Security Executive Blog

Some would argue that self inspections are conducted ONLY at the midpoint between Defense Security Service (DSS) reviews. After all, that's the only requirement according to the National Industrial Security Program Operating Manual ( NISPOM ). For possessing cleared facilities, the midpoint is 6 months from the next annual review. For non possessing, then 9 months from the 18 month review. However, if you wait until the midpoint, then you might be missing a great opportunity to proactively assess the state of security within your cleared contractor facility. Facility security officers (FSO) can take the initiative to incorporate the security program into the organizations makeup. The following are Five valid reasons to conduct a self inspection: When a new FSO takes over-When I was in the army, we always held an inventory when someone on the hand receipt took over.   For example, when I took command, we walked through all the property to account for it being both on hand an...

 I could write the same old same old about government and National Industrial Security Operating Manual (NISPOM) requirements. However, such hammering would overshadow a great opportunity. Sure the NISPOM requires that cleared contractors perform self inspections sometime between Cognizant Security Office (CSO) reviews, but that is not the compelling reason or many of the supporting rewards for those who capture results of self inspections. The Defense Security Services (DSS, the CSO for the Department of Defense) will look for self inspection results during regularly scheduled security reviews. If you have a possessing cleared facility, then DSS will review annually. If non-possessing, then this review will occur every 18 Months. The NISPOM requires a self review be performed midway between CSO reviews. Now that we have the regulatory guidance out of the way, we can focus on the real reasons to perform the self reviews. The Facility Security Officer (FSO) tying security into the ...

Required forms for facility security clearances Aside from the SF 328, another required form for the facility security clearance process is the Department of Defense Security Agreement ( DD Form 441 ). The Cognizant Security Office (Defense Security Services (DSS) for the Department of Defense) will advise the contractor on how to fill out the forms and answer any questions the contractor may have. Department of Defense Security Agreement, DD Form 441 The DD Form 441 is a security agreement between the contractor and the DoD and documents responsibilities of both the cleared contractor and the government in the protection of classified information. For example, the contractor agrees to implement and enforce the security controls necessary to prevent unauthorized disclosure of classified material in accordance with the National Industrial Security Program Operating Manual ( NISPOM ). The contractor also agrees to verify that the subcontractor, customer, individual and any other ...

Another business saving advice includes identifying and marking intellectual property or proprietary information. Many organizations just neglect to document. Ask the hard questions about what makes your product so special. That's what you want to protect. Identify what's special, document those findings and create steps to limit exposure. Consider Kentucky Fried Chicken. They are able to sell their product, but very few actually know the secret blend of herbs and spices. How to Keep Company Secrets | Inc.com Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel".Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearance...

WHAT YOU SHOULD KNOW ABOUT THE  ISP Certification-The Industrial Security Professional Exam  Almost all of the test answers can be found in NISPOM, if you can answer most of the questions, you can pass the exam. Pass or fail is based on entire test Not penalized for failing portions or electives; only overall score counts Practice using searchable electronic NISPOM version with ISLS. Practice the way you expect to test. Use sample questions and use "search" function to find answers in the online NISPOM. Reduce time/increase pass probability Some questions can be answered with word for word search. Know how to search PDF documents (NISPOM) Some questions can be answered with topical search Know which chapter an answer can be found by topic (Chapter 1-policy, structure and inter-agency coordination and hierarchy, Chapter 3-Training, Chapter 8 Information System Security, etc)  Don’t memorize the NISPOM, just know how to...

Try these 5 challenging questions from Red Bike Publishing's  "ISP Certification-The Industrial Security Professional Exam Manual" , by Jeffrey W. Bennett, ISP, SFPC. 1. A facility at which only one person is assigned shall establish procedures for CSA notification after _____ or _____. a. Death, incapacitation b. Termination, resignation c. Compromise, unauthorized disclosure d. Bomb threat, natural disaster e. New hire, replacement 2. Contractors shall conduct formal self inspections at intervals consistent with: a. Risk management principals b. DSS inspection dates c. FSO determination d. Previous results e. All of the above 3. Concerning the Information Sensitivity Matrix for confidentiality, what qualifiers match the Basic level of concern? a. TOP SECRET and SECRET Restricted Data b. Confidential c. SECRET and SECRET Restricted Data d. UNCLASSIFIED e. FOUO 4. In the Protection Profile Table for Integrity, which Backup and Restoration of Data...

For those of you who may have noticed, my website has been hacked, pranked or whatever. I don't know what the intent was or why someone would target a small niche company? What's the ROI or bang for the buck? Not sure, nor am I sure anyone will notice. So, just to be sure they get the full exposure, and since I don't know how to remove it, I'll embrace it. Thanks random hacker.... You can see it for yourself at www.redbikepublishing.com/about Crazy, right.... Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances"...

How Personnel Security Clearances are Granted Employee Access to Classified Information The Defense Industrial Security Clearance Office (DISCO) processes security clearances for organizations falling under the NISP . According to Executive Order 12968 —Access to Classified Information, employees should not be granted access to classified information unless they possess a security clearance, have a need to know the classified information involved, received an initial security briefing and have signed a nondisclosure agreement. Oversight of NISP Within Cleared Contractor Facility The Facility Security Officer (FSO) is a position that the defense contractor must appoint during the Facility Clearance (FCL) approval process. The FSO implements a security program to protect classified in information. They also request investigations for employees who require a security clearance. What this means is, all cleared contractors must appoint an FSO. It could be the business owner in a sma...

Industrial Security Management Overview Learn how to make your organization compliant with protecting classified information and win more contracts. This course is designed for security managers, officers, contracts personnel, human resource personnel, and others who wish to increase their knowledge of the National Industrial Securi ty Program Operating Manual ( NISPOM ) and ability to correctly interpret and apply the specifications detailed in the NISPOM. Those already performing on classified contracts can sharpen their skills, prepare for the Industrial Security Professional Certification exam, as well as, develop new ideas on how to implement and direct a security program to protect classified information. Included with the course is the text, DoD Security Clearance and Contracts Guidebook: What Contractors Need to Know About Their Need to Kno w. REGISTER Topics Include: Overview of the NISP and NISP Operating Manual Performance expectations on classified contracts Responsibil...