Security Executive Blog: May 2020

Wednesday, May 20, 2020

ISP and ISOC Certification Course for Free

https://bennettinstitute.com/course/ispisoctipis/

We have a free ISP and ISOC Certification study course. Prepare For The DoD's SPeD Industrial Security Oversight Certification And The Industrial Security Professional Certification.

This Training Contains Supplemental Study Information That Can Help You Pass The DoD / CDSE Security Professional Education Development (SPēD) SFPC, SAPPC And ISOC Certification Exams And The NCMS ISP Certification Exam.

Some are reluctant to certify, but they just need the confidence earned through practice. Using practice tests to augment your certification exam preparation will help. This training is available for SPeD and ISP Certification

Isn't It Time You Earned Security Certification? “(Your Name Here), ISP, SFPC, SAPPC, ISOC"–Imagine What Certification Can Do For You

Come visit:

https://bennettinstitute.com/course/ispisoctipis/

NISPOM course for free.

https://bennettinstitute.com/course/nispomchapter1free/

Bennett Institute has a new course and it's free. It's called introduction to the NISPOM. Come check it out. This course introduces the NISPOM so that the student can better grasp the elements of NISPOM. When finished, the student will have a better understanding of NISPOM and all the topics of Chapter 1.

This is great training for:

Seasoned and new Facility Security Officers
Newly Cleared Defense Contractors
Cleared Employees
Studying for Industrial Security Professional (ISP) and Industrial Security Professional Oversight Certification (ISOC).

Come check us out.

https://bennettinstitute.com/course/nispomchapter1free/

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Understanding NISPOM Chapter 8 and Classified Information Systems

https://www.redbikepublishing.com/fsocertification

Excerpt from upcoming book featuring the topic of classified information systems.

Since much of the work that Cleared Defense Contractors (CDC) perform is on automated systems, it is important to understand how to protect classified information that resides on information systems (IS). NISPOM Chapter 8 Classified IS discusses just how to do so. The intent of this writing is to demonstrate that the protective measures for classified IS are very similar to those that are described in other NISPOM chapters. This is our explanation of how classified information should be protected equally, no matter what form it takes. In other words, SECRET hardware should be afforded the same protective measures as SECRET software.

I write this to demonstrate that a Facility Security Officer should not be intimidated by any IS security discussions; they are similar to protective measures employed for all forms of classified information. Some security managers may be intimidated by an IS discussion because of perceived lack of technical experience. Ether they do not work with information systems or they if they do, it is in a limited capacity. In these cases, they may turn over the entire process to the Information System Security Manager (ISSM) and remain hands off. However, it does not need to be that drastic.

Hopefully this broad view writing provides enough information for a non-technical security manager to successfully supervise a security program to protect classified information on information systems. The trick is to consider the guidance in NISPOM chapter 8 just like the guidance that is applied in NISPOM chapter 5. NISPOM Chapter 8 is not much different if you just think about the classified information systems as part of your security program to protect classified information and it may appear less intimidating.

Hopefully your familiarity with the NISPOM will give you confidence and a better grasp of how to employ classified IS protection and measure your program’s effectiveness. Additionally, you may be able to use this information to better prepare for security certifications like Industrial Security Professional Citification and Industrial Security Oversight Certification.

We offer NISPOM training for security clearances, how to protection classified information and certification

@ https://www.bennettinstitute.com

Books related to this article:

Friday, May 1, 2020

NISPOM Fundamentals Training Protecting Classified Information

https://www.bennettinstitute.com/courses

NISPOM Fundamentals Webinar

Red Bike Publishing is now hosting a webinar with multiple installations. We used to host it at Udemy, but are hosting our own training. 

Take NISPOM Classes one chapter at a time

Currently we have each of the NISPOM Chapters 1-8 available. Each lesson is 1 to 2.5 hour long consisting of lectures, presentations and graded quizzes. Soon I'll be loading the rest, but you can start training now.

Or all at once as we have bundled these courses.

 We now have the NISPOM Fundamentals course ready to go. This course combines chapters 1-8 and is updated regularly with additional chapters and content. Register now and have access to all updates. As we update, we will be charging more depending on the amount of content. However, if you register now, this registration will include all future updates at no additional cost. 

The fundamentals of NISPOM is $350.00. However, for the next few days, we offer them for the introductory price of $150.00

Here's the link to join. 

https://bennettinstitute.com/courses/

Great way to train for:

Newly cleared employees
New Cleared Defense Contractor leadership
New FSOs
Those studying for certification (ISP, ISOC, etc)
Students who want to learn more about NISPOM

We go through all the chapters and annexes.

Classification
Classified Processing on Information Systems
Reporting requirements
Closed areas
International
Classified meetings
Protection
Subcontracting
and much more
It's all in one place

Register Here

My name is Jeffrey W. Bennett ISP, SAPPC, SFPC, ISOC. The acronyms after my name are DoD and other certifications I have received and are related to requirements for protecting classified information. For the past 20 years I have led security programs to protect classified information, served as an FSO, conducted risk assessments, and provided training for many, many security professionals.

I've taught this course over many years at the University of Alabama, Huntsville

I have also created a company called Red Bike Publishing (www.redbikepublishing.com) and have writing security books and training for the busy professional.

I want to help:

I've created a unique suite of training to increase your understand the NISPOM. We want to run it live with a select group and we choose you. 

The training can also be used to prepare for security roles and inspections. The training topics below include everything necessary for training the cleared employee workforce at the cleared defense contractor facility (CDC). Training topics also are part of the FSO certification program as well as resources for Industrial Professional (ISP) and Industrial Security Oversight Certification (ISOC).

All of our training is applicable for:

Training cleared employees
Training Facility Security Officers and security personnel
Security certification such as ISP and ISOC

Warning:

This is not a guarantee that anyone can study and pass the security certification. We don't promise a magic bullet to certification or passing a DCSA audit. Not everyone will be able to earn an excellence in an audit or a perfect score on an exam.

However, with that said,

If you follow our guidance in our webinar and books, your chances of being prepared for audits or certifications exams will improve greatly.

You will be equipped to know NISPOM better than most and understand how to apply it to your business, audits, and certification exams. You can start just like I did by just studying the NISPOM and having the skills to pass exams and sail through security issues and audits; just as I have done.

This information is what others wish they had known. If they had had this information, they may have that certification or earned that promotion or even excelled at the DCSA audit.

Study with us:

The training topics will soon include what is required of all cleared employees as below:

Initial training or for refresher annual security awareness training
Insider Threat
SF 312
Derivative Classifier

This information is what others wish they had known. If they had had this information, they may have a clearance by now.

If you are like me, one of the people who come straight to the end of the letter to find the offer, here you go. I'm offering you a little information to clarify the security clearance process. We just want to offer you something of value.

Register Here

You need a security clearance

This short eBook will teach you what you need to know about security clearances

Opportunities:

You're here because you realize that security clearance jobs are in high demand and they pay more than similar job titles without the security clearance requirements.

That's the no brainer. But here's the issue:

The Problem:

The difficult part is how to land the security clearance and understanding how to complete the security clearance application.

The Solution:

Inside our book you will find the answers to some of the questions:

How are security clearances granted?

Can I get a security clearance now and apply for jobs?

How long do security clearances last?

This book is written for those looking for answers to the hard questions and are currently seeking security clearance jobs.

I've used my vast experience of more than 20 years as a Department of Defense certified security manager to provide answers you learn how to get a clearance and prepare for work on classified contracts.

The topics covered include:

The need for security clearances

Facility security Clearance (FCL)

Personnel security Clearance (PCL)

What to expect once the clearance is granted

The 5 Most Important Tips:

Security clearance jobs are in high demand

There are many myths about security clearances

Most people are eligible for security clearances

Completing the application can take a lot of time

People are evaluated on the whole person concept, not just one defining incident

There's no catch to this and we won't ask you for credit card or sign you up for a payment plan, we just want to give you something of value now so that maybe we can partner together in the future. That's it.

Please fill out our form to the right and the ebook will download:

Cleared employees, FSOs and Classified Work

This article continues the series describing what happens after the government grants you a security clearance. After receiving a job with a company or agency performing classified work, you’ll receive your onboarding training, which may have included the SF 312 Non-Disclosure Agreement, Initial Security Awareness, Derivative Classifier and other required training events and briefings. Even though the Facility Security Officer (FSO) brought you into the system, awarded your security clearance, and performed the required high-level training, there is still much more work to do to ensure you understand how to perform on classified contracts.

The high-level training and onboarding is enough to get you “authorized” and prepared for the work. The rest of the preparation will come from other sources to include peers, supervisors and program managers. This training is usually provided on the job as you actually begin performing on the classified contract.

This is how it might play out. The Government Contracting Agency (GCA) or program office flows down the classified work in the contract to the Cleared Defense Contractor (CDC). Part of the classified contract is the Contract Security Classification Specification or DD Form 254. According to the information on the DAMI website, the purpose of the DD Form 254 is to “…convey security requirements, classification guidance and provide handling procedures for classified material received and/or generated on a classified contract…” This DD Form 254 provides direct information to complete your training so that you can perform well. Keep in mind that if you will be working on multiple contracts, you should understand the contents for each contract.

The DD Form 254 will explain the classification level that you will be working with. It is important to understand that this level will be at the same level or lower than your security clearance level. Therefore, you would need a Top Secret clearance to work on classified contracts at the Top Secret level or lower. The form may also state any additional classification concerns such as foreign government information, communications security (COMSEC) requirements, and more.

