LANGLEY AIR FORCE BASE, Va. –
Lt. Gen. John L. Woodward Jr. said it best: "Information assurance is about enabling warfighters to leverage the power of information to conduct missions successfully."
This is the general concept; however, our enemies will look for every opportunity to use this information against us. We must deny them this opportunity by continuously safeguarding information and the information systems on which it's stored and conveyed.
Information assurance is everyone's responsibility. Whether on the flightline or in the gym, chances are, Airmen have access to information that our enemies shouldn't. Network users must be aware of the importance of their role in protecting our nation's warfighting capability.
There are five objectives to information assurance:
· Confidentiality ensures information isn't disclosed to unauthorized individuals, entities or processes
· Integrity ensures information hasn't been modified during transmission or processing
· Availability means information services are available when you need them
· Nonrepudiation ensures the sender receives proof of delivery and the recipient verifies the sender's identity so neither can deny processing the data
· Authentication is a security measure designed to establish the validity of a transmission, message or originator. It's also a way of verifying an individual's authorization to receive specific categories of information
Here are a few suggestions to reduce the chance of compromising information:
· Protect access to information and don't share passwords
· Be aware of surroundings and report suspicious behavior such as "shoulder surfing," also known as looking over someone's shoulder, or unauthorized access to sensitive or classified information
· When in doubt, don't discuss concerns with coworkers; contact security managers or other authorized personnel
· Always remove common access cards when leaving computers unattended
· Be aware of and don't fall victim to social engineering
Social engineering is the practice of obtaining information by manipulation of legitimate users. One example of social engineering is "phishing." Phishing is an Internet e-mail scam that tricks users into revealing personal information to include social security numbers, bank account numbers and passwords. These e-mails look official and may request a reply including official information. These e-mails may also direct users to an official-looking Web site where they will be asked to provide personal information. Once users provide the information, they could become victims of credit card fraud, identity theft and potentially compromise the network they are using.
Here are some ways to avoid becoming a victim of social engineering:
· Never give passwords or personal identification numbers to anyone for any reason Remember: legitimate organizations won't ask for this information - especially by telephone or e-mail.
· Don't give out personal information or other employees' personal information to include names, addresses, duty titles and phone numbers
· Don't respond to questions from telephone or e-mail surveys
· Verify the authenticity of the call or e-mail
· Don't give out details about information systems, including dial-in phone numbers, private Web sites and private e-mail addresses, to unauthorized users
· Never use a passwords suggested by another individual
Remember: information assurance is everyone's responsibility.