Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.ispcert.com THE SECURITY CLASSIFICATION SYSTEM.

Published byMaximilian Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.ispcert.com THE SECURITY CLASSIFICATION SYSTEM."— Presentation transcript:

1 www.ispcert.com THE SECURITY CLASSIFICATION SYSTEM

2 www.ispcert.com CONTENTS Why the Security Classification System How is information classified How is classified information marked Government and contractor responsibilities Test

3 www.ispcert.com  How do classified items receive their designations?  Who is responsible for assigning classification levels?  What recourse do security managers have after discovering a classification error?  Can anything be assigned a classification level by anyone?  These are questions that come to the minds of many who safeguard or work with classified material. Although there is guidance to demonstrate proper control, accountability, documentation, storage, dissemination and destruction of classified material, many practitioners do not understand the fundamentals. Executive Order 13526 provides the history, disposition and future status of classified information. CONTENTS

4 WHY ASSIGN CLASSIFICATION SYSTMS “It has been estimated by some intelligence experts that Mr. Walker provided enough code-data information to alter significantly the balance of power between Russia and the United States” John Oconner, New York Times For over 18 years John A. Walker, Jr. had sold secrets during and after his career in the Navy. Though entrusted with a security clearance and a “need-to know”, he did not demonstrate the trustworthiness of which his thorough background investigation deemed him worthy. When the opportunity revealed itself, he took advantage of his position and responsibilities to smuggle classified information to his Russian connections. During the investigation into his arrest, authorities discovered a complex spy ring consisting of family members and other recruited operatives. Walker had earned the trust and cooperation of his family to commit one of the most notorious of all cases of espionage. As a result of his crimes, he received a two life terms plus 10 year, his son received 25 years and the damage to the U.S. national security was tremendous.

5 www.ispcert.com NISP is designed Safeguard classified information that has been or may be released to… “current, prospective, or former contractors, licensees, or grantees of United States agencies”. It is also designed to provide for the protection of classified material as outlined in EO 12356 and the Atomic Energy Act of 1954, as amended. NATIONAL INDUSTRIAL SECURITY PROGRAM

6 www.ispcert.com  The NISPOM is the primary regulatory reference for performing industrial security  The Department of Defense consults with Secretary of Energy, the Nuclear Regulatory Commission and the Director of Central Intelligence to issue and maintain the NISPOM  It is up to the contractor and each agency work together to meet the NISPOM’s intent NISPOM The NISPOM provides restrictions, rules, guidelines and procedures for preventing unauthorized disclosure of classified material; it is the primary regulatory reference for performing industrial security.

7 www.ispcert.com  The Secretary of Energy and the Nuclear Regulatory Commission have the lead in detailing requirements for protecting classified information identified in the Atomic Energy Act of 1954  The Director of Central Intelligence will provide a section for intelligence sources and methods, to include Sensitive Compartmented Information (SCI)  However, in this coordination each agency maintains its authority  The NISPOM applies to authorized users of classified information and equips those working on classified contracts with critical instruction on how to implement the NISP in their organizations  It is up to the contractor and the oversight agency to work together to provide accurate interpretation of the guidelines to the specific classified contract requirements. NISPOM

8 www.ispcert.com All agencies apply three factors to the concept of Risk Management 1.Damage to national security 2.Existing or anticipated threat to disclosure of information. 3.Short and long term costs of the requirements, restrictions, and other safeguards NATIONAL INDUSTRIAL SECURITY PROGRAM (NISPOM) The second and third factors aren’t spelled out in the NISPOM, but are recognized as legitimate concerns to prevent the NISP from becoming a burden to industry

9 www.ispcert.com  The Secretary of Defense and the other identified agencies apply the concept of Risk Management while implementing the NISPOM  Astute Industrial Security managers develop risk management analysis to better interpret the risk and discover the potential impact. They will also develop solutions to reduce the risk and the predicted damage. The bottom line is to reduce the probability of unauthorized disclosure of classified information NATIONAL INDUSTRIAL SECURITY PROGRAM (NISPOM)

10 www.ispcert.com  Provides Classified National Security Information and delivers a cohesive method for designation classification  The Government has designed stringent policy to ensure that classified material is protected at the level necessary to prevent unauthorized disclosure. EXECUTIVE ORDER 13526

11 www.ispcert.com  CONFIDENTIAL information could reasonably be expected cause damage  SECRET could reasonably be expected to cause serious damage  TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security THREE DESINGNATIONS FOR CLASSIFIED Caution: Classified information should not be confused with the proprietary information sometimes referred to as company confidential or secret.

