1 / 22

Self-Inspection / Assessment Preparation

Self-Inspection / Assessment Preparation. December 2013 Michael Campbell ViaSat, Inc. Why Am I Here?. NISPOM Requirements Interpretation Category Level Business Best Practices Available Tools Pre-Inspection Self-Inspection Post-Inspection Communication

feo
Download Presentation

Self-Inspection / Assessment Preparation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Inspection / Assessment Preparation December 2013 Michael Campbell ViaSat, Inc.

  2. Why Am I Here? • NISPOM Requirements • Interpretation • Category Level • Business Best Practices • Available Tools • Pre-Inspection • Self-Inspection • Post-Inspection • Communication • Preparation for formal assessment

  3. Asset • Asset • Asset • Asset Our Day-to-Day Jobs • RISK • RISK • RISK • RISK • Threat • Threat • Threat • Threat • Vulnerability • Vulnerability • Vulnerability • Vulnerability

  4. What have we gotten ourselves into?! • NISPOM 1-206 (b) • Contractors shall review their security system on a continuing basis and shall also conduct a formal self-inspection at intervals consistent with risk management principles.

  5. What’s a Category? • What category is your facility? • AA: Multi-Week assessment • A: Large and complex facility with many programs, contracts, holdings, etc. • B: First category requiring a team of Rep’s for the formal assessment • C: Largest facility that allows 1 Rep assessments • D: Smallest category with safeguarding • E: Contracts and cleared personnel (no safegaurding)

  6. What Do Your Folks Do? • Know your company • Know your product lines • Know your corporate structure • Know your PM’s • KNOW YOUR COMPANY

  7. What Tools Will You Use? • MS Project • SharePoint • Gantt Charts • SIMS • Self-Inspection Handbook for NISP Contractors

  8. 2011 Marking Vulnerability Trends What Do I Do? 2010 Marking Vulnerability Trends

  9. What Strategy Will You Utilize? • Programmatic? • Traditional? • Unannounced? • Assisted? • HAVE YOU HAD ANY “RED FLAGS”

  10. General Business Best Practices • Adopt the “verify and validate” mindset • Create your inspection binder • Review your SPP • Explain the process of vulnerability assessments following your employee interviews (this may be their first) • Ask open ended questions (ALWAYS)

  11. Where To Begin • When will you begin? • How long do you plan to take? • Who will you interview? • To whom and how will you communicate the results? • Do you plan on keeping metrics?

  12. Completing Your Strategy • Stick to your plan • Use your tools how you planned • Record as much as possible (you’ll make sense of your notes later) • Interview • Interview • Interview

  13. Now What? • Create • Create a report format • Analyze • Review findings • Compile metrics • Record vulnerabilities • Prepare • Complete your report • Determine who will review it • Communicate • Alert your Rep and FCIS of your results

  14. Who Is Your Rep and FCIS? • Have you communicated with them? • Do they know your company? • Do they know your programs? • What can you do to assist them?

  15. Preparing For Your Assessment

  16. Remember That Binder? • Review your facility binder • Is it organized? • Are all of your forms up to date? • Does it have examples of the forms you use? • Does it have your Sec Ed information? • Do you have a copy of your self-inspection report in it?

  17. How Was That Communication? • Do you know your Rep and FCIS yet? • Do you know when your assessment is planned for? • Do you know what strategy will be utilized? • Do you know your facility’s Category? • Do your employees know when they’ll see suits in the building?

  18. NISP Enhancements OLD NEW

  19. Very Important • Know your vulnerabilities • Re-Review the red flags • FOCI • KMP • Deliberate disregard of NISPOM or SPP • Unmitigated loss or compromise • Processing on an unaccredited information system • Enhancements must be EFFECTIVE

  20. Briefings • Entrance: • Summarize your facility and the work that is accomplished • Quickly review your self-inspection • Provide your Rep with a copy of your briefing and NISP enhancements (their jobs are to trust, but verify) • Keep it short and precise • Exit: • Take notes • Ask questions

  21. Why?

  22. Questions? Michael Campbell Security Manager Email: michael.campbell@viasat.com Phone: (760) 476-2123

More Related