Monday, March 4, 2013

Traditional Security Tools in Unique Ways-Moving from Security to Risk Management Part 2

See More Ideas in DoD Security ClearanceAnd Contracts Guidebook
In part two of the series Using Traditional Security Tools in Unique Ways-Moving from Security to Risk Management we’ll look at a few more ideas. In part one we looked at security training, clean desk policy and posting reminders of work in progress. In this article we’ll look at documenting the use of security containers and end of day checks.

Document the opening and closing of security containers-So, here's the
question, other than helping determine who opened the security container, who closed it and who checked it, what real use is it?

Such a form is an inspectable item in the government, but other than that, how does industry use it to improve enterprise security posture. As a standalone tool, we rely on professionals to actually fill it out correctly.
When they do, what information does the form actually provide? If an insider plans a malicious event, they won't fill it out.

Out of the box: Hey, it’s in NISPOM, but there are other applications. Consider using the SF 702 to compare unauthorized attempts to open
a container? You can actually check the electronic locks for successful and unsuccessful attempts to open the lock, and then compare it to the SF 702 or compatible form.

End of day checks-These definitely help cut down chances of leaving classified information out. I've seen end of day checks consisting of designated employees on a rotational duty to check the status of classified information before they leave.

Out of the box: Remember as the designated checker or last to leave, always ask "does anyone have any classified out?" as a reminder to lock it up before they leave. Another helpful reminder is to let the last person at work know that they are indeed the last person. Sometimes people don’t realize that they are the last ones at work and inadvertently leave classified information out, forget to lock the security container or even leave the coffee pot on.

Many times cleared employees may be tempted to perform work to check the block. End of day checks can be a mundane exercise or a conscious way to keep everyone safe and classified information secure. If you have any comments or suggestions of ways to think outside the box, feel free to provide them to

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: