Security Executive Blog

We spoke with former Counter-Spy and Author John W. David about his experiences with cold war espionage and applying it to counter the insider threat . John has written two books, Rainy Street Stories and Around the Corner . Both are essays of his experiences with the cold war, terrorism, and espionage. John offers several anecdotes and shares past experience of how he has recognized spies and those who would recruit insiders. He weaves relevant stories in the podcasts that are still applicable to a successful insider threat program. Listen to the podcast to hear two of many major points on running Insider Threat Programs. Here are two points to get started: 1. Develop a culture of security by walking around. Security managers should get away from their desks and meet the employees that can work as risk management and security force multipliers. The employees should be comfortable with the office staff and understand what expectations are. One of the primary results o...

Cleared defense contractors provide the technology and know-how that delivers products and services to our defense industry. CDCs and be a prime contractor or subcontractor and are contracted to support government organizations. The designation of CDC indicates that the organization is a government contractor with a facility clearance and is made up of employees with personnel security clearances. With classified contracts, the CDCs are required to protect their government customer’s classified information while performing on classified contracts. The CDCs are part of the National Industrial Security Program (NISP). The National Industrial Security Program Operating Manual (NISPOM) provides guidance on how to perform on classified contracts. The guidance includes topics such as employee responsibilities, required training, continuous evaluation, maintaining security clearance, and much more. The Defense Counter-Intelligence and Security Agency (DCSA) formally known as DSS provid...

After years of fighting what he had assumed as bad practice, a Facility Security Officer (FSO) confidently confided that he now welcomes “piggy backing” as acceptable. Entering a protected facility while using the credentials of another employee also known as “piggy backing” is now being proven an efficient means of enterprise ingress. “With each employing needlessly scanning their badges, when someone else had already triggered the authorization at first seemed redundant.” said the FSO. “Now we know that there is so much more benefit. Now we see a realized cost savings involved as they now only trigger the device once, saving destructive wear and tear on locking and opening hardware. Also, holding the door open for multiple employees to enter simultaneously reduces the number of times the door is opened and closed, thus also creating cost savings for heating and air conditioning expenses”, he continued. The progressive cleared defense contractor began a month long pilot ...

Get your copy @ www.redbikepublishing.com These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Certification exams including the most recent Industrial Security Oversight Certification ( ISOC) . Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification.  Practice tests augment certification exam preparation.  Red Bike Publishing's Unofficial Study Guide  features four complete test length practice exams based on  NISPOM .  We've updated our manual for NISPOM Change 2.  1.     Concerning a government contractor monitoring station with a response team c...

This article addresses the NISPOM based Insider Threat Program (ITP) compliance requirements and is inspired by questions from the Self Inspection Handbook for NISP Contractors . The article uses the handbook’s format to through the self-inspection criteria. We begin the topic question, the NISPOM reference, an explanation of requirements, and finally how to inspect compliance. Topic Question(s): Does your program include a capability to gather, integrate, and report relevant and credible information, which falls into one of the 13 adjudicative guidelines indicative of a potential or actual insider threat?  EVIDENCE: Explain process to gather and integrate data and provide procedures VALIDATION: NISPOM Reference(s): 1-202a a. The contractor will establish and maintain an insider threat program that will gather, integrate, and report relevant and available information indicative of a potential or actual insider threat, consistent with E.O. 13587 (refere...