Thursday, December 29, 2011

Putting it all together-The Impact of the Influential FSO

FSOs should understand more than just the technical aspects of administering a security program. 

Understanding how to mark, safeguard and disseminate classified information is important. However,
the FSO should reach beyond the description of implementing a security program to safeguard classified material. The position also requires:

1.  Assessing risks to the classified material
2.  Interpreting safeguarding requirements
3.  Communicating and incorporating a culture of compliance within the organization
4.  Projecting the impact of classified contracts on the enterprise.

To do this, the FSO should possess the vision and skills to see where the security program needs to go, how to get there and encourage a security vision from the senior executive level downward. Without the proper influence, the FSO is may not be able to run a program to protect classified material

Effective tools include:
• Helping form corporate culture
• Installing and monitoring metrics
• Converging security and corporate functions
• Planning for Growth


For more detailed information on FSO functions, see Chapter 12 Putting It All Together of the book
DoD Security Clearances and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Appointing the Right FSO

The Cleared Contractor appoints a Facility Security Officer (FSO) to protect the work on classified contracts and provide important administrative functions to maintain the security clearance of the business and cleared employees. However, the FSO can be much more impacting by applying understanding of four important functions:

1.  How to protect classified information as it relates to the cleared contract, organizational growth, enterprise goals, and NISPOM guidance
2.  How to conduct a risk analysis
3.  Demonstrate cost, benefits and impact of supporting a classified contract under the NISPOM requirements and sustain an environment of cooperation and compliance within the enterprise.
4.  Influence and compel the senior leaders to make good decisions, support compliance and integrate security into the corporate culture.

After all, good industrial security practices protect against damage to national security, but could also impacts the organizations ability to work on and maintain classified contracts. The FSO is pivotal to the successful execution of classified contracts.

As the small enterprise grows, more and more experienced FSOs are beginning to understand a growing company’s needs and have returned to college finish their education. Colleges and universities are
now offering a variety of security and management degrees perfect for meeting the growing FSO education requirements. Professional organizations also offer security certifications. Consequently, the pool of
experienced and educated FSOs is growing. Cleared defense contractor executives should clearly consider the FSO job description and list the exact qualifications desired before posting the position as a job announcement.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Friday, December 23, 2011

4 Practice Questions to Prepare You for Industrial Security Professional ISP Certification

Thinking about getting security certification? Consider ISP Certification

The following questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED
e. SECRET






Answers-Don't Scroll Down until you're ready





107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved (NISPOM 6-203)
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists (NISPOM 11-304)
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense (NISPOM 1-103a)
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED (NISPOM 4-215)
e. SECRET



The above questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

6 Great Reasons to Mark Classified Information

Classification markings are applied to the top and bottom, front and back of classified items. Markings are also found in internal pages, paragraphs and other locations inside documents, books, manuals and other paper based products.

Here are the top reasons for marking classified information:

  1. Warn and inform a user that an item is indeed classified or sensitive
  2. Conveys what exactly needs protection
  3.  Identifies levels of classification or sensitivity
  4. Provides vital information and instruction on when to downgrade or declassify the material
  5. Gives sources and reason for classifying the item
  6. Warns of special access, control, dissemination or safeguarding requirements

Find out more in DoD Security and Contracts Guidebook-What You Need to Know About Your Need to Know


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Tuesday, December 13, 2011

3 Effective Ways to Go Above and Beyond with Category 7 of the NISP Enhancement

Category 7 of the NISP Enhancement is:  Counterintelligence Integration/Cyber Security provides a tool that cleared contractors can use to demonstrate exceeding NISPOM requirements. Injecting this into the security program also enhances security by bringing to light types and frequency of suspicious contacts.

1.      The purposeful execution of Foreign travel pre-briefings-When employees travel to a foreign country, they may be targeted to provide sensitive information. A threat and/or defensive briefing should be provided to all cleared employees per NISPOM Chapter 3 (NISPOM Training). The briefings should be documented with signatures, dates and contents of briefings for presentation to Defense Security Services (DSS) industrial security representatives.
2.    Conducting debriefings once the employees return from foreign travel. It is a tool to follow-up with the threat or defensive security briefing presented prior to the foreign travel.
3.    Implementation of quality assurance efforts to check and verify Suspicious Contact Report (SCR) training, reporting directions and employee knowledge (e.g., setting up appropriate simulated exercises to validate employee knowledge/situational awareness of SCR reporting process). A good training resource can be found @ http://www.dss.mil/counterintel/.
 This can be done in a number of venues:
·        Employing trigger points at various business units. For example, a cleared employee traveling overseas may be required by policy to contact human resources, company insurance, travel branch, export compliance and etc. Build in an demonstrate a trigger point where the Facility Security Officer is also notified to provide briefings or other performance action
·        Build in simulation exercises during annual security refresher training. Demonstrate and document training, discussions, role playing and other activities that teach and test employee knowledge


For more information on NISP Enhancement, see DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Wednesday, December 7, 2011

Four Powerful Ways FSOs Can Employ in Creating a Security Conscious Enterprise

1.  Influence at all levels-A key trait an FSO should demonstrate is the ability to work within organizational structures to gain executive, manager and work force cooperation. An FSO can train and write policy but without the enterprise’s full cooperation, will find it difficult to enforce.