12 www.ispcert.com Classifications are not assigned unless:  An original classification authority (OCR) is applying the classification level  The U.S. Government owns, is producing, or is controlling the information  Information meets one of eight categories  The OCR determines unauthorized disclosure could cause damage to national security to include transnational terrorism and they can identify or describe the damage. CONDITIONS FOR CLASSIFICATION

13 www.ispcert.com  According to a report from the Chairman of the House National Security Subcommittee, 10% of secrets should have never been classified and that nearly 90% of classified information has been over- classified  A Defense Security Services report stated in 2003 nearly $6.5 billion was spent to classify information  To prevent such abuse, the Executive Order provides guidance to train and prevent classification authorities from arbitrarily assigned a classification level CONDITIONS FOR CLASSIFICATION

14 www.ispcert.com 1.Military plans, weapons systems or operations  The U.S. armed forces not only safeguards, but provides instructions for protecting the specifics of their weapons and plans. If these strategies and operations were released to the wrong hands, the information would damage national security and adversely affect our ability to defend ourselves. 2. Foreign government information  This knowledge includes what the U.S. Government may already know about other governments. This gives the U.S. the advantage of knowing information that another country thinks is protected. WHAT ARE THE EIGHT CATEGORIES

15 www.ispcert.com 3.Intelligence activities, sources, or methods or cryptology  One can imagine what damage could take place if any intelligence gathering sources, methods or activities were compromised. The suspecting adversary could become aware of the threat and cease their activity or design countermeasures designed to thwart future efforts. WHAT ARE THE EIGHT CATEGORIES

16 www.ispcert.com 4.Foreign relations or activities of the United States including confidential sources  This information is specified U.S. foreign policy activities and sources friendly to U.S. efforts and U.S. organizations. Such is protected to ensure the safety of the relations and success of the activities. Compromise of any of the sources could cause damage to National Security as they are denied further access. 5.Scientific, technological, or economic matters relating to national security, including defense against transnational terrorism  Unauthorized access to national security-related U.S. scientific, technological, and economic data could compromise plans, production, and strategies and leave certain vulnerabilities. WHAT ARE THE EIGHT CATEGORIES

17 www.ispcert.com 6.U.S. programs for safeguarding nuclear materials or facilities  For nuclear activities, the Department of Energy and the Nuclear Regulation Commission provide specific guidance to ensure the best protection. Vulnerabilities and strengths are assessed to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited. WHAT ARE THE EIGHT CATEGORIES

18 www.ispcert.com 7.Vulnerabilities of systems, installations, infrastructures, projects, plans or protection services related to national security including terrorism  Security managers assess strengths and to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited. An adversary could use the programs to gain advantages, steal, damage or destroy systems, installations, infrastructures, projects, plans or protection services. 8.Weapons of Mass Destruction  Information fitting this category is classified to prevent unauthorized disclosure. Such unauthorized disclosure could make the U.S. vulnerable to adversaries to include transnational terrorists. WHAT ARE THE EIGHT CATEGORIES

19 www.ispcert.com  Classified material should always display proper markings at all times  The classified information will have markings displayed in a specific manner based on the type of media (compact disk, cassette, book, map and etc.)  Furthermore, the classification should identify which pages, paragraphs and portions are classified and unclassified. CLASSIFICATION MARKINGS

20 www.ispcert.com EXAMPLES OF DOCUMENT MARKINGS Overall Page Markings Portion Marking Classification Information Notice that the document has a top and bottom marking at the highest level of classification on the page and appropriate levels of classification for the information in the paragraph.

21 www.ispcert.com  Limits to classification  A classification cannot be assigned to hide legal violations, inefficiencies or mistakes  Nor can the classification authorities assigned to prevent embarrassment, prevent or restrict competition or delay the release of information that hasn’t previously required such a level of protection LET’S CLASSIFY IT ALL JUST TO BE SURE Users of Classified material have an obligation to challenge classification that violate any of the above

22 www.ispcert.com  Holders of classified information may discover that the classification level may be inappropriate or unnecessary. These holders have a duty to report their beliefs.  Such reports are to be handled with the agency authorities and reviewed for a decision.  The agency heads or senior officials also need to ensure there is no retribution for the report as well as notifying the individuals that they have a right to appeal the agency decisions to the Interagency Security Classification Appeals Panel. CAN’T WE JUST CLASSIFY IT ALL JUST TO BE SURE Users of Classified material have an obligation to challenge classification that violate any of the above

23 www.ispcert.com  Anyone desiring access to classified information must possess a security clearance and have “need to know”  Security clearances are issued after a favorable investigation and a determination is made. CLEARANCE AND “NEED TO KNOW”

24 www.ispcert.com  Classified users are trained in proper safeguarding and sanctions imposed on those who fail to protect it from unauthorized disclosure  Each originating agency must provide instructions on the proper protection, use, storage, transmission and destruction of the information WE ARE PROVIDED INSTRUCIONS OF USE

25 www.ispcert.com  DON’T BEGIN CLASSIFIED WORK WITHOUT  DDFORM254-Provides instructions on how, when and where to perform on a classified contract  SECURITY CLASSIFICATION GUIDE- Designed to notify what is classified and to what level. A security classification guide is assigned to each classified project. WE ARE PROVIDED INSTRUCIONS OF USE

