Friday, February 22, 2013

Using Traditional Security Tools in Unique Ways-Moving from Security to Risk Management

When Facility Security Officers and security specialist build security programs, we tend to use tools to remind employees of their responsibilities. We use security training to get the information out, enforce clean desk policies and post reminders of classified information in progress. Each tool notifies the holder of classified information that they are in possession of classified information, to protect that information and properly dispose of it when they are done. They can also be used to protect proprietary data, intellectual property and personnel information.

But sometimes even tools become mundane, no longer giving the impact they once did. Sometimes tools are misused, never giving the impact they were originally designed to give.

Let's look at a few tools from a risk management perspective with some "out of the box suggestions. What unique ways can you employee traditional security methods.

Security training-Cleared employees performing on classified contracts for any length of time are experts in the programs and technologies they are working on. They probably know the classification guide back and forth and probably understand how to protect it. Newly cleared employees may not understand it so well. It's important for the FSO to understand these differences and train accordingly.
Out of the box: Develop training to meet your employee needs based on your analysis of capabilities. One way to do this is to survey employee experience level. You might get supervisors and HR professionals involved.

Enforce clean desk policy-Even experts can become complacent and perhaps forgetful. Develop a policy that classified information should be used in a designated area. This designated area could be an approved room or even the employee's office. Cleared employees should understand that as such, only materials assigned to the contract should be out so that there is no confusion of clearance or need to know. At the end of the day, the program information gets locked up properly.
Out of the box: If classified information is centralized, use a sign out process to track the removal of classified information. If a cleared employee accesses a classified document, then that transaction can be annotated. The custodian will also ensure the classified information is turned in prior to end of day, lunch or other occasion. If there is no centralized storage or no custodian, the document can still be annotated with a signature and linking the document to the SF 702 (if container is opened, it's probably to take out or replace a document.)

Post reminders of classified information in progress-A desk tent or door handle reminder helps. If a rushed employee has to take lunch, meet a spouse or attend a last second meeting, they will be met with a notification that "Classified Work in Progress", and dispose of it properly. Also, if the phone rings, they'll remember to respond with "phone is up".
Out of the box: If classified information is centralized, the custodian can issue the desk tents or door hangers. When there is no centralized area or custodian, the cleared employee would pick up a conveniently located reminder (near security container).

You might already employ imaginative and unique ways. Tools not only provide training and reminders, but they can also be programmed to provide metrics for program improvement.

We'll have more examples in future posts and articles. However, for more information on security management and NISPOM see our book DoD Security Clearance and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: