Guideline M: Use of Information Technology (IT) Systems

Source: https://www.dcsecurityclearanceconsultants.com/dod-adjudicative-elements.php

Noncompliance with rules, procedures, guidelines or regulations pertaining to information technology systems may raise security concerns about an individual’s reliability and trustworthiness, calling into question the willingness or ability to properly protect sensitive systems, networks and information. Information Technology (IT) Systems include all related computer hardware, software, firmware and data used for the communication, transmission, processing, manipulation, storage or protection of information. Such behavior is sometimes part of a more general pattern of inability or unwillingness to follow rules that should also be evaluated under the Personal Conduct Guideline.

The term information technology systems as used here includes all computer hardware, software, firmware, networks and data used for the communication, transmission, processing, manipulation, storage or protection of information. While not always illegal, misuse of information technology systems is often unethical and usually reflects poor judgment or lack of care in following security rules and regulations.

As we store more and more information in computer databases and as these databases become more closely linked in networks, more people have broader access to more classified and other sensitive information than ever before. This magnifies the amount of damage that can be caused by a single cleared insider working for the other side.

As it becomes easier for people to access computer databases, ease of use means ease of abuse. Using the computer, individual employees can quickly and quietly commit serious crimes that are very difficult to detect. They can steal information, change information or destroy information in automated file systems while sitting at their desk and doing nothing that appears out of the ordinary to casual observers.

Personnel with technical skills and administrative access to a network are also capable of damaging or impairing the operability of critical information systems. There have been numerous cases of such malicious behavior by disgruntled IT professionals with some level of administrative access to a government or corporate system.

Owing to the magnitude of problems that can be caused by misuse of computer systems, all agencies have a vested interest in maintaining a work environment that fosters high standards of computer security. The work environment that tacitly ignores or tolerates petty violations is also the climate where serious violations are most likely to occur.