The
National Industrial Security Program Operating Manual (NISPOM) lists cleared employee training. New employees
are required to have Initial Security Briefings to ensure their
understanding of the following topics:
- A threat awareness briefing
- A defensive security briefing
- An overview of the security classification system
- Employee reporting obligations and requirements
- Security procedures and duties applicable to the employee's job
Why
are these topics important? They give the cleared contractor a good idea of what is
classified, why it is classified and how to protect it from unauthorized
disclosure. Well trained and enabled employees drive the enterprise security
program headed by the FSO.
The
threat awareness briefing helps the cleared employee understand that there are
people who want their information. These people have techniques and a modus
operandi to get access to classified information. However, employees can apply
this to export controlled, intellectual property and proprietary information.
Employees should be trained to recognize attempts to access sensitive
information by an unauthorized person.
A
defensive security briefing is the next step. This training goes into detail
about how an adversary might approach an intended victim to get sensitive
information. The defensive security briefing teaches the cleared employee to be
on the offense with active measures to protect classified knowledge and
information. Employees should know how to react to requests and report all
attempts to gain unauthorized access.
An
overview of the security classification system provides the cleared employee
with answers to how is information is classified, what criteria is used and how
are decision disseminated. Some useful tools include security classification
guidance, DD Forms 254, and classification markings.
Employee
reporting obligations and requirements should provide resources for reporting
certain types of information. The cleared employee should be given information
of how to report espionage, sabotage, security violations, suspicious activity
and etc.
Security
procedures and duties applicable to the employee's job is the real meat. This
helps the cleared employee with specific tasks related to protecting classified
information they may actually work with on the job. Great tools include the DD Form 254, security
classification guides, statement of work, requirements documents, work breakout
schedules, engineering documents and etc. Where the FSO might train the first
few requirements, a supervisor, program manager or lead engineer might take
over this training. The key is to ensure a properly trained employee and
document that training.
Training
cleared employees to perform on classified contracts is the first step to a
great industrial security program. NISPOM outlines required topics, but enterprising
FSOs can make the training more applicable. The better employees understand
their jobs, the better they can protect sensitive information they are
entrusted with.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .
Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
No comments:
Post a Comment