2.  Integrate security at all levels-A well integrated security plan ensures that all business units within an enterprise notify the FSO of any change in disposition of cleared employees or classified contracts. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with and keep the FSO informed of expired, current, and future contract opportunities and responsibilities.

3.  Be fiscally responsible-An important task that an FSO faces is the successful implementation of the security program while supporting the company’s primary mission; to make money while successfully performing on classified contracts. Security efforts should be risk based and focused while meeting NISPOM requirements. An FSO with business competency and know how is highly desired. For small contractors, this could mean selecting the most competent employee for the appointed duty. For large organizations, a thorough job description and performance requirements should capture the best candidates.

4.  Be flexible, but knowledgeable-The constantly evolving world situation creates an ever changing security environment. Some changes may result in new government policies and guidance. These guidance and policy implementations may provide a changing environment through which the FSO and security staff must be able to negotiate. For the FSO, DSS communicates changes to the NISPOM through Industrial Security Letters (ISL). When changes are identified, the FSO should take advantage of an integrated security plan to notify affected programs and employees to reach a feasible solution.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Monday, December 5, 2011

Why the US Government Assigns Classification Levels and the DoD Contractor Responsibilities

The US Government has designed policy to ensure that classified material is protected at the level designated to prevent unauthorized disclosure. Classified information is marked by an original classification authority (OCA) with CONFIDENTIAL, SECRET or TOP SECRET and cleared contractors should protectect it at the appropriate level. TOP SECRET has more restrictions than SECRET and SECRET has more restrictions than CONFIDENTIAL. Each must be protected according to the classification markings. For example, unauthorized disclosure of CONFIDENTIAL information could reasonably be expected cause damage; SECRET could reasonably be expected to cause serious damage; and TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

The OCA provides classification level information through the DD Form 254, security classification guide and through classification markings.

When the classification level is determined, all related classified information should be properly identified with the classification markings. The markings indicate the level of classification, identify the exact information to be protected, provide guidance on downgrading and declassification, give reasons for classification and sources of classification, and warn of special access, control or safeguarding requirements.

Though defense contractors don't assign classification levels, it helps to understand why information gets classified and how the government identifies the classified information. The cleared contractor works with the classified information and protects it according to the markings.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Thursday, November 17, 2011

Three Excellent Ways to Meet Category Six of NISP Enhancement

National Industrial Security Program (NISP) Enhancement Category 6 is: Classified Material Controls/Physical Security. DSS can quantify a cleared contractor’s ability to track classified information throughout its lifecycle, implement countermeasures to deny access to sensitive information, and provide accountability of all classified information through this process. The FSO’s ability to demonstrate such capability is impactful and can help DSS determine whether or not the cleared facility is going “above and beyond NISPOM requirements.  Below are three ways an FSO can demonstrate going above and beyond the NISPOM requirements:

1.  Track location and disposition of classified information-This can be done on the cheap or with a decent Information Management System (IMS) such as software provided by vendors like SIMSSoftware. The point is for the FSO to not only know what they know about classified information moving within and without of the cleared facility, but to also demonstrate the capability to track it. A small organization can develop a tracking sheet to record the reception or creation of classified information.

a. Inexpensive methods-a small company or one with a tight security budget can create a tracking sheet (such as Microsoft Excel) that captures information as classified information is developed or received into the company. Useful information includes:
  • ·        item name
  • ·        item tracking number
  • ·        item type (hard drive, paper, CD/DVD, hardware, etc)
  • ·        contract number
  • ·        date item created or received
  • ·        amount of copies made
  • ·        disposition (shipped, couriered, destroyed just leave room for updates)
  • ·        receipts of disposition
  • ·        Location of item (security container number)
  • ·        Other information as needed

b. Vendor provided software. Software exists that can automatically track classified items as long as information such as listed above is provided to the database. Some (like SIMSsoftware) can generate and save receipts and disposition data for recall.

2.  Implement countermeasures-these countermeasures can be documented that protect classified items, unclassified technical data, export controlled items or personal identifiable information and proprietary information. Countermeasures include:
  • Conduct inventory-determine regularly that items are where they should be and protected according to government or company requirements (NISPOM for classified, ITAR for export controlled, company policy for intellectual property, etc).
  • Limit access-provide barriers to items that need protection and ensure only authorized persons are able to enter. For classified information, follow guidance provided by NISPOM. However, an FSO can go further to protect other sensitive data. This can be done by posting guards, placing signs identifying off limits areas, and locking intellectual property away. In other words, limit limiting knowledge and access to only those who need it. Does an executive assistant need to know the special fabric weave even if it is unclassifed? Does the financial officer need to know the algorithm that gives your product a capability? If not, ensure procedures are in place to prevent access.

3.  Conduct a regularly scheduled inventory. NISPOM does not require an accountability system for classified information SECRET level and below. However it does require the ability to retrieve classified information within a reasonable amount of time. To do this, conduct a regularly scheduled inventory. Use the spreadsheet to do this manually or automated IMS to either locate the classified item or account for the disposition.  Some IMS provide bar code capability to ease inventory requirements.


