Sunday, March 24, 2013

Making NISPOM Initial Security Briefings Work

The National Industrial Security Program Operating Manual (NISPOM) lists cleared employee training. New employees are required to have Initial Security Briefings to ensure their understanding of the following topics:

  • A threat awareness briefing
  • A defensive security briefing
  • An overview of the security classification system
  • Employee reporting obligations and requirements
  • Security procedures and duties applicable to the employee's job

Why are these topics important? They give the cleared contractor a good idea of what is classified, why it is classified and how to protect it from unauthorized disclosure. Well trained and enabled employees drive the enterprise security program headed by the FSO.

The threat awareness briefing helps the cleared employee understand that there are people who want their information. These people have techniques and a modus operandi to get access to classified information. However, employees can apply this to export controlled, intellectual property and proprietary information. Employees should be trained to recognize attempts to access sensitive information by an unauthorized person.

A defensive security briefing is the next step. This training goes into detail about how an adversary might approach an intended victim to get sensitive information. The defensive security briefing teaches the cleared employee to be on the offense with active measures to protect classified knowledge and information. Employees should know how to react to requests and report all attempts to gain unauthorized access.

An overview of the security classification system provides the cleared employee with answers to how is information is classified, what criteria is used and how are decision disseminated. Some useful tools include security classification guidance, DD Forms 254, and classification markings.

Employee reporting obligations and requirements should provide resources for reporting certain types of information. The cleared employee should be given information of how to report espionage, sabotage, security violations, suspicious activity and etc.

Security procedures and duties applicable to the employee's job is the real meat. This helps the cleared employee with specific tasks related to protecting classified information they may actually work with on the job. Great tools include the DD Form 254, security classification guides, statement of work, requirements documents, work breakout schedules, engineering documents and etc. Where the FSO might train the first few requirements, a supervisor, program manager or lead engineer might take over this training. The key is to ensure a properly trained employee and document that training.

Training cleared employees to perform  on classified contracts is the first step to a great industrial security program. NISPOM outlines required topics, but enterprising FSOs can make the training more applicable. The better employees understand their jobs, the better they can protect sensitive information they are entrusted with.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .

 Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: