Security Education and Awareness Security 101 February 28, 2007 JSAC
Why Education and Training? NISPOM “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.” NISPOM “ Contractors shall provide all cleared employees with security training and briefings commensurate with their involvement with classified information.”
“A Security Awareness Program Sets the Stage for Training by Changing Organizational Attitudes to Realize the Importance of Security and the Adverse Consequences of Failure.” National Institute of Standards and Technology
Goals of An Effective Education & Training Program Understanding of and compliance with security rules and regulations. Understanding of and compliance with security rules and regulations. Understanding the magnitude and complexity of the foreign and domestic threats that make these rules and regulations necessary. Understanding the magnitude and complexity of the foreign and domestic threats that make these rules and regulations necessary. Motivation!!! Motivation!!!
Education Versus Training We often use the two terms interchangeably……but: We often use the two terms interchangeably……but: “Training” teaches people the skills that will enable them to perform their job. “Education” enables someone to develop the ability and vision to understand complex, multidisciplinary activities.
Education and Training What Should Be Included? What Should Be Included? What Is Your Method of Delivery? What Is Your Method of Delivery?
Required Prior to Initial Access to Classified Information Threat Awareness Briefing Threat Awareness Briefing Defensive Security Briefing Defensive Security Briefing Overview of the Security Classification System Overview of the Security Classification System Employee Reporting Requirements Employee Reporting Requirements Security Procedures and Duties applicable to the employee’s job Security Procedures and Duties applicable to the employee’s job
Threat Awareness What is the Threat What is the Threat Methods of Collection Methods of Collection Recent Cases Recent Cases CLASSIFIED or UNCLASSIFIED Threat Analysis from USG Sources CLASSIFIED or UNCLASSIFIED Threat Analysis from USG Sources Critical Technologies Critical Technologies
Defensive Briefing Overseas Travel Foreign Contacts Technology Controls Public Release Requirements CI Awareness Disclosure Restriction
Overview of the Security Classification System Levels of Classification and Criteria Levels of Classification and Criteria Original and Derivative Classification Original and Derivative Classification Classification Guides Classification Guides SAP/SAR and Special Briefing Requirements SAP/SAR and Special Briefing Requirements NATO, FGI, COMSEC, CNWDI Safeguarding Safeguarding AIS AIS Background Investigations Background Investigations Marking Marking
Employee Reporting Requirements Definition of Adverse Information Definition of Adverse Information Suspicious Contact Reports Suspicious Contact Reports Foreign Travel Reporting Requirements (if any) Foreign Travel Reporting Requirements (if any) Violations Violations
Security Procedures and Duties Applicable to the Employee’s Job Lots of foreign contact or travel ? Lots of foreign contact or travel ? Working with classified hardware ? Working with classified hardware ? Working in a closed area ? Working in a closed area ? Marketing ? Marketing ? AIS ? AIS ? Special Briefings ? Special Briefings ?
Workplace Violence Prevention Liaison With: Liaison With: Legal Human Resources Local Law Enforcement Medical Outside Consultants
Know Your Audience Executive Level Executive Level Foreign Travel Foreign Travel General Security Training General Security Training Technical Training Technical Training Export Controls Export Controls Counter-Intelligence Counter-Intelligence
Subject Matter Experts Subject Matter Experts Can Lend Extra Credibility Subject Matter Experts Can Lend Extra Credibility DSS CI 902 nd MI Group OSI NCIS Legal Departments Import/Export Empowered Officials
Resources & Methods Company Newsletters Company Newsletters Great for Special Events or Current Topics “Security Slot” Website Information Website Information Space on the Company Website or Build a Security Website Security Bulletins Security Bulletins Topic of the Month Videos Videos Homemade are Expensive but Effective if Resources Available Computer Based Education Computer Based Education
Resources & Methods Posters Posters Some Commercially Available Idea Contest Desktop Reminders Desktop Reminders Great For End of Day Checks “Gimmes” “Gimmes” Pamphlets Pamphlets Must be easy to use or recyclable
Desk Guides and Handbooks
Resources & Methods Seminars and Workshops Seminars and Workshops NCMS JSAC ASIS National Security Institute – IMPACT DSS Usually for Specific Audiences Usually for Specific Audiences Security Professionals Small Facility FSO’s Specialists – Import/Export, Legal
Visual Advertising A Great Poster IS: RRRReadable UUUUnreadable = Misspellings, complex, passive sentences, ungrammatical LLLLegible IIIIllegible = Fancy font, fancy font, too much text WWWWell Organized DDDDisorganized = Too much time to find main idea, next idea or data SSSSuccinct NNNNot succinct = Doesn’t direct attention to main message in 11 seconds
Great Posters Are Compact and Visual: Compact: Compact: Focus on one, clearly stated message with a single “take-home” message Visual: Visual: Relies on graphics, photos, pictures to convey message rather than lots of text
Poster Art from the Web rs/Security_Awareness_Posters4.ht m rs/Security_Awareness_Posters4.ht m rs/Security_Awareness_Posters4.ht m rs/Security_Awareness_Posters4.ht m sters.html sters.html sters.html sters.html
Associated with a Public Event
Poster Art – Not So Good
Poster Art - Cool
Key to Effective Training ReinforceReinforceReinforce
“The single greatest obstacle to espionage is education.” Stanislav Levchenko, former KGB Officer
Questions ??