Though wrapped up in three steps, there are a lot of implied tasks to demonstrating above and beyond as outlined in category 6. If a cleared facility is authorized to store and process classified information, this is a fundamental basis for created a good information management program. This article covers the protection of classified and unclassified information for your use. Be sure to document and demonstrate your capability.
More information can be found in the book DoD SecurityClearance and Contracts Guidebook.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Monday, November 14, 2011

5 Great Ways to Perform Award Winning Self-Inspections

Category 5 of the NISP Enhancement Program is titled: Self Inspection. Here, a cleared contractor's FSO documents a self inspection as part of a continuous security program evaluation. This is simply a health check of the established security program designed to safeguard classified information. The Defense Security Services (DSS) recommends that the cleared contractor’s Facility Security Officer (FSO) share the inspection results with their industrial security representative to keep communication open as well as address any issues that might be resolved prior to the scheduled DSS annual review.


The self inspection should be designed to evaluate all National Industrial Security Program Operating Manual (NISPOM) areas the cleared contractor operates under. At a minimum, each facility should inspect its compliance with NISPOM Chapters 1-5 and parts of Chapter 6. These chapters cover general security, personnel and facility clearances, FSO roles and responsibilities, required training, classified contracts, classified discussions and working with classified information and apply to every cleared facility in varying degrees. FSOs should determine how and if their facilities fall under the remaining chapters. Here are 5 ways to conduct and award winning self inspection:

1. Download the Self Inspection Handbook from http://www.dss.mil/. The handbook reflects questions based on NISPOM requirements. This is the resource for your inspections

2. Review the inspection criteria and determine which apply to your facility. The questions are thorough, but are limited to yes/no answers. You can further define metrics to dig deeper into issues and take notes to create a more comprehensive evaluation. Be sure to document the inspection.

3. Schedule to completely inspect applicable areas (should be conducted annually and within six months of a DSS review). Allow adequate time to complete the inspection and resolve issues as soon as possible. Allow time to have an after action review and develop a plan of action to fix, fine tune or develop new and effective processes.

4. Involve others. The self inspection does not need to be conducted by the FSO and there is value in delegating this responsibility to subordinates or sharing it with other business units. Correct on the spot deficiencies and take notes on processes or procedures that are successful or need improvement. Benefits include:

a. An Industrial Security Professional candidate can use the self inspection as a platform for increasing their NISPOM knowledge with real world application

b. Security employees can expand their knowledge base outside of their day to day disciplines (ie,a personnel security employee can inspect information security and vice versa)

c. An FSO can gain a better understanding of the security program by managing an inspection instead of conducting the inspection. A team concept and new points of view is incredibly valuable

d. Engineers, program managers and others working on classified contracts can provide more insight into the mechanics of the security program. Invite them to take ownership of the security program either by conducting an inspection themselves or advising on the results. They can provide the “impact” or answer the “what if” related issues brought up by the yes/no questions.

e. If you have cleared quality control, Six Sigma or other lean process team employees, invite them to participate. Since most security functions charge to overhead, costs directly impact the organization. Processes and procedures can be streamlined that directly impact paper, postage, storage, man hours and other costs.

5. Collect data and conduct an after action review. If you employed the team concept, invite everyone involved. The purpose; share results and improve the security program. Review results and provide a way ahead for implementing improvements. Once complete, provide a report available to employees and shareholders. This report should provide metrics:

a. for implemented processes that save money and improve security

b. procedures developed to fix a security shortfall. This should include training and plan to institutionalize the changes

c. recognizing those that have gone above and beyond. This should be by name or department where efforts reflect good results. Be sure to include efforts of inspecting members.

An award winning self inspection involves the entire team. Those inspected should understand their role within the security program as well as the importance of preparing and participating in the inspection. The FSO should coordinate the inspection and involve others in the process and use findings to improve the program. Reports should be generated to both identify the best performers as well as show metrics of how the inspection impacted the cleared contractor organization.

For more information on conducting self inspections, see DoD Security Clearance and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Friday, November 4, 2011

10 Ways to Demonstrate Above and Beyond - Category 3 of the NISP Enhancement

Category 3 of the NISP Enhancement covers Security Education: Information/Product Sharing Within the Community.  This focuses on the FSO providing security education peers and other FSOs outside of their organization. This is a security community event where contractors and government managers can learn from each other. Think Society of Industrial Security, American Society of Industrial Security, or other professional organization level event. Or it can be a smaller venue. Either way, involve others outside of your organization. This demonstrates contribution to the community, a pursuit of improving national security, and helps quantify going above and beyond. For example, an FSO uses their facility, creates an agenda and executes a security conference or training event. Or, committees can be formed to share the tasks. Education of this magnitude has tremendous value as the security community learns from experiences and examples of their peers and applies them at their own organizations
Here are some recommendations on how to provide that training:
  •        Demonstrate how to conduct on the spot security inspections
  •      Introduce how your company receives classified material and enters it into an information management system (IMS)
  •          Compare benefits of different IMS vendors
  •          Hold a class on using Joint Personnel Adjudication System (JPAS)
  •          Conduct security refresher training for the security community
  •          Demonstrate unique and successful training strategies and programs
  •          Host an Industrial Security Professional Exam training session or study group
  •          Have a classified marking seminar
  •          Show others how to prepare classified items for shipment
  •          Provide training on how to read, understand and implement a DD Form 254

Training opportunities abound. Each cleared contractor has unique challenges and opportunities. Creating a training seminar where experiences can be shared benefits the entire community and each FSO can learn from another’s experiences.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Tuesday, November 1, 2011

FSO Security Staff Training

Category 3 of the NISP Enhancement continues with Security Education.
This category addresses internal security staff professionalization. Specifically, it measures whether or not security staff training exceeds NISPOM training and DSS FSO certification requirements to include obtaining on-going professional certifications and incorporating the knowledge through the organic security program. There are currently several certifications and training available to the security professional, including some recommendations by DSS:
  • Industrial Security Professional (ISP) FSOs could set the ISP Certification as a goal and encourage staff employees to achieve. When employees study for the ISP Certification, they learn: how to read and apply the NISPOM, the importance of forming professional relationships with cleared employees, how the cleared contractor and the DSS representatives interact, and much more. DSS also understands the importance of individuals who achieve the ISP Certification as well as the organizations that hire them. The FSO can display the certificate and refer to it during the annual inspection as continued ISP and FSO training
  • Certified Protection Professional (CPP)-The CPP certification is for those who have a broad range of security experience to meet complex security issues.  Holders of the CPP certification understand the threats that face the workplace, employees, product and the public. This has a significant application in the defense industry as industrial security professionals, security specialists and FSOs demonstrate their knowledge of physical security, personnel security, business management, security principles, information security, emergency procedures, investigations and legal aspects.
  •  SPeD Certification-This is Security Professional educational Development. DSS has developed this program as a means of training government security professionals. This test begins at the fundamental level and includes information, general, physical and other security disciplines. Additional certifications are available that address more advanced and specific security areas..  More information can be found @ http://www.dss.mil/seta/sped/sped_what.html
  • Computer Information Systems Security Professional (CISSP)-The Certified Information Systems Security Professional (CISSP) is sponsored by International Information Systems Security Certification Consortium or ISC2. For those working as an Information System Security Manager, Information System Security Officer, Chief Information Officer or other mid to senior level management positions in information security should consider the CISSP. The CISSP measures competency and experience in 10 key areas: Access Control, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance and Investigations, Operations Security, Physical (Environmental) Security, Security Architecture and Design and Telecommunications and Network Security.
  • The OPSEC Certification Program (OCP)-The OCP is for those who are actively engaged in identifying vulnerabilities of sensitive government activities and denying an adversary’s ability to collect information on the activities. In addition to the five years of experience, the candidate for the OCP  should have a four year degree and at least 48 hours of formal OPSEC training. The applicant submits a 10 page paper on the topic of OPSEC using one or more of the five OPSEC processes (identification of critical information; analysis of threats; analysis of vulnerabilities; assessment of risks; and the application of appropriate countermeasures). 

See pages 304 to 306 of DoD Security Clearance and Contracts Guidebook for more detailed information.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Thursday, October 27, 2011

5 Easy Ways to Demonstrate NISP Enhancement Category 2

Category 2 of the NISP Enhancement covers Security Education: Internal Educational Brochures/Products. This focuses on the FSO providing security education to the entire employee population. This is in addition to security awareness training provided to cleared employees (employees with security clearances) required by NISPOM. What is the benefit of training cleared and uncleared employees? Uncleared employees can be the eyes and ears that are needed and add an additional layer of protection.


 
For example, cleared employees can be trained to recognize classified information. If a classified package is unattended, the cleared employee can be trained to recognize the sensitivity and report the incident to the FSO. Otherwise, they may take possession, read it, throw it away or otherwise cause compromise of classified information.

 
Here are some recommendations on how to provide that training:

 
  1. CD/DVD-Defense Security Services, Interagency OPSEC Support Staff and other professional and government organizations have movies available for ordering that apply to both cleared and uncleared employees. The movies are short, but dramatic on varying topics of treason, OPSEC and protecting personal identifiable information.
  2.  Web-based interactive tools-Again, these are available from the same agencies. Defense contractors can also create their own training and upload it for employee use. Red Bike Publishing also provides similar training.
  3.  Newsletters-The FSO can designate, sponsor or assign someone to create a periodic newsletter to provide timely articles. The newsletter can be generic or laser focused on industry topics. There are vendors out there that provide newsletters for a small fee. Or, you can re-use ours and blast it out to your employees or professional organization. Just be sure to give proper credit.
  4.  Security games/contests- FSOs have hosted poster contests where instead of relying on the security department to provide all the talent, other employees contribute. Organically produced posters can also use the company brand and carry on the company mission statement by having the security message reflect the organizational goals and values.
  5. Brochures- There are great resources for delivering pinpointed security messages. Companies can brand their security specifically to the organization or mission. Government agencies have websites with downloadable brochures and posters on many topics.

 
Be sure to create an index or catalog of where brochures, posters or other training items are located so that you can keep them updated, monitor use and make improvements. Most of all, it’s important to document and demonstrate how you use these items to improve your security posture. Become an expert for your training and show DSS how you are making a difference.

For more detailed ideas see pages 225-227 of DOD SECURITY CLEARANCES AND CONTRACTS GUIDEBOOK

