Security Education and Awareness

Download Report

Transcript Security Education and Awareness 

JSAC
JSAC
Security Education and
Awareness
Security 101
February 28, 2007
Why Education and Training?

NISPOM 3-100 “ Contractors shall provide
all cleared employees with security training
and briefings commensurate with their
involvement with classified information.”
“A Security Awareness Program
Sets the Stage for Training by
Changing Organizational
Attitudes to Realize the
Importance of Security and the
Adverse Consequences of
Failure.”
National Institute of Standards and Technology
Goals of An Effective Education &
Training Program



Understanding of and compliance with
security rules and regulations.
Understanding the magnitude and
complexity of the foreign and domestic
threats that make these rules and
regulations necessary.
Motivation!!!
Education Versus Training

We often use the two terms
interchangeably……but:
“Training” teaches people the skills
that will enable them to perform their
job.
 “Education” enables someone to
develop the ability and vision to
understand complex, multidisciplinary
activities.

Education and Training
 What
Should Be Included?
 What Is Your Method of
Delivery?
Required Prior to Initial Access to
Classified Information
Threat Awareness Briefing
 Defensive Security Briefing
 Overview of the Security
Classification System
 Employee Reporting Requirements
 Security Procedures and Duties
applicable to the employee’s job

Threat Awareness





What is the Threat
Methods of Collection
Recent Cases
CLASSIFIED or UNCLASSIFIED
Threat Analysis from USG Sources
Critical Technologies
1940’s
1960’s
1970’s
1980’s
1950’s
1990’s
2001
2007
Defensive Briefing
Overseas Travel
 Foreign Contacts
 Technology Controls
 Public Release Requirements
 CI Awareness
 Disclosure Restriction

Overview of the Security
Classification System




Levels of Classification and Criteria
Original and Derivative Classification
Classification Guides
SAP/SAR and Special Briefing
Requirements





NATO, FGI, COMSEC, CNWDI
Safeguarding
AIS
Background Investigations
Marking
Employee Reporting Requirements
Definition of Adverse Information
 Suspicious Contact Reports
 Foreign Travel Reporting
Requirements (if any)
 Violations

Security Procedures and Duties
Applicable to the Employee’s Job
Lots of foreign contact or travel ?
 Working with classified hardware ?
 Working in a closed area ?
 Marketing ?
 AIS ?
 Special Briefings ?

Workplace Violence Prevention

Liaison With:
 Legal
 Human Resources
 Local Law Enforcement
 Medical
 Outside Consultants
Know Your Audience
Executive Level
 Foreign Travel
 General Security Training
 Technical Training
 Export Controls
 Counter-Intelligence

Subject Matter Experts

Subject Matter Experts Can Lend
Extra Credibility
DSS CI
 902nd MI Group
 OSI
 NCIS
 Legal Departments
 Import/Export Empowered Officials

Resources & Methods

Company Newsletters

Great for Special Events or Current Topics
“Security Slot”

Space on the Company Website or Build a Security Website

Topic of the Month




Website Information
Security Bulletins
Videos


Homemade are Expensive but Effective if Resources Available
Computer Based Education
Resources & Methods

Posters



Some Commercially Available
Idea Contest
Desktop Reminders

Great For End of Day Checks
“Gimmes”
 Pamphlets


Must be easy to use or recyclable
Desk Guides and Handbooks
Resources & Methods

Seminars and Workshops
NCMS
 JSAC
 ASIS
 National Security Institute – IMPACT
 DSS
Usually for Specific Audiences
 Security Professionals
 Small Facility FSO’s
 Specialists – Import/Export, Legal


Visual Advertising

A Great Poster IS:

Readable


Legible


Illegible = Fancy font, fancy font, too much text
Well Organized


Unreadable = Misspellings, complex, passive
sentences, ungrammatical
Disorganized = Too much time to find main idea, next
idea or data
Succinct

Not succinct = Doesn’t direct attention to main
message in 11 seconds
Great Posters Are Compact and Visual:


Compact:
 Focus on one, clearly stated message
with a single “take-home” message
Visual:
 Relies on graphics, photos, pictures to
convey message rather than lots of text
Poster Art from the Web
http://www.wasc.noaa.gov/wrso/poste
rs/Security_Awareness_Posters4.ht
m
 http://members.impulse.net/~sate/po
sters.html

Familiar “hook” for Baby Boomers
Old Ideas Still Work
World War II
Today
Remember Your Audience
Seasonal theme
Associated with a Public Event
Poster Art – Not So Good
Poster Art - Cool
Key to Effective Training
Reinforce
Reinforce
Reinforce
“The single greatest
obstacle to espionage is
education.”
Stanislav Levchenko, former KGB Officer
Questions ??