Security Education and Awareness Security 101 February 28, 2007 JSAC.
-
Upload
trevor-jacobs -
Category
Documents
-
view
213 -
download
1
Transcript of Security Education and Awareness Security 101 February 28, 2007 JSAC.
Security Education and Awareness
Security 101 Security 101
February 28, 2007February 28, 2007
JSAC
JSACJSAC
Why Education and Training?
NISPOM 3-100 “ Contractors shall NISPOM 3-100 “ Contractors shall provide all cleared employees with provide all cleared employees with security training and briefings security training and briefings commensurate with their involvement commensurate with their involvement with classified information.”with classified information.”
“A Security Awareness Program Sets the Stage for Training by Changing Organizational Attitudes to Realize the Importance of Security and the Adverse Consequences of Failure.”National Institute of Standards and Technology
Goals of An Effective Education & Training Program
Understanding of and compliance with Understanding of and compliance with security rules and regulations.security rules and regulations.
Understanding the magnitude and Understanding the magnitude and complexity of the foreign and domestic complexity of the foreign and domestic threats that make these rules and threats that make these rules and regulations necessary.regulations necessary.
Motivation!!!Motivation!!!
Education Versus Training
We often use the two terms We often use the two terms interchangeably……but:interchangeably……but:
““Training” teaches people the skills Training” teaches people the skills that will enable them to perform that will enable them to perform their job.their job.
““Education” enables someone to Education” enables someone to develop the ability and vision to develop the ability and vision to understand complex, understand complex, multidisciplinary activities.multidisciplinary activities.
Education and Training
What Should Be Included?What Should Be Included? What Is Your Method of What Is Your Method of
Delivery?Delivery?
Required Prior to Initial Access to Classified Information
Threat Awareness BriefingThreat Awareness Briefing Defensive Security BriefingDefensive Security Briefing Overview of the Security Overview of the Security
Classification SystemClassification System Employee Reporting RequirementsEmployee Reporting Requirements Security Procedures and Duties Security Procedures and Duties
applicable to the employee’s jobapplicable to the employee’s job
Threat Awareness
What is the ThreatWhat is the Threat Methods of CollectionMethods of Collection Recent CasesRecent Cases CLASSIFIED or UNCLASSIFIED CLASSIFIED or UNCLASSIFIED
Threat Analysis from USG SourcesThreat Analysis from USG Sources Critical TechnologiesCritical Technologies
1940’s 1950’s1940’s 1950’s
1960’s1960’s 1970’s1970’s 1980’1980’ss
1990’s 2001 20071990’s 2001 2007
Defensive Briefing
Overseas TravelOverseas Travel Foreign ContactsForeign Contacts Technology ControlsTechnology Controls Public Release RequirementsPublic Release Requirements CI AwarenessCI Awareness Disclosure RestrictionDisclosure Restriction
Overview of the Security Classification System
Levels of Classification and CriteriaLevels of Classification and Criteria Original and Derivative ClassificationOriginal and Derivative Classification Classification GuidesClassification Guides SAP/SAR and Special Briefing Requirements SAP/SAR and Special Briefing Requirements
NATO, FGI, COMSEC, CNWDINATO, FGI, COMSEC, CNWDI SafeguardingSafeguarding AISAIS Background InvestigationsBackground Investigations MarkingMarking
Employee Reporting Requirements
Definition of Adverse InformationDefinition of Adverse Information Suspicious Contact ReportsSuspicious Contact Reports Foreign Travel Reporting Foreign Travel Reporting
Requirements (if any)Requirements (if any) ViolationsViolations
Security Procedures and Duties Applicable to the Employee’s Job
Lots of foreign contact or travel ?Lots of foreign contact or travel ? Working with classified hardware ?Working with classified hardware ? Working in a closed area ?Working in a closed area ? Marketing ?Marketing ? AIS ?AIS ? Special Briefings ?Special Briefings ?
Workplace Violence Prevention
Liaison With:Liaison With: LegalLegal Human ResourcesHuman Resources Local Law EnforcementLocal Law Enforcement MedicalMedical Outside ConsultantsOutside Consultants
Know Your Audience
Executive LevelExecutive Level Foreign TravelForeign Travel General Security TrainingGeneral Security Training Technical TrainingTechnical Training Export ControlsExport Controls Counter-IntelligenceCounter-Intelligence
Subject Matter Experts
Subject Matter Experts Can Lend Subject Matter Experts Can Lend Extra CredibilityExtra Credibility DSS CIDSS CI 902902ndnd MI Group MI Group OSIOSI NCISNCIS Legal DepartmentsLegal Departments Import/Export Empowered OfficialsImport/Export Empowered Officials
Resources & Methods Company NewslettersCompany Newsletters
Great for Special Events or Current TopicsGreat for Special Events or Current Topics ““Security Slot”Security Slot”
Website InformationWebsite Information Space on the Company Website or Build a Security WebsiteSpace on the Company Website or Build a Security Website
Security Bulletins Security Bulletins Topic of the MonthTopic of the Month
VideosVideos Homemade are Expensive but Effective if Resources Homemade are Expensive but Effective if Resources
AvailableAvailable Computer Based EducationComputer Based Education
Resources & Methods
PostersPosters Some Commercially AvailableSome Commercially Available Idea Contest Idea Contest
Desktop RemindersDesktop Reminders Great For End of Day ChecksGreat For End of Day Checks
““Gimmes”Gimmes” PamphletsPamphlets
Must be easy to use or recyclableMust be easy to use or recyclable
Desk Guides and Handbooks
Resources & Methods
Seminars and WorkshopsSeminars and Workshops NCMSNCMS JSACJSAC ASISASIS National Security Institute – IMPACTNational Security Institute – IMPACT DSS DSS
Usually for Specific AudiencesUsually for Specific Audiences Security ProfessionalsSecurity Professionals Small Facility FSO’sSmall Facility FSO’s Specialists – Import/Export, LegalSpecialists – Import/Export, Legal
Visual Advertising A Great Poster IS:A Great Poster IS:
ReadableReadable Unreadable = Misspellings, complex, passive Unreadable = Misspellings, complex, passive
sentences, ungrammaticalsentences, ungrammatical LegibleLegible
Illegible = Fancy font, fancy font, too much textIllegible = Fancy font, fancy font, too much text Well OrganizedWell Organized
Disorganized =Disorganized = Too much time to find main idea, Too much time to find main idea, next idea or datanext idea or data
Succinct Succinct Not succinct = Doesn’t direct attention to main Not succinct = Doesn’t direct attention to main
message in 11 secondsmessage in 11 seconds
Great Posters Are Compact and Visual:
Compact:Compact: Focus on one, clearly stated message Focus on one, clearly stated message
with a single “take-home” messagewith a single “take-home” message Visual:Visual:
Relies on graphics, photos, pictures to Relies on graphics, photos, pictures to convey message rather than lots of convey message rather than lots of texttext
Poster Art from the Web
http://www.wasc.noaa.gov/wrso/posters/Security_Awareness_Posters4.htm
http://members.impulse.net/~sate/posters.html
Familiar “hook” for Baby BoomersFamiliar “hook” for Baby Boomers
Old Ideas Still WorkOld Ideas Still Work
World War IIWorld War II TodayToday
Remember Your Remember Your AudienceAudience
Seasonal themeSeasonal theme
Associated with a Public Event
Poster Art – Not So Good
Poster Art - Cool
Key to Effective Training
ReinforceReinforceReinforceReinforce
ReinforceReinforce
“The single greatest obstacle to espionage is education.”Stanislav Levchenko, former KGB Officer
Questions ??