 
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Thursday, October 20, 2011

National Industrial Security Program-NISP Enhancement

Category 1 of the NISP enhancement involves company sponsored events. This is an opportunity that the FSO can use to demonstrate above and beyond adherence to NISPOM Chapter 3. Some of the suggested ideas include:
·         Security fairs-Security fairs are great ways to demonstrate the added value security provides to the cleared defense contractors. The FSO can set up designated booths that functions to provide security solution and awareness. For some examples include:
·         Document wrapping booth to demonstrate how to properly mark and wrap classified packages. You can take the opportunity to brief courier and other classified transport opportunities.
·         Fingerprint booth-As FSO I ordered children’s finger print cards. When we had a company picnic, I invited all the parents to come by to get their children fingerprinted. I then turned the completed cards back to the parents for safe keeping. This provided a service to the company and helped establish personal and working relationships.
·         Document destruction-You can extend shredding and destruction services to employees. Invite them to bring in personal information such as financial records and shred them on site. If you have a vendor that provides the service for you, they many offer to do so in support of the security fair. While there, you can relay the importance of protecting and properly destroying classified, export controlled and privacy information.
Interactive designated security focused weeks-You can implement great security training by having theme weeks. For example, you can designate one week for information security, one week for personnel security, one week for general security and etc. During the focus weeks, you can provide educational emails, letters, posters or announcements with the relevant security reminders or training.
Security lunch events-I worked with a company that initiated a “lunch with the FSO”. The FSO reserved a conference room, carved out time in his schedule, and invited subject matter security experts to sit on a board. Every employee was extended an invitation to attend the monthly events.  The FSO opened the meeting with any updates or reminders of security policy and invited the attendees to ask questions of the subject matter experts.
Hosting guest speakers on security related topics –There are great resources that the FSO can call on to provide guest speakers. Fellow members of professional organizations may be happy to help. You can enlist fellow professionals to talk about International Traffic in Arms Regulation (ITAR) compliance or how to escort foreign visitors or other subject matter expert to on any topic appropriate for your company. You can contact a vendor to talk about their security related products or bring in a paid speaker or consultant. Also, don’t forget counter intelligence agencies, DSS or the FBI’s domain coordinators who may be available for such occasions. You might even consider inviting an Industrial Security Professional (ISP) certified FSO to talk about the value of hiring employees board certified to protect classified information.
Webinars-More and more training is being conducted on line. Professional organizations have such material available to paid members, DSS has a catalog of tons of training, and there is lots of free training available online. There are also great vendors who provide training software and hosting for company developed online training. Additionally, many vendors offer already developed online NISPOM training perfect for sending to your employees.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Friday, October 14, 2011

What is a National Industrial Security Program Enhancement Category


Defense Security Services are training their agents to apply the new Security Rating Calculation tool. This tool is used to standardize and is based on a numerical scale that allows graded results while accounting for a cleared facility’s involvement in the National Industrial Security Program. However DSS is training their agents to ensure they understand the process before implementing it.
This provides a great opportunity for cleared contractors and FSOs to prepare for the changes to come. One of the most prominent features is the addition of a method to grade the ability of a cleared contractor to go above and beyond National Industrial Security Operating Manual (NISPOM) requirements. At one time the ability to go above and beyond seemed objective, requiring the FSO to demonstrate how they went above and beyond during the review or other interaction with DSS. Now, DSS has included a proactive measurement called the NISP Enhancement. According to the DSS website, “…directly relates to and enhances the protection of classified information beyond baseline NISPOM Standards.”
DSS has identified 13 categories that they will evaluate the cleared contractor for “above and beyond” capabilities. During the review the DSS special agent will interview employees and review processes and procedures to evaluate impact on the security program.
The 13 criteria follow:
Category 1-4 Security Education
Category 5 Self inspection
Category 6 Classified Material Controls/Physical Security
Category 7 CI integrations/Cyber Security
Category 8 Information Systems
Category 9 FOCI
Category 10 International
Category 11 Membership/Attendance in Security Community Events
Category 12 Active Communication in the Security Community
Category 13 Personnel Security

Future articles will include ways to implement each of the13 categories. I hope you’ll continue to visit our blog and newsletter for more information on “going above and beyond baseline NISPOM Standards.”


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Thursday, October 13, 2011

Who will be the next FSO

For those defense contractors who what to perform on classified contracts, there are a few considerations to address. Under the National Industrial Security Program (NISP), a cleared contractor should appoint an FSO to take on this responsibility of directing a security program to protect our classified information. This FSO is the link between the government contractor and the cognizant security agency (CSA).

When considering who to appoint as an FSO, the cleared contractor has a few choices:
1.      The senior officer can assume the role.
2.      The cleared contractor can designate an existing employee
3.      The cleared contractor can hire an new employee

Whoever assumes the role of FSO must meet two requirements:
1.      Be a United States citizen. Both the facility and the FSO have to be U.S. Entities and must have a history of integrity and conduct that prevents or limits exploitation or coercion to release classified material in an unauthorized manner.
2.      Possess a security clearance according to the company’s facility clearance level (FCL).  A facility clearance is awarded to businesses that meet strict requirements and have a need to work with classified information. The personnel security clearance is awarded based on the need and the approval of a facility clearance.

Depending on mission and size of company it’s not unusual for the cleared contractor to appoint  an assistant, engineer, program manager, human resources specialist or other capable employee with the additional responsibility. Larger companies may have the luxury of hiring additional personnel for specific and defined security responsibilities.

When assigning an FSO, shareholders should look for demonstrated leadership and team playing traits that complement the minimum requirements found in the NISPOM. The FSO’s primary purpose is to prevent the unauthorized disclosure and release of classified information and help the organization maintain security clearance eligibility. Any unauthorized release can cause problems such as but not limited to: loss of reputation, loss of contracts, jail time or disciplinary actions against the employee, and loss of clearance for the employee and/or the business. The FSO has a tough task that they can’t possibly do alone (for training resources visit our website).


