SPēD SAPPC: INFOSEC QUESTIONS WITH COMPLETE SOLUTIONS 2023

SPēD SAPPC: INFOSEC QUESTIONS WITH COMPLETE SOLUTIONS 2023 Security Infraction This event cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information DoD Manual 5200.01, Volumes 1-4 The manual that governs the DoD Information Security Program E.O. 13526 The executive order that governs the DoD Information Security Program 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" The Information Security Oversight Office (ISOO) document that governs the DoD Information Security Program Security Violation An event that results in or could be expected to result in the loss or compromise of classified information Unauthorized Disclosure Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient Termination Briefing This briefing is given when an individual's employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for 60 days or more. It is also given to those who have been inadvertently exposed to classified information. Foreign Travel Briefing This briefing that applies to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries. Refresher Briefing This briefing is presented annually to personnel who have access to classified information or assignment to sensitive duties. Secret Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security. Top Secret Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security. Confidential Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Freedom of Information Act (FOIA) The act regarding the withholding information from public release; framework and guidance for evaluation for public release for info to be exempt are from the 9 distro statements Derivative Classification This is defined as the incorporating, paraphrasing, restating, or generating in new form any information that is already classified. Derivative classification process 1. Observe and respect the OCA original classification determination 2. Apply required markings 3. Use only authorized sources 4. Use caution when paraphrasing or restating classified information extracted form a classified source document 5. Always take the appropriate steps to resolve any doubts you have Original Classification This is defined as an initial determination that information requires, in the interest of national security, protection against unauthorized disclosure. Compilation This is defined as unclassified information or classified information (at a lower level) that when the information is combined or associated reveals additional factors that qualifies for classification. Original Classification Authority The term used to identify individuals specifically authorized in writing to make initial classification decisions. Security Classification Guides (SCG) This contains classification levels, special requirements and duration instructions for programs, projects, plans, etc. Original Classification Process The six step process an OCA applies in making classification determinations. 1. Determine if the information is official government information 2. Determine if the information is eligible to be classified 3. Determine if there is a potential for damage to national security if unauthorized release occurs 4. Assign a level of classification 5. Make a decision about the duration of classification 6. Communicate the decision Declassification The authorized change in the status of information goes from classified information to unclassified information Declassification systems Scheduled, Automatic, Mandatory, Systematic Automatic declassification The declassification system where Permanently Valuable Historical records are declassified when they are 25 years old Systematic declassification review The declassification system where information exempted from automatic declassification is reviewed for possible declassification Mandatory Declassification Review (MDR) The declassification system where the public can ask for classified information be review for declassification and public release Scheduled Declassification The declassification system where an OCA, at the time the information is originally classified, sets a date or event for declassification Custodians People who are in possession of, or who are otherwise charged with safeguarding classified information Options an OCA has when determining declassification Specific Date, Specific Event, or by the 50X1-HUM Exemption The 25-year rule The process where records automatically become declassified after 25 years Restricted Data and Formerly Restricted Data This type of information does not provide declassification instructions Practices to follow when handling classified information 1. Properly destroy preliminary drafts, worksheets, and other material after they have served their purpose 2. Use approved secure communications circuits for telephone conversations to discuss classified information 3. Follow proper procedures when copying classified information 4. Use security forms such as SF 701 and SF 702 SF 702 Security Container Check Sheet, which is used to record the opening and closing of your security container SF 701 The Activity Security Checklist intended to verify that you did not accidentally leave classified materials unsecured, as well as, to ensure the area is safe and secure. The blank spaces can be utilized for additional warranted security and safety items, such as a block to remind personnel to complete tasks, such as turning off coffee pots. Actual compromise An unauthorized disclosure of classified information Neither confirm nor deny If classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information Potential Compromise The possibility of compromise could exist but it is not known with certainty