I have just finished reading the local paper the day after Thanksgiving newspaper. I am reminded of the reason that this year is by far the best Thanksgiving celebration ever and the paper delivers the resounding reason. On the front page, just below the fold and prior to any articles about shopping on Black Friday is a picture of my handsome nephew being greeted by friends and family. The article is called: It’s ‘best Thanksgiving ever’ for soldier’s kin.
Yesterday at approximately 11:30 am after traveling for four days from Iraq, my nephew landed safely. It was a great feeling be among over fifty friends and family ignoring typical tradition and surprising their favorite soldier at the airport. The trip was just part of the journey that brought him back to us…the good part.
Unfortunately, the reason SPC Smith came home revolved around an improvised explosive device (IED) that destroyed his vehicle, killing and injuring its occupants. My nephew escaped with no serious injuries and has no recollection of the event. Even so, we remain eternally grateful that he is back with us for a short time.
I am also grateful to the men and women serving our country daily and their families who endure their repetitive absences in the call to arms. They sacrifice time and their physical well being. Their loving families endure the hardships with hope and prayer. To all of you, I am truly thankful for the sacrifices you are making for us.
Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Friday, November 28, 2008
Tuesday, November 18, 2008
Classification Markings
Executive Order 12958 delivers guidelines assigning classifications to objects and information. When it comes to classifying information, the intent is to provide proper safeguarding to prevent unauthorized disclosure, loss or compromise and keep the amount of classified information to the minimum. Items are classified to direct the appropriate amount of protection necessary. Before an Original Classification Authority (OCA) can designate that a document needs protection at the TOP SECRET, SECRET or CONFIDENTIAL level, the following qualifications are to be met. In cases where items may be assigned an original classification, four conditions must be met.
1. An original classification authority is applying the
classification level
2. The U.S. Government owns, is producing, or is controlling the
information
3. Information meets one of eight categories
4. The Original Classification Authority determines unauthorized disclosure could cause damage to national security to include transnational terrorism and they can identify or describe the damage.
Information that has been given an original classification is owned by, produced for and in control of the U.S. Government. Those who assume responsibilities as original classification authority are appointed in writing. They are trained, cleared to the level of classification assigned, and know the limits of classification as shown in Figure 5-. The information they determine to be classified is marked properly and given the level of protection indicated and required by the classification markings.
Marking classified material is a part of an implied task of receiving classified material either delivered to or created within the facility. As in the previous chapter, classified information received has to be checked against a receipt or inventory, inspected for proper identification and marking and brought into accountability. If the delivered classified information has marking discrepancies, the receiver has to rectify the situation by either sending back to the sender, or fixing the mistake themselves. When classified information has been created as a result of original classification, compilation (derivative information) or reproduction notifications are applied. Classification markings are those notifications or indications strategically placed in certain areas of an item.
Markings have the primary role of calling attention to the fact that an item is classified and the special safeguarding necessary to protect the classified material. In many cases, not every part of the item is classified, but because the components (parts, pages, pieces,etc.) make up a whole, the entire item must be protected. However, if sections are meant to be removed, then they can be protected at different levels. For example if a document is classified at the SECRET level, the entire document must be protected as SECRET. However, if an appendix is labeled "UNCLASSIFIED" and is meant to be removed, then that part does not need to be protected as SECRET (more is covered later under "Components").
Identifying documents with the "TOP SECRET","SECRET", and "CONFIDENTIAL" labels provides the warning of special handling and protection. Specifically, items are designated with certain markings that serve to warn and inform a user that an item is indeed classified or sensitive. The bearer of the classified information has certain responsibilities to protect the classified material from loss or compromise.
Suppose an engineer of XYZ Contractor goes to the company's centralized document storage area and signs out a document classified as SECRET. According to company policy he or she is to return the item to document control prior to the end of the work day, or when they need to leave the office. Their company policy also permits the cleared employees to review classified material as long as the door is closed.
After a while his eyes get tired and he grabs his day planner to check his schedule. He is reminded of an upcoming meeting with the social committee and begins to reflect on the near term company picnic. He rises and walks to the window to look at proposed picnic location. While gathering his thoughts, he hears a knock at the door and automatically walks to open it. As he passes his desk his eyes glance at the document's markings of "SECRET" on the top and bottom of the opened pages. He then closes the classified book and picks it up. With the book closed and firmly secure in his hands he opens the door and sees his buddy from across the hall.
They both are working on two different contracts therefore his buddy has no need to know of the contents of the book.
"Let's get some lunch," his friend says in invitation.
"Sure, follow me to security and I'll get this locked up," the engineer replies.
The markings served to remind the possessor of the classified information on their desk and to ensure that they maintained proper control and accountability. The marking also reminded the owner that they were responsible for ensuring another person had a clearance and the "need to know" the classified information contained in the document.
Monday, November 10, 2008
Emergency procedures
Develop emergency procedures
On September 11, 2001 flight, slammed into the Pentagon. Fuel, fire and concussion waves poured out into the most secured of areas. Sensitive and Classified military information and material, communications equipment, secure containers and much more became vulnerable to loss or compromise. Security containers welded shut and unable to access in the extreme heat of the subsequent fires.
In 2005 Hurricane Katrina wreaked havoc as waves crested levees and flooded much of the Alabama, Mississippi and Louisiana low areas. Area residents and businesses evacuated the area leaving classified information locked in security containers. Flood waters caused tremendous damages that could have left unprepared businesses with unsecured classified material.
Regardless of the type of disaster, manmade or natural, those in possession of classified material should have a solid procedure for protecting classified information. This procedure supports the overall security program and is in harmony with the risk assessment and practical enough to execute when necessary. The contingency plan includes written policy and rehearsals to ensure everyone knows their role in protecting classified material.
For example, since classified work is performed at Widgets Contracting, the FSO knows that she has to have a plan in place to protect the classified material during any type of emergency. From her risk analysis, she discovers that fire and severe weather are his biggest and most disastrous of threats. Should any type of emergency can cause the evacuation of the facilities she needs a plan in place to account for the classified material. Together with the input of her team and the requirements of the executives she maps out a written policy that includes disaster rehearsals. The Widgets Contracting emergency plan requires that, when possible, all cleared personnel will evacuate their work areas with classified material. Document custodians will lock up security containers and grab the emergency kit bags and classified document sign out sheet. All employees will report to their designated assembly areas where security representatives can relieve them of their classified material.
*Emergency Kit Bags
• Marking supplies (Pen, stamp, preprinted labels, etc)
• Opaque bag or wrapping paper
• Opaque security tape
• Cleared personnel roster
• Classification level coversheets
*Suggested contents of emergency kit bags. These bags should be kept up to date and readily available during emergency evacuations
On September 11, 2001 flight, slammed into the Pentagon. Fuel, fire and concussion waves poured out into the most secured of areas. Sensitive and Classified military information and material, communications equipment, secure containers and much more became vulnerable to loss or compromise. Security containers welded shut and unable to access in the extreme heat of the subsequent fires.
In 2005 Hurricane Katrina wreaked havoc as waves crested levees and flooded much of the Alabama, Mississippi and Louisiana low areas. Area residents and businesses evacuated the area leaving classified information locked in security containers. Flood waters caused tremendous damages that could have left unprepared businesses with unsecured classified material.
Regardless of the type of disaster, manmade or natural, those in possession of classified material should have a solid procedure for protecting classified information. This procedure supports the overall security program and is in harmony with the risk assessment and practical enough to execute when necessary. The contingency plan includes written policy and rehearsals to ensure everyone knows their role in protecting classified material.
For example, since classified work is performed at Widgets Contracting, the FSO knows that she has to have a plan in place to protect the classified material during any type of emergency. From her risk analysis, she discovers that fire and severe weather are his biggest and most disastrous of threats. Should any type of emergency can cause the evacuation of the facilities she needs a plan in place to account for the classified material. Together with the input of her team and the requirements of the executives she maps out a written policy that includes disaster rehearsals. The Widgets Contracting emergency plan requires that, when possible, all cleared personnel will evacuate their work areas with classified material. Document custodians will lock up security containers and grab the emergency kit bags and classified document sign out sheet. All employees will report to their designated assembly areas where security representatives can relieve them of their classified material.
*Emergency Kit Bags
• Marking supplies (Pen, stamp, preprinted labels, etc)
• Opaque bag or wrapping paper
• Opaque security tape
• Cleared personnel roster
• Classification level coversheets
*Suggested contents of emergency kit bags. These bags should be kept up to date and readily available during emergency evacuations
Sunday, November 9, 2008
Frequently Asked Questions
I am often asked questions about security question. Some are really good questions and I always appreciate them. Good quetions give me the opportunity to address security clearance and awareness issues that I don't always get to while giving formal training. These questions usually come up as I walk around the facilities or speak with folks informally. Here are just a few.
1. Is everyone guaranteed a security clearance?
No, having as security clearance is not one is not one of our inalienable rights. A security clearance is a determination of trustworthiness based upon an extensive background check conducted by some very professional and persistent investigators. The background checks help answer a person's ability to protect classified information based on the following criteria:
• Allegiance to the United States
• Foreign influence
• Foreign preference
• Sexual behavior
• Personal conduct
• Financial considerations
• Alcohol consumption
• Drug involvement
• Psychological conditions
• Criminal conduct
• Handling protected information
• Outside activities
• Use of Information Technology Systems
2. Is it true that the Government can deny a security clearance for something as simple as filing bankruptcy?
Yes, a security clearance can be denied for many reasons uncovered during the investigation reflecting the 13 criteria mentioned above. Remember, a clearance determination is based on whether or not you are trustworthy and stable. Any events or actions on your part that may subject you to release classified material to unauthorized personnel or prevent you from protecting it properly will make you subject to a decision to deny your clearance request.
3. Why should I earn a certification?
How badly would you like to stagnate in your career? Try using your favorite search engine to find a job in industrial security. You’ll find that employers are now looking for prospects with education and certification.
