Sie sind auf Seite 1von 22

Managing the Security of

Information
MEMBERS:
Datulayta, Carelle Mae
Desales, Tennessie I.
Directo, Joan May
Donoga, Myra Royce Jean C.
Information Security

 “closing the window of exposure”


 The sum of all policies, regulation, practices enforce to
safeguards the contents and integrity of any classified
information or document from compromise or loss.
 Access to information security is based on the required
broad principles known as C-I-A TRIAD.
C-I-A TRIAD

1. Confidentiality- the assurance that information is accessible onl to


those authorized to have access
2. Integrity- the assurance that information and processing are
accurate and complete.
3. Availability- the assurance that authorized users have access to
information and associated assets when needed.
Purpose of Protecting Classified
Materials
1. Deter and impede potential spy
2. Assist in security investigations by keeping accurate records of the
moments of classified materials
3. Enforcer the use of “Need to Know” principle
2 KINDS OF DOCUMENT

1. PERSONAL – letters, diary and notebooks. These should be treated


usually the same with official document.
2. OFFICIAL- orders, manuals, letters, overlays, maps and magazines.
You may be careful and follow the chain of command.
DOCUMENT/INFORMATION CYCLE

-each document or information has a life cycle in the sense


that its usefulness has beginning and an end. It is created and then
disposed.

This cycle is consist of:


1. Creation 5. Retention/Purging
2. Classification 6. Transfer
3. Storage 7. Disposition
4. Retrieval
Categories of Documents
1. CATEGORY A
• Information which contains reportable time sensitive, order of battle and
significant information.
• It should be given priority because it is critical information.
• It must be forwarded without delay.
• It is critical to friendly operations.
• It requires immediate action.
2. CATEGORY B
• Anything that contains communications, cryptographic documents, or
systems that should be classified a secret and requires special handling.
• Higher authorities should declassify it.
Categories of Documents
3. CATEGORY C
• Other information, which contains something that, could be an
intelligence value.
• Contains exploitable information regardless of its contents.
• Unscreened materials/documents should be categorize as
Category C.
4. CATEGORY D
• No value, yet lower level will never classify documents as
category D.
• No decisions must be made at the lower echelon that
document has no value. It is the responsibility of eh higher
headquarters.
3 SECURITY CONCEPTS

1. Personnel are the weakest link in the security chain.


2. Training is important to make security personnel
conscious and realize the value of document.
3. Training is necessary for the practice of “Need to Know”
principle.
4 TYPES OF CLASSIFIED MATTER
1. TOP SECRET (Green color code) – is any information and materials the
unauthorized disclosure of it would cause exceptionally grave damage to
the nation, politically, economically and military operation.
2. SECRET (Red color code) – is any information and material, the unauthorized
disclosure of it would endanger national security cause serious injury to the
interest or prestige of the nation or any governmental activity or advantage
to foreign nation.
3. CONFIDENTIAL(Blue color code) – is any information or material, the
unauthorized disclosure of it would be prejudicial to the interest and
prestige of the national or governmental activity or would cause
embarrassment or unwanted injury to and be of advantage and be
advantage to a foreign country.
4. RESTRICTED(White or No color code)- is any information and material which
requires special protection other than those determines confidential, secret
and top secret.
RULES OF CLASSIFICATION OF
DOCUMENTS
1. Documents shall be classified according to their
content.
2. The overall classification of a file or of a group of
physically connected therein. Pages, paragraphs,
sections or components thereof may bear different
classifications. Documents separated from file or group
shall be handled in accordance with their individual
classification.
3. Transmittal of documents or endorsements which do not
contain classifies information or which contain information
classified lower than that of the preceding element or
enclosure shall include a notation for automatic downgrading.
4. Correspondence, indexes, receipts, reports of possession
transfer or destruction, catalogs, or accession list shall not be
classify if ay reference to classified matter does not disclosed
classified information.
5. Classified matter obtained from other department shall retain
the same original classification.
PROTECTION OF INSENSITIVE
INFORMATION
Proprietary Information is information that in some special was
relates to the status or activities of the possessor and over which
the possessor asserts ownership. In the business community,
proprietary information relates to the structure, products or
business methods of the organization. It is usually protected in
some way against causal or general disclosure.
All proprietary information is confidential, but not all confidential
information is proprietary. For example, confidential personnel
data in employee files is not considered as proprietary although
the company treats it as confidential.
Types of Documents:
 CLASS I- VITAL DOCUMENTS:
In this category these are records that are
irreplaceable, records of which reproduction does not
have the same value as the original; records needed to
recover cash, to replace building, equipments, raw
materials, finished products, and work in process and
records needed to avoid delay in restoration of
production, sales and services

 CLASS II- IMPORTANT DOCUMENTS:


These includes records of the reproduction of
which will close considerable expense and labor, or
considerable delay.
 CLASS III- USEFUL DOCUMENTS:
These includes records whose loss might cause
inconvenience but could be readily replaced and which
would not in the meantime present an invincible obstacle
to the prompt restoration of the business.

 CLASS IV- NON-ESSENTIAL DOCUMENTS:


These records are daily files, routine in nature
even if lost or destroyed, will not affect the operation or
administration. This class represent the bulk of records
which should not be even attempted to be projected in
the event of disasters, they should, however, be kept in
ordinary files ready for reference, if needed, and usually
discarded after some period of time.
Basic Consideration in Document and
Information Technology

1. Security of information is based on the premise that the


government has the right and the duty to protect official
papers from unwarranted and indiscrimate disclosure;

2. The authority and responsibility for the preparation and


classification of classified matters rest exclusively with the
originating office;
3. Classified matter shall be classified according to the
contents and not to the classification of files in which they
are held or another document to which they are referred;

4. Classification shall made as soon as possible by placing


appropriate marks on the matter to be classified;

5. Each individual whose duties allow access to classified


matter or each individual who possess knowledge of
classified matter while it is in his position shall insure that
dissemination of such classified matter is on the “need to
know” basis.
Types of Proprietary Information
1. TRADE SECRET- This consist of any formula, pattern, device or compilation of
information which is used in one’s business and which gives him an
opportunity to gain an advantage over competitors who don’t
know how to use it.
-It may be a formula for a chemical compound a process of
manufacturing, treating or preserving materials, a pattern for
machine or device, or a list of customers.
-It differs from other secret information as to single or
ephemeral events. A trade secret is a process or device for
continuous use in the protection of business.

2. PATENT- This is a grant made by the government to an inventor, conveying


or securing to him the exclusive right to make, use, or sell his
invention for term of years.
Primary Distinctions between Patent and
Trade Secrets
1. Requirements for obtaining a patent are specific; to
qualify for a patent the invention must be more than
novel and useful. It must represent a positive contribution
beyond the skill of the average person.

2. A much lower of novelty is required of a trade secret.

3. A trade secret remains secret as long as it continues to


meet trade secret tests while the exclusive right to patent
protection expires after 17 years.
PROPRIETARY INFORMATION
PROTECTION PROGRAM

-Employees are the most serious threat to trade secrets.


Therefore, a measure of protection is often realized
through the use of employee agreements which restrict
the employee’s ability to disclose information without
specific authorization to the company.
The following countermeasures may be
adopted:
1. Policy and procedure statements regarding all sensitive
information.
2. Pre and post employment screening and review.
3. Non-disclosure agreements from employees, vendors,
contractors and visitors.
4. Non-competitive agreements with selected employees.
5. Awareness programs
6. Physical security measures
7. Informed monitoring of routine activities.
THE END