Tuesday, January 5, 2010

The need for exceptional security awareness training

This past December 17th, the Justice Department announced the guilty plea of a former FBI Contractor (http://baltimore.fbi.gov/dojpressrel/pressrel09/ba121709.htm) The contractor held a TOP SECRET security clearance. He knowingly released SECRET information that was published on a blog. Anyone with access to the web was able to access classified information on intelligence communication procedures.
The unauthorized release of SECRET information can cause grave damage to the US national security. Those with security clearances should be taught to understand the importance of protecting it. This incident helps stress the need for exceptional security training, protection and oversight. Security specialists in the government and Facility Security Officers (FSO) for cleared contractors are responsible for implementing and directing security programs to protect classified information. This includes ensuring cleared employees understand their roles in protecting classified information.
Some articles on the internet have questioned the decisions made in providing this person a security clearance. The failure may not only lie with those adjudicating the clearances, but also with other cleared employees not noticing the warning signs. Often those who disclose classified information in an unauthorized manner demonstrate tell-tale behavior. The biggest threat to national security may not be an adversary breaking in and stealing our secrets. Cleared employees, like the one in the article, are breaking the law and the trust placed in them. Security managers should continue to reinforce training and ceaselessly work to ensure Cleared employees protect classified information and report suspicious activities.

How to Encourage FSOs to take the ISP Certification

Putting first things first. That has been a motto for many after reading books such as Franklin Covey's 7 Habits of Highly Effective People or Reverend Rick Warren's The Purpose Driven Life. Those and several similar motivational publications stress that everyone has the same amount of time in a day. What we do during that time helps us either make or goals or fail before we even get started.

As leaders, FSOs can help security employees understand how to create incredible security programs. Focusing on training, interaction with other cleared employees, self-improvement and institutional education should be part of professional development. FSOs who write security evaluations for direct reports have an excellent opportunity to help them establish goals to become better at their jobs, more impactful in their careers and hopefully, groomed to become FSO's themselves. Challenging employees and team members to achieve personal and professional goals breeds success.

The ISP Certification is one goal FSO's could take as a goal as well as encourage employees to achieve. The employee gains from such education and a prestigious career milestone. The organization also benefits from what the security employee learns and applies on the job. When employees study for the ISP Certification, they learn: how to read and apply the NISPOM, the importance of forming professional relationships with cleared employees, how the cleared contractor and the DSS representatives interact, and much more.

A leader also creates pride in the organization and employee by making them more competitive in their career and providing basis for professional pride. The path to the ISP Certification goals should not be taken alone. When employees are challenged with the goal, the manager can help by providing or allowing education as found on the DSS, professional organization or vendor websites. Studies on NISPOM topics are available on the internet as well as on site. If your team is large enough, consider helping them start a study group.

If the cleared contractor facility has multiple security employees, provide an opportunity to cross train. Security employees who work personnel security issues could work with document control and etc. Also, consider allowing security employees from one discipline inspect anther security section during the annual self inspection. Another idea is for the FSO to create an internal certification program. This helps integrate new employees into their jobs. A self-certification program would train an employee on performing individual tasks. The employee works under a mentor who verifies and documents the training. This training covers how the cleared contractor facility security employees practice document control, manage personnel security, provide classified contract support and etc. If such a program exists in your organization, consider using it for further cross training employees who concentrate only on one task. This will help them become more experienced and more prepared for the exam.

Employees may not feel comfortable asking for training, setting prestigious goals, or asking for funding for professional organizations or certifications. However, a supervisor who is aware of such opportunities can encourages the employee to become engaged.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing http://www.redbikepublishing.com. He is an accomplished writer of non-fiction books, novels and periodicals. Published books include: "ISP Certification-The Industrial Security Professional Exam Manual"-Red Bike Publishing

Visit our site often for in formation on the upcoming book "Managing the Security of Classified Information and Contracts".

About Red Bike Publishing: Our company is registered as a government contractor company with the CCR and VetBiz (DUNS 826859691). Specifically we are a service disabled veteran owned small business.