Security Executive Blog

ITAR is here Export compliance first and foremost helps companies and individuals successfully earn profits while playing by the rules. Our government encourages international business. The opportunities for expanding business and growing employee experience make international trade an attractive endeavor. The benefits are huge as long as enterprises know the rules and successfully transfer technology. The reality is that a license or technical assistance agreement may many times be possible and likely be granted when given the time and consideration required.  Unfortunately, the routes professionals sometimes take to avoid licenses causes export violations and significant damage to our defense and economy. Successful export occurs where the whole team understands the mission and each business unit and employee role. The compliance officer trains the company and keeps the empowered official abreast on licensing and technical assistance issues. They also establish trigger me...

More information here Insider threat briefings abound, but very few actually identify protection measures against an enterprise insider threat from within the enterprise. Many training opportunities do a good job at describing the threat and the need to prevent such occurrences, but seldom are the right measures identified. Here are four proven ways to protect classified contracts and sensitive company information: Consult your employees and provide proscribed protective measures found in policy and guidance such as National Industrial Security Program Operating Manual ( NISPOM )   and the International Traffic in Arms Regulation ( ITAR ). This is going to be as simple as interpreting what needs to be protected, what to protect and how to protect classified contract work per written contractual and policy guidelines. Establish rules of engagement with cleared employees, getting their understanding and agreement. Equally important is to protect proprietary and other...

The National Industrial Security Program Operating Manual ( NISPOM ) lists cleared employee training. New employees are required to have Initial Security Briefings to ensure their understanding of the following topics: A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations and requirements Security procedures and duties applicable to the employee's job Why are these topics important? They give the cleared contractor a good idea of what is classified, why it is classified and how to protect it from unauthorized disclosure. Well trained and enabled employees drive the enterprise security program headed by the FSO. The threat awareness briefing helps the cleared employee understand that there are people who want their information. These people have techniques and a modus operandi to get access to classified information. However, employees can apply this to export controlled...

Red Bike Publishing's Unofficial Guide to ISP Certification 1.       All of the following must be included in the authorization letter for hand carrying classified material on a commercial aircraft EXCEPT: a.                  Traveler’s Social Security Number b.                 Description of traveler’s ID c.                  Description of material being carried d.                  Identify points of departure, destination, and known transfer point e.                  Location and telephone number of CSA 2.       Contractors shall limit the...

See More Ideas in DoD Security ClearanceAnd Contracts Guidebook In part two of the series U sing Traditional Security Tools in Unique Ways-Moving from Security to Risk Management we’ll look at a few more ideas. In part one we looked at security training , clean desk policy and posting reminders of work in progress. In this article we’ll look at documenting the use of security containers and end of day checks. Document the opening and closing of security containers-So, here's the question, other than helping determine who opened the security container, who closed it and who checked it, what real use is it? Such a form is an inspectable item in the government, but other than that, how does industry use it to improve enterprise security posture. As a standalone tool, we rely on professionals to actually fill it out correctly. When they do, what information does the form actually provide? If an insider plans a malicious event, they won't fill it out. Out o...