26  The NISP is created to protect classified information  Three factors are considered before implementing the NISPOM:  level of damage to national security  existing or anticipate threat to disclosure  long and short term costs  Presidential Executive Order 13526 delivers a cohesive method for designation classification, protecting and declassifying national security information  Classified material should always be marked with the correct level SUMMARY

27 www.ispcert.com O’Connor, John, “TV View; American Spies In Pursuit Of The American Dream”, New York Times, NY, 1990 http://query.nytimes.com/gst/fullpage.html?res=9C0CE6DA133BF937A35751C0A9 66958260, Feb 4, 2008 http://query.nytimes.com/gst/fullpage.html?res=9C0CE6DA133BF937A35751C0A9 66958260 The President, Executive Order 12829—National Industrial Security Program (Federal Register, Jan 1993) pg. 3-2. The President, Executive Order 13292, Further Amendment to Executive Order 13526, As Amended, Classified National Security Information—National Industrial Security Program (Federal Register, Mar 2003) Sec. 1-2 “Too Many Secrets: Overclassification As A Barrier To Critical Information Sharing”, (Hearing Before The Subcommittee On National Security, Emerging Threats And International Relations Of The Committee On Government Reform House Of Representatives One Hundred Eighth Congress Second Session August 24, 2004) Serial No. 108-263, Available Via The World Wide Web: Http://www.Gpo.Gov/Congress/House and Http://www.House.Gov/Reform.“Secrecy Report Card, Quantitative Indicators in Secrecy of the Federal Government”, (http://www.openthegovernment.org/otg/SRC2006.pdf, August 2004). Http://www.House.Gov/Reform REFERENCES

28 www.ispcert.com Click on the correct answers TEST

29 1.All of the following are classifications except: A.TOP SECRETTOP SECRET B.CONFIDENTIALCONFIDENTIAL C.SECRETSECRET D.FOR OFFICIAL USE ONLYFOR OFFICIAL USE ONLY 2.All of the following are conditions to be met before classifying an item except A.Original Classification Authority is involvedOriginal Classification Authority is involved B.U.S. Government owns itU.S. Government owns it C.Information could cause damage to national securityInformation could cause damage to national security D.Information could cause embarrassment to the PresidentInformation could cause embarrassment to the President 3.Anyone with a SECRET clearance can access classified at the CONFIDENTIAL level A.TrueTrue B.FalseFalse 4.All must be considered before the Government implements NISPOM except A.Cost of implementationCost of implementation B.Threat to disclosureThreat to disclosure C.Damage to National SecurityDamage to National Security D.Buy-in by contractorsBuy-in by contractors TEST-SELECT THE CORRECT ANSWER

30 www.ispcert.com 5.Which of the following is described as possible damage for unauthorized disclosure of SECRET A.Causes extremely serious damageCauses extremely serious damage B.Causes damageCauses damage C.Causes extremely grave damageCauses extremely grave damage D.Causes serious damageCauses serious damage 6.Presidential Executive Order 13526 implemented the National Industrial Security Program A.TrueTrue B.FalseFalse TEST-SELECT THE CORRECT ANSWER

31 www.ispcert.com Go Back!

32 www.ispcert.com Go Back!

33 www.ispcert.com Go Back!

34 www.ispcert.com Go Back!

35 www.ispcert.com CERTIFICATE

Download ppt "Www.ispcert.com THE SECURITY CLASSIFICATION SYSTEM."

Similar presentations

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
FOIA Exemption 1 & E.O Classified National Security Information

FOIA Exemption 1 & E.O Classified National Security Information
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Department of the Navy Information Security Program

Department of the Navy Information Security Program
Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.

Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.
Auditing Concepts.

Auditing Concepts.
Chapter 5: Asset Classification

Chapter 5: Asset Classification
CORPORATE ESPIONAGE COUNTERMEASURES Daniel J. Benny, M.A., CPP, PCI, CCO, CLET Private Investigator & Security Consultant.

CORPORATE ESPIONAGE COUNTERMEASURES Daniel J. Benny, M.A., CPP, PCI, CCO, CLET Private Investigator & Security Consultant.
HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!

HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!
10/27/20111 Initial Security Indoctrination DoD. 10/27/20112 The protection of Government assets, people and property, both classified and controlled.

10/27/20111 Initial Security Indoctrination DoD. 10/27/20112 The protection of Government assets, people and property, both classified and controlled.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Information Systems Security Officer

Information Systems Security Officer
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Risk Management.

Risk Management.
Virginia Army National Guard Personnel Security

Virginia Army National Guard Personnel Security
Army Family Advocacy Program 1 of 16201130R APR 06 Restricted Reporting Policy for Incidents of Domestic Abuse.

Army Family Advocacy Program 1 of R APR 06 Restricted Reporting Policy for Incidents of Domestic Abuse.
Data Protection Overview

Data Protection Overview

Similar presentations

Ads by Google