Governance And Assurance Security Officer

Purpose.
1.    Primary Purpose. The Governance and Assurance Security Officer (GASyO) is the first point of contact for members within their Area Of Responsibility (AOR) regarding cyber and information management and security, and is responsible, through their Chain of Command for providing their Commanding Officer/Head of Establishment with assurance of effective cyber and information security management, whilst acting as the Unit Security Officer (USO) in the control of all aspects of security, including counter terrorist and counter espionage measures, at HMS EXCELLENT in peace and war.

2.    Secondary Purposes. 

a.    Deputise for Establishment Security Officer as required.

b.    To act as First/Second reporting officer for RN security team (OR 2-4).

c.    Manage ITSO output and personnel. 

d.    Conduct the role of Information Manager.

e.    Hold the Security Section AinU and provide all stores for the Security Section in order to carry out duties.

f.    Member of the Families Day Committee for Security to include attendance on Families Day to act as part of ICP.

g.    Act as Secretary at the Monthly Security meetings.

3. On taking up the appointment of GASyO: 
a. The new incumbents first action will be to conduct 100% muster of all IT assets within their establishment and to reconcile the assets against the Navy Command Asset Register (NCAR) or equivalent. 
b. Ensure you register your details with NAVY- 
c. Complete mandatory training as defined in paragraph 8. 

Duties of the Governance and Assurance Security Officer (GASyO) 

4    The GASyO is responsible for the day to day application of Information Technology and Information security management measures within HMS EXCELLENT and its Outstations the GASyO is specifically responsible for:

a.    The maintenance of procedures for the physical security of HMS EXCELLENT.
b.    To develop and implement local Cyber Security Policy and Procedures (CSPP) for their specific AOR where required. This will be in developed from MOD and Navy CSPP. 
c.    Manage the Cyber Security of all non-MODNET assets within their AOR and scope. 
d.    Updating and maintaining the Navy Command Asset Register (NCAR) ensuring that all non-MODNET assets including but not limited to Portable Electronic Devices (PEDs), Tablets, Cameras, Printers are recorded when they are received. 
e.    Understand the accreditation process and the Defence Assurance Risk Tool (DART) in order to guide submitters within their AOR through the process. 
f.    Ensure all ICT asset requests go through the Navy Digital Request For Change (RFC). 
g.    Act as focal point for triaging, actioning, and responding to MODCERT Directives. 
h.    Ensure that all the assets within their AOR are accredited and maintained throughout life. Retain a copy of all Accreditation Certificates and Security Operating Procedures (SyOPs). 
i.    Ensure anti-virus updates and patches are carried out within the required timeframe and in accordance with SyOPs. Contacting MCSU Service Desk with any issues. 
j.    Retain a copy of all master passwords for the assets within their AOR. 
k.    The GASyO will conduct a monthly 10% spot check of all Cyber assets within their AOR and by the end of the year a 100% check will have been carried out. 
l.    Ensure all Information and Cyber breaches are reported to Navy WARP through a Security Incident Reporting Form regardless of whether they were resolved at local level. 
m.    When required, monitor and/or assist with investigations into significant Cyber incidents. 
n.    Ensure the unit has a Cyber Champion to act as an ambassador through upholding of good security hygiene and maintaining a positive security culture by providing security advice and guidance, delivering education and awareness briefs. 
o.    Carry out annual Cyber assurance of holdings, policy, and procedures of subordinate units where applicable. 
p.    Provide support to all visits where Cyber assets are involved. These may be from, but not limited to, MCSU, RN PSyA, SCIDA. 
q.    Provide general IT security inclusive of CYBER and Social Media advice and guidance to the user community, preparing and presenting annual security training and education. Assist ITSO on all security matters connected to social media
r.    Arrange Technical Surveillance Countermeasures (TSCM) sweeps in accordance with JSP440 Leaflet 18. 
s.    Ensure that all Cyber related changes to PSyA RN Security Directives, Security Advisory Briefs, RN Temporary Memorandums are distributed to all department heads within their AOR. 
t.    Where necessary, to produce up to date instructions for assets, e.g. Printers, scanners, fax machines etc. 
u.    Liaising with the Data Protection Officer for maintaining their part of the Navy Command Information Asset Register (NCIAR). 
v.    Co-ordinate all aspects of physical, documentary, and personnel security within the establishment. Co-ordinate the preparations for external Security Assurance Visits and Inspections by the PSyA Security Assurance Team and carry out actions required for Self-Assessments. 
w.    Assist in the production and maintenance of the Establishment Security Risk Register.

Superiors.

5.    The GASyO is accountable to 1st Lt and functionally accountable to the ESyO for Security related matters. 

Authority. 

6.  The GASyO is authorised to take whatever measures are necessary to ensure that security rules are being observed. He may make spot checks of any department, Lodger unit or section without prior warning to note security measures in force and impound any protectively marked material not properly secured. 
Whole Ship Responsibilities 
7.  Participate in Whole Ships activities in support of the Executive Department.