4. What certifications are available?
NCMS (Society of Industrial Security Professionals) offers the Industrial Security Professional (ISP) Certification to those who work with and protect classified material. Job descriptions include:
• Facility Security Officer
• Security Specialist
• Document Custodian
Our book ISP Certification-The Industrial Security Professional Exam Manual is designed to supplement a person’s study of the ISP Certification.
ASIS International Offers the CPP and other certifications. Also certifications include: CISSP, OPSEC, etc.
5. Suppose I don’t want a certification. Why should I buy your book?
ISP Certification-The Industrial Security Professional Exam Manual provides a career map for security professionals. The first few chapters are dedicated to education, networking, certification, and community involvement. Since security involves relationship building, this is what a security manager needs to know to establish themselves as an expert and therefore a credible source and influence. The final chapters are full of questions exercising an industrial security professional’s professional competence as compared to federal guidelines.
6. Why are so many people being arrested for stealing “secrets”?
In recent news, contractors and government employees have been arrested for taking classified material from the workplace, releasing it to unauthorized persons, and conducting export violations. In most cases, the employees did not have ill intent, but lacked training. More seasoned veterans of classified work have become “immune” to security procedures. A few have conducted espionage. It is important that security managers review security violations and look for patterns and include the information as part of the security awareness. Such information is an integral of developing a good security system designed to protect employee, corporate and national security.
7. My friend has a SECRET clearance just like me. However, she won’t talk with me about her SECRET stuff. What’s up with that?
You may recall in your security awareness training that classified conversations are conducted in approved areas. Dinner dates, car pools, movie theaters, etc are not approved areas. Also, just because you have a security clearance doesn’t automatically make you able to access classified material. You also have to have a valid need to know.
Develop relationships within your security professional network. Look for opportunities to help other professionals. Equally important are developing a positive relationship with those with whom you have security oversight. Be approachable so that they will trust you enough to ask the tough questions. Who knows, you may help prevent security violations.
1. Is everyone guaranteed a security clearance?
No, having as security clearance is not one is not one of our inalienable rights. A security clearance is a determination of trustworthiness based upon an extensive background check conducted by some very professional and persistent investigators. The background checks help answer a person's ability to protect classified information based on the following criteria:
• Allegiance to the United States
• Foreign influence
• Foreign preference
• Sexual behavior
• Personal conduct
• Financial considerations
• Alcohol consumption
• Drug involvement
• Psychological conditions
• Criminal conduct
• Handling protected information
• Outside activities
• Use of Information Technology Systems
2. Is it true that the Government can deny a security clearance for something as simple as filing bankruptcy?
Yes, a security clearance can be denied for many reasons uncovered during the investigation reflecting the 13 criteria mentioned above. Remember, a clearance determination is based on whether or not you are trustworthy and stable. Any events or actions on your part that may subject you to release classified material to unauthorized personnel or prevent you from protecting it properly will make you subject to a decision to deny your clearance request.
3. Why should I earn a certification?
How badly would you like to stagnate in your career? Try using your favorite search engine to find a job in industrial security. You’ll find that employers are now looking for prospects with education and certification.
4. What certifications are available?
NCMS (Society of Industrial Security Professionals) offers the Industrial Security Professional (ISP) Certification to those who work with and protect classified material. Job descriptions include:
• Facility Security Officer
• Security Specialist
• Document Custodian
Our book ISP Certification-The Industrial Security Professional Exam Manual is designed to supplement a person’s study of the ISP Certification.
ASIS International Offers the CPP and other certifications. Also certifications include: CISSP, OPSEC, etc.
5. Suppose I don’t want a certification. Why should I buy your book?
ISP Certification-The Industrial Security Professional Exam Manual provides a career map for security professionals. The first few chapters are dedicated to education, networking, certification, and community involvement. Since security involves relationship building, this is what a security manager needs to know to establish themselves as an expert and therefore a credible source and influence. The final chapters are full of questions exercising an industrial security professional’s professional competence as compared to federal guidelines.
6. Why are so many people being arrested for stealing “secrets”?
In recent news, contractors and government employees have been arrested for taking classified material from the workplace, releasing it to unauthorized persons, and conducting export violations. In most cases, the employees did not have ill intent, but lacked training. More seasoned veterans of classified work have become “immune” to security procedures. A few have conducted espionage. It is important that security managers review security violations and look for patterns and include the information as part of the security awareness. Such information is an integral of developing a good security system designed to protect employee, corporate and national security.
7. My friend has a SECRET clearance just like me. However, she won’t talk with me about her SECRET stuff. What’s up with that?
You may recall in your security awareness training that classified conversations are conducted in approved areas. Dinner dates, car pools, movie theaters, etc are not approved areas. Also, just because you have a security clearance doesn’t automatically make you able to access classified material. You also have to have a valid need to know.
Develop relationships within your security professional network. Look for opportunities to help other professionals. Equally important are developing a positive relationship with those with whom you have security oversight. Be approachable so that they will trust you enough to ask the tough questions. Who knows, you may help prevent security violations.
Subscribe to:
Posts (Atom)