December 2013 Michael Campbell ViaSat, Inc..  NISPOM Requirements  Interpretation ◦ Category Level ◦ Business Best Practices  Available Tools  Pre-Inspection.

Slides:

Advertisements

Similar presentations

Ways to Improve the Hazard Management Process

Advertisements

Museum Presentation Intermuseum Conservation Association.

FEMA Approval of Local Hazard Mitigation Plans

Effective Contract Management Planning

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

About K12 Systems, Inc. – Induction Summer 2014 K12 Systems recognized a need in school districts for a new way to manage electronic gradebooks. Web-based.

File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.

Defense Security Service Facility Clearance Branch (FCB)

August 15, 2012 Fontana Unified School District Superintendent, Cali Olsen-Binks Associate Superintendent, Oscar Dueñas Director, Human Resources, Mark.

Periodic Department Review A System of Affirmation LaMont Rouse Executive Director of Assessment, Accreditation & Compliance.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

What Should You Do If OSHA Knocks Mark McDaniel, INSafe Consultant.

Responsible CarE® Employee health and Safety Code David Sandidge Director, Responsible Care American Chemistry Council June 2010.

Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.

Practical Tips and Tools For Effectively Managing Worker’s Compensation Cases.

1 Creating a Joint Personnel Adjudication System (JPAS) Analysis Report Michael S. Campbell Industrial Security Specialist Defense Security Service San.

Employee Orientation and Training

Chapter 13 Staffing System Administration McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc., All Rights Reserved.

Incident Reporting Procedure

1 Module #6 – Business Retention & Expansion. 2 Why Existing Businesses are Important:  Recruitment has limitations  Over time, they create more new.

SEC835 Database and Web application security Information Security Architecture.

Loss Control Program Compliance Audits An overview of the purpose and procedures of program auditing.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Lyle Eesley Defense Acquisition University Director

Health & Safety Site Verification Audit Procedural Training F b RevNo: 0 / Omni Facility Services Health & Safety Site Verification Audit.

How Do I Get There? 4.00 – Understand job search techniques – Understand how to apply, interview, and make a plan for employment.

Copyright © 2003, eePulse, Inc. 1 Transforming Surveys Into Leadership Tools.

June 20, 2012 Outsourcing Physical Plant Should I ???

Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.

Defense Security Service New Rating Process Current as of 10/19/2011.

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

Conservation Districts Supervisor Accreditation Module 9: Employer/Employee Relations.

Of Risk Management Risk Management. “For the kingdom of Heaven is like a man traveling to a far country, who called his servants and delivered his goods.

Introduction & Step 1 Presenter:. Training Overview Introduction Participation requirements FET Tool Orientation Distribution of username & passwords.

1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

SacProNet An Overview of Project Management Techniques.

Chapter 10 : Variables for Success

“Safety Self-Inspection of the Workplace – An Integral Element of Integrated Safety Management” Prepared by: M. E. “Rick” Du Bose Mgr, Safety & Occupational.

Developing Plans and Procedures

 Is the process of conducting an exhaustive physical examination and thorough inspection of all operational systems and procedures of a facility.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.

Improving the Tradecraft in Services Acquisition Services Acquisition Training Lyle Eesley Defense Acquisition University Director Center for Services.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

Independent Expert Program Review (IEPR) February 2006.

NISPOM Chapter 1 Basics General Requirements Reporting Responsibilities Steven Rivera, FSO July 10, 2013.

How Do I Get There? 4.00 – Understand job search techniques – Understand how to apply, interview, and make a plan for employment.

Acquisition and Assistance Management Review Entrance Briefing Name of office reviewed Date of Review.

Preparing for an Audit Roy De Lauder CPPM, CF NOVA Chapter General Dynamics Advanced Information Systems.

Click to edit Master title 1 1 Raymond W. Blowitski, Office of Analysis, HS-32 Phone: (301) Strategy for Implementing DOE O 210.2, DOE Corporate.

How To Conduct An Administrative Inquiry (AI) Due To A Security Violation

SEC 410 Entire Course (UOP) SEC 410 Week 1 DQ 1 (UOP)  SEC 410 Week 1 Individual Physical Security Paper   SEC 410 Week 1 DQ 1   SEC 410 Week 1 DQ.

© Copyright by CEO Support Systems, Inc. All Rights Reserved. 1.

2007 Office of Risk Management Annual Conference 2007 David M. Shapiro Disaster Planning & Recovery Consultants

SEC 480 assist Expect Success/sec480assistdotcom FOR MORE CLASSES VISIT

SEC 410 cart Expect Success/sec410cartdotcom FOR MORE CLASSES VISIT

How Do I Get There? 4.00 – Understand job search techniques – Understand how to apply, interview, and make a plan for employment.

CNOOC SES Ltd. VQHSE MS Vendor QHSE Management System

Compliance Assessment for Florida Agencies. Florida Information Technology Project Management and Oversight Standards 2 Section (3), F.S. By June.

Data Architecture World Class Operations - Impact Workshop.

Document Evaluation Process May 2005 Revision

NISPOM Basics What You Need to Know!

SEC 400 Competitive Success/snaptutorial.com

SEC 400 Education for Service-- snaptutorial.com.

The Organized FSO Getting Control of the Paperwork and the Chaos

Threat Systems Management Office (TSMO)

DSS Security Ratings Matrix

Honeywell Aerospace Kruti Tanna October 30, 2018

Capabilities Briefing

Presentation transcript:

December 2013 Michael Campbell ViaSat, Inc.

 NISPOM Requirements  Interpretation ◦ Category Level ◦ Business Best Practices  Available Tools  Pre-Inspection  Self-Inspection  Post-Inspection  Communication  Preparation for formal assessment

RISK Asset Threat Vulnerability RISK Asset Threat Vulnera bility RISK Asset Threat Vulnera bility RISK Asset Threat Vulnera bility RISK Asset Threat Vulnera bility

 NISPOM (b) ◦ Contractors shall review their security system on a continuing basis and shall also conduct a formal self- inspection at intervals consistent with risk management principles.

 What category is your facility? ◦ AA: Multi-Week assessment ◦ A: Large and complex facility with many programs, contracts, holdings, etc. ◦ B: First category requiring a team of Rep’s for the formal assessment ◦ C: Largest facility that allows 1 Rep assessments ◦ D: Smallest category with safeguarding ◦ E: Contracts and cleared personnel (no safegaurding)

 Know your company  Know your product lines  Know your corporate structure  Know your PM’s  KNOW YOUR COMPANY

 MS Project  SharePoint  Gantt Charts  SIMS  Self-Inspection Handbook for NISP Contractors

2011 Marking Vulnerability Trends 2010 Marking Vulnerability Trends

 Programmatic?  Traditional?  Unannounced?  Assisted?  HAVE YOU HAD ANY “RED FLAGS”

 Adopt the “verify and validate” mindset  Create your inspection binder  Review your SPP  Explain the process of vulnerability assessments following your employee interviews (this may be their first)  Ask open ended questions (ALWAYS)

 When will you begin?  How long do you plan to take?  Who will you interview?  To whom and how will you communicate the results?  Do you plan on keeping metrics?

 Stick to your plan  Use your tools how you planned  Record as much as possible (you’ll make sense of your notes later)  Interview

 Create ◦ Create a report format  Analyze ◦ Review findings ◦ Compile metrics ◦ Record vulnerabilities  Prepare ◦ Complete your report ◦ Determine who will review it  Communicate ◦ Alert your Rep and FCIS of your results

 Have you communicated with them?  Do they know your company?  Do they know your programs?  What can you do to assist them?

 Review your facility binder ◦ Is it organized? ◦ Are all of your forms up to date? ◦ Does it have examples of the forms you use? ◦ Does it have your Sec Ed information? ◦ Do you have a copy of your self-inspection report in it?

 Do you know your Rep and FCIS yet?  Do you know when your assessment is planned for?  Do you know what strategy will be utilized?  Do you know your facility’s Category?  Do your employees know when they’ll see suits in the building?

OLD NEW Security Rating Calculation Worksheet Rating Calculation (Complete areas in yellow) *Note:For rating calculation purposes, treat multiple occurrences under the same NISPOM reference as one vulnerability. Place or select "X" for each enhancement that applies to the program. Select CAT: Starting Score  700 NISP Enhancement 0 Other Red Flags Category 1: Security Education (Events) Yes/No? Category 2: Security Education (Products) Category 3: Security Education (Staff Training) Category 4: Security Education (Community Information Sharing) Category 5: Contractor Self Review Category 6: Class Material Control Category 7: CI Category 8: Information Systems Category 9: FOCI Category 10: International Category 11: Community Membership Category 12: (↑) Active Participation Category 13: Personnel Security Vulnerabilities (Non-A/C) by Reference* Other Acute/Critical by Reference* Other FINAL SCORE  Rating: 599 & Below=Unsatisfactory =Marginal =Satisfactory =Commendable 800 & Above=Superior Facility Data Information CAGE Code: Company: Assessment Date: Field Office: Team Assessment:

 Know your vulnerabilities  Re-Review the red flags ◦ FOCI ◦ KMP ◦ Deliberate disregard of NISPOM or SPP ◦ Unmitigated loss or compromise ◦ Processing on an unaccredited information system  Enhancements must be EFFECTIVE

 Entrance: ◦ Summarize your facility and the work that is accomplished ◦ Quickly review your self-inspection ◦ Provide your Rep with a copy of your briefing and NISP enhancements (their jobs are to trust, but verify) ◦ Keep it short and precise  Exit: ◦ Take notes ◦ Ask questions

Michael Campbell Security Manager Phone: (760)