Excerpt from upcoming book featuring the topic of classified information systems.
Since much of the work that Cleared Defense Contractors (CDC) perform is on automated systems, it is important to understand how to protect classified information that resides on information systems (IS). NISPOM Chapter 8 Classified IS discusses just how to do so. The intent of this writing is to demonstrate that the protective measures for classified IS are very similar to those that are described in other NISPOM chapters. This is our explanation of how classified information should be protected equally, no matter what form it takes. In other words, SECRET hardware should be afforded the same protective measures as SECRET software.
I write this to demonstrate that a Facility Security Officer should not be intimidated by any IS security discussions; they are similar to protective measures employed for all forms of classified information. Some security managers may be intimidated by an IS discussion because of perceived lack of technical experience. Ether they do not work with information systems or they if they do, it is in a limited capacity. In these cases, they may turn over the entire process to the Information System Security Manager (ISSM) and remain hands off. However, it does not need to be that drastic.
Hopefully your familiarity with the NISPOM will give you confidence and a better grasp of how to employ classified IS protection and measure your program’s effectiveness. Additionally, you may be able to use this information to better prepare for security certifications like Industrial Security Professional Citification and Industrial Security Oversight Certification.
I write this to demonstrate that a Facility Security Officer should not be intimidated by any IS security discussions; they are similar to protective measures employed for all forms of classified information. Some security managers may be intimidated by an IS discussion because of perceived lack of technical experience. Ether they do not work with information systems or they if they do, it is in a limited capacity. In these cases, they may turn over the entire process to the Information System Security Manager (ISSM) and remain hands off. However, it does not need to be that drastic.
Hopefully this broad view writing provides enough information for a non-technical security manager to successfully supervise a security program to protect classified information on information systems. The trick is to consider the guidance in NISPOM chapter 8 just like the guidance that is applied in NISPOM chapter 5. NISPOM Chapter 8 is not much different if you just think about the classified information systems as part of your security program to protect classified information and it may appear less intimidating.
Hopefully your familiarity with the NISPOM will give you confidence and a better grasp of how to employ classified IS protection and measure your program’s effectiveness. Additionally, you may be able to use this information to better prepare for security certifications like Industrial Security Professional Citification and Industrial Security Oversight Certification.
We offer NISPOM training for security clearances, how to protection classified information and certification
No comments:
Post a Comment