Transcript Slide 1

Security for Project Management
Professionals
National Industrial Security Program
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
1
Purpose
The purpose of this briefing is to provide Project Management Professionals and
others engaged in project management with an overview of the National Industrial
Security Program (NISP).
The goal of any industrial security program is the protection of classified information.
Physical safeguards are important in this effort – but just as important – is the
education of those entrusted with the safeguarding of classified information.
Policies and procedures tells us what and how to do something, but we also need to
understand WHY things are done a certain way.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
2
What you will learn
At the end of this briefing the Project Management Professional will:
• Have an understanding of the National Industrial Security Program (NISP) and the
Operating Manual (NISPOM)
• Become familiar with the requirements imposed by the Contract Security
Classification Specification (DD Form 254)
• Have an understanding of the difference in requirements between those stated in
Section H of the contract and those imposed by the DD 254.
• How do we get the people with the right clearances in the right positions in a timely
manner.
• Become familiar with Joint Personnel Adjudication System (JPAS) and
requirements for Visit Authorization Letters / Requests.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
3
What is a facility (in NISPOM-speak)?
The solicitation states that the company must have an active TOP SECRET
facility clearance at time of award.
In NISPOM-speak, this means that the company awarded a contract must have gone
through a vetting process with the Department of Defense (or other Cognizant
Security Agency – DNI; DOE and NRC*) based upon a valid contractual need to
access classified information.
NOTE: The NISPOM is applicable to ALL executive branch departments and
agencies.
Once this process is favorably completed the company is granted a “Facility
Clearance” (FCL) at the level required by contract (generally SECRET or TOP
SECRET).
For our purposes, this information is then entered into the Industrial Security
Facilities Database together with the company CAGE code; location of the company
and Facility Security Officer (FSO) information. This would be an industrial security
version of the Central Contractor Registration (CCR).
*
Director of National Intelligence (DNI); Department of Energy (DOE); Nuclear Regulatory Commission (NRC)
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
4
FCL Level v. Storage Authorization
The solicitation states that the company must have classified storage
authorized for classified information up to the SECRET level. The fact the we
have a TOP SECRET Facilities Clearance (FCL) covers us – right?
Actually, NO!
Having a TS FCL means that the company may enter into contracts and have access
to classified material at a level up to an including TS. It may also employee “cleared”
personnel for that purpose.
The storage, processing, safekeeping, manufacturing, etc., of classified material and
information is a separate process. In order to be authorized classified storage, the
cleared company must demonstrate they have sufficient safeguards (physical,
personnel, procedural, etc.) in place prior to receiving authorization and have a
contractually based NEED for maintaining classified information on-site. In this case,
the company would need authorization to store and process SECRET material
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
5
As a PM, where do I find security related information
in the contract?
For the FSO the only source of information is the DD 254 (Contract Security
Classification Specification). In most cases though – at the time of solicitation a DD
254 will not be available. So your sources are:
Section H of the solicitation / contract will normally have general information
regarding security requirements: type of personnel clearance required; type facility
clearance required; IT access requirements; policies regarding access to facilities,
etc.
The Statement of Work (SOW) will also have general requirements – hopefully
specific to the position being filled or the security access required for a particular
location.
Generally one or both of these documents will also let us know if we need approval
of the government to subcontract – and if so, do we need approval of the
government security group to subcontract security requirements. (Mandatory for
Department of State; FBI and some Naval activities)
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
6
The DD 254 – Why is this so important?
As a PM, you understand that without a contract in place, work does not start, people
don’t get paid and invoices don’t get submitted. The contract includes all of the
specifications needed to be met. The DD 254 is a part of that contract – just as the
statement of work; your proposal; invoicing instructions, etc.
The Government Contracting Activity (GCA) is responsible for incorporating
appropriate security requirements clauses in a classified contract, Invitation for Bid
(IFB), Request for Proposal (RFP), Request for Quotation (RFQ), or other
solicitation, and for providing the contractor with the security classification guidance
needed during the performance of the contract. This guidance is provided to the
contractor by the Contract Security Classification Specification. The Contract
Security Classification Specification must identify the specific elements of classified
information involved in the contract that require security protection.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
7
DD 254 v. Section H or SOW
Typical Section H / SOW Security
Requirements: Contractor must have a TS
FCL and provide personnel with access
authorized to TS or TS/SCI level. Normally
just a paragraph or two.
