1 / 23

THE ART OF SELF INSPECTION (and how to have fun conducting it!)

THE ART OF SELF INSPECTION (and how to have fun conducting it!). Jennifer L. Rossignol Lockheed Martin GTL Security. Carnak …. “Who is …. “me ”’?. Who is: Who doesn’t like to do self inspections? Who is: Who looks at self inspections as a necessary evil? Who is: Who just “checks the box”?.

ross
Télécharger la présentation

THE ART OF SELF INSPECTION (and how to have fun conducting it!)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE ART OF SELF INSPECTION (and how to have fun conducting it!) Jennifer L. Rossignol Lockheed Martin GTL Security

  2. Carnak …. “Who is …. “me”’? • Who is: Who doesn’t like to do self inspections? • Who is: Who looks at self inspections as a necessary evil? • Who is: Who just “checks the box”?

  3. Fun? How can that be?!? • Don’t do it alone • Make it a team effort – conduct it with another employee, a team, another FSO • Do it differently • Start at the end of the checklist and work to the front …. • Pretend you’re a detective! CSI: Orlando! • It really requires you to THINK … which is good for your health 

  4. It’s much more than checking off items on a checklist! Philosophy … Self inspection is an art ….

  5. Purpose of Self Inspection • An effective self inspection program is the key to any successful security organization • Serves many purposes: • Assesses the health of your organization • Provides training opportunities and employee development • Promotes your product • Meets a requirement • Prepares you for your DSS audit • The value and importance of self-inspections has increased in the eyes of DSS

  6. What is a Self Inspection? • It’s more than following and completing the DSS Self-Inspection Checklist • It must be a “total review” of the security program • It must be an honest examination of the program and an indicator to senior leadership that you can safeguard classified material • It provides a “snapshot” picture of current security operations and allows you to determine shortcomings and resolve them before your DSS audit • It is a continuing review of the methods used to safeguard classified…. are they adequate? compliant?

  7. Self-Inspections Ideas • There is no one way to do self inspections - Be creative! • No need to wait for 6 months after your last audit • Can audit year-round • Can audit more than once (sounds like an “enhancement” to me!) • Remember to review your security incident reports, adverse information reports, etc. … • Review past audit findings - AVOID repeats! • Share your findings and corrective actions with your DSS representative • Enhance with a “Security Day”

  8. What to do • Do interview employees (not just yourself!) • Do GET UP FROM YOUR DESK • Do emulate the DSS audit process • How will you feel when your DSS representative talks to your employees? Will you be worried about how they will respond? Not if you have prepared them! What not to do • Don’t stick to the checklist • Don’t talk to only cleared employees • What about the receptionist? • What about the employees who receive packages?

  9. Self-Inspection Process 3 Key Components • Preparation • Inspection • Follow-up

  10. Step 1 - Preparation • 1st step to success is developing a good Self-Inspection plan • Doesn’t have to be written • It should be simple and not complex • The plan is a mechanism that helps ensure that you cover “all the bases” and complete the entire Self-Inspection within a specified time • The plan helps you assign personnel • Based upon experience and expertise • Can be used as an opportunity for mentoring • Pairing less experienced with experienced security professionals

  11. Step 1 - Preparation • Gather your materials, such as: • Audit checklist • Standard Operating Procedures • Reports – incidents, adverse, etc. • Checklists • DD 254’s • Previous audit results/findings • IS equipment lists • Receipt and dispatch records • FCL documentation • JPAS listing • NISPOM and ISL’s • Allows you to examine your operation “piece by piece” • Brief your senior leadership

  12. Step 1 Continued: Team Selection • If you are a FSO at a one-person facility … • Larger facilities can employ more people to help • May not be faster but can cover more • Have an experienced “Team Leader” • Well-versed in the NISPOM • Capable of keeping a team enthused - Believe it or not: Self-Inspections can become laborious

  13. Step 2: Conducting Self-Inspection • Be professional • Review currency of policies and procedures and/or SSP • Remember to interview receptionist, Shipping, Receiving, guards • Always be prepared to correct issues on-the-spot and explain what is being corrected to the employee • If possible involve the employee so they can learn • Bring a box of “tools” with you – stickers, markers, cover sheets

  14. Step 2: Conducting Self-Inspection • Remember, employees may be defense -Don’t condemn or make it personal – educate! • Use the same methods or techniques used by DSS • Allows the employee to get familiar with their inspection methods and feel comfortable with DSS when they do their review • Keep an eye out for “best practices” or items that are “above and beyond” the requirements in the NISPOM • Watch for trends

  15. Tools for Self-Inspections • Document Review Marking Forms • Makes assessment of marking problems easy • Helps determine what marking requirements are not familiar to employees, allowing you to focus your training efforts • Security Knowledge Questionnaires • Derived from DSS checklist questions • Allows you to focus training efforts on specific areas • Interviews • Use the DSS Self-Inspection Checklist interview questions • Determine who has conducted foreign travel or hosted a foreign national visit • Provide employees with a Q&A sheet • DSS • Ask DSS if there are any Special Interest Items for this inspection cycle

  16. Step 2: Self-Inspection Ideas Develop checklists CLOSED AREA CHECKLIST

  17. Self Inspection Methods Example: A review of the company’s receipt and dispatch records • Is incoming or outgoing media a different classification level than the majority of approved equipment at the facility? • How and where was the Confidential CD created? Was the trusted download procedure approved? Is trusted downloading approved for that system? Is the person who performed the trusted download authorized to do so? • How is the Missile Control Unit (MCU) protected against contamination? Are there procedures in place to properly sanitize the unit if contamination occurs? Is the procedure approved by the customer? • Do we have a contractual relationship (i.e. DD 254) with the sender/receiver? This is just an example of how a little analysis and creativity can provide a more comprehensive review of the existing processes and procedures

  18. Self Inspection Methods Example: Review of Closed Area visitor logs • Pay close attention to the visitor’s company name. • Did someone visit from an HVAC service? If so, ask the area custodian what they did. Did they put a hole in the wall or make a change affecting the area integrity or the 147? If so, is it greater than 96 square inches? • Did someone visit from Xerox? If so, what did they do while they were there? Did they install a new copy machine with a hard drive? Did this get connected to the classified IS? • Did someone visit from a computer service vendor? If so, what did they do? Did they bring diagnostic equipment with them? If so, did they connect it to the AS? • Did any visitors have “keyboard” access? If so, was that authorized? • Remember to dispose of visitor logs from before the last DSS audit

  19. Enhancing Your Self Inspection

  20. Step 3 – Follow-upWriting the Self-Inspection Report • Reports documenting your Self-Inspection can be done in any format you would like • Should identify the following: • Areas inspected • Commendable areas • Findings/ Deficiencies/Corrective Actions • Findings/ Deficiencies that need long-term monitoring • Normally done where there are significant problems where it will take a long time to close out. • Status report every 30 days • Reference applicable compliance document

  21. Step 3 – Follow-upWriting the Self-Inspection Report • Include corrective action • Correct the process – DSS will validate • Update your procedures • A well-written report seldom generates more questions

  22. Conclusion • Self-Inspections are a tool that allows Security Department to ensure they are compliant with the NISPOM • A good Self-Inspection should emulate the DSS Security Review process • Be aggressive and not afraid to have findings • Write honest and accurate Self-Inspection Reports • Remember a “bad” finding is the one that DSS finds during their Security Review • There are “good” findings… the ones you catch during your Self-Inspection

  23. Conclusion • Have a strong self-inspection program and use it as a tool rather than just another “block to check” for the DSS Review • Make DSS an effective member of your security team! • Consider sharing your inspection results with other sites of your company or with your local NCMS Chapter members • Using all these tools cannot guarantee higher DSS audit ratings, but it will make the process more organized and less stressful NOW … GO HAVE SOME FUN!

More Related