Background
Department of Navy (DON) employees frequently work at home. In the office, there is a staff dedicated to the protection of data. But how safe are data when employees work at home or on the road?
The Gartner Group estimated that by 2008, 41 million corporate employees globally will spend at least one day a week teleworking, and 100 million will work from home at least one day a month. The highest proportion of these will be U.S. workers. Further, Gartner specifies that these numbers do not represent the number of employees that are on the road for official business.
In addition, findings from the Gartner Symposium/ITxpo 2003, reported that wireless users in North America will grow from 4.2 million in 2003 to more than 31 million in 2007.
Working at home is an opportunity for personnel to spend time with their families while preparing for the next day, and many of us are often required to work in a mobile environment. But these statistics should make the need for a home security training program even more obvious.
It is crucial for all organizations to look at home network use when building their data security strategy. Every organization should have an Information Security Awareness Program. Each ISAP should cover the requirements of Navy information assurance. The goal of IA is to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. Information assurance is essential for warfighting and homeland defense, and is required operationally throughout the Department.
Mandatory Training
All authorized users (military, civilians and contractors) of Department of Defense information systems were required to complete IA awareness orientation training by Sept. 1, 2005. IA awareness training is available for the DON through Navy Knowledge Online (http://www.nko.navy.mil) and MarineNet (http://www.marinenet.usmc.mil).
Depending on your organization, the command information assurance manager (IAM), information assurance officer (IAO) or information systems security manager (ISSM) is responsible for ensuring that all personnel with active user accounts complete initial or refresher training.
The course takes about 30 minutes to complete and explains the importance of classified information and how to protect it from unauthorized users both inside and outside the workplace.
For more information and step-by-step instructions for accessing IA training, please visit the IA workforce page of the DON Chief Information Officer (CIO) Web site.
The DON has deployed this centralized training module, but training should be complemented with a comprehensive training program at each command to include the protection of unclassified data and networks.
Training should include the security requirements of what to do when working at home and on the road. For guidance, refer to the Secretary of the Navy Information Assurance Manual (SECNAV M-5239.1) of November 2005.
DON Guidance
The Bureau of Naval Personnel Instruction 12300.2 defines the requirements of the Navy's Telecommuting (Telework) Program. The instruction states: "At a minimum, all telework agreements must address the location and requirements of the alternative worksite, telework schedule, security of official information, protection of Government-furnished equipment, applicable standards of conduct, liability and injury compensation, and Government access to the alternative work site."
Per the DoD Telework Policy (Oct. 2002), the primary medium for teleworking on a regular basis (one day or more per pay period)