The DD 254 can range from 2 to ?? pages
depending on the contract. It tells us (or at
least should tell us):
• Basic Requirements (See follow on
slides)
• Who has security cognizance.
• If SCI, COMSEC, or other, specific
guidance
• Who the Security POC is on site; for the
contract and how visit requests will be
managed.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
8
FIRST TO
BE
CHECKED
DD 254 Example:
1. CLEARANCE AND SAFEGUARDING
DEPARTMENT OF DEFENSE
CONTRACT SECURITY CLASSIFICATION SPECIFICATION
a. FACILITY CLEARANCE REQUIRED
(The requirements of the DoD Industrial Security Manual apply
to all security aspects of this effort.)
2. THIS SPECIFICATION IS FOR:
b. LEVEL OF SAFEGUARDING REQUIRED
3. THIS SPECIFICATION IS: (x and complete as applicable)
(x and complete as applicable)
DATE (YYMMDD)
a. PRIME CONTRACT NUMBER
a. ORIGINAL (Complete date in all cases)
b.)
b. SUBCONTRACT NUMBER
c. SOLICITATION OR OTHER NUMBER
Revision No.
DATE (YYMMDD)
DATE (YYMMDD)
DUE DATE (YYMMDD)
c. FINAL (Complete Item 5 in all cases)
6. CONTRACTOR
(Include Commercial and Government Entity (CAGE) Code)
a.NAME, ADDRESS, AND ZIP CODE
a.CAGE CODE
c. .COGNIZANT SECURITY OFFICE (Name, Address, and Zip Code)
b. CAGE CODE
c. COGNIZANT SECURITY OFFICE (Name, Address, and Zip code)
b. CAGE CODE
c. COGNIZANT SECURITY OFFICE(Name, Address, and Zip Code)
7. SUBCONTRACTOR
a.NAME, ADDRESS, AND ZIP CODE
8. ACTUAL PERFORMANCE
a. LOCATION
9. GENERAL IDENTIFICATION OF THIS PROCUREMENT
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
9
Section 10: What information is protected?
10. THIS CONTRACT WILL REQUIRE ACCESS TO:
YES
NO
a. COMMUNICATIONS SECURITY (COMSEC) INFORMATION
b. RESTRICTED DATA
c. CRITICAL NUCLEAR WEAPON DESIGN INFORMATION
d. FORMERLY RESTRICTED DATA
Requires
Special
Briefings
e. INTELLIGENCE INFORMATION:
Requires
Agency
Vetting
Process
(1) Sensitive Compartmented information (SCI)
(2) Non-SCI
f. SPECIAL ACCESS INFORMATION
g. NATO INFORMATION
h. FOREIGN GOVERNMENT INFORMATION
i. LIMITED DISSEMINATION INFORMATION
j. FOR OFFICIAL USE ONLY INFORMATION
k. OTHER (Specify)
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
10
Section 11: Location; needs and instruction on how:
11. IN PERFORMING THIS CONTRACT, THE CONTRACTOR WILL:
YES
NO
a. HAVE ACCESS TO CLASSIFIED INFORMATION ONLY AT ANOTHER
CONTRACTOR’S FACILITY OR A GOVERNMENT ACTIVITY
b. RECEIVE CLASSIFIED DOCUMENTS ONLY
c. RECEIVE AND GENERATE CLASSIFIED MATERIAL
d. FABRICATE, MODIFY, OR STORE CLASSIFIED HARDWARE
e. PERFORM SERVICES ONLY
f. HAVE ACCESS TO U.S. CLASSIFIED INFORMATION OUTSIDE THE U.S.,
PUERTO RICO, U.S. POSSESSIONS AND TRUST TERRITORIES
g. BE AUTHORIZED TO USE THE SERVICES OF DEFENSE TECHNICAL
INFORMATION CENTER (DTIC) OR OTHER SECONDARY DISTRIBUTION
CENTER
h. REQUIRE A COMSEC ACCOUNT
i. HAVE TEMPEST REQUIREMENTS
j. HAVE OPERATIONS SECURITY (OPSEC) REQUIREMENTS
k. BE AUTHORIZED TO USE THE DEFENSE COURIER SERVICE
l. OTHER (Specify)
Storage / processing authorization required if YES block is checked
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
11
DD 254 – Reverse and Continuation Pages
12. PUBLIC RELEASE.
Any information (classified or unclassified) pertaining to this contract shall not be released for public dissemination except as provided by the iNISPOM
or unless it has been approved for public release by appropriate U.S. Government authority. Proposed public releases shall be submitted for approval prior to release
Direct Through (Specify):
IN ALMOST ALL INSTANCES PUBLIC RELEASE WILL NOT BE AUTHORIZED
to the Directorate for Freedom of Information and Security Review, Office of the Assistant Secretary of Defense (Public Affairs)* for review.
*In the case of non-DoD User Agencies, requests for disclosure shall be submitted to that agency.
13. SECURITY GUIDANCE.
The security classification guidance needed for this classified effort is identified below. If any difficulty is encountered in applying this guidance or if any other
contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provi de recommended changes; to challenge the guidance or the classification
assigned to any information or material furnished or generated under this contract; and to submit any questions for interpretation of this guidance to the official identified below. Pending final
decision, the information involved shall be handled and protected at the highest level of classification assigned or recommended. (Fill in as appropriate for the classified effort. Attach, or
forward under separate correspondence, any documents/guides/extracts referenced herein. Add additional pages as needed to provide complete guidance.)
This section will contain (or should contain) detailed information on what is being protected; how it
must be protected; the types of information; specific instructions, Security Points of Conduct, etc.
Typical continuation pages and attachments:
 Refer to Annex A for instructions regarding SCI Information
 Refer to Annex B for instructions on non-SCI intelligence information
 Refer to Annex C for instructions on handing Controlled Unclassified Information (CUI); Sensitive
But Unclassified (SBU) information; For Official Use Only (FOUO Information).
 Refer to Annex D for information regarding COMSEC instructions
 Refer to Annex E for information regarding access to NATO information.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
12
A Special Note about SCI
This contract states that everyone must be cleared to the TS/SCI level or be
SCI eligible. What is SCI and what is the difference between TS/SCI and
“eligible?”
There are only three levels of classified information: TOP SECRET (TS);
SECRET (S) and CONFIDENTIAL (C). SCI implements tighter safeguards for
some TS information.
SCI refers to Sensitive Compartmented Information and the DNI is the proponent
for SCI access for the federal government. To have access to SCI, the agency
holding that information (FBI; DoD; CIA; DOJ) will conduct a separate
background investigation before you may be granted access. The individual may
be asked to undergo a polygraph – generally limited to National Security matters.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
13
Who’s a SAP?
One part of this project is referred to as a Special Access Program (SAP)
and information is considered Special Access Required (SAR).
As mentioned, there are only three levels of classified information: TS; S and
C. SAPs are the responsibility of the CSA – and require special oversight by
the CSA. They may be acknowledged or unacknowledged.
As is the case with SCI information – additional safeguards and requirements
are applied prior to granting access.
Consider secret programs used for the development of weapons systems – or
information regarding a Delta classified operations mission; or the intelligence
platform added to that new Gulfstream that can find a penny in your pocket.
These are all types of Special Access Programs. There will be additional
safeguards – some physical; some personnel security and dependent upon the
program – the guy down the hall will have no idea what you are working on.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
14
Billets
The DD 254 in my case states that we have been provided four (4)
“billets.” What is a billet?
For SAP and some SCI programs, a set number of people may have access to
part or all of the information within that program. These are referred to as
billets – or positions.
In this case, no more than four individuals may be read on to the program and
provide support to the program at any one time. A person leaves – the
replacement must be nominated and accepted by the agency before access is
granted.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
15
IT Access Levels I, II or III
We have an IT Services support contract pending. The SOW states that
some personnel will require IT Level I access while others require levels II
or III. This is not a classified contract. What’s this all about?
Vulnerability. That’s what it is all about. Where is our system most vulnerable;
who could be the biggest threat to the system and what can we do to protect
the system or network from compromise or damage?
If you think about the financial industry – none of their information is classified
information by National Security standards. Yet, protections imposed on access
to financial systems, networks, transactions, etc. are super tight.
Generally – the government will identify the AIS level of the system which sets
the stage for who can get access.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
16
Access and Investigation Chart
Position Requires
Access to:
Type of
Investigation
required
Company
authorized to
request
investigations?
Comments
NATIONAL SECURITY POSITIONS
SCI
SSBI
YES
TS Required for SCI - Interim TS is not accepted
TOP SECRET
SSBI
YES
Unless noted by contract, Interim TS allows access to TS
SECRET
NACLC
YES
Unless noted by contract, Interim S allows access to S
CONFIDENTIAL
NACLC
YES
INFORMATION TECHNOLOGY / INFORMATION SENSITIVITY POSITIONS
IT Level I / Critical
Sensitive
SSBI
IT Level II / NonCritical Sensitive
NACLC
IT Level III / NonSensitive
NAC
Only in
conjunction with a
need to access
classified
information
Same inv requirements as for TS
NO
Requesting agency must process
Same inv requirements as for S
NOTE: Agencies may also require – in addition to the above – a suitability investigation be
completed prior to granting full access. The investigative requirements are agency and
information dependent. Generally interim access is granted while the suitability investigation
is being completed.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
17
The Joint Personnel Adjudication System (JPAS)
JPAS is the system of record for personnel clearances within the Department of Defense
and its contractors. If our company has a classified contract with DOD and most federal
agencies – they require us to submit a JPAS record. If “it ain’t in JPAS – then it ain’t”
WHAT IT DOES DO:
• Displays all relevant information regarding background investigation and adjudication dates.
• Displays the association between an individual and a company
• Displays what access the person has been granted. Displays any special accesses – NATO,
Nuclear, etc.
• Allows for Visit Requests to be submitted electronically.
WHAT IT DOES NOT DO:
• Does not link with other agency databases (Scattered Castles).
• Does not track “favorable” access determinations (no access to classified)
• Does not allow contractors to initiate SF 85 for suitability determinations..
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
18
Clearance Processing
Have a new employee
with no clearance?
• HR provides completed security
• HR provides completed security
Requires access to
questionnaire to Security. Upon
questionnaire to Security. Upon
Secret?
receipt, applicant is added to JPAS and receipt, applicant is added to JPAS and If all is well with his
investigation request is initiated under
investigation request is initiated under
eQIP submitted on
the contract number provided. (1 Day) the contract number provided. (1 Day) Monday – your
• Applicant completes eQIP and
• Applicant completes eQIP and
employee can be sitting
submits to FSO. (up to applicant –
submits to FSO. (up to applicant –
at your client’s desk
after 90 days – start over)
after 90 days – start over)
with an Interim Secret
• FSO reviews and either returns for
• FSO reviews and either returns for
on Wed or Thu at the
correction or submits to DSS for
correction or submits to DSS for
latest!
TOP SECRET
SECRET
processing. (1 day)
processing. (1 day)
• DSS grants Interim SECRET
clearance and submits eQIP to OPM
for investigation. (3 days)
• DSS grants Interim SECRET
clearance and submits eQIP to OPM
for investigation. (3 days)
• Investigation completed. (Many
variables – generally 6 - 12 months)
• Investigation completed. (Many
variables – generally 3 to 6 months)
• DSS adjudicates investigation and
grants final TOP SECRET clearance
(within 30 days)
• DSS adjudicates investigation and
grants final SECRET clearance (within
30 days)
SECURITY EDUCATION
TRAINING
AWARENESS
A Tip 4 U!
Make all hiring
agreements contingent
upon the applicant
being able to obtain
and hold on to
eligibility to access
classified.
2013 Security for PMP
19
JPAS Record
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
20
Visit requests
OK – the contract is in place; we have hired the right person with the right clearance. Now,
how do we get our employee on site?
We are required to show a contractual relationship between the government and our company and a
link between the person and our company. This is generally managed through the submission of a
Visit Authorization Letter (or Visit Request) – prepared by the company security staff and submitted to
the government client’s security staff.
With the development of JPAS – this can be done electronically if the government client is a user of
JPAS. If not, a hard copy letter (on company letterhead) is submitted via fax.
Data included in the letter:
• Contract Number; Security POC at agency; Project POC at Agency; Period of visit.
• Employees Full Name; DOB; POB; SSN
• Employee background investigation data; access granted and indoctrination.
• Company CAGE; FCL; Date Granted and information concerning the Cognizant Security Office.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
21
Subcontractor Responsibilities
Are security requirements passed down to subcontractors? How do we know
they are cleared? If not cleared can they get cleared?
If the subcontractor is required to have access to classified information, then YES,
the security requirements will be passed down to that company. This is
accomplished via a Sub-Contractor DD 254 – which is prepared by the company and
signed by the FSO – which is then submitted to the sub.
The Sub-Contractor is responsible for the security program for its own employees
and will submit visit requests based on our DD 254.
In order to issue the subcontractor DD 254, the following must be provided to
security:
• A copy of the sub-contract signed by both the company and the subcontractor.
• Period of performance.
We will then verify the subcontractor’s FCL in the ISFD, prepare and issue the DD
254.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
22
Exploratory phase.
BD evaluation of
government
requirements.
Develops
recommendation of
GO / NO-GO. NISP
info minimal at this
time – expressed in
broad terms
“Requires personnel
with eligibility up to
an including TS”
Statement of Work is
available. Proposal
team should have an
idea of expected subcontractors; personnel,
etc. FSO involved in
the process to provide
advice on meeting
security requirements.
Agency (end user)
security requirements
should be developing
and available.
OVERVIEW
OVERVIEW
Development of the
company proposal –
ensuring that all
requirements are met
or exceeded. FSO
should be consulted
to ensure we have
addressed all
security concerns
correctly.
Contract has been
awarded and subcontracts issued. DD
254 has been received
from the government
and evaluated to
ensure requirements
have not changed.
DD 254s issued to
subs; personnel added
to JPAS and Visit
Requests submitted to
the end-user.
FSO INVOLVEMENT
FSO INVOLVEMENT
Security requirements will not be finalized. However, in
general terms, we should be able to evaluate:
• Does the company have the correct FCL?
• Proposed Subs – are they cleared? To what level?
• Proposed staffing – any issues with PCL?
• Will interim clearances be accepted?
• Is there sufficient lead time to get a new employee
cleared?
• Are there agency requirements that may cause a
delay?
SECURITY EDUCATION
TRAINING
PERFORMANCE PHASE
OVERVIEW
PROPOSAL DEVELOPMENT
OVERVIEW
PRE-PROPOSAL PHASE
PRE-SOLICITATION PHASE
Project Phases – Security Concerns
• Has
the DD 254 been received and evaluated?
• Prepare and issue sub-contractor DD 254s – submit to
agency if required.
• JPAS completed for all employees.
• Initiate investigations / re-investigations where
needed.
• Prepare visit requests and submit.
• All staff undergo security education / in-briefings, etc.
AWARENESS
2013 Security for PMP
23
Required Reports
The reality is that life happens. Sometimes what does happen may have an adverse
affect on the ability of an individual to maintain a clearance. In some situations, the
conduct of an employee brings his ability to maintain a clearance into question. We are
required to report certain matters – like it or not – regardless of the government client’s
decisions.
TO THE FBI:
TO THE CSA:
actual, probable or possible
• espionage,
• sabotage,
• terrorism, or
• subversive activities at any
of its (contractor) locations.
Employee Status
• Adverse information concerning a cleared employee
• Suspicious contacts
• Change in status: Name; citizenship; marital status; termination
• Refusal of a cleared employee to work on classified contracts
• Refusal to sign the SF 312 (Non-Disclosure Agreement)
Company Status
• Change of name; address; ownership
• Change in Key management Personnel
• Change in FOCI Status (Foreign Ownership, Control , Influence)
• For possessing companies, any change in the ability to properly
safeguard classified information
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
24
Targeting US Technologies
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
25
The Threat – Economic & Industrial Espionage
Due to foreign policy considerations and the need to protect sources, the U.S.
Government does not publicly name the countries that are most active in conducting
espionage against the United States. However, several European and Asian
countries have stated openly that their national intelligence services collect economic
intelligence to benefit their industries at the expense of foreign competition.
Considerable information on this subject is available in public sources.
What Are They After?
It would be nice to know exactly what classified, proprietary or other sensitive
information foreign countries are trying to collect, