Security Executive Blog: June 2019

Tuesday, June 25, 2019

NISPOM Questions for Security Certification

Get your copy @ www.redbikepublishing.com

These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Certification exams including the most recent Industrial Security Oversight Certification (ISOC).

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM.

We've updated our manual for NISPOM Change 2.

Response times for investigating alarms shall not exceed:

a. Thirty minutes

﻿    ﻿﻿    ﻿﻿    ﻿b. Fifteen minutes (NISPOM 5-903b)

c. Twenty minutes

d. One hour

e. What is reasonable to safeguard classified material

All attendees of classified meetings shall possess _____ and _____. 

﻿    ﻿﻿    ﻿﻿    ﻿a. Clearance, need to know (NISPOM 6-101)

b. Clearance, ID card

c. Authorized tablet, pen

d. VAL, authorization

e. Clearance, authorization​​​​​​​​​​​​​​

What is one of the required actions necessary before a prime contractor may release or disclose classified information to a subcontractor?

﻿    ﻿﻿    ﻿a. Determine clearance status (NISPOM 7-101)

﻿    ﻿﻿    ﻿b. Determine size of company

﻿    ﻿﻿    ﻿c. Determine capability to perform work on time

﻿    ﻿﻿    ﻿d. Determine type of business

﻿    ﻿﻿    ﻿e. Determine location of work performed

Scroll Down For Answers

Response times for investigating alarms shall not exceed:

a. Thirty minutes

b. Fifteen minutes (NISPOM 5-903b)

c. Twenty minutes

d. One hour

e. What is reasonable to safeguard classified material

All attendees of classified meetings shall possess _____ and _____.

a. Clearance, need to know (NISPOM 6-101)

b. Clearance, ID card

c. Authorized tablet, pen

d. VAL, authorization

e. Clearance, authorization​​​​​​​​​​​​​​

What is one of the required actions necessary before a prime contractor may release or disclose classified information to a subcontractor?

a. Determine clearance status (NISPOM 7-101)

b. Determine size of company

c. Determine capability to perform work on time

d. Determine type of business

e. Determine location of work performed

So, how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book used our techniques to augment their preparation have performed very well on certification exams.

___________________________________________________________________

Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.

Saturday, June 22, 2019

FSO's, OPSEC, and Protecting Sensitive Information

In our latest DoD Secure Pod Cast we continued our discussion the owners of The Management Analysis Network. This discussion is about apply Operations Security in the form of a Communication Strategy or Comms Strategy.

The need to communicate
They explain that a comms strategy is vital to being able to communicate information about the work a cleared defense contractor is executing without giving away too much information. When developing a significant capability others may be able to observe the work and become inquisitive. Whether they are neighbors, businesses, news media or others, what people are naturally going to do is inquire about it.

Additionally, it may be necessary to present information at conferences, award ceremonies, promotions, advertisements and etc. So the question is, how do we talk about the program to meet the requirements, to convey information to Congress, to oversight to others and to tell the good news story to the American people about how their tax dollars are being spent. At the same time it may be necessary to withhold information that is very beneficial and could help an adversary or competitor figure out what the work is and how its being executed.

Tool to communicate
So the communication strategy is something that sets expectations for how to deal with the media or contracting or other elements. It provides left and right limits of things you want to emphasize, things you don't want to emphasize, and talking points and messages that to reiterate over and over again and areas that you want to avoid.

The next step is to put it all together and get buy in and conduct training on the strategy. Once done, coordination with the program office, public affairs, and other partners should be incorporated. This will enable employees to go forward and talk about their program, but at the same time feel comfortable that they're not going to disclose any information that may not be classified or otherwise sensitive.

This strategy is a great tool for employees who need the guidance to feel comfortable on how to speak about their projects. Many times employees are given little guidance in the form of bumper sticker communications; "its classified", "think OPSEC", and etc.

This strategy provides the employee with no way to communicate and therefore they may be nervous or unable to discern what to speak about or when. However, an employee with a training on the communication strategy can intellectually discuss their work while understanding what is sensitive and what is not. Additionally, business development, contracting, graphics and other departments will be able to do their jobs as well.

Building the tool
The best way to discuss a communication strategy is to begin with:

Describe what the program or project is or mission
Determine the work streams necessary to accomplish the mission.
For each work stream, determine what information is sensitive using a classification guide, OPSEC plan, DD Form 254, ITAR, or organizational documentation describing sensitive information.
Determine how to talk about the work without revealing the sensitive information
Train employees on the strategy-This may be incorporated into security awareness training or insider threat training
Develop processes to review communication to determine whether or not sensitive information is being released-review presentations, bids, emails, etc.

Not every aspect of sensitive work is sensitive. There are ways to communicate awards, accomplishments, contract wins, or share with the friends and family without revealing sensitive information.

Listen to the pod cast for more details:

Subscribe to: Posts (Atom)

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages

Tuesday, June 25, 2019

NISPOM Questions for Security Certification

Saturday, June 22, 2019

FSO's, OPSEC, and Protecting Sensitive Information