certification-for-security &laquo; WordPress.com Tag Feed http://en.wordpress.com/tag/certification-for-security/ Feed of posts on WordPress.com tagged "certification-for-security" Sun, 19 May 2013 15:20:39 +0000 http://en.wordpress.com/tags/ en <![CDATA[Legacy of the Facility Security Officer (FSO)]]> http://industrialsecurity.wordpress.com/2012/06/07/legacy-of-the-facility-security-officer-fso/ Thu, 07 Jun 2012 21:39:00 +0000 Red Bike Publishing http://industrialsecurity.wordpress.com/2012/06/07/legacy-of-the-facility-security-officer-fso/ You might already know how to write policy that reflects the NISPOM and export compliance or ITAR regulations. That might very well be an easy task for you. Just like ISP certification mentioned in an earlier post, the policy itself should not be the catch all solution. Just as the certification compliments the bearer’s capabilities, the policy should complement the processes and procedures you have in place.
Policy tells what should happen and is in itself easier to write and have approved than the how to do it found in processes and procedures. Even if you do not know how to write policy, you can always download a boilerplate standard practice procedures, technology control plan, or sample security policies downloaded from Defense Security Services (DSS), or shared by fellow security professional organization contacts. What won’t be so easy to find is policy tailored to your specific needs and how to incorporate them into company business. That will require teamwork with other business unit managers.
Some of the reading audience might understand better than others that most policies exist as “gotchas”. In other words, policies can be used as a basis for discipline. However, unless part of the company DNA, most employees may not know the policy even exists.
For example, suppose you are trying to implement procedures to support your customer’s requirement of approving public release information as identified in the DD Form 254 for cleared contractors. You know it’s a requirement, but your company continues to publish contract related information in news releases and on the website without customer approval. To solve this problem, you could:
1. Write a policy and wait for employees to read and comply. If they do not, you can nab them later, pointing out their short falls.
2. Create policy, coordinate with others to create supporting trigger points and courses of action, shop it to all the managers, work together to develop a workflow, and check the progress.
Option two works best because it will be part of an organizational solution and not “just another thing to do.” Option one will cause all kind of trouble and leave the situation unresolved.
An FSO is designated to develop security policy to protect classified information. However, this is not a solution that should be undertaken alone. The entire organization should take part. Just as human resources, facilities, finance and other business units seek the cooperation of the enterprise, the FSO should get similar buy in. With approved and accepted procedures in place, the policy will be easily supported.

For more information on establishing security procedures, see DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: “Get Rich in a Niche-Insider’s Guide to Self Publishing in a Specialized Industry” and “Commitment-A Novel”. Jeff is an expert in security and has written many security books including: “Insider’s Guide to Security Clearances” and “DoD Security Clearances and Contracts Guidebook”, “ISP Certification-The Industrial Security Professional Exam Manual”, and NISPOM/FSO Training” See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

]]> <![CDATA[8 Simple Steps FSOs use to Inspect Classified Deliveries]]> http://industrialsecurity.wordpress.com/2012/01/13/8-simple-steps-fsos-use-to-inspect-classified-deliveries/ Fri, 13 Jan 2012 20:43:00 +0000 Red Bike Publishing http://industrialsecurity.wordpress.com/2012/01/13/8-simple-steps-fsos-use-to-inspect-classified-deliveries/

The FSO should ensure all arriving classified information is inspected and received into accountability. This due diligence is conducted to ensure that classified information has not been compromised, is related to a contract, and is properly marked. Regardless of transmission methods of physical items (mail, courier, overnight, hand carry and etc.) classified material should be double wrapped. Each layer serves to protect the classified material from inadvertent and unauthorized disclosure and should be properly addressed.
The classified information should be wrapped and sealed in opaque material or envelopes.

The NISPOM does not cover seams of wrapped items, but a good practice is to cover seams with rip-proof opaque tape or other material that prevents and detects tampering. All seams of the outer layer should be sealed with opaque tape in an effort to create a solid layer of covering. The item should be wrapped and sealed with the first layer containing the proper classification level and to and from address lines. Two copies of receipts should either be attached to the first layer or inside the first layer. The outer layer should not contain classification markings and be addressed to a cleared contractor and not a person’s name.

A good security practice allows for the sender to contact the receiver that classified material is being sent to their facility. This alerts the receiver to expect the delivery. Many times program managers, engineers
or other technical employees are anticipating the delivery, but may not have all the details of delivery times and dates. However an FSO to FSO coordination can provide all the information of the transaction
in advance.

Regardless of transmission methods, the recipient should examine the outer wrapping for evidence of tampering or to otherwise to inspect that there has been no compromise of classified material. Classified
material should be double wrapped or in other words have two independent layers of protection. Each layer consists of opaque material such as: an envelope, paper, box or other strong wrapping material.

1.  The first part of the inspection should be conducted to look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material.

2.  Next, the shipping label should be reviewed for full approved classified mailing address, return address.

3.  There should be no classification markings on the outer layer of the item; the outer layer should not draw attention to the classified material inside. Classification markings on the outside of a package are a security violation.

4.  The inner layer should be inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure.

5.  However, the inside wrapping should contain the full address of the recipient as well as classification markings on the top, bottom, front and back. TOP SECRET and SECRET material should have a packing list or receipt of contents either on the outside or inside of the container.

6.  If a receipt is included, the receiver should sign it and return it to the sender. Receipts are not necessary with the shipment of CONFIDENTIAL material.

7.  The receiver should then check the receipt against the contents to ensure the item has been identified correctly and all items are accounted for. The properly filled out receipt should list the sender, the addressee and correctly identify the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, the inspector should ensure it contains no classified information. If the receipt contains a classified title, the sender may be able to coordinate for an unclassified title for internal use.

8.  Once all the checks and verification are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities.

Items to inspect when receiving classified deliveries:

  • Outside wrapper:
    •  Evidence of tamper
    • Seams sealed with anti-rip tape
    • Label is addressed to organization (not individual)
  • Inside wrapper:
    • Evidence of tamper
    • Seams sealed with anti-rip tape 
    • Inside label addressed to recipient 
    • Inside wrapper is marked with appropriate classification 
    • Receipts / packing list included for SECRET and above 
    • Compare receipt/packing list against contents 
    • Ensure items are classified properly 
    • Sign receipts and return to sender
Figure 5-3 (From DoD Security Clearances and Contracts Guidebook) The FSO should ensure that all classified deliveries are inspected prior to bringing them into accountability. Such checks are necessary to  ensure items were sent properly, were not tampered with in transit, contain correct items and are authorized for storage in the classified holdings

Learn more FSO required skills in DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: “Get Rich in a Niche-Insider’s Guide to Self Publishing in a Specialized Industry” and “Commitment-A Novel”. Jeff is an expert in security and has written many security books including: “Insider’s Guide to Security Clearances” and “DoD Security Clearances and Contracts Guidebook”, “ISP Certification-The Industrial Security Professional Exam Manual”, and NISPOM/FSO Training” See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

]]>