Security Executive Blog

How do presidential elections impact the Department of Defense contractor community’s ability to compete for contracts? “In recent history two sequential presidents have provided separate executive orders directing how to protect classified information,” says security consultant and author Jeffrey W. Bennett. Presidents Clinton and Bush have issued policies directing what qualifies to receive a CONFIDENTIAL, SECRET or TOP SECRET classification. Democrat presidents often reflect a policy of openness. Some policy changes President Clinton implemented tightened the reins on what could be classified and for how long. “President Clinton’s policy made it tougher to classify information and contributed to the declassification of thousands of documents,” says Bennett. Republican Presidents tend to ease classification standards. However, President Bush kept pretty much the same structure as President Clinton’s Executive Order 12958. He later implemented Executive Order 13292. ...

You’ve no doubt read the NISPOM and other federally regulated security requirements addressing training. These regulations list the topics to be covered (as a minimum) and how often they are to be given. Some of you may have worked in organizations where the security manager followed the guidance to the letter…that’s it. So, once a year cleared employees amble into the briefing room to attend “required training”. “Why do I have to attend another security training event?” they ask. “Because regulations state…,” you begin to respond. STOP! Don’t complete the answer until you read the rest of this. Take a deep breath and save your credibility. One of the primary reasons security training fails is our inability to demonstrate how the training affects the bottom line. Sure, we know the regulations and the impact of not conducting training. However, our primary training objective is to increase security awareness and include employees in the security program...

Information systems allow businesses to increase work productivity at blinding speeds. Documents, images, and media can be duplicated, printed, emailed and faxed much quicker than technology allowed just a few years ago. The lightening fast capabilities enable enterprise to perform on contracts more efficiently and in less time. However, because of fast distribution and processing speeds, measures must be in place to prevent unauthorized disclosure, spillage and compromise of classified information. Once a spillage occurs, the errant person cannot take the action back. Information systems identified to process classified information is marked according to the highest classification. As with protecting physical classified properties, information systems and their products must also be safeguarded at the appropriate level. Computers used for uploading, storing, processing, disseminating, printing and other functions are protected at the level of the information being worked...