1 / 32

Security Education and Awareness

JSAC. JSAC. Security Education and Awareness. Security 101 February 28, 2007. Why Education and Training?. NISPOM 3-100 “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.”.

derex
Download Presentation

Security Education and Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. JSAC JSAC Security Education and Awareness Security 101 February 28, 2007

  2. Why Education and Training? • NISPOM 3-100 “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.”

  3. “A Security Awareness Program Sets the Stage for Training by Changing Organizational Attitudes to Realize the Importance of Security and the Adverse Consequences of Failure.”National Institute of Standards and Technology

  4. Goals of An Effective Education & Training Program • Understanding of and compliance with security rules and regulations. • Understanding the magnitude and complexity of the foreign and domestic threats that make these rules and regulations necessary. • Motivation!!!

  5. Education Versus Training • We often use the two terms interchangeably……but: • “Training” teaches people the skills that will enable them to perform their job. • “Education” enables someone to develop the ability and vision to understand complex, multidisciplinary activities.

  6. Education and Training • What Should Be Included? • What Is Your Method of Delivery?

  7. Required Prior to Initial Access to Classified Information • Threat Awareness Briefing • Defensive Security Briefing • Overview of the Security Classification System • Employee Reporting Requirements • Security Procedures and Duties applicable to the employee’s job

  8. Threat Awareness • What is the Threat • Methods of Collection • Recent Cases • CLASSIFIED or UNCLASSIFIED Threat Analysis from USG Sources • Critical Technologies 1940’s 1950’s 1960’s 1970’s 1980’s 1990’s 2001 2007

  9. Defensive Briefing • Overseas Travel • Foreign Contacts • Technology Controls • Public Release Requirements • CI Awareness • Disclosure Restriction

  10. Overview of the Security Classification System • Levels of Classification and Criteria • Original and Derivative Classification • Classification Guides • SAP/SAR and Special Briefing Requirements • NATO, FGI, COMSEC, CNWDI • Safeguarding • AIS • Background Investigations • Marking

  11. Employee Reporting Requirements • Definition of Adverse Information • Suspicious Contact Reports • Foreign Travel Reporting Requirements (if any) • Violations

  12. Security Procedures and Duties Applicable to the Employee’s Job • Lots of foreign contact or travel ? • Working with classified hardware ? • Working in a closed area ? • Marketing ? • AIS ? • Special Briefings ?

  13. Workplace Violence Prevention • Liaison With: • Legal • Human Resources • Local Law Enforcement • Medical • Outside Consultants

  14. Know Your Audience • Executive Level • Foreign Travel • General Security Training • Technical Training • Export Controls • Counter-Intelligence

  15. Subject Matter Experts • Subject Matter Experts Can Lend Extra Credibility • DSS CI • 902nd MI Group • OSI • NCIS • Legal Departments • Import/Export Empowered Officials

  16. Resources & Methods • Company Newsletters • Great for Special Events or Current Topics • “Security Slot” • Website Information • Space on the Company Website or Build a Security Website • Security Bulletins • Topic of the Month • Videos • Homemade are Expensive but Effective if Resources Available • Computer Based Education

  17. Resources & Methods • Posters • Some Commercially Available • Idea Contest • Desktop Reminders • Great For End of Day Checks • “Gimmes” • Pamphlets • Must be easy to use or recyclable

  18. Desk Guides and Handbooks

  19. Resources & Methods • Seminars and Workshops • NCMS • JSAC • ASIS • National Security Institute – IMPACT • DSS • Usually for Specific Audiences • Security Professionals • Small Facility FSO’s • Specialists – Import/Export, Legal

  20. Visual Advertising • A Great Poster IS: • Readable • Unreadable = Misspellings, complex, passive sentences, ungrammatical • Legible • Illegible = Fancy font, fancy font, too much text • Well Organized • Disorganized =Too much time to find main idea, next idea or data • Succinct • Not succinct = Doesn’t direct attention to main message in 11 seconds

  21. Great Posters Are Compact and Visual: • Compact: • Focus on one, clearly stated message with a single “take-home” message • Visual: • Relies on graphics, photos, pictures to convey message rather than lots of text

  22. Poster Art from the Web • http://www.wasc.noaa.gov/wrso/posters/Security_Awareness_Posters4.htm • http://members.impulse.net/~sate/posters.html

  23. Familiar “hook” for Baby Boomers

  24. Old Ideas Still Work World War II Today

  25. Remember Your Audience

  26. Seasonal theme

  27. Associated with a Public Event

  28. Poster Art – Not So Good

  29. Poster Art - Cool

  30. Key to Effective Training Reinforce Reinforce Reinforce

  31. “The single greatest obstacle to espionage is education.”Stanislav Levchenko, former KGB Officer

  32. Questions ??

More Related