Security Executive Blog

Facility Security Officers (FSO) have a tremendous responsibility developing a security program to protect classified information. After all, they (individual or staff) are the link between the government oversight (cognizant security office), customer (prime contractor or Government Contracting Activity) and the cleared defense contractor to ensure that classified information is properly protected. However, if FSOs focus solely on the classified responsibilities, they are missing great opportunities to increase their effectiveness. That’s right, focusing solely on the single task of protecting classified information may reduce chances of being more effective.  Providing value added outside of the National Industrial Security Program Operating Manual (NISPOM) actually helps the FSO create a better security program. FSOs can expand their influence by providing lessons learned and best practices to integrate security into all enterprise areas. These areas become part of a...

http://www.icontact-archive.com/c4PNVL0-z66WLzORFNJCef4n0g49XcbI?w=7 Our latest newsletter. Come see it... 2 Obstacles Every Facility Security Officer Must Overcome 3 Pronged Plan of Attack FSOs Should Consider  Determining ITAR License Requirements with Bob Schuettler, Director, Corporate Export Licensing and ATK Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike...

Here are actual questions from the book  ISP Certification-The Industrial Security Professional Exam Manual . The questions here are all about NISPOM Chapter 8. G o ahead, test your knowledge: 80. Level of concern reflects the sensitivity of the information and  the consequences of the loss of confidentiality, availability, or  _____. a. Truth b. Equipment c. Integrity  d. Values e. Ethics 81. Who has responsibility for accrediting information systems  used to process classified information in industry? a. CSA  b. FSO c. ISSM d. ISSO e. Contractor 82. The CSA can grant interim approval to operate an IS for up to: a. 120 days b. 90 days c. 180 days d. 1 year e. 45 days 83. Systems operate at Protection Level 3 when: a. All users have required approvals for access to all information on system b. All users have required clearance, but at least one lacks need to know c. All users have required...

One thing I remember from my many years in the Army is that you can’t force motivation. Sure, I’ve done my share of pushups and flutter kicks ordered up by a drill sergeant who thought I needed to some incentive, but I didn’t do them out of my own initiative. It just made him feel better. The point is most of what it takes to contribute to and become a sought after member of an enterprise team comes down to a professional’s motivation and initiative. In past articles I’ve addressed some important tasks FSOs should undertake to add enterprise value; all tied leader effort and initiative. The FSO has marching orders to develop and implement security programs to protect classified information.  But, how effective is security policy if it is written by security and posted only in the security office? Unless security requirements are incorporated into overarching policy and adopted by all business units (HR, safety, security, business development, operations, contracts...

Security policy is just as good as the paper that it is written on. However, those professionals who want to incorporate sound policy with demonstrated good procedures understand that a written document is just part of the solution. Success rests on the entire enterprise accepting and incorporating the policy as a normal part of doing business. The road to that success can be quite bumpy, but I’ll lead the way. There two kinds of challenges facing security professionals; self-Inflicted and the second, institutional. 1.        Self-Inflicted challenges are the ones that we place in our own way. They are perceptions about our capabilities (or lack there) that professionals form about us. The perceptions manifest two different ways; lack of vision and lack of initiative. a.       Lack of Vision -  The Dr. No Syndrome - “No, you can’t do this or have that.” “The NISPOM says blah blah blah!!!”  “The answer i...