Security Executive Blog

Markings should not be the “stand alone” security measure. FSOs might be tempted to add additional markings to already cluttered media hoping to prevent a user lapse in judgment. Once again the effectiveness begins to wear off and man hours are wasted on efforts that may not increase awareness. To counter the effects, the holder of the classified material must remain vigilant and aware of their surroundings and situation at all times. This is a proactive posture and requires a bit of imagination. Such security is accomplished with solid training and reminders of responsibilities while possessing classified information. Simple Solutions 1.  Clean desk policy has helped reduce security violations. In this situation, an employee removes everything from the tops of their working surfaces or desks except for the classified material. That simple practice could make a busy employee more aware that any articles on the desk requires extra diligence and must never be left unattende...

The term Cleared Defense Contractor ,might conjure images of large complexes, with a healthy security staff, plenty of closed areas, labs and conference rooms. However, there are many, many more contractors that are just a few employees with great ambition, drive and ideas. In some cases, smaller and less experienced defense contractors may not be as proficient in executing security responsibilities. Full time FSOs understand a little about the requirements of a DD Form 254 and how to protect ITAR controlled technical information. But, knowing how to interpret and apply the National Industrial Security Program Operating Manual ( NISPOM) let alone the Federal Acquisitions Regulation it is something that takes time. I travel to many defense contractors working on cutting edge research and development efforts. These defense contractors have been as large as thousands of employees and as small as three scientists in a converted school house. Think Apple in their garage years; state...

Gates and guards seem to be the back stop of most security efforts. However, without a real risk or security assessment, these efforts only go so far. Many Facility Security Officers (FSO) and cleared employees work within the walls of impenetrable fortress like structures. These reinforced security bunkers are built to withstand repeated break in attempts as well as maintain state of the art alarms, close circuit television cameras, and card readers that can resist and detect most types of intrusion, but… …when was the last time you’ve read of an intruder breaking into a cleared facility and cracking a security container to run off with secrets? What do DSS, security educators and security practitioners preach as the biggest threat? Sensitive information available in the public sector, trusted employees transferring technical data to adversaries through seminars, emails, or just walking out of secure facilities with it. Without addressing the real threat, the security commun...

Want a few ISP Certification  study guide questions? Grab your NISPOM and try these questions to see how you do? 44. Receipt must be provided for which level of classified material? a. SECRET (NISPOM 5-401) b. CONFIDENTIAL c. UNCLASSIFIED d. A and b e. All the above 45. Working papers must be marked the same as finished documents at the same classification level EXCEPT when: a. Transmitted outside the facility b. Retained for more than 30 days from creation for TOP SECRET c. Retained for more than 120 days from creation for SECRET (NISPOM 5-203b) d. Retained for more than 180 days from creation for CONFIDENTIAL e. Retained for more than 180 days from creation for SECRET 46. Classified material may be destroyed by which of the following methods a. Mutilation b. Chemical decomposition c. Pulverization d. Melting e. All the above (NISPOM 5-705) 47. What methods are approved to protect miscellaneous openings of greater than 96 inches and over ...

The granted security clearance is part of a continuing evaluation process. Once a security clearance is granted the cleared employee will be periodically reevaluated and reinvestigated if the clearance is to remain in effect. When cleared employees require access to classified material beyond the scope of the initial investigation, the facility security office will submit a request for a Periodic Reinvestigation (PR). The adjudicator makes decisions concerning whether or not the subject’s allegiance is still to the United States, they can still be trusted to protect classified information and they will still be able to carry out their duties at all times. The PR for the TOP SECRET clearance is the same level of investigation as was initially conducted. The SSBI-PR is conducted every 5 years as needed. For SECRET, the NACLC is conducted every 10 years and for CONFIDENTIAL the NACLC is conducted every 15 years. Part of the security education process emphasizes the importance of cont...

You might already know how to write policy that reflects the NISPOM and export compliance or ITAR regulations. That might very well be an easy task for you. Just like ISP certification mentioned in an earlier post, the policy itself should not be the catch all solution. Just as the certification compliments the bearer’s capabilities, the policy should complement the processes and procedures you have in place. Policy tells what should happen and is in itself easier to write and have approved than the how to do it found in processes and procedures. Even if you do not know how to write policy, you can always download a boilerplate standard practice procedures, technology control plan, or sample security policies downloaded from Defense Security Services (DSS), or shared by fellow security professional organization contacts. What won’t be so easy to find is policy tailored to your specific needs and how to incorporate them into company business. That will require teamwork with othe...

World class security programs under the National Industrial Security Program (NISP) are run by world class Facility Security Officers (FSO) who continually demonstrate their qualifications. It’s one thing to be good at your job, know the NISPOM well, be technically efficient and capable of personally validating security plans. An FSO should be capable of more than just a security clearance pipeline. It’s quite another to become recognized as a leader, recruit assistance company wide and become recognized for the good work.  In the second example, your efforts perpetuate themselves as others become force multipliers and quickly engage and support your mission. One way to ensure such success is to document your qualifications  through professional certification. Of itself certification is not the answer, but does complete the picture. For example, there are many leaders in the industrial security community who are very influential and well respected; their work stands al...