Security Education and Awareness

Security 101 Security 101

February 28, 2007February 28, 2007

JSAC

JSACJSAC

Why Education and Training?

NISPOM 3-100 “ Contractors shall NISPOM 3-100 “ Contractors shall provide all cleared employees with provide all cleared employees with security training and briefings security training and briefings commensurate with their involvement commensurate with their involvement with classified information.”with classified information.”

“A Security Awareness Program Sets the Stage for Training by Changing Organizational Attitudes to Realize the Importance of Security and the Adverse Consequences of Failure.”National Institute of Standards and Technology

Goals of An Effective Education & Training Program

Understanding of and compliance with Understanding of and compliance with security rules and regulations.security rules and regulations.

Understanding the magnitude and Understanding the magnitude and complexity of the foreign and domestic complexity of the foreign and domestic threats that make these rules and threats that make these rules and regulations necessary.regulations necessary.

Motivation!!!Motivation!!!

Education Versus Training

We often use the two terms We often use the two terms interchangeably……but:interchangeably……but:

““Training” teaches people the skills Training” teaches people the skills that will enable them to perform that will enable them to perform their job.their job.

““Education” enables someone to Education” enables someone to develop the ability and vision to develop the ability and vision to understand complex, understand complex, multidisciplinary activities.multidisciplinary activities.

Education and Training

What Should Be Included?What Should Be Included? What Is Your Method of What Is Your Method of

Delivery?Delivery?

Required Prior to Initial Access to Classified Information

Threat Awareness BriefingThreat Awareness Briefing Defensive Security BriefingDefensive Security Briefing Overview of the Security Overview of the Security

Classification SystemClassification System Employee Reporting RequirementsEmployee Reporting Requirements Security Procedures and Duties Security Procedures and Duties

applicable to the employee’s jobapplicable to the employee’s job

Threat Awareness

What is the ThreatWhat is the Threat Methods of CollectionMethods of Collection Recent CasesRecent Cases CLASSIFIED or UNCLASSIFIED CLASSIFIED or UNCLASSIFIED

Threat Analysis from USG SourcesThreat Analysis from USG Sources Critical TechnologiesCritical Technologies

1940’s 1950’s1940’s 1950’s

1960’s1960’s 1970’s1970’s 1980’1980’ss

1990’s 2001 20071990’s 2001 2007

Defensive Briefing

Overseas TravelOverseas Travel Foreign ContactsForeign Contacts Technology ControlsTechnology Controls Public Release RequirementsPublic Release Requirements CI AwarenessCI Awareness Disclosure RestrictionDisclosure Restriction

Overview of the Security Classification System

Levels of Classification and CriteriaLevels of Classification and Criteria Original and Derivative ClassificationOriginal and Derivative Classification Classification GuidesClassification Guides SAP/SAR and Special Briefing Requirements SAP/SAR and Special Briefing Requirements

NATO, FGI, COMSEC, CNWDINATO, FGI, COMSEC, CNWDI SafeguardingSafeguarding AISAIS Background InvestigationsBackground Investigations MarkingMarking

Employee Reporting Requirements

Definition of Adverse InformationDefinition of Adverse Information Suspicious Contact ReportsSuspicious Contact Reports Foreign Travel Reporting Foreign Travel Reporting

Requirements (if any)Requirements (if any) ViolationsViolations

Security Procedures and Duties Applicable to the Employee’s Job

Lots of foreign contact or travel ?Lots of foreign contact or travel ? Working with classified hardware ?Working with classified hardware ? Working in a closed area ?Working in a closed area ? Marketing ?Marketing ? AIS ?AIS ? Special Briefings ?Special Briefings ?

Workplace Violence Prevention

Liaison With:Liaison With: LegalLegal Human ResourcesHuman Resources Local Law EnforcementLocal Law Enforcement MedicalMedical Outside ConsultantsOutside Consultants

Know Your Audience

Executive LevelExecutive Level Foreign TravelForeign Travel General Security TrainingGeneral Security Training Technical TrainingTechnical Training Export ControlsExport Controls Counter-IntelligenceCounter-Intelligence

Subject Matter Experts

Subject Matter Experts Can Lend Subject Matter Experts Can Lend Extra CredibilityExtra Credibility DSS CIDSS CI 902902ndnd MI Group MI Group OSIOSI NCISNCIS Legal DepartmentsLegal Departments Import/Export Empowered OfficialsImport/Export Empowered Officials

Resources & Methods Company NewslettersCompany Newsletters

Great for Special Events or Current TopicsGreat for Special Events or Current Topics ““Security Slot”Security Slot”

Website InformationWebsite Information Space on the Company Website or Build a Security WebsiteSpace on the Company Website or Build a Security Website

Security Bulletins Security Bulletins Topic of the MonthTopic of the Month

VideosVideos Homemade are Expensive but Effective if Resources Homemade are Expensive but Effective if Resources

AvailableAvailable Computer Based EducationComputer Based Education

Resources & Methods

PostersPosters Some Commercially AvailableSome Commercially Available Idea Contest Idea Contest

Desktop RemindersDesktop Reminders Great For End of Day ChecksGreat For End of Day Checks

““Gimmes”Gimmes” PamphletsPamphlets

Must be easy to use or recyclableMust be easy to use or recyclable

Desk Guides and Handbooks

Resources & Methods

Seminars and WorkshopsSeminars and Workshops NCMSNCMS JSACJSAC ASISASIS National Security Institute – IMPACTNational Security Institute – IMPACT DSS DSS

Usually for Specific AudiencesUsually for Specific Audiences Security ProfessionalsSecurity Professionals Small Facility FSO’sSmall Facility FSO’s Specialists – Import/Export, LegalSpecialists – Import/Export, Legal

Visual Advertising A Great Poster IS:A Great Poster IS:

ReadableReadable Unreadable = Misspellings, complex, passive Unreadable = Misspellings, complex, passive

sentences, ungrammaticalsentences, ungrammatical LegibleLegible

Illegible = Fancy font, fancy font, too much textIllegible = Fancy font, fancy font, too much text Well OrganizedWell Organized

Disorganized =Disorganized = Too much time to find main idea, Too much time to find main idea, next idea or datanext idea or data

Succinct Succinct Not succinct = Doesn’t direct attention to main Not succinct = Doesn’t direct attention to main

message in 11 secondsmessage in 11 seconds

Great Posters Are Compact and Visual:

Compact:Compact: Focus on one, clearly stated message Focus on one, clearly stated message

with a single “take-home” messagewith a single “take-home” message Visual:Visual:

Relies on graphics, photos, pictures to Relies on graphics, photos, pictures to convey message rather than lots of convey message rather than lots of texttext

Poster Art from the Web

http://www.wasc.noaa.gov/wrso/posters/Security_Awareness_Posters4.htm

http://members.impulse.net/~sate/posters.html

Familiar “hook” for Baby BoomersFamiliar “hook” for Baby Boomers

Old Ideas Still WorkOld Ideas Still Work

World War IIWorld War II TodayToday

Remember Your Remember Your AudienceAudience

Seasonal themeSeasonal theme

Associated with a Public Event

Poster Art – Not So Good

Poster Art - Cool

Key to Effective Training

ReinforceReinforceReinforceReinforce

ReinforceReinforce

“The single greatest obstacle to espionage is education.”Stanislav Levchenko, former KGB Officer

Questions ??