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Monday, October 10, 2011

5 Steps to Protecting Technical Data on International Travel

Prior to travel, a cleared employee should have a good understanding of their responsibilities to protect sensitive information. This can include classified or unclassified information and military or dual use information. For defense contractors, protection of classified information is addressed in the National Industrial Security Program Operating Manual (NISPOM), military technical data is covered by the International Traffic in Arms Regulation (ITAR) and dual use technical data is protected under the Export Administration Regulation (EAR).


Facility Security Officers (FSOs) and Exports Compliance Officers can train their travelling employees to protect technical and help them accept the responsibly to protect themselves, classified information, and technical information. Preparation for travel can be covered in 5 steps:

1. Ensure cleared employees notify their security office of all foreign business well in advance of a proposed travel date. This will prepare the employee and the supporting staff to adequately support the visit. If technical exchange is necessary, a year’s notice may be necessary to acquire the appropriate licenses and TAAs.

2. Travelers should understand how technical data can be transferred inadvertently or purposefully through a written note, viewing a computer screen, conducting seminars and etc. Make sure employees know they are only authorized to communicate technical data through a license and or TAA.

3. Employees should know the boundaries in advance before sharing any technical information with non US persons. Help them understand the provisos of licenses and TAAs and exactly what they are allowed to disclose.

4. Coordinate with the IT department (or someone offering these services) provides a computer only equipped with permitted information (according to licenses and TAAs). A sanitized computer reduces the threat of exports violations or theft of economic or corporate data. Keep all products and information that could lead to export violations or the release of proprietary data close at hand.

5. Teach employees to practice good physical safety and security. A good practice is for employees to conduct themselves as professionals at all times and know they represent the company. For safety, they might consider coordinating closely with their hosts to find the best places to eat and shop. The state department has a great website employees can visit to prepare for travel (www.state.gove). Anyone traveling abroad should familiarize themselves with the site and use it to become an informed international traveler.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Monday, October 3, 2011

3 Important Uses of the DD Form 254

In addition to the NISPOM, there is another critical piece of information for creating a lasting and significant security program and good classification management; the DD Form 254.
The Contract Security Classification Specification (DD Form 254) authorizes classified work performance and conveys the security classification specifications and guidelines for classification in the performance of a classified contract.

The DD Form 254 is provided to both the contractor and cognizant security offices when work is subcontracted to a supplier/vendor requiring access to or generation of classified material.
So why is this important to you?

 It provides authorization for a contractor company to hold and or perform on classified contracts. The DD 254 justifies the need to access classified information and how and where the contractor is expected to perform. This justification also addresses the level of clearance at which the facility and employees should be approved.

 It also provides the following information:
• The classification level the work will be performed.
• Any caveat access or any special briefing needed.
• Whether we can receive or generate classified information at our facility.
• Whether or not AIS processing is allowed.
• Exchange classified information/or visit another facility.
• Classify/declassify information and what Security Classification Guides will be used.
• Disposition of classified material involved with the contract
• Whether or subcontracting is authorized
• Any other requirements as set forth by the User Agency.

The 254 cuts through the fog of classification management, provides control and accountability of classified work and can be a foundation for security refresher training. It also serves as a basis for constructing a detailed and efficient security awareness program.

FSOs can better implement requirements of the 254 through the following steps.
1.  Become familiar with the classified contract(s) and the requirements of the 254.
2.  Know the contract numbers as well as what is allowed since each contract is unique.
3.  Use contract or subcontract numbers in the Information Management System, while logging in classified documents, processing clearances, and preparing visit requests. Better yet, use this tool to become an expert on building and implementing a security program to protect classified information


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Networking Skills

Experience, commitment and practice are the best qualities to prepare the professional for the necessity of good old fashion networking. Networking is especially necessary in high trust and vulnerability industries like security where peers, colleagues and co-workers closely guard information.

A career in security is rewarding and challenging. The work is important, cleared contractor employers count on FSO skills to maintain classified contracts and national security depends on proper protection of classified information. The security professional requires a high degree of interaction as paths cross in training, collaboration or through contractual execution. Security professionals are traditionally somewhat guarded discussing business with new or otherwise unknown persons. Security professionals require time to develop trusting working relationships and getting to know important connections in a timely manner is important.

So, how do we accelerate this networking curve?

1. Foster relationships on the job. Get to know other employees and business unit managers in your organization. Develop trusting relationships that allow exchange of information. Other employees can help broadcast the security vision as you assist them with their individual and program needs.

2. Become active in professional organizations such as NCMS or ASIS. Security professionals have a lot of experience that is definitely worth sharing. There may be other FSOs having similar challenges and may be able to give fresh insight. You may find yourself helping others as well.

3. Become known by writing articles or teaching classes. Publishing in professional journals or teaching a “how to” seminar will get you recognized as an expert and trusted person.

4. Look for opportunities to network with each business leaders, police, firefighters, public safety, local and national government agencies and any other members of the community. The best way to protect our industry and our national resources is to use our force multipliers.

5. Consider joining committees, volunteering in the community, or sharing your expertise outside of your organization or career. For example, you could demonstrate how a non-profit organization can protect sensitive data.

It doesn't take much to network; just willingness to both help and to learn. What you contribute is invaluable and you are never too old to learn from others.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM
Experience, commitment and practice are the best qualities to prepare the professional for the necessity of good old fashion networking. Networking is especially necessary in high trust and vulnerability industries like security where peers, colleagues and co-workers closely guard information.

