Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cleared Employee Security Training

Published byLee Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "Cleared Employee Security Training"— Presentation transcript:

1 Cleared Employee Security Training
For Possessing Facilities Published by Red Bike Publishing, LLC For use by individual purchasing and for conducting corporate training presentations. Not for resale or commercial purposes. All rights reserved except for those produced by the NISPOM Images are either the author’s or purchased from dreamstime.com 2016

2 SECURITY BRIEFING This presentation includes the following as required by NISPOM. Each will be addressed sequentially, but can be accessed by hyperlink: Threat Awareness Security Briefing Including Insider Threat Counterintelligence Awareness Briefing Overview Of The Security Classification System Employee Reporting Obligations And Requirements, Including Insider Threat Cybersecurity awareness training for all authorized IS users Security Procedures And Duties Applicable To The Employee's Job Bonus material This presentation fulfills the requirements for the initial security briefing and refresher training for all cleared employees as addressed in the National Industrial Security Program Operating Manual (NISPOM).

3 SECURITY BRIEFING Threat Awareness Security Briefing Including Insider Threat Counterintelligence Awareness Briefing Overview Of The Security Classification System Employee Reporting Obligations And Requirements, Including Insider Threat Cybersecurity awareness training for all authorized IS users Security Procedures And Duties Applicable To The Employee's Job Bonus material This presentation fulfills the requirements for the initial security briefing and refresher training for all cleared employees as addressed in the National Industrial Security Program Operating Manual (NISPOM).

4 Threat Awareness Security Briefing
Contents Insider threat definition Threat Awareness training Methods of contact and recruitment Recommended countermeasures Cleared employees should be aware of their responsibilities to protect all employees, products, customers and those we do business with.

5 Insider Threat Training Definitions
Insider - Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks, and systems. They may have some or all of the following characteristics: Authorized access Appropriate security clearance Need to Know But first some definitions. For NISPOM mandated Insider Threat Program (ITP) purposes this training covers those trusted employees and with authorization to access classified information. These trusted employees have access, need to know, and authorization to work within our facilities and on our contracts.

6 Insider Threat Training Definitions
Insider Threat - The likelihood, risk, or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the national security of the United States. Insider threats may bring: Harm to contractor Harm to program information Insider threats impact the contractor or agency’s obligations to protect classified national security information Because of the authorized access to classified information an insider can cause accidental and malicious damage to national security that may not otherwise be easily detected. For the purposes of this briefing the Insider threat focuses on threat to national security

7 Insider Threat Training All Cleared Employees
Requirements PRIOR to the recent changes to NISPOM: The FSO provided initial security training and annual refresher training The holder of classified information validated an employee’s access (clearance level) and need to know ADDITIONAL Requirements AFTER the NISPOM updates: The FSO demonstrates that cleared employees have completed insider threat awareness training before being granted access to classified information, and annually thereafter While the insider threat training for all cleared employees is a new requirement, the training topics are similar to topics that have already been addressed in past NISPOM and security awareness training. Insider threat training can be conducted in concert with existing training or stand alone Once training is conducted, the FSO or designated trainer should document the training, take the attendee names and make information available for the next DSS security review. The section addresses some of the “all cleared employee” training requirement

8 Insider Threat Training Why Our Technology
Research and development is an expensive endeavor. It is much cheaper to acquire technology through reverse engineering, requests for information or theft While it is illegal to provide any export to some countries; adversaries may try to circumvent laws with implementing creative methods of obtaining what they need. Some products seem to have commercial application, but they may appeal to a dual use possibilities Here are some more obvious reasons and adversary may find espionage a more lucrative endeavor to breaching a technology gap.

9 Insider Threat Training
Protecting All Information Classified GSA approved container Vault SCIF UNCLASSIFIED Restrict ing or faxing Develop a destruction policy Everyone has a right to privacy, respect that right Protect your business to the fullest Enforce Need to Know Remember the old saying, “none of your business?” A program of enforcing need know provides robust security and addresses threats to both classified and unclassified information. Need to know is a discipline that provides a significant level of protection. Not everyone with a SECRET clearance is authorized access to all SECRET information-Need to know. Not every employee needs access to financial records-Need to know. Obtaining authorization to receive classified information requires access, need to know, security awareness training and insider threat training. Access to sensitive and unclassified information requires need to know.

10 Before you release it….Review it.
Protecting All Information Identify and Review All Information Before Releasing Accident Ignorance Malicious Intent Provides a frame of reference for: OPSEC Reviews Press Releases Patents Brochures and Presentations Filters Identify any controlled information in produced raw data (reports, brochures, test result, etc.) Be sure to identify all information that is sensitive. Sometimes to answer isn’t always obvious and requires analhysis. SELDOM (if ever!!) does a security classification guide (SCG), OPSEC plan, etc. provide guidance on how to review publications, speeches, presentations, and other forms of communications for words or phrases that can lead to an ITAR violation or security compromise. If you aren’t handed the guidance, work to develop it!! Before you release it….Review it.

11 Data Rights, IP, PI, Patents, Trade Secrets
Review Information Know What’s Important Foundational Guidelines Info Protection Guide DD 254, SCG, Markings OPSEC Plan Data Rights, IP, PI, Patents, Trade Secrets MCTL, E.O , DODM , ITAR Who Reviews What To Review Techie IP, classified, OPSEC, ITAR PM OPSEC OPSEC indicators FSO Classified, ITAR, Legal ITAR, PI, Trade Secret While your security team understands NISPOM briefings, phishing scams, defensive briefings, CI and etc, there is so much more we can assist with. FSOs have skills that can be directed toward protecting company intellectual property, proprietary information, ITAR information and other raw data. Work together to identify what is sensitive, who to allow access, and how to protect it. Develop Public release process to address insider accidental, ignorance based, or malicious release of sensitive information FSOs train on derivative classifier responsibilities that can be applied to develop similar process for unclassified ITAR, IP, PI, and trade secrets Develop process for identifying, marking, storing, and transmitting such information What about yours? Review everything before releasing it Staff for signatures, have enterprise own the process Develop communications strategy for discussing information for presentation, press release, contract bids, and statements of work without releasing intimate details

Download ppt "Cleared Employee Security Training"

Similar presentations

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.
Chapter 5: Asset Classification

Chapter 5: Asset Classification
Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.

Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.
11 Karen Atkins 12 September 2013 The Importance of New Hire Orientation - FISWG.

11 Karen Atkins 12 September 2013 The Importance of New Hire Orientation - FISWG.
Information Systems Security Officer

Information Systems Security Officer
Network security policy: best practices

Network security policy: best practices
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Information Asset Classification

Information Asset Classification
Security Education and Awareness Security 101 February 28, 2007 JSAC.

Security Education and Awareness Security 101 February 28, 2007 JSAC.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.
Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.
ISP Preparation Series 1- Chapter 3. CHAPTER 3: SECURITY TRAINING AND BRIEFING SECTION 1: SECURITY TRAINING General (3-100) - Provide all with training.

ISP Preparation Series 1- Chapter 3. CHAPTER 3: SECURITY TRAINING AND BRIEFING SECTION 1: SECURITY TRAINING General (3-100) - Provide all with training.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

Similar presentations

Ads by Google