Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Tuesday, April 26, 2011
Why I wrote ISP Certification-The Industrial Security Professional Exam Manual
Excerpt from the tentatively titled book "Get Rich in a Niche-Writing and Publishing for Small Industries"
A familiar saying, “Necessity is the Mother of Invention” describes that a need comes before a product. Someone recognized a lack of a product or item and without successfully finding satisfaction, they invented a product themselves. Many become wealthy and famous providing what they themselves found the world to lack. I have helped other professionals by providing practice tests and boosting the confidence of others who desire a security certification. Before I took my certification exam, I looked around for leadership. I found a small study group, however, it was up to me to study for and pass the examination. Because there was lots of encouragement, but not much leadership in the area, I began to invent my own study program.
Many of my ideas were not conventional in the specialized security market. However, I had learned from college, previous military and life experience, how to set goals and establish a way to reach those goals. With a lack of publication in the area, I went about touching, experiencing, and researching everything I could about the certification. I volunteered for extra jobs at work (related to the certification) and took notes of my progress.
I also read reviews of the test and articles about who passed the test and what they did to study. Most who had failed had done so because they ran out of time. Since the certification exam has a two hour time limit for 110 questions, I knew that my priority was to find the answers quickly. When the day came, I took the test and finished in plenty of time. I realized that I held a key to passing the test and knew that I could share it with others. Where others ran out of time, I found a way to beat the clock. My book continues to not only encourage others to take the exam, but to pass. The reviews on Amazon.com testify to my unconventional approach to the test taking. My premise is that the professionals already know the material, and I can show them how to organize studying to successfully pass the test.
And that’s the point. There was a problem and I knew I had the solution. Others continue to write to me as well as post positive comments about my book. To date, I still have no serious competition, but others are arriving to the market. I just have to stay on top. My publications allow professionals to focus on their careers, knowing I will provide quality niche related publications.
Saturday, April 16, 2011
Industrial Security Newsletter - iContact Community
Our Newsletter |
Great Articles on Improtant NISPOM Topics:
Information Management Systems
Reproducing Classified Information
Upcoming Security Books
Check the NISPOM newsletter Industrial Security Newsletter - iContact Community
Friday, April 8, 2011
Clean Desk Policy
NISPOM is for all cleared employees |
Simple Solutions
Simple acts such as maintaining a clean desk policy has helped reduce security violations. In this situation, an employee removes everything from the tops of their working surfaces or desks except for the classified material. That simple practice could make a busy employee more aware that any articles on the desk requires extra diligence and must never be left unattended. When no longer needed, classified information should be locked up in a security container or closed area. If a desk is empty, the cleared employee can also assume that there are no classified items out. This discipline creates an environment that reduces the chances of the employee leaving a classified item vulnerable to compromise if they forget to secure it prior to taking a break or leaving for the day. Also useful is the posting of a desk tent and door hanger with an important reminder that classified items are left out. As the employee leaves their work area, they will encounter the warnings on their desk or door handle.
Thursday, April 7, 2011
Information Management Systems
Commerically available IMS use information technology to create a detailed database that helps FSOs track classified material through many dispositions from receipt, inventory requirements and final disposition. Some produce receipts, tie to a barcode scanner, report statistical data that can help determine use and much more. For example, if an inventory reveals missing classified information, the database can provide valuable information to help reconstruct the classified information’s history.
Databases can be tied to scanner software. Barcodes can be printed and applied to classified items for scanning. If an item is destroyed, shipped, filed, loaned or returned, it can be scanned and the status updated. These databases provide reports identifying when and where the barcode on the classified document was scanned and the last disposition. The FSO can use the technology to research dates, methods of receipt, contract number, assigned document number, assigned barcode, title, classification, copy number, location, and name of the receiver as follows:
- Date of Receipt or Generation-This information is recorded to indicate the day the document arrived. It can be used as the countdown date for an inventory requirement or as a timeline or search method in case an employee needs to retrieve it. If a document cannot be easily traced, those conducting the inventory can use the date in reference to narrowing down search locations or options
- How Received-Did the classified item arrive through USPS mail, overnight delivery, courier, hand carry, electronic means, derived from other research, printed or duplicated? This information is important to the FSO for use during DSS’s annual review.
- Contract Number-Contract numbers are important in situations where a contractor may have hundreds of classified contracts including directions that the material classified at certain levels must be stored separately. This added column can assist with determining need to know, quick retrieval of receipts, records or the classified item itself. Additionally, the FSO can pull documents by contract number to return to customer during contract closeout.
- Document Number-Cleared contractors operating an IMS can generate an internal document number for classified information entering the company.
- Barcode-The barcode is an excellent tool for document filing, retrieval, inventory and internal tracking for cleared contractors with large inventories of classified information.
- Unclassified Title-Unclassified titles should be used. If a receipt arrives with a classified title, the receipt will have to be protected as classified. If an unclassified title is not possible or desired, arrangements will have to be made to protect all records and receipts with the classified information annotated. The classified title cannot be put on an unclassified database.
- Classification Level-Data with the classification identified helps during the retrieval process. Classified information with the additional designations or caveats of: FGI, NOFORN, INTEL, NATO and others should be filed separately according to regulations and contract requirements.
