Posts

Showing posts from September, 2013

Try the ISP Certification Practice Questions

Image
Are you studying for the ISP Certification Exam? If so, try these questions. There are 440 more just like them in Red Bike Publishing's Unofficial Study Guide for: ISP Certification 1. Subcontracted guards must be under a classified contract with which of the following: a. GCA, CSA b. CSA, DSS c. Cleared contractor facility, Installing alarm company d. Monitoring station, Installing alarm company e. All the above 2. Contractors who extract classified information are making _____ decisions: a. Reasons for classification b. Security Classification Guidance c. Derivative classification d. Classification e. Classified document 3. A U.S. contractor’s requirement to maintain custody, control and storage of classified information abroad is the responsibility of: a. GCA b. U.S. Government c. CSA d. State Department e...

Applying Risk Analysis to Cleared Defense Contractors

Image
DSS has announced new Vulnerability Assessment Rating Matrix 2013 Update. The matrix does provide a good way to gauge the security program. Even though the threat, vulnerability and impact are already identified, an FSO should still use a risk assessment model. The way to get to good evaluations and enhanced measures is to analyze the protection of classified information and demonstrate how the NISPOM is implemented. A risk analysis provides that answer. The NISPOM and other guidance make our jobs easy. For example, if it’s classified lock it up in a GSA approved container and limit access to those with clearance and need to know. The above is simplified for discussion purposes, but it makes the point, there is another piece to protection; analysis. You might be familiar with the terms susceptibility, vulnerability and risk analysis. These are analyses that we in the defense industry should be regularly practicing, but as demonstrated above, NISPOM makes it easy for us to get by w...

Vulnerability Assessment Rating Matrix 2013 Update

Image
In case you haven't seen the release, http://www.dss.mil/isp/fac_clear/security-rating-matrix.html , DSS has announced new Vulnerability Assessment Rating Matrix 2013 Update. This matrix provides DSS with a way to gauge a cleared defense contractor's compliance with NISPOM. But, it also gives the contractor a methodology to evaluate their own performance. Think of it as a way to enhance your own self-inspection. But let’s go back to DSS, what are they looking for in this analysis? During the annual review, DSS will look at a cleared facility and run through a consistent and reliable process to determine whether or not procedures are in place to adequately protect classified information. As mentioned earlier, the threat and impact are already identified. So, vulnerability is simply a reflection of the proscribed protection measures outlined in NISPOM and the inspection and not an analysis conducted by the FSO. Vulnerability per DSS occurs when a contractor is not in compli...

Try these ISP Certification Training Questions

Image
Get your copy today I'm preparing to take the SPeD exam for another of their certifications. I'm reminded that good study habits and practice tests HELP, prepare for the exam. Study builds confidence and practice questions build endurance. Whether protecting classified information at a cleared defense contractor facility or   federal agency,  Red Bike Publishing’s Guide to ISP Certification-The Industrial Security Professional  i s for you. If you are serious about advancing in your field, get ISP certified. Some are reluctant to take the test, but they just need the confidence earned through practice. First, to meet minimum test requirements an applicant should have five years experience working in the  NISPOM  environment. If that’s you, then you are a technical expert and know the business of protecting classified information. Second, study this book to practice, practice, and practice. It can help you prepare for the test. Using practice tests to augme...

Security Education for both experienced and novice cleared employees

Image
Why does everyone have to have the same training? Sure, every cleared employee receives the initial training and the annual refresher training , but do they have to be the same presentations? After all, we are not cut from the same cloth; we've got varying degrees of experience, right? New Employees, New Clearance Great questions and perhaps you have heard them from your employees. I know I have. In response, FSOs could consider dedicating more security awareness training to new employees who will have a security clearance for the first time. The rational is because they will be newly introduced to sensitive and classified government information under the National Industrial Security Program Operating Manual, they should learn the fundamentals: The nature of classified material and how to protect it Notice of their responsibilities to protect classified information and the consequences of unauthorized disclosure Recognizing and protecting U.S. and foreign government ...

FSO Led, Employee Owned Policy-Making Poplicy Through Leadership

Image
Security managers sometimes fight lonely battles to get policy in place to protect enterprise assets. Sometimes we’ve created multi-page documents outlining the do’s and don’ts of sound business practices and how to prevent spillages and leaks of sensitive information. These products are then staffed, hacked up and sent back, re-written and maybe a year later, they are part of a growing number of compliance policies in the enterprise warehouse. Policy is incredibly important, but can be implemented with much less effort on the security manager’s part. More impact with less effort? Sounds like a winning combination. Step one, sound security practices are best implemented when they are someone else’s idea. These policy battles don’t have to be won single handedly if they are part of everyone’s fight. For example, depending on the enterprise structure, the following could be true: hiring the right employees is Human Resources (HR) job research and development belongs to prog...