A career in security is rewarding and challenging. The work is important, cleared contractor employers count on FSO skills to maintain classified contracts and national security depends on proper protection of classified information. The security professional requires a high degree of interaction as paths cross in training, collaboration or through contractual execution. Security professionals are traditionally somewhat guarded discussing business with new or otherwise unknown persons. Security professionals require time to develop trusting working relationships and getting to know important connections in a timely manner is important.

So, how do we accelerate this networking curve?

1. Foster relationships on the job. Get to know other employees and business unit managers in your organization. Develop trusting relationships that allow exchange of information. Other employees can help broadcast the security vision as you assist them with their individual and program needs.

2. Become active in professional organizations such as NCMS or ASIS. Security professionals have a lot of experience that is definitely worth sharing. There may be other FSOs having similar challenges and may be able to give fresh insight. You may find yourself helping others as well.

3. Become known by writing articles or teaching classes. Publishing in professional journals or teaching a “how to” seminar will get you recognized as an expert and trusted person.

4. Look for opportunities to network with each business leaders, police, firefighters, public safety, local and national government agencies and any other members of the community. The best way to protect our industry and our national resources is to use our force multipliers.

5. Consider joining committees, volunteering in the community, or sharing your expertise outside of your organization or career. For example, you could demonstrate how a non-profit organization can protect sensitive data.

It doesn't take much to network; just willingness to both help and to learn. What you contribute is invaluable and you are never too old to learn from others.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Wednesday, September 28, 2011

5 Steps to Hiring the Perfect Security Employee

Your company is growing and you find yourself reassessing your security team needs. Or, you find yourself severely lacking the personnel required to effectively perform security functions. In either case, it is up to you to hire the perfect employee.


Find the perfect employee? Though a daunting task, it is important that you hire and build a team of excellent security managers. Never, ever settle for a warm body just to get the job done. Many of you know from experience the issues of hiring the wrong candidate bring about.

There are a few good observations about potential candidates that can further them into the hiring process. These are 5 considerations you should employ befire hiring a security team member.
1.  All qualified applicants must reflect the company culture. What kind of employee does the company value? You must know this before you begin the search process. If your company values initiative, make sure your prescreen selects thinkers who can execute security functions with limited supervision.

2.  Know yourself and what you value. Obviously your values support the company culture, but here is where you use your “gut” to identify successful people. The successful person must also be mindful of the Government regulations required for the job. For example if your desire is to hire a document custodian, potential candidates should have an excellent knowledge of the National Industrial Security Program Operating Manual NISPOM. Your job is to filter technically proficient applicants with initiative to learn and execute security procedures. Then, recommend them for the interview.

3.  Find these successful people? Network with your industry peers; don't forget your professional networks and organizations. Review your job announcement and make sure it specifically identifies the need and requirements. Do they need a security certification? What security clearance level is necessary? Do they need one now or can you initate one later? How much experience is necessary? Is there a requirement for college?

If qulification aren't spelled out, spend some time editing it. This will prevent wasted time reviewing unqualified resumes.


Word of mouth and networking is another great resource. You never know who might be looking for a career boosting job or different work experiences. Also, consider temporary agencies. They are a resource full of qualified potential applicants.

4. Conduct the interview. Alright, here is where you need to be the most prepared. Rehearse, rehearse, rehearse! Here is your first impression of the applicant and vice-versa. It is important to find out everything about this applicant and see if they will be a good fit to existing company culture and whether or not they have the minimum qualifications.

During the interview, tell the applicant about the job description and the company. Use this time to evaluate their posture, bearing and interest. Then use open ended questions to assess their capabilities. For company culture consider questions like:
     a. Describe at time you made a decision
     b. What security initiatives have you implemented and how were they received by management?
     c. Describe how to wrap classified material?
     d. Describe how you open a safe?
     e. What steps do you follow to send a visit request?
Be as specific as possible. Remember, you want to identify someone who supports company culture and is capable of either learning or performing the job.

5. Finally, once you have made a decision to hire, assimilate this person onto the team. On the first day, invest a few hours with your new hire to review company values, introduce to the team, and further outline the job requirements. Be quick to welcome this person and involve the rest of the team. Later, help foster relationships between coworkers. The best way is have them train and cross train. This builds cohesion and breaks down pre-existing barriers. Your team will communicate better and appreciate your decision to hire this applicant.

With practice and the right skills your journey to hiring the perfect candidate and building a great team will be rewarding. Know your company, your requirements, identify qualifications, rehearse and conduct the interview, then build your team.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Wednesday, September 21, 2011

3 Ways FSOs can Have a More Effective Security Program

The Facility Security Officer’s (FSO) successful program depends on developing relationships with employees, managers and executives to facilitate execution of company policies, necessary security awareness training, willful employee self-admittance of security infractions or change of status, and proactive action toward expired, existing and future classified contracts. Any of the above mentioned success measures is difficult to obtain in a changing employee and contract environment, but is simplified through employee and executive buy-in.

How to do this:

The following 3 points pave the way for a successful security program.

1. Gain executive, manager and work force buy-in. This can be accomplished by first demonstrating a sound understanding of company mission, classified contract requirements and providing sound security policy. Cross cultural buy-in is critical for integrating the security plan into all business units and company operations.

