Showing posts with label Industrial Security. Show all posts
Showing posts with label Industrial Security. Show all posts

Wednesday, January 13, 2016

DoD Security Professionals and Certification


 
 
Happy New Year DoD security and risk management professionals.

A new year, a new beginning; a great motto and motivational phrase. As such, this is the time of year to reflect upon your accomplishments and develop goals. Some of these goals impact only you, but may actually impact your organization. If your goals include professional certification and education, then use this article as a roadmap to get you there.

You may be aware of the many available certifications and this article addresses two prominent ones; Industrial Security Professional (ISP) ® and the Security Professional Education Development (SPeD) certifications. Both certifications are great ways to demonstrate professional competence that brings credit to the certified professional and the organization they support.

The ISP ® certification


The ISP ® certification is sponsored by NCMS and is based on the DoD, 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), 2006, With Change 1. It is an open book exam available online. Those wishing to take the exam should coordinate with NCMS for the taking the test. This coordination will include addressing pre-requisites, applying for, determining a test date, finding a proctor, and taking the exam. NCMS also has a study program and mentors to help you through the process.

Security Professional Education Development (SPeD)


SPeD certification is a Department of Defense that is available to those working in the NISP. This includes contractors directly supporting DoD organizations. There are three core certifications available. They are Security Fundamentals, Professional Certification, Security Asset Protection Professional Certification, and Security Program Integration Professional Certification. You can find more information at www.cdse.edu

Certification Preparation


Fortunately both certifications require planning and coordination. In other words, it’s impossible to show up unannounced and take the exams. The level of test coordination requires months of advance planning to become vetted by the certification organizations. The vetting simply determines whether or not candidates possess the experience, skill level, and education stated as pre-requisites. The lead time from initial coordination to actual test execution can take up to a year. For procrastinators, this testing coordination process can be the trigger necessary to begin an intensive studying effort to prepare for the tests. So, coordinating a test date can propel a candidate to begin their study prep.

There are many ways to prepare for certification. Each certification has its own internal study program. The NCMS offers ISP ® certification as well as for incorporating into the SPeD certification preparation. Defense Security Services has an education program complete with online courses that focus on the NISPOM topics for ISP ® certification and other DoD level security topics appropriate for the SPeD certification.

There are also books and training appropriate for both certifications available at Red Bike Publishing. In addition to print versions of the NISPOM and ITAR. DoD Security Clearance and Contracts Guide Book is covers protecting classified information as addressed in the NISPOM. It takes the NISPOM and applies it to notional contract requirements and is a great resource for DoD and contractor security professionals. Additionally, Red Bike Publishing’s Unofficial Guide for ISP Certification has 440 NISPOM based questions.

Red Bike Publishing also has NISP security training that can be used to prepare for ISP ® and SPeD certification. These include Annual Security Awareness Training for Possessing and Non-Possessing Facilities, Derivative Classifier Training, SF 312 Training, and more.  These training programs review most National Industrial Security Program (NISP) topics.

Happy New Year and best of success developing and meeting all of your personal and professional goals.

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, August 20, 2014

NISPOM Study Questions

Some NISPOM based questions that might augment your study for the ISP Certification exam.


1. In order to protect fragile intelligence resources and methods, SCI has been established as the SAP for:

a. NSA
b. GCA
c. DNI
d. CSA
e. GSA

2. Interim TOP SECRET FCLs or PCLs are valid for access to COMSEC at the ____ and ____ levels.

a. SECRET, TOP SECRET
b. TOP SECRET, CONFIDENTIAL
c. CONFIDENTIAL, FOUO
d. SECRET, FOUO
e. CONFIDENTIAL, SECRET

3. The COR establishes the COMSEC account and notifies the _____:

a. CSA 
b. GCA
c. FSO
d. NSA
e. DIA

4. Contractors maintain TOP SECRET reproduction records for _____ years.

a. Two years
b. One year
c. Five years
d. Ten years
e. None of the above








Scroll Down for Answer









1.      In order to protect fragile intelligence resources and methods, SCI has been established as the SAP for:
a.            NSA
b.            GCA
c.             DNI (NISPOM 9-302b)
d.            CSA
e.             GSA
2.      Interim TOP SECRET FCLs or PCLs are valid for access to COMSEC at the ____ and ____ levels.
a.            SECRET, TOP SECRET
b.            TOP SECRET, CONFIDENTIAL
c.             CONFIDENTIAL, FOUO
d.            SECRET, FOUO
e.             CONFIDENTIAL, SECRET (NISPOM 9-402c)
3.      The COR establishes the COMSEC account and notifies the _____:
a.            CSA (NISPOM 9-403b)
b.            GCA
c.             FSO
d.            NSA
e.             DIA
4.      Contractors maintain TOP SECRET reproduction records for _____ years.
a.            Two years (NISPOM 5-603)
b.            One year
c.             Five years
d.            Ten years
e.             None of the above

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
Posted by at No comments:
Labels: , , ,

Monday, February 24, 2014

How to study for the ISP Certification using the Self-Inspection Handbook for NISP Contractors.


In our security community, I see a lot of questions about studying for the ISP Certification. Some ask for additional ideas to augment good study groups formed in NCMS (Society of Industrial Security Professionals). These questions facilitate great response from ISPs to help the student prepare for their certification exam.

Of the many reasons candidate testers might have for requesting additional study is to gain more experience and practice what they already know. It’s true that one of the testing pre-requisites is five years of experience protecting classified information or otherwise working in the national industrial security program (NISP) environment. However the five years of experience doesn’t necessarily mean that the candidate is executing all National Industrial Security Program Operating Manual (NISPOM) tasks. The tester is responsible for answering questions from the entire NISPOM though they may only personally touch small portions of NISPOM in all of those five years.

Additional study, test practice and rehearsal help build confidence. Some ideas I have already recommended is to broaden the scope of security tasks by taking on additional jobs, developing study questions based on NISPOM, or for mentors to get permission to allow outside NISP contractors to train in their facility (for example, an FSO of a non-possessing facility training with an FSO in their possessing facility).

Another idea I would like to recommend is to use Defense Security Services (DSS) produced Self-Inspection Handbook for NISP Contractors as a training guide.  The handbook requires demonstration of tasks involving the entire NISPOM. Where DSS recommends FSOs to inspect only items appropriate for their own facilities, I recommend just the opposite.  FSOs can now focus study efforts to areas of the NISPOM outside of their scope. 

The following exercise will help candidates research NISPOM and provide examples of demonstrated performance:


1. Download Self-Inspection Handbook for NISP Contractors

2. Save the PDF file as a word document

3. Delete all NISPOM reference

4. Review all tasks appropriate to your facility. Research NISPOM and validate whether or not your facility is compliant. This exercise will help enforce what you already know.

5. Study tasks listed outside of your focus. For a non-possessing FSO, this might mean all chapters other than 1-

6. Read the task, attempt to find the reference in NISPOM and document the NISPOM requirements. Next, write down your ideas of how you would interpret the requirements. This exercise helps you learn which NISPOM chapters are associated with certain NISP tasks. With enough practice, you can quickly find NISPOM references and answer questions with the speed required on test day.


Use the Self-Inspection Handbook for NISP Contractors help guide additional study to augment the great training you are already getting. For more helpful hints and study resources, see Red Bike Publishing’s Unofficial Guide to ISP Certification, DoD Security Clearance and Contracts Guidebook, and NISPOM Training topics.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
Posted by at No comments:
Labels: , , , ,

Wednesday, February 5, 2014

How to take a test; any test

There are a few rules of thumb when it comes to taking tests. These rules are almost constant and really have no technical bearing to the tested information. However, where used logically, these tips will increase chances of correctly answering questions you might not fully know the answer to.

Here are some recommendations:

Tip #1 Stop studying at a reasonable time before the test. You know that time before a test when your  head is spinning and studying does nothing but confuse you. It's that time when looking at reference material is nothing more than white noise; it never makes it to your brain. Instead, take a break. Just as an athlete tapers down her training before a race, give your brain a break. An overloaded brain before an exam is just as detrimental as a tired and aching body before a race.

Tip #2  Take a few deep breaths before you get started. This will increase oxygen flow to your brain and help you concentrate. After all, you are going to be reading 110 questions and sorting through approximately 600 answers.

Tip #3  Read questions at a comfortable pace. Don't go too fast, you might overlook something.

Tip #4  Read carefully. Some answers may seem correct at first glance, but watch for traps, some answers aren't as they appear.

Tip #5  Be aware of questions with EXCEPT, NOT, UNLESS and other similar words. Where you usually look for the positive answer, these setups require opposite answers. Refer to tips 3 and 4 to make sure you don't get caught in this trap.

Tip #6  Don't read too much into questions. We can overanalyze anything. If you are confident with your answer, go with your gut. Don't talk yourself out of a positive answer.

Tip #7  Remember tip # 3, don't spend too much time on any one answer. Taking too long can jeopardize your test. Skip the question and come back to it later. Chances are, there are many, many answers upcoming that you can answer quickly and build your test taking confidence. Focusing on hard questions only shakes your confidence and ruins the timeline.

Tip #8  Can't answer the question? Try to illuminate dumb answers. C'mon, there will be at least one and if you're lucky, two to three really dumb answers. If you have 5 answers and you can throw out three questions, the process of illumination gives you a 60% chance of picking the right answer.

Tip #9 - I read once that you should treat each answer as a separate true or false question. I haven't tried this technique, but it just might work.

Remember, the ISP Certification exam is an online, open resource, searchable exam. There are lots of opportunities to pick the right answer. Use these 8 tips to get you started. For more information, see our book, Red Bike Publishing's Unofficial Guide to ISP Certification.





Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
Posted by at No comments:
Labels: , , , , ,

Monday, March 4, 2013

Traditional Security Tools in Unique Ways-Moving from Security to Risk Management Part 2




See More Ideas in DoD Security ClearanceAnd Contracts Guidebook
In part two of the series Using Traditional Security Tools in Unique Ways-Moving from Security to Risk Management we’ll look at a few more ideas. In part one we looked at security training, clean desk policy and posting reminders of work in progress. In this article we’ll look at documenting the use of security containers and end of day checks.

Document the opening and closing of security containers-So, here's the
question, other than helping determine who opened the security container, who closed it and who checked it, what real use is it?

Such a form is an inspectable item in the government, but other than that, how does industry use it to improve enterprise security posture. As a standalone tool, we rely on professionals to actually fill it out correctly.
When they do, what information does the form actually provide? If an insider plans a malicious event, they won't fill it out.

Out of the box: Hey, it’s in NISPOM, but there are other applications. Consider using the SF 702 to compare unauthorized attempts to open
a container? You can actually check the electronic locks for successful and unsuccessful attempts to open the lock, and then compare it to the SF 702 or compatible form.

End of day checks-These definitely help cut down chances of leaving classified information out. I've seen end of day checks consisting of designated employees on a rotational duty to check the status of classified information before they leave.

Out of the box: Remember as the designated checker or last to leave, always ask "does anyone have any classified out?" as a reminder to lock it up before they leave. Another helpful reminder is to let the last person at work know that they are indeed the last person. Sometimes people don’t realize that they are the last ones at work and inadvertently leave classified information out, forget to lock the security container or even leave the coffee pot on.

Many times cleared employees may be tempted to perform work to check the block. End of day checks can be a mundane exercise or a conscious way to keep everyone safe and classified information secure. If you have any comments or suggestions of ways to think outside the box, feel free to provide them to editor@redbikepublishing.com




Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Posted by at No comments:
Labels: , , , , , ,

Friday, February 22, 2013

Using Traditional Security Tools in Unique Ways-Moving from Security to Risk Management


When Facility Security Officers and security specialist build security programs, we tend to use tools to remind employees of their responsibilities. We use security training to get the information out, enforce clean desk policies and post reminders of classified information in progress. Each tool notifies the holder of classified information that they are in possession of classified information, to protect that information and properly dispose of it when they are done. They can also be used to protect proprietary data, intellectual property and personnel information.

But sometimes even tools become mundane, no longer giving the impact they once did. Sometimes tools are misused, never giving the impact they were originally designed to give.

Let's look at a few tools from a risk management perspective with some "out of the box suggestions. What unique ways can you employee traditional security methods.

Security training-Cleared employees performing on classified contracts for any length of time are experts in the programs and technologies they are working on. They probably know the classification guide back and forth and probably understand how to protect it. Newly cleared employees may not understand it so well. It's important for the FSO to understand these differences and train accordingly.
Out of the box: Develop training to meet your employee needs based on your analysis of capabilities. One way to do this is to survey employee experience level. You might get supervisors and HR professionals involved.

Enforce clean desk policy-Even experts can become complacent and perhaps forgetful. Develop a policy that classified information should be used in a designated area. This designated area could be an approved room or even the employee's office. Cleared employees should understand that as such, only materials assigned to the contract should be out so that there is no confusion of clearance or need to know. At the end of the day, the program information gets locked up properly.
Out of the box: If classified information is centralized, use a sign out process to track the removal of classified information. If a cleared employee accesses a classified document, then that transaction can be annotated. The custodian will also ensure the classified information is turned in prior to end of day, lunch or other occasion. If there is no centralized storage or no custodian, the document can still be annotated with a signature and linking the document to the SF 702 (if container is opened, it's probably to take out or replace a document.)

Post reminders of classified information in progress-A desk tent or door handle reminder helps. If a rushed employee has to take lunch, meet a spouse or attend a last second meeting, they will be met with a notification that "Classified Work in Progress", and dispose of it properly. Also, if the phone rings, they'll remember to respond with "phone is up".
Out of the box: If classified information is centralized, the custodian can issue the desk tents or door hangers. When there is no centralized area or custodian, the cleared employee would pick up a conveniently located reminder (near security container).


You might already employ imaginative and unique ways. Tools not only provide training and reminders, but they can also be programmed to provide metrics for program improvement.

We'll have more examples in future posts and articles. However, for more information on security management and NISPOM see our book DoD Security Clearance and Contracts Guidebook.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Posted by at No comments:
Labels: , , , ,

Friday, March 30, 2012

6 Awesome Ways to Delay a Security Clearances

One thing an FSO just can't control is how long it takes the US Government to completely investigate, adjudicate and award a security clearance. These investigations rely on trained persons to research a persons background and another set of trained persons to make a decision on the findings. These professionals are charged with determining whether or not a person can be relied on to protect classified information from unauthorized disclosure. Returning or seeking clarification on submitted information is costly.

As an  FSO, you can control one critical part of the process. Ensure the applicant fills out the SF86 forms accurately and completely. Any mistakes, omissions or embellishments can cause serious time delays. You can help the applicant understand the content and explain how to complete required forms.

Here is great tool to help; the top 6 reasons security clearance decisions are delayed:

1.  Missing or illegible fingerprint cards. The cards must be provided to the office of personnel management within 30 days of approval by DISCO. It may be too late once you ignore the JPAS notification of "Release PSI". Also fingerprints should be properly applied to the card. Smudges and blurs are impossible to read.

2. Missing or unreadable information on release forms. Release forms authorize agencies to take action. If in authorization is in doubt, investigations can be delayed until clarification is made.

3.  Wrong place of birth information. Full and correct city, county and state or country information is required.  Any mistakes or false representation can cause setbacks.

4. False date of birth information. A correct date of birth is critical to accurately identify the applicant. Illegible and wrong dates make investigations impossible, requiring queries and delays.

5. Missing residences. The requirement is to "Provide complete information for two individuals with COMPLETE US addresses and phone numbers". Failure to do this will also cause delays.

6. Wrong SSN information. If the wrong SSN is giving, the request should be cancelled and a new one started with the correct one.

Be sure to respect the applicant's privacy. FSOs should review the applications to ensure that they are filled out correctly and accurately ONLY. FSOs should not attempt to determine whether or not an applicant is eligible for a clearance or make comments about eligibility. This is the adjudicator's and investigator's responsibility.

As an FSO you cannot control how long the process takes. However you can help keep it on track by training and informing applicants to write legibly, provide all required information, and be accurate. Accuracy and completeness can bring about a quicker decision.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Posted by at No comments:
Labels: , , , , , , ,

Monday, February 27, 2012

8 Benefits of Studying for ISP Certification

Leaders at all levels can promote a better security environment and professionalism. Whether full time employees devoted to protecting national security or a VP of contracting, leaders set goals for their employees. Part of those goals should help help understand how to create incredible security programs. Focusing on training, interaction with other cleared employees, self-improvement and institutional education should be part of professional development.

Those who write security evaluations for direct reports create goals to challenge them to become better at their jobs, more impactful in their careers and hopefully, groomed to become leaders themselves. Challenging employees and team members to achieve personal and professional goals breeds success.

The ISP Certification is one goal FSO's could take as a goal as well as encourage other employees to achieve for several reasons.

1. The employee gains from such education and a prestigious career milestone.
2. The defense contractor benefits from what the security employee learns and applies on the job.
3. When employees study for the ISP Certification, they learn: how to read and apply the NISPOM, the importance of forming professional relationships with cleared employees, how the cleared contractor and the DSS representatives interact, and much more.
4.  Organizations improve as employee become more impacting in their career.
5. Studying for certification builds teams. The path to the ISP Certification goals should not be taken alone. When employees are challenged with the goal, the leader provides resources for education and allows opportunities for NISPOM training and study as found on the DSS, professional organization or vendor websites. Studies on NISPOM topics are available on the internet as well as on site. If your team is large enough, consider helping them start a study group.
6. Focused and purposeful study facilitates cross training in large security staffs. Security employees who work personnel security issues could work with document control and etc.
7. Annual security self inspections improve as those studying for certification learn by performance.
8. Certification study can form basis for internal skill certification or competency metrics. This helps integrate new employees into their jobs and train an employee on performing individual tasks. The employee works under a mentor who verifies and documents the training.

ISP Certification training encourages cleared contractor facility security employees to study and put into practice knowledge on document control, manage personnel security, provide classified contract support and etc. If such a program exists in your organization, consider using it for further cross training employees who concentrate only on one task. This will help them become more experienced and more prepared for the exam.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Posted by at No comments:
Labels: , , , , , , ,

Friday, November 4, 2011

10 Ways to Demonstrate Above and Beyond - Category 3 of the NISP Enhancement

Category 3 of the NISP Enhancement covers Security Education: Information/Product Sharing Within the Community.  This focuses on the FSO providing security education peers and other FSOs outside of their organization. This is a security community event where contractors and government managers can learn from each other. Think Society of Industrial Security, American Society of Industrial Security, or other professional organization level event. Or it can be a smaller venue. Either way, involve others outside of your organization. This demonstrates contribution to the community, a pursuit of improving national security, and helps quantify going above and beyond. For example, an FSO uses their facility, creates an agenda and executes a security conference or training event. Or, committees can be formed to share the tasks. Education of this magnitude has tremendous value as the security community learns from experiences and examples of their peers and applies them at their own organizations
Here are some recommendations on how to provide that training:
  •        Demonstrate how to conduct on the spot security inspections
  •      Introduce how your company receives classified material and enters it into an information management system (IMS)
  •          Compare benefits of different IMS vendors
  •          Hold a class on using Joint Personnel Adjudication System (JPAS)
  •          Conduct security refresher training for the security community
  •          Demonstrate unique and successful training strategies and programs
  •          Host an Industrial Security Professional Exam training session or study group
  •          Have a classified marking seminar
  •          Show others how to prepare classified items for shipment
  •          Provide training on how to read, understand and implement a DD Form 254

Training opportunities abound. Each cleared contractor has unique challenges and opportunities. Creating a training seminar where experiences can be shared benefits the entire community and each FSO can learn from another’s experiences.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, October 13, 2011

Who will be the next FSO

For those defense contractors who what to perform on classified contracts, there are a few considerations to address. Under the National Industrial Security Program (NISP), a cleared contractor should appoint an FSO to take on this responsibility of directing a security program to protect our classified information. This FSO is the link between the government contractor and the cognizant security agency (CSA).

When considering who to appoint as an FSO, the cleared contractor has a few choices:
1.      The senior officer can assume the role.
2.      The cleared contractor can designate an existing employee
3.      The cleared contractor can hire an new employee

Whoever assumes the role of FSO must meet two requirements:
1.      Be a United States citizen. Both the facility and the FSO have to be U.S. Entities and must have a history of integrity and conduct that prevents or limits exploitation or coercion to release classified material in an unauthorized manner.
2.      Possess a security clearance according to the company’s facility clearance level (FCL).  A facility clearance is awarded to businesses that meet strict requirements and have a need to work with classified information. The personnel security clearance is awarded based on the need and the approval of a facility clearance.

Depending on mission and size of company it’s not unusual for the cleared contractor to appoint  an assistant, engineer, program manager, human resources specialist or other capable employee with the additional responsibility. Larger companies may have the luxury of hiring additional personnel for specific and defined security responsibilities.

When assigning an FSO, shareholders should look for demonstrated leadership and team playing traits that complement the minimum requirements found in the NISPOM. The FSO’s primary purpose is to prevent the unauthorized disclosure and release of classified information and help the organization maintain security clearance eligibility. Any unauthorized release can cause problems such as but not limited to: loss of reputation, loss of contracts, jail time or disciplinary actions against the employee, and loss of clearance for the employee and/or the business. The FSO has a tough task that they can’t possibly do alone (for training resources visit our website).


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM
Posted by at No comments:
Labels: , , , , , , , , ,

Wednesday, September 21, 2011

5 Effective Ways to Study For the ISP Certification Exam

Out of the approximately 3500 NCMS members nearly 325 hold the ISP certification.  The test is challenging and candidates are expected to score at least 75% for a passing grade.

Why Certify?
 The ISP holder demonstrates a high level of knowledge. The certification is based on the NISPOM but also covers electives such as: COMSEC, OPSEC, and other topics.

This certified professional communicates to upper management that they are committed to the business, the industry and the protection of national interests. It puts the company in a stronger position while bidding on contracts and lends credibility to relationships with the oversight agency the Defense Security Services (DSS). Most of all, it gives the bearer confidence in their ability to apply their knowledge. As this certification program evolves, more and more employers will require the certification.

Preparing
Only those working in the National Industrial Security Program for at least 5 years are edible for the ISP Certification. Five years experience should make the professional more than capable of passing the exam. However, understanding how to study will make a difference in their success.

Targeted focus for thirty minutes to an hour a day for six months can make a huge difference. However, study methods for open book tests are a lot different than for closed book tests. For example, the ISP Certification allows you to use the NISPOM and other reference material during the exam. This requires a broader understanding of where to find information by topic. The DoD’s Security Professional education Development certification does not allow candidates to bring reference material. This requires more memorization and more depth of study. However, in both cases, the tests are tough and candidates need to study. The few minutes made a big difference.

Test topics include Security Administration and Management, Document Security, Information Systems Security, Physical Security, Personnel Security, International Security, Classification, Security Education, and Audits and Self-Assessments. The broad scope of study provides a challenge as not every cleared contractor is experienced in all aspects of the NISPOM. But there are ways to prepare that will help pass the exam regardless of how much actual experience a candidate has for any of the topic areas. For example, you can pass all sections including NISPOM Chapter 8 topics without ever having had worked in the environment. An FSO or security manager at a company that only provides security cleared employees can pass the ISP Certification exam without ever having marked a classified document. How?  By following these five study methods to gain a better understanding of NISPOM.

1. Determine which type of test you will take and study using those resources and REGISTER. This will cause the clock to start ticking and seal your commitment. I recommend taking the computer exam and using the electronic NISPOM with ISLs. The “ctrl f” function is a life saver as it will allow you to search the NISPOM by keyword and topic. For instance, if a question covers proper marking procedures, you can search the NISPOM using keywords such as “classification marking”, “marking”, or using actual keywords in the question.

2. Become familiar with the NISPOM. It’s not necessary to memorize the NISPOM. Just, become familiar with chapter titles and paragraph topics and understand their applicability. This will help if you cannot find the answer using the keyword search. Sometimes questions won’t contain keywords and you’ll have to rely on intuition, experience and book knowledge. It’s important to know that information systems security is in Chapter 8, security education is in Chapter 3, document security is in chapter 5 and etc. Knowing topics will save a tremendous amount of time searching the NISPOM

3. Form a study group. Contact your local chapter of NCMS and join an existing or form a new study group. Also, join the NCMS’ Exam Preparation Program. This is led by a team of ISP Mentors and includes conference calls, downloads and purchasing their study guide.

4. Work outside of your area of expertise. Security specialists working in a large organization might work in one small discipline such as document control, classified contracts, information system security, or program area. It may be possible to cross train in other security disciplines to become more familiar with wider ranging NISPOM requirements. If you the opportunity does not exist, consider asking FSOs in another company to train you on their procedures. This can form the basis of a working study group.

5. Take DSS courses. Concentrate on the nine core areas of the ISP Certification Exam. This will help you reinforce NISPOM requirements and where to find answers in the NISPOM concerning the subject matter.

There are many excuses not to take the exam: the cost, time involved, or fear of failure. Take the online test! If you can perform a search in a PDF file, you can pass the test. The exam gives 110 multiple choice questions and takes up to 120 minutes. There is a clock that keeps track of the time and the test times out automatically. How convenient.

If you take the online exam, I recommend using two monitors. Open the test in one monitor and the PDF version of the NISPOM in the other. Open the search function in the NISPOM and type key words from the test question to find the reference. It’s that simple, but takes some practice.

The following are websites that offer reference for the ISP test study. The first website offers 20 free practice questions, study tips and PDF files of the NISPOM.
http://www.redbikepublishing.com
ISP Certification Exam Manual
NISPOM

NCMS website:

I studied for six months, before I had the courage to take the test. I studied, documented my study methodology and began writing a book. I have a database of 440 questions  (four practice tests and recommendations) that will definitely help guarantee your success.

Whether you’re employed in the security field as a government employee, contractor, loss prevention or IT, you need the competitive edge.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM
Posted by at No comments:
Labels: , , , , , , ,

Friday, September 2, 2011

Five Ways For an FSO to Increase High Power Team Effectiveness

Maybe you think you are alone, fighting the one person fight that many leaders face. However, you would be wrong to assume that the head of security is the only one responsible for the security program. For cleared defense contractors, the Facility Security Officer is in charge of the security program, but not the only one with a vested interest in protecting classified contracts. So how does the FSO create a teaming environment or create a program where everyone works together?
 
Through High Power Teams
High power teams (HPT) are the most effective types of entities. Where groups form, storm and norm, HPTs go further to create a body more capable than any individual. They do this by agreeing to rules and primarily keeping in mind that throughout any process or problem, it’s not about the individual, it’s about the group. This allows the organization to benefit as a whole as each member sacrifices their individual desires. The members do not lose or give up the individuality that makes them unique. It does not stifle individual creativity. What each individual sacrifices are selfish desires and the need for self importance.
 
High power teams (HPT) consists of a small number of people with complementary skills. Individual members of HPTs are committed to a common goal and hold themselves mutually accountable. This structure and assembly of individual core competencies, skills and capabilities create a superpower stronger than any one person could ever be.

The charter defines the standards the HPT will perform under. It provides the purpose vision, norms, goals, expectations and procedures. The charter is the rudder that keeps the group focused and forms the basis for group discipline and accountability. For example, if someone arrives late or makes fun of another member’s contribution, corrections can be made by referring to the charter. Additionally, if the group loses focus, the members can refer to the vision and goals.

While the charter provides the fundamentals other dynamics provide the groups personality and incredible effectiveness. Typically, all groups go through a forming, storming, norming, and performing, but that’s where a group’s effectiveness ends. There is a distinct difference between groups and teams.

 Teams build on the four stages by engaging collective performance, positive environment, holding individuals and the entire group accountable for charter guidelines and taking advantage of complementary skills. This again increases effectiveness and provides results associated with the capabilities of the HPT.

Anyone can form an HTP and especially so for highly effective formal and informal leader. Let’s for the sake of relativity, consider a Facility Security officers, command security managers or other security specialist. In other words, how can an HPT help?

