So, which companies will win the Cogswell Award this year? FSOs who take the time to develop a world class program designed to protect classified information are very deserving of the award. Here are four proven steps to help you demonstrate that your organization is going “above and beyond” NISPOM requirements:
1. Set security goals that everyone understands. These goals help create the organization-wide security culture that everyone can live with.
2. Conduct institutional training that support these goals. Ensure the training encourages your employees to report any and all security violations, suspicious contacts, and foreign travel, which will further enhance those efforts.
3. Goals should be tracked and institutional training and expectations should be conducted in preparation for the annual security inspection. Do this by implementing a daily security management process, which includes physical security, visitor control, and security education throughout the year. Some methods include:
Monthly Security Newsletter
Security Awareness Posters
Security Emails that remind employees about their Reporting Responsibility
Self-inspections
End-of-day checks
Annual Security Awareness training
4. Develop a partnership with your DSS rep. The inspection or a security violation is not the first time to meet your DSS rep. While developing a good working relationship, ensure your rep understands the level of support from your leadership. Sometimes the annual review is lengthy and the rep may not be able to appreciate or take in everything at one time. The annual review is a good time to hi-light what you’ve already demonstrated while building the relationship. Walk them through your facility and show the layers of security. This can be accomplished by the display of proper locks, card access systems, front desk procedures for visitors, display of badges, and other visible signs that promote Security Awareness that would only be accomplished with full management support. Then, when the annual review rolls around, remind them of what you’ve already showed.
By developing a security program outlined in the NISPOM and approved by your DSS rep, the Cogswell Award is definitely a reachable goal for your company. Demonstrate and document everything required by the NISPOM and how you went above and beyond. You can also reach out to fellow security professionals and join security associations to further enhance your security program and your security knowledge.
For more ideas, see our book DoD Security Clearances and Contracts Guidebook-What Defense Contractors Need to Know About Your Need to Know
Also, visit our blogs about NISP Enhancement.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Showing posts with label department of commerce. Show all posts
Showing posts with label department of commerce. Show all posts
Friday, March 23, 2012
Sunday, September 11, 2011
4 Measures to Prevent Unauthorized Export of Technical Data
 |
| ITAR |
Unauthorized transfer of technical data can occur in a variety of ways. Keep in mind that exports can and do occur not only during shipments but when hosting foreign visitors, during meetings, trade shows, plant tours, chat-room discussions, published articles and many other means. You can even export technical items exposed on your desk or otherwise revealed when a foreign visitor tours the facilities.
Though not covered in ITAR think of the term “Deemed Export”, where transfer occurs in simple acts as briefings or providing presentations of technical data to non-US persons.
This includes sending or removing technical data out of the U.S. or transferring it to a non US person in the U.S. by such acts as:
• Disclosing (oral, email, written, video, or other visual disclosure) or transferring technical data to a foreign person whether in the U.S. or abroad
• Providing a service to, or for the benefit of a foreign person, whether in the U.S. or abroad
You can help prevent unauthorized disclosure by taking the following actions:
1. helping your company understand the requirement to register with the State Department (see requirements).
2. Remind decision makers the responsibility to protect technical data. You can do this by helping create a technology control plan (TCP). If your company is authorized to export or reveal technical data, understand the license or technology assistance agreement (TAA). Follow it to the letter. The TCP will ensure that only authorized persons have access to technical data.
3. Provide a briefing to employees that whether or not in the U.S. or visiting overseas, they should only discuss what is authorized by licenses and or TAAs.
4. Prior to travel with a laptop, either have the information technology (IT) department scrub or provide a clean computer free of all technical data not authorized by licenses
Do everything within your power to help others in your enterprise understand that no technical data or service should be given without proper approval. This means performing due diligence prior to receiving foreign visitor, sending business development to trade shows, and prior to working on teaming agreements with non US persons.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM
Saturday, May 31, 2008
They're searching our computers at the borders!!
Does that headline get your attention? Computer World has published an article in their online magazine about random computer searches conducted at our borders. Lawyers have taken the fight that this violates peoples rights and circuit courts are holding that border agencies do have the right to search the laptops of any travelers crossing the boarder. Does this really raise an alarm within the security community, or is the article based on fears of privacy invasions?
I’ll leave the last part of question for the courts, and gladly use the article as a good training resource for security managers and executives. The first implication is that this activity should not be surprising. Anytime an employee travels abroad, they SHOULD expect to be liberated from your computer at the host country’s customs. They should also expect to have the hard drive duplicated, files read and etc. These are the contingencies for which astute security specialists plan.
As with all bad news (hopefully this is not news to you) the best place to begin change is by facing the facts. Other people want your information. Now that that's out, security professionals have the task of making the information very difficult to get. However, we spend too many resources on actions that don’t address the real threat. For example physical security efforts may focus on fortifying businesses with barriers, alarms, access control, cameras and etc. One would think that the threat is foreign agents breaking in to physical locations to steal secrets and technology. Good luck finding a news source reporting that kind of crime. Risk assessments indicate that technology is leaked through careless or malicious employee behavior.
Develop a culture within your company to affect the right behavior or at least prevent unauthorized disclosure of economic, classified or sensitive information. Destroy waste properly, lock all desk and cabinets drawers after work, and use access control to keep employees, vendors and janitors from accessing unauthorized areas.
Now, back to the borders. Employees having computers searched by US Customs means one thing…they are returning from overseas travel. The biggest question should address what was taken overseas and who else had access. The least of the problems is the news that U.S. Government Agencies are accessing computers.
So, what can we do? Prior to employee travel anywhere, download company information or prepare special travel computers with only the information they need to conduct business at hand (make sure the information is authorized by license or agreement with the State Department or Commerce Department to prevent an exports violation).
Hopefully this article has addressed how to focus security resources. Know the facts, gather information and address the real threats. Constructing a fortress won’t protect your information if it’s being thrown out with the garbage. Computer World has made a good report, however the security manager should recognize that the only way U.S. Customs searches is because we are either leaving or entering the U.S. If this event is causing concern, then we must have been asleep during the advent of international business travel.
Subscribe to:
Posts (Atom)