2. Become the “go to” person for all new security challenges. The FSO doesn’t need to be involved in every decision made by cleared employees. However, if it involves a procedural change or the degradation in security, contacting the FSO should be an automatic response. Become recognized as not only and expert at NISPOM compliance, but a part of the team. This will help ensure that all units within an enterprise notify the FSO of any change in disposition of classified material storage. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with the FSO and keep the FSO informed of expired, current, and future contract opportunities and responsibilities.

3.  Create a budget based on mission and NISPOM compliance. An obviously important task is to direct the security program to protect classified information. But this is not to be assumed at all costs. Even NISPOM identifies the need to apply using economically feasible solutions. The FSO’s task should be to have an award winning program while supporting the company’s primary mission; to make money. The FSO owes allegiance to protecting nation’s secrets, but will not be able to do so if the company profits go straight into the security budget. Do this by becoming a good steward of company resources and develop policy that corresponds with the mission.

More tips can be found in the book “DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know”

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

5 Effective Ways to Study For the ISP Certification Exam

Out of the approximately 3500 NCMS members nearly 325 hold the ISP certification.  The test is challenging and candidates are expected to score at least 75% for a passing grade.

Why Certify?
 The ISP holder demonstrates a high level of knowledge. The certification is based on the NISPOM but also covers electives such as: COMSEC, OPSEC, and other topics.

This certified professional communicates to upper management that they are committed to the business, the industry and the protection of national interests. It puts the company in a stronger position while bidding on contracts and lends credibility to relationships with the oversight agency the Defense Security Services (DSS). Most of all, it gives the bearer confidence in their ability to apply their knowledge. As this certification program evolves, more and more employers will require the certification.

Preparing
Only those working in the National Industrial Security Program for at least 5 years are edible for the ISP Certification. Five years experience should make the professional more than capable of passing the exam. However, understanding how to study will make a difference in their success.

Targeted focus for thirty minutes to an hour a day for six months can make a huge difference. However, study methods for open book tests are a lot different than for closed book tests. For example, the ISP Certification allows you to use the NISPOM and other reference material during the exam. This requires a broader understanding of where to find information by topic. The DoD’s Security Professional education Development certification does not allow candidates to bring reference material. This requires more memorization and more depth of study. However, in both cases, the tests are tough and candidates need to study. The few minutes made a big difference.

Test topics include Security Administration and Management, Document Security, Information Systems Security, Physical Security, Personnel Security, International Security, Classification, Security Education, and Audits and Self-Assessments. The broad scope of study provides a challenge as not every cleared contractor is experienced in all aspects of the NISPOM. But there are ways to prepare that will help pass the exam regardless of how much actual experience a candidate has for any of the topic areas. For example, you can pass all sections including NISPOM Chapter 8 topics without ever having had worked in the environment. An FSO or security manager at a company that only provides security cleared employees can pass the ISP Certification exam without ever having marked a classified document. How?  By following these five study methods to gain a better understanding of NISPOM.

1. Determine which type of test you will take and study using those resources and REGISTER. This will cause the clock to start ticking and seal your commitment. I recommend taking the computer exam and using the electronic NISPOM with ISLs. The “ctrl f” function is a life saver as it will allow you to search the NISPOM by keyword and topic. For instance, if a question covers proper marking procedures, you can search the NISPOM using keywords such as “classification marking”, “marking”, or using actual keywords in the question.

2. Become familiar with the NISPOM. It’s not necessary to memorize the NISPOM. Just, become familiar with chapter titles and paragraph topics and understand their applicability. This will help if you cannot find the answer using the keyword search. Sometimes questions won’t contain keywords and you’ll have to rely on intuition, experience and book knowledge. It’s important to know that information systems security is in Chapter 8, security education is in Chapter 3, document security is in chapter 5 and etc. Knowing topics will save a tremendous amount of time searching the NISPOM

3. Form a study group. Contact your local chapter of NCMS and join an existing or form a new study group. Also, join the NCMS’ Exam Preparation Program. This is led by a team of ISP Mentors and includes conference calls, downloads and purchasing their study guide.

4. Work outside of your area of expertise. Security specialists working in a large organization might work in one small discipline such as document control, classified contracts, information system security, or program area. It may be possible to cross train in other security disciplines to become more familiar with wider ranging NISPOM requirements. If you the opportunity does not exist, consider asking FSOs in another company to train you on their procedures. This can form the basis of a working study group.

5. Take DSS courses. Concentrate on the nine core areas of the ISP Certification Exam. This will help you reinforce NISPOM requirements and where to find answers in the NISPOM concerning the subject matter.

There are many excuses not to take the exam: the cost, time involved, or fear of failure. Take the online test! If you can perform a search in a PDF file, you can pass the test. The exam gives 110 multiple choice questions and takes up to 120 minutes. There is a clock that keeps track of the time and the test times out automatically. How convenient.

If you take the online exam, I recommend using two monitors. Open the test in one monitor and the PDF version of the NISPOM in the other. Open the search function in the NISPOM and type key words from the test question to find the reference. It’s that simple, but takes some practice.

The following are websites that offer reference for the ISP test study. The first website offers 20 free practice questions, study tips and PDF files of the NISPOM.
http://www.redbikepublishing.com
ISP Certification Exam Manual
NISPOM

NCMS website:

I studied for six months, before I had the courage to take the test. I studied, documented my study methodology and began writing a book. I have a database of 440 questions  (four practice tests and recommendations) that will definitely help guarantee your success.

Whether you’re employed in the security field as a government employee, contractor, loss prevention or IT, you need the competitive edge.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM