Security Executive Blog

It’s a common practice to allow employees to use enterprise computers outside of the enterprise. This has become more common where employees are increasingly working at home. Though a common practice, these occurrences are not always best practices. Anytime an employee leaves work with a company computer, the expectation is that all information is vulnerable. Malware, ransom ware “supply chain attacks”, hacking and other threats are prevalent. In many cases this can be controlled through applying NIST standards and strong cybersecurity measures. This article will focus on limiting use of loaned laptops and not on technical cybersecurity application. The organization should assign a strong risk assessment based on use prior to assigning company computers for at home use. This risk assessment should limit the information to be provided and for specific purposes. For example, if a user works on a specific project, then the laptop might only contain information for that specific use. The l...

New cleared contractors should understand that the CDSE provides initial training and special briefings to their appointed Facility Security Officer (FSO). This training is invaluable as the new FSO will have a chance to learn about their responsibilities. Sometimes the new FSO will be learning for the first time exactly what is expected of them. After training, the FSO is then authorized to present the training to the organization’s cleared employees. According to  NISPOM , the FSO is also required to attend the DSS mandated FSO Program Management Course within one year of appointment. This means that cleared contractors should be prepared to send a designated FSO to the DSS Academy for the training, or take the training on line. Either way, the FSO must be certified. CDSE provides new courses designed for FSOs of possessing and non-possessing facilities. FSOs should coordinate with their representative to determine the training that’s right for their situation. The training ...

  I’ve recently received many emails from people who are curious about   security clearances   and working for foreign owned companies. Though the volume of those questions have increased, I guess the topic is no longer surprising in content as it could have been many years ago.   Many years ago, we might automatically assume that working for a foreign owned company would be indicative of highly questionable practices, but maybe not any longer.  Things have changed. More foreign owned companies are opening doors in the U.S. Internet opportunities open doors to employment. Working for foreign companies provides new opportunities regardless of boarders such as: investment, teleworking, and creative content services that allow artists to bid on customer jobs have made this more of a possibility.  But the questions have been pretty vague and hard to answer.  Am I allowed to work for a foreign company if I have a security clear...

  The Facility Security Officer’s (FSO) successful program depends on developing relationships with employees, managers and executives to facilitate execution of company policies, necessary security awareness training, willful employee self-admittance of security infractions or change of status, and proactive action toward expired, existing and future classified contracts. Any of the above mentioned success measures is difficult to obtain in a changing employee and contract environment, but is simplified through employee and executive buy-in. How to do this: The following 3 points pave the way for a successful security program. 1. Gain executive, manager and work force buy-in. This can be accomplished by first demonstrating a sound understanding of company mission, classified contract requirements and providing sound security policy. Cross cultural buy-in is critical for integrating the security plan into all business units and company operations. 2. Become the “go to” person for a...

    When Defense Counterintelligence and Security Agency (DCSA) conduct reviews of cleared defense contractor facilities, they go with a purpose. Their first priority may be to conduct a risk assessment of classified information in the contractor’s possession. However, they are also looking at above and beyond metrics that demonstrate the commitment to national security. These above and beyond attributes are often recorded and rewarded. Here are some ideas Facility Security Officers can employ to demonstrate above and beyond  NISPOM  application. Some of the suggested ideas include: Security fairs-Security fairs are great ways to demonstrate the added value security provides to the cleared defense contractors. The FSO can set up designated booths that functions to provide security solution and awareness. For some examples include: Document wrapping booth to demonstrate how to properly mark and wrap classified packages. You can take the opportunity to brief courier an...