Security Education and Awareness
Download
Report
Transcript Security Education and Awareness
JSAC
JSAC
Security Education and
Awareness
Security 101
February 28, 2007
Why Education and Training?
NISPOM 3-100 “ Contractors shall provide
all cleared employees with security training
and briefings commensurate with their
involvement with classified information.”
“A Security Awareness Program
Sets the Stage for Training by
Changing Organizational
Attitudes to Realize the
Importance of Security and the
Adverse Consequences of
Failure.”
National Institute of Standards and Technology
Goals of An Effective Education &
Training Program
Understanding of and compliance with
security rules and regulations.
Understanding the magnitude and
complexity of the foreign and domestic
threats that make these rules and
regulations necessary.
Motivation!!!
Education Versus Training
We often use the two terms
interchangeably……but:
“Training” teaches people the skills
that will enable them to perform their
job.
“Education” enables someone to
develop the ability and vision to
understand complex, multidisciplinary
activities.
Education and Training
What
Should Be Included?
What Is Your Method of
Delivery?
Required Prior to Initial Access to
Classified Information
Threat Awareness Briefing
Defensive Security Briefing
Overview of the Security
Classification System
Employee Reporting Requirements
Security Procedures and Duties
applicable to the employee’s job
Threat Awareness
What is the Threat
Methods of Collection
Recent Cases
CLASSIFIED or UNCLASSIFIED
Threat Analysis from USG Sources
Critical Technologies
1940’s
1960’s
1970’s
1980’s
1950’s
1990’s
2001
2007
Defensive Briefing
Overseas Travel
Foreign Contacts
Technology Controls
Public Release Requirements
CI Awareness
Disclosure Restriction
Overview of the Security
Classification System
Levels of Classification and Criteria
Original and Derivative Classification
Classification Guides
SAP/SAR and Special Briefing
Requirements
NATO, FGI, COMSEC, CNWDI
Safeguarding
AIS
Background Investigations
Marking
Employee Reporting Requirements
Definition of Adverse Information
Suspicious Contact Reports
Foreign Travel Reporting
Requirements (if any)
Violations
Security Procedures and Duties
Applicable to the Employee’s Job
Lots of foreign contact or travel ?
Working with classified hardware ?
Working in a closed area ?
Marketing ?
AIS ?
Special Briefings ?
Workplace Violence Prevention
Liaison With:
Legal
Human Resources
Local Law Enforcement
Medical
Outside Consultants
Know Your Audience
Executive Level
Foreign Travel
General Security Training
Technical Training
Export Controls
Counter-Intelligence
Subject Matter Experts
Subject Matter Experts Can Lend
Extra Credibility
DSS CI
902nd MI Group
OSI
NCIS
Legal Departments
Import/Export Empowered Officials
Resources & Methods
Company Newsletters
Great for Special Events or Current Topics
“Security Slot”
Space on the Company Website or Build a Security Website
Topic of the Month
Website Information
Security Bulletins
Videos
Homemade are Expensive but Effective if Resources Available
Computer Based Education
Resources & Methods
Posters
Some Commercially Available
Idea Contest
Desktop Reminders
Great For End of Day Checks
“Gimmes”
Pamphlets
Must be easy to use or recyclable
Desk Guides and Handbooks
Resources & Methods
Seminars and Workshops
NCMS
JSAC
ASIS
National Security Institute – IMPACT
DSS
Usually for Specific Audiences
Security Professionals
Small Facility FSO’s
Specialists – Import/Export, Legal
Visual Advertising
A Great Poster IS:
Readable
Legible
Illegible = Fancy font, fancy font, too much text
Well Organized
Unreadable = Misspellings, complex, passive
sentences, ungrammatical
Disorganized = Too much time to find main idea, next
idea or data
Succinct
Not succinct = Doesn’t direct attention to main
message in 11 seconds
Great Posters Are Compact and Visual:
Compact:
Focus on one, clearly stated message
with a single “take-home” message
Visual:
Relies on graphics, photos, pictures to
convey message rather than lots of text
Poster Art from the Web
http://www.wasc.noaa.gov/wrso/poste
rs/Security_Awareness_Posters4.ht
m
http://members.impulse.net/~sate/po
sters.html
Familiar “hook” for Baby Boomers
Old Ideas Still Work
World War II
Today
Remember Your Audience
Seasonal theme
Associated with a Public Event
Poster Art – Not So Good
Poster Art - Cool
Key to Effective Training
Reinforce
Reinforce
Reinforce
“The single greatest
obstacle to espionage is
education.”
Stanislav Levchenko, former KGB Officer
Questions ??