Intel 101

  1. 101.1 Discuss the concept of ORM
    • - A decision-making tool used by personnel at all levels to increase effectiveness by identifying, assessing, and managing risks.
    • - Increases Navy's ability to make informed decision by providing a standardized ORM process.
    • - Minimizes risks to acceptable levels to accomplish the mission.
    • - Applies on/off duty, 24/7/365.
  2. 101.1 What are the 3 levels of ORM?
    • 1. In-depth - ample time to apply the ORM process to the fullest; thorough research and analysis, testing, etc. available
    • 2. Deliberate - ample time to apply ORM process to obtain the "best" answer for mission or task
    • 3. Time critical - used on daily basis; lack of time for analysis
  3. 101.1 What are the 4 principles of ORM?
    • 1. Accept risk when benefits outweigh the cost
    • 2. Accept no unnecessary risk
    • 3. Anticipate and Manage risk by planning
    • 4. Make risk decisions at the right level (who can make decision on the risk)
  4. 101.2 What are the 5 steps of ORM?
    • 1. Identify the hazards
    • 2. Assess the hazards
    • 3. Make risk decision
    • 4. Implement controls
    • 5. Supervise (and refine)
  5. 101.2 Explain Step 1 of ORM
    • 1. Identify the hazards
    • - a hazard is any condition with the potential to negatively impact mission accomplishment or cause injury, death, or property damage.
    • - Should have the larger portion of the time allotted (can't manage if unknown).
  6. 101.2 Explain Step 2 of ORM
    • Assess the Hazards
    • - determine the associated degree of risk in terms of probability and severity
    •  Severity Description
      Catastrophic I Loss of ability to accomplish mission; death or disability
      Critical II Significantly degraded mission capability, partial disability or severe injury
      Moderate III  Degraded mission capability, minor injuries 
      Negligible IV Little to no advers effect

    Probability Description
    A Frequent to occur
    B Likely
    C Occasionally
    D Seldom
    E Unlikely
  7. 101.2 Explain Step 3 of ORM
    • Make Risk Decisions
    • Three basic actions to lead to making informed decision:
    • - Identify Control Options - develope 1 or more control options (engineering, administrative, or physical)
    • -Determine control effects
    • - Make risk Decision - are the controls enough to continue
  8. 101.2 Explain Step 4 of ORM
    • Implement Controls
    • -Communicate plan clearly, act on what has been decided, and continue
  9. 101.2 Explain Step 5 of ORM
    • Supervise
    • -Supervise the controls in order to determine effectiveness. Review as necessary.
    • Three actions required:
    • 1. Monitor effectiveness
    • 2. determine the need for further assessment
    • 3. capture lessons learned
  10. 101.3 Explain the risk assessment matrix and how Risk assessment codes are assigned
    Image Upload 1
  11. 101.4 Discuss the fundamentals of Personnel Security
    • Relates to the personnel, and need to know regarding classified information.
    • Does the person have a clearance? Do they have a need to know? etc.
    • Personnel undergo background investigation to determine if eligible to hold a clearance, and are adjudicated following a favorable result.
  12. 101.4 Discuss the fundamentals of Information Security
    Ensure the information is classified and shared at the appropriate levels

    • Information is classified per 4 levels:
    • 1. Unclassified
    • 2. Confidential - cause damage to the national security.
    • 3. Secret - serious damage to the national security.
    • 4. Top Secret - exceptionally grave damage to the national security

    Information can be further restricted into SCI
  13. 101.4 Discuss the fundamentals of Physical Security
    Ensure the information/space is properly secured, meets security standards, prevents access of unauthorized personnel, etc.
  14. 101.4 Discuss the fundamentals of Communications Security
    Utilizing appropriate channels to discuss classified information
  15. 101..5 Define and discuss security classification levels, receipt, custody, document
    markings and handling requirements for the following:
    a. TOP SECRET, SECRET, CONFIDENTIAL
    b. U//FOUO
    c. SCI
    d. SAP
    e. SPECAT
    f. Allied Information/NATO Control Documents
    self explanatory
  16. .6 Discuss the difference between a classification marking, releaseability and handling
    instructions.
  17. .7 Define and discuss how to find authorized document markings and explain the
    below:
    a. NOFORN
    b. REL TO USA, (eg. FVEY, ACGU)
    c. RELIDO
    d. ORCON
    e. PROPIN
    f. IMCON
    g. RSEN
    h. GAMMA
    i. HCS
    j. Downgrading and declassification instructions
  18. .8 Discuss Original Classification Authority and what organizations have this authority.
    • SecNav and officials delegated the authority.
    • For TS - SECNAV personally designates certain officials
    • For S - SECNAV authorizes the CNO to designate certain officials
  19. .9 Discuss derivative classification authorities and downgrade/declassification
    procedures.
    Individual who do not have OCA and must base their classification based on the highest classification the sources used.
  20. .10 Explain the process for determining declassification dates and how these are
    marked in the overall classification line.
    • Automatic declassification:
    • all classified records auto declass on 31 December of the year that is 25 years from date of the original classification

    Systematic - review for declassification of classified info contained in records that have been determined by the archivist of the US to have permanent historical value.

    Mandatory - review in response to a request that meets the requirement.

    Downgrade - information may be requested to be downgraded if certain conditions are met, or if the relevant event/info has passed.
  21. .11 Describe classified destruction procedures to include classified documents and
    media.
    Shredding (NSA approved shredders), wet pulping, mutilation, burn, chemical reduction, etc.
  22. .12 Explain the purpose of your Command Emergency Action/Destruction Plan.
    Emergency action plan in event of event that may result in likely loss or compromise of classified information. I.e. natural disaster, enemy overrun, civil unrestStart with highest classification first - Crypto/SAP, TS / SI, S, C
  23. .13 Define and discuss the following:
    a. Access
    b. Eligibility
    c. Need-to-know
    • Access - personnel shall be investigated and adjudicated eligibility. HICE or designees may grant SCI access after:
    • -Pre-nomination interview
    • -validation of need to know
    • -favorable determination of eligibility
    • -signing non disclosure
    • -complete SCI indoc

    • Eligibility
    • -US citizen
    • -of sound character and unquestionably loyal to US
    • -person or close relatives be free from any potential coercion from family members with ties to foreign nationals

    • Need to know:
    • does person have a legit reason and need to know for the success of a mission
  24. .13 Define and discuss the following:
    d. Transmission security
    e. Working papers
    f. Unauthorized SCI Disclosures
    g. Protection of sources and methods
    • Transmission security
    • are the channels and methods used to transmit classified information appropriate for the classification level (no TS on GENSER)

    • Working papers
    • notes, working paragraphs, other items used in creating final intel products but not meant for dissemination itself.

    • Unauthorized SCI disclosure
    • sharign SCI information with individuals that do not have access. Report immediately to chain of command

    • Protection of source/methods
    • main reason things are classified as such. Vital to intel; burned source is a dead source
  25. .14 Describe proper classified transportation and transmission modes to include
    procedures for using Defense Courier Service.
     Method  TS  S  C
     Def Courier  Y  Y
     State Dep Courier  Y  Y  
    Clr Mil, Civ, Comm Air/ship Y Y  Y
     Crypto System Y  Y
     Protected Distro Sys Y  Y
     DoD Approved contractor   Y  Y
     USPS register/express main  N   
    USPS Certified/first class N  
  26. .15 Discuss the difference between the SSO and Security Manager.
    SSO deals with SCI

    Security manager deals with GENSER
  27. .16 Define both a loss and a compromise of classified material, and the steps taken in
    the event you discover either has occurred.
    loss - can not physically account for the information. It may or may not be compromised

    Compromise - unauthorized disclosure to person(s) who does not have authorized access, valid clearance, or need to know.

    Report to chain of command and Security manager/SSO. GO up one step if CoC is suspected to be involved.
  28. .17 Discuss the duties of a command Information Assurance Manager, to include
    spillage procedures.
    responsible for the information assurance program

    Spillage - report to CoC, Security Manager/SSO. GO up one on CoC if CoC is involved.
  29. .18 Discuss the various functions of a STE to include establishing secure
    communications, proper clearance levels, key control and custodian
    responsibilities.
    • newest voice/video comms.
    • it's for use on the Integrated Services Digital Network.
    • Consist of host terminal and security core.
    • Host terminal provides hardware and software
    • Security core is KSV-21 crypto card that provides the security aspects.
Author
dundane
ID
355417
Card Set
Intel 101
Description
Updated