- Copy Number-Copy numbers are used for multiple copies of existing classified material. For example, five copies of the same type of classified document could arrive or be duplicated on site. For example, XYZ Contractor number’s their documents sequentially. Document number 35601-02 is the 35,601st document entered into the system. Additionally, the -02 identifies it as the second copy of that document.
- Location or Disposition-The exact location of classified material helps with the easy retrieval. To log a document into accountability with no location is fine for companies possessing a limited amount of documents. Those contractors or agencies with multiple documents and possible locations will want to identify the assignment for quick retrieval. An additional data field can be used to input shelf, GSA container, room or building number.
FSOs may also want to track the use of classified information checked out of a central location. This is similar to what a library does. Tracking the check out dates can help reconstruct where and when a document is used to find lost documents, help enforce need to know and provide better document control.
Tuesday, April 5, 2011
Studying for the ISP Certification?
ISP Certification... Study Manual |
If you are going to the NCMS National Convention in New Orleans, why not take our book with you. Red Bike Publishing has all of your ISP Certification and security reading covered. ISP Certification-The Industrial Security Professional Exam Manual
“(Your Name Here), ISP”—Imagine what certification can do for you!
If you are serious about advancing in your field, get this book. Learn the secrets to becoming influential, earning credibility and studying for the ISP Certification. Secret number one, you are a technical expert and know the business of protecting classified information. Let us help you prepare for the test. Our book helps you prepare for both your career and the ISP Certification Exam. Keep reading for sample questions.
NCMS has an excellent and successful study course known as the ISP Exam Preparation Program (EPP). We recommend that candidates check out the EPP and consider it as part of their study program. Consider visiting the NCMS national website for more information about the ISP Certification, qualifications and study groups.
Using our books to augment your ISP exam preparation will also help you be better prepared for the exam. Our book is the only one available for the ISP Certification and offers 440 practice questions. Our author teaches insightful study tips designed to show you how to: form study groups, network, seek out opportunities at work, learn your way around the NISPOM and has four exam length practice tests. It’s true, those who have bought our books and used our techniques to augment their preparation have performed very well. See our testimonials page for their stories.
Sunday, April 3, 2011
Disclaimer from Upcoming DoD Security Clearances And Contracts Guidebook
Get it here |
Here is the disclaimer from our upcoming book. Just a little flavor of what you can expect. Please forward for others who might be interested
This book is designed to give defense contractors insight into the National Industrial Security Program. Our intention is to help defense contractors understand what is required of them should they become cleared facilities working on classified contracts. Any security and compliance related issues that an organization may face should be pursued with the Cognizant Security Agency (CSA), Government Contracting Activity (GCA) or other Federal agencies and legal activities.
This book is meant to compliment the federal regulations and executive orders bringing about the National Industrial Security Program. It is also designed to help the reader draw from experience and suggests ways to improve security programs. Those who are new to the field can use this as a guide, but should consult their CSA. We have made every effort to make this book as accurate and complete as possible. It has been written by an ISP Certified author and has been reviewed and edited by some of the most experienced Facility Security Officers , defense contractors and ISP’s in the business.
Not every defense contractor is the same. Classified contracts further differentiate requirements. Each contractor may have a unique mission based on skill sets and core competencies. Each contract has unique requirements based on product and service needs. Defense contractors working on classified contracts will have further defined roles based on requirements listed in the Contract Security Classification Specification (DD Form 254) and contract clauses and language. Specifically, cleared contractors have unique security requirements based on the DD Form 254 identifying the clearance level and classified storage level. The following are two examples out of many possible scenarios:
Example 1: A defense contractor is required to have a Facility Security Clearance (FCL) of TOP SECRET while having a classified storage level of TOP SECRET. In this case they can expect to have employees with TOP SECRET security clearances supporting contracts on site with TOP SECRET work and TOP SECRET information. In the course of their work they will store tens of thousands of classified items. Their security requirements are complex depending on the amount of classified items, level of classified information, amount of international contracts, and etc.
Example 2: In another example a contractor has a SECRET FCL and no authorization to store or perform classified work on site. They require the SECRET FCL for the sole purpose of providing employees with security clearances to perform work off site at a customer location. They will have no requirement for security containers or in-depth security to protect classified information on site.
The purpose of this book is not to provide exact solutions for each of thousands of possible scenarios. There are too many variables to be contained in any one book. It is written to inform and provide resources that the defense contractor can use to either seek additional expert help from the CSA, GCA, Prime Contractor or competent consultant. This book is written to reflect guidance from the National Industrial Security Program Operating Manual (NISPOM), but is not written to be used instead of the NISPOM. Additionally, there is guidance in the NISPOM not covered in this book. This book is written to familiarize and inform defense contractors with NISPOM requirements. The NISPOM is the manual cleared contractors should use to build their security programs to protect classified information. This book covers general areas most cleared contractors may encounter. It is meant to help the reader determine which parts of NISPOM apply, direct the reader to available resources and suggest general ways of implementing the NISPOM. The reader should always consult NISPOM, GCA, Prime Contractor and the CSO concerning policy and contract requirements.
Saturday, April 2, 2011
Cleared and Certified - Wired Workplace
Cleared and Certified - Wired Workplace Interesting news on salaries for cleared and certified employees. Cleared employees earn 12% more than their counterparts. Many in the DICE poll also claim certification has helped them earn a new position.
Helpful resource for security clearances |
Subscribe to:
Posts (Atom)