Security Executive Blog

Perhaps you have already used this term or have at least heard others refer to it on occasion. I have read several articles concerning the subject and am, quite frankly, a fan of the idea. For those new to the term, it means turn off the computer and show your smiling face. If you spend your day processing information at your computer, you don’t get the full security picture. If you only get out to play “gotcha” or to conduct preliminary inquiries into violations, then those you serve only get a partial picture of you. Security through walking around requires a plan. Without the plan you are just milling about engaging in conversation and basically, wasting everyone’s time. A plan will keep you focused as well as prevent the temptations to have conversations and activities that can cause you to lose credibility. The plan doesn’t have to be complicated or lengthy. It just helps direct your purpose, attention and answers questions about your security program’s health. T...

Have you taken the next step to being competitive in the security and intelligence arena? If not, this article will provide information and tips based on a proven method of studying for and passing the exam. Why earn a security certification? There are several reasons to achieve certification. One of which allows security managers to take advantage of opportunities offered in the recent Presidential Executive Order: National Security Professional Development. The Executive order states: "In order to enhance the national security of the United States...it is the policy of the United States to promote the education, training, and experience of current and future professionals in national security positions (security professionals)..." The National Strategy identified in the Executive Order provides a plan to give security professionals access to education, training to increase their professional experience in efforts to increase their skill level and ability to protec...

I was just thinking about the myriad security violations that could have been prevented by using good operations security, communication between cleared co-workers and practicing lessons learned during security training. Once of the biggest culprits of a well rounded security program is the lack of available security violation statistics. There are resources for discovering spy stories or data on espionage, but as far as information about the most common types of violations, mistakes, oversights, etc. the data does not seem to be there. We can’t learn from mistakes if we don’t know what the mistakes are. Good security managers have data of security breaches, violations, reports of compromise or suspected compromise. However, this data rarely leaves their office. Because of the sensitive nature, it is held closely either for fear of retribution or fear of embarrassment. In truth, there is no retribution for security violation reports and information contained could be very valuabl...

I am currently working on Chapter Five of my new book, "Managing the Security of Classified Information and Contracts". Chapter Five reviews the Executive Orders and regulations relating to Classification Markings and there is some good information from all sources. I believe this good information is fundamental to the profession of Intelligence and Security Officers. Understanding why and how information is classified is vital to knowing exactly what to protect and how. There are a few hard and fast rules for classifying information. In cases where items may be assigned an original classification, four conditions must be met. • An original classification authority is applying the classification level • The U.S. Government owns, is producing, or is controlling the information • Information meets one of eight categories • The Original Classification Authority determines unauthorized disclosure could cause damage to national security to include transnational terrorism and they ...

A critical review of security books By: Jeffrey W. Bennett, ISP, Author of: ISP Certification-The Industrial Security Professional Exam Manual and Under the Lontar Palm This book commands attention! The authors bring to light current security practices, methods and decision analysis and their many shortcomings. The authors' thesis; to provide sound argument toward a more modern and effective way of implementing security practices. The ideas are easy to apply, but contrary to what is taught by security seminars and vendors selling security products. While security seminars and education efforts teach cataclysmic results of security breaches, "New School" demonstrates the need for collecting data to assess the threat in a scientific manner. Shostack and Stewart champion going back to raw data to identify the threats and then develop programs to address those threats. Aside from evidence related to loss, espionage or other threats, risk managers cannot effecti...