, audit trails, and disaster recovery.

Navy Training Requirements Related to Annual Briefings

SECNAVINST 5239.2, Department of the Navy IS Security Program states:

"There shall be in-place, a Security Training and Awareness Program to provide training for the security needs of all persons accessing an IS, network or computer resource. The program shall ensure that all persons responsible for an IS, network, computer resource and/or the information contained therein and all persons who must access them are aware of proper operational and security- related procedures and risks. In addition, periodic security awareness training will be provided to all personnel. At a minimum, the program shall meet the requirements of the Computer Security Act of 1987."

Section 5 General IS Security Requirements.

"d. IS security training must be given to each new user of a computer, and refresher training must be given periodically to all personnel involved with use or operation of a computer. Such training should include security, emergency, and fire procedures as appropriate."

Additional Briefing Notes for ISs Which Process Classified Information:

1. At NRL, the annual briefings (available on the IS Security Web Page) are written so as to also provide refresher training in accordance with annual training requirements.

2. The IS System Manager will ensure a list of personnel with classified processing authorization is provided to the IS Security Office.