Start with the charter. A leader can form an HPT from all business units. Since the FSO is responsible for creating a security program to protect classified information, they may either suggest or take the lead and form the group. Once in the group, the individuals begin to discuss the vision, norms and etc. Such topics to tackle might include policy, security violations, refresher training, emergency operations planning, and communication for starters. A multi organizational HPT can bring depth and breadth to a stagnant security program.

The difficulty for some leaders will be to sacrifice their will and turn over problems for a group to solve. That’s natural, but one of the benefits is that security is now part of the organization’s DNA and not just “overhead” or a “necessary evil”. The effective group will have capabilities beyond just the one leader. The tradeoff is perfect and the results impressive.
 
Here are recommendations for forming an HPT:
  1. Engage-Invite interested parties-canvas your corporation and determine who might be interested in joining this group. You may need to build security allies who might help you recruit effective individuals
  2. Focus-Develop a game plan and respect other members time. You can increase effectiveness with a charter as described above
  3.  Accountability-Have meeting minutes and document your work and products. Be sure to capture all important decisions and who will act on them. When the group assigns responsibilities to individuals, they tend to come through
  4.  Followup-Let the group know you appreciate their efforts. Better yet, assign credit to your group members and ensure the executives and department heads (if they aren’t part of the group) understand who the members are and to buy in on decisions.
  5.  Have fun-This is a time to allow creativity. Work within the confines of governing regulations and corporate policy, but allow out of the box thinking.

Posted by at No comments:
Labels: , , , , , , ,

Tuesday, March 22, 2011

How Cleared Contractors Appoint Facility Security Officers

 

Excerpt From Our Newest Book


Becoming a cleared defense contractor demands more than just a defense contractor getting a security clearance. It's more to do with, what to do once the clearance is awarded; specifically, protecting classified information. This protection involves physical, classified processing, and information security. It's more than just buying safes, installing access controls and getting employees security clearances. Primarily, the cleared contractor must appoint a Facility Security Officer (FSO) responsible for implementing a program to protect classified information.


To better answer frequently asked questions, I've written several times on the topic of selecting the right Facility Security Officer (FSO) qualifications. According to the National Industrial Security Program

Operating Manual (NISPOM), the FSO must be a US Citizen and be cleared to the level of the facility (security) clearance (FCL); period. This provides a lot of room for a cleared facility to figure out how to get the job done. However, in the book, DoD Security Clearances and Contract Guidebook-What Defense Contractors Need to Know About Their Need to Know, the author identifies what additional qualifications cleared contractors should recognize prior to appointing or hiring the FSO.

Primarily, the FSO should understand how to protect classified information as it relates to the cleared contract, organizational growth, enterprise goals, and NISPOM guidance. The FSO should be able to conduct a risk analysis, express the cost, benefits and impact of supporting a classified contract under the NISPOM requirements and incorporate an environment of cooperation and compliance within the enterprise. Finally, they must be able to influence and compel the senior leaders to make good decisions, support compliance and integrate security into the corporate culture. After all, security violations not only cause damage to national security, but could also impact the organization with loss of contracts. The FSO is pivotal to the successful execution of classified contracts.

In larger cleared contractor organizations the FSO is a full time job held by a department manager or higher level person. This FSO is supported by a staff of security specialists who may manage classified contract administration, safeguarding classified documents, process classified information on information systems, security clearances and other disciplines. The FSO oversees the entire security program as executed by the competent staff. In a best case scenario, they will report to the senior officer of the organization.

In small business the FSO may be the owner, chief officer, vice president or other senior leader picking up an additional responsibility. This is more of a situation of selecting the most knowledgeable, capable or competent and is usually the best choice. However, these people are already very busy trying to meet cost, scheduling and performance objectives. They may be able to implement and direct a security program to protect classified information, but not the day to day job functions that can pull them away from critical tasks. Jobs such as document control, visit authorization requests, security clearance requests and etc can be delegated to other competent, organized and less busy employees.

When competing for classified contracts, the winning company must be eligible to receive a security clearance. Prior to performing on the contract, they should have a security clearance in place and appoint an FSO. The FSO is responsible for the security program, but not necessarily solely responsible for executing the day to day activities. Just as FSOs in large organizations have a staff of employees, the FSO of small organizations should delegate day to day activities to competent cleared employees.

Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)