The form also determines where you will perform the classified work. If the CDC facility has a possessing Facility Clearance (FCL), then you might perform work at that location. If the CDC facility has a non-possessing FCL, you will usually performed classified work at another location. For example, a cleared employee may not necessarily perform the classified portion of the work at their location based on guidance in the DD Form 254. As a result, any cleared employees have an office at their headquarters or company property, but perform classified work off-site at a government, research, or other cleared contractor location.

While the FSO will provide the required NISPOM security training reflecting National Industrial Professional Operating Manual (NISPOM), your supervisor may give you more work specific training as you perform on the classified contract. Your supervisor will teach you how to write documents, assemble subsystems, collect raw data from sensors, or other specific work required by your contract. They will also teach you how to correctly mark, assemble, store and protect the classified work products.

In summary, after the FSO conducts preliminary security training and briefings, your supervisor or sponsor may guide you through more in-depth and contract specific security training, this time emphasizing your contract specific performance.

New Cleared Employees, FSOs, and NISPOM

Once a security clearance is granted, the Facility Security Officer (FSO) will contact you and several things will happen real fast. Primarily, if you have been sitting in a temporary position while awaiting your clearance, things are about to get real.

The FSO will manage the security clearance under the umbrella of the cleared defense contractor’s oversight. This means that the FSO will maintain the facility security clearance (FCL) status administratively as well as meeting compliance requirements. They do this primarily training you and through that training, equipping you to protect classified information and perform work designated by the classified contract.

Just as the FSO is certified or provided FSO training, you will also receive required training from the FSO. The FSO manages the clearances, training, classified workspace, etc. and documents the all actions for future reviews by the Defense Counterintelligence Security Agency (DCSA). The training and briefings primarily begin with the non-disclosure agreement and continues throughout the cleared employee’s career with the company. Depending on time, resources and availability, the FSO and supervisors should attempt to structure security training by experience level. For example, newly cleared employees require more in-depth training than veteran security clearance holders recently hired at a defense contractor organization. All newly cleared and all new cleared employees regardless of experience should receive initial refresher training before gaining access to classified information.

Before you as a cleared employee can actually work on a classified contract, the FSO will ensure you meet three criteria; you sign the SF-312 Non-Disclosure Agreement, have a security clearance, and the need to know to access the classified information. The first step is the most difficult. The other two are fairly easy. Whoever possesses the classified information determines whether or not you should have access. If you are assigned to work on a classified contract, that contract relationship and the work assigned are part of the need to know process.

UNDERSTANDING A NON-DISCLOSURE AGREEMENT

As a newly cleared employee, you will be signing the agreement. Instead of just checking a box to agree, you should do your best to pay attention and understand exactly what it means to work with classified information and the great responsibility you will carry. The SF-312 briefing explains what classified information is, how the government designates it as sensitive, what the classification levels are, and what to protect from unauthorized disclosure. This is your first introduction on the topic. After this you will be provided a much more in-depth training called Initial Security Awareness Training.

INITIAL SECURITY AWARENESS TRAINING

The initial training will familiarize you with the National Industrial Security Program Operating Manual (NISPOM), the DD Form 254 Contract Security Classification Specification, and company policy as applied to protecting classified information both in the cleared facility and at other customer locations. You will also learn how to travel overseas and reduce your ability to be a security risk or target for exploitation as well as how to report espionage attempts. It also addresses counterintelligence issues, how to report security violations and disciplinary or possible penalties that can occur for committing a security violation.

INSIDER THREAT TRAINING

Here you will learn to recognize behavior consistent with sabotage or putting classified information at risk. They also learn who and how to report the observed adverse behavior. Insider Threat Training and Counterintelligence awareness briefings help employees learn to recognize behavior consistent with espionage, and who and how to report the observed adverse behavior.

DERIVATIVE CLASSIFIER TRAINING

This training is a matter of perspective between government and contractor classification roles. The government entity is an original classification authority and makes classification decisions, contractors do not. Contractor personnel make derivative classification decisions when they incorporate, paraphrase, restate, or generate in new form, information that is already classified; then mark the newly developed material consistently with the classification markings that apply to the source information. This training is required and will help you understand your role in marking classified information that is derived from original classified information.

EXIT BRIEFING

In case you eventually leave the cleared defense contractor organization, the FSO will remove your clearance from their oversight and provide you with an exit briefing. The FSO will discuss with you your responsibilities to continue to protect classified information. A new job, loss of contract, termination, retirement and removal of access are situations where FSOs should explain the responsibility of continuing to protect the classified information you accessed as an employee.

In summary, you as a newly cleared employee will go through another iteration of onboarding. This time emphasizing how you are integrated into not only the organization, but now the security program. As you integrate into the cleared organization, you should understand the security program and all information and tools which are in place. The FSO should be able to create, implement and direct successful protection of classified information – and that includes providing valuable employee training.

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages