360 likes | 680 Vues
JSAC. JSAC. Security Education and Awareness. Security 101 February 28, 2007. Why Education and Training?. NISPOM 3-100 “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.”.
E N D
JSAC JSAC Security Education and Awareness Security 101 February 28, 2007
Why Education and Training? • NISPOM 3-100 “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.”
“A Security Awareness Program Sets the Stage for Training by Changing Organizational Attitudes to Realize the Importance of Security and the Adverse Consequences of Failure.”National Institute of Standards and Technology
Goals of An Effective Education & Training Program • Understanding of and compliance with security rules and regulations. • Understanding the magnitude and complexity of the foreign and domestic threats that make these rules and regulations necessary. • Motivation!!!
Education Versus Training • We often use the two terms interchangeably……but: • “Training” teaches people the skills that will enable them to perform their job. • “Education” enables someone to develop the ability and vision to understand complex, multidisciplinary activities.
Education and Training • What Should Be Included? • What Is Your Method of Delivery?
Required Prior to Initial Access to Classified Information • Threat Awareness Briefing • Defensive Security Briefing • Overview of the Security Classification System • Employee Reporting Requirements • Security Procedures and Duties applicable to the employee’s job
Threat Awareness • What is the Threat • Methods of Collection • Recent Cases • CLASSIFIED or UNCLASSIFIED Threat Analysis from USG Sources • Critical Technologies 1940’s 1950’s 1960’s 1970’s 1980’s 1990’s 2001 2007
Defensive Briefing • Overseas Travel • Foreign Contacts • Technology Controls • Public Release Requirements • CI Awareness • Disclosure Restriction
Overview of the Security Classification System • Levels of Classification and Criteria • Original and Derivative Classification • Classification Guides • SAP/SAR and Special Briefing Requirements • NATO, FGI, COMSEC, CNWDI • Safeguarding • AIS • Background Investigations • Marking
Employee Reporting Requirements • Definition of Adverse Information • Suspicious Contact Reports • Foreign Travel Reporting Requirements (if any) • Violations
Security Procedures and Duties Applicable to the Employee’s Job • Lots of foreign contact or travel ? • Working with classified hardware ? • Working in a closed area ? • Marketing ? • AIS ? • Special Briefings ?
Workplace Violence Prevention • Liaison With: • Legal • Human Resources • Local Law Enforcement • Medical • Outside Consultants
Know Your Audience • Executive Level • Foreign Travel • General Security Training • Technical Training • Export Controls • Counter-Intelligence
Subject Matter Experts • Subject Matter Experts Can Lend Extra Credibility • DSS CI • 902nd MI Group • OSI • NCIS • Legal Departments • Import/Export Empowered Officials
Resources & Methods • Company Newsletters • Great for Special Events or Current Topics • “Security Slot” • Website Information • Space on the Company Website or Build a Security Website • Security Bulletins • Topic of the Month • Videos • Homemade are Expensive but Effective if Resources Available • Computer Based Education
Resources & Methods • Posters • Some Commercially Available • Idea Contest • Desktop Reminders • Great For End of Day Checks • “Gimmes” • Pamphlets • Must be easy to use or recyclable
Resources & Methods • Seminars and Workshops • NCMS • JSAC • ASIS • National Security Institute – IMPACT • DSS • Usually for Specific Audiences • Security Professionals • Small Facility FSO’s • Specialists – Import/Export, Legal
Visual Advertising • A Great Poster IS: • Readable • Unreadable = Misspellings, complex, passive sentences, ungrammatical • Legible • Illegible = Fancy font, fancy font, too much text • Well Organized • Disorganized =Too much time to find main idea, next idea or data • Succinct • Not succinct = Doesn’t direct attention to main message in 11 seconds
Great Posters Are Compact and Visual: • Compact: • Focus on one, clearly stated message with a single “take-home” message • Visual: • Relies on graphics, photos, pictures to convey message rather than lots of text
Poster Art from the Web • http://www.wasc.noaa.gov/wrso/posters/Security_Awareness_Posters4.htm • http://members.impulse.net/~sate/posters.html
Old Ideas Still Work World War II Today
Key to Effective Training Reinforce Reinforce Reinforce
“The single greatest obstacle to espionage is education.”Stanislav Levchenko, former KGB Officer