Defense Security Service Top 10 Vulnerabilities

Slides:



Advertisements
Similar presentations
AP Review Overview of UCI Pilot online review system.
Advertisements

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
CLAYTON COUNTY PUBLIC SCHOOLS (CCPS) Help Completing The Facility Use Contract Facilities/Maintenance Ext. 9.
File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.
Section Six: Foreign Ownership, Control, or Influence (FOCI)
Defense Security Service Facility Clearance Branch (FCB)
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
ODAA Workshop December 2012 Charles Duchesne, DSS Tiffany Snyder, DSS
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov Nov 2013.
Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502)
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Information Systems Security Officer
District Financial Matters Budgets, Audits and Safeguarding the Public’s Funds.
Obligations of the Company
1.2.1 > ISPS Module ISPS Code Responsibilities
Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.
Office of Field Services Fiscal Review Process Becky Pennington Susan Szymas February 7, 2013.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
Company’s short presentation. General presentation We offer a complete package of professional Occupational Health and Safety services; We hold the certification.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Thank You for Joining Us, The Webinar Will Begin Shortly. The Fast Track to Facility Clearance Presented by: Cindy Brook While you are waiting please check.
ISO Tor Stålhane IDI / NTNU. What is ISO ISO 9001 was developed for the production industry but has a rather general structure ISO describes.
IT Security for Users By Matthew Moody.
February 2007 Commercial Vehicle Drivers Hours of Service Module 24: Daily Log Audits.
Defense Security Service New Rating Process Current as of 10/19/2011.
Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.
Internal Controls and Fraud Convery Describe an Internal Controls System and its elements Identify specific Internal Control issues in a NPO Consider.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
DEFENSE SECURITY SERVICE DSS Role in International Security.
Jewuan Davis DSN Voice Connection Approval Office 18 May 2006 DSN Connection Approval Process (CAP)
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
A Piece of Cake.  What is a security clearance?  A security clearance is a determination by the United States government that a person or company is.
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
Creating an Insider Threat Program.
SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.
Defense Security Service Contractor SIPRNet Process June 2013
INTERTANKO ISTEC #23 Meeting Rome September 2003.
Internal Auditing ISO 9001:2015
Chapter 8 Auditing in an E-commerce Environment
SAFEGUARDING CLASSIFIED INFORMATION.
The Criminal Background Check Process HR Policy Section III.B Criminal history background checks must be performed on all Hourly Student Employees.
ISSM 101 Break-Out Session
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Safeguarding CDI - compliance with DFARS
I-9 Instructions and FAQs
Vendor Statements of Work: Your Role as an IT Professional
Managing a Security Container
The Project for Customs Modernization by Implementation
NISPOM Basics What You Need to Know!
PREPARATION FOR GMP INSPECTION
Freedom Independence Transition
ISO 9001:2015 Auditor / Registration Decision Lessons Learned
Derivative Classification Overview
Defense Security Service Facility Sponsorship Process for a sponsor and sponsored company October, 2017 Presented by: Jeremy Hargis Defense Security.
Josh Thompson Classified Information Systems – Western Region
The Organized FSO Getting Control of the Paperwork and the Chaos
Contract Renewal with Food Service Management Companies (FSMC)
RECORDS AND INFORMATION
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
AN OVERVIEW OF THE INDUSTRIAL SECURITY PROGRAM
INFORMATION SYSTEMS SECURITY and CONTROL
University of Hawaii Bookstores Cash Handling Training
Freedom Independence Transition
Your first steps with Personio
CCP 420: FRAUD DETECTION AND MANAGEMENT
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Defense Security Service Top 10 Vulnerabilities July 10, 2013 Corrie Velez Jeff Vaccariello

Was I suppose to come in from my vacation Number 10 Not auditing and reviewing audit results for classified systems Ensure Information System Security Officer (ISSO) understands DSS auditing requirements Recognizes event codes and symbols Was I suppose to come in from my vacation

We don’t have time for security; we have a milestone to reach Number 9 Processing on an unaccredited system Must have an Authority to Operate (ATO), Interim Authority to Operate (IATO), or Self Certification Authority We don’t have time for security; we have a milestone to reach

Number 8 What's anti-virus Lack of process to detect and deter viruses / malicious code Anti Virus requirements should be documented in your Master System Security Plan (MSSP) or System Security Plan (SSP) What's anti-virus

Number 7 I swear I spun the lock Not reporting classified compromises Compromise must be reported within 24 hours of confirmation A final report is due within 15 days Check your Contract Security Classification Specification (DD254) for additional reporting requirements I swear I spun the lock

I needed to use it on my other program Number 6 Classified IS configuration and connectivity management Provide detailed description of hardware, software, and any other items listed in your SSP. Include make, model, serial numbers, memory, etc. I needed to use it on my other program

They are the customer, it’s their data Number 5 Persons without proper eligibility accessing classified Continuously check JPAS for accuracy and change in records Ensure visitors are checked for proper eligibility prior to granting access They are the customer, it’s their data

Number 4 Unreported FCL change conditions (foreign buyout, etc) Check with your legal department and company officers What's eFCL

They don’t work on anything classified, why do they need to be cleared Number 3 Uncleared Key Management Personnel How is your company structured? Is there a Board of Directors? If so, do they have authority to make decisions on classified issues Check all the company officers They don’t work on anything classified, why do they need to be cleared

What's the charge number, this packet is too long Personnel clearance re-investigations out-of-scope Check JPAS records continuously Make sure that employees submit all the necessary information What's the charge number, this packet is too long

He doesn't have a badge, he can’t even get on site Number 1 Poor safe combination security Meet with employees to inspect their safe He doesn't have a badge, he can’t even get on site

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.