information systems, and the information they process". ISS is a unified approach to protecting these
systems, and the classified end unclassified-sensitive information processed by these systems.
A security "vulnerability" is a "weakness" in security. "Inherent" means that these security
vulnerabilities are a fact of life. A basic principle of Physical Security is there is no such thing as an
impenetrable barrier" and this principle applies to information processing as well; no matter how well
we do in planning and applying security measures, there is no such thing as a completely secure
AR 380-19, Information Systems Security, establishes the U.S. Army Information Systems Security
Program (ISSP). The ISSP has been created in recognition of the Army's widespread use of TAIS and
the special problems involved with their security. The first step in understanding ISS is to understand
some of the terms used in this lesson and in AR 380-19:
Telecommunications system: A "telecommunications system" is any system which transmits,
receives, or otherwise communicates information by electrical, electromagnetic, electro- mechanical,
or electro-optical means. A telecommunications system may include features normally associated
with computers. You would find one of these systems in a "communications center." Most state-of-
the-art Army communications centers use telecommunications systems which are computer-based
and look like a computer system.
Automated information system (AIS): An AIS is any assembly of computer hardware, software, or
firmware configured to collect, create, communicate, compute, disseminate, process, store, or control
data or information in electronic form, including stand-alone computers, small computers, word
processors, multi-user computers, terminals, and networks. Included are the small computers, PCs,
and word processing systems which will be found in the typical Army office. This equipment is often
Telecommunications and automated information system (TAIS): This term is used to refer to both
telecommunications systems and automated information systems.
To make it easy for you to follow the instruction, the term "computer" will be generally
used throughout the lessons on "Computer Security," rather than the term "AIS."
"Computer" is a term you are familiar with and any policy that applies to an "AIS" naturally
applies to a "computer".
Part E: Information Systems Security
ISS is an "umbrella" term which includes four sub-disciplines (or sub-securities):
Communications Security (COMSEC): COMSEC includes the measures taken to deny
unauthorized persons information derived from telecommunications of the U.S. Government
concerning national security, and to ensure the authenticity of such telecommunications. Any time
we communicate, unauthorized persons can intercept these communications. If we are using
telephones, unauthorized persons can tap the wire and listen to our conversation. If we are using
radios, unauthorized persons can use their radios to listen to what we are talking about. COMSEC
includes things which protect these communications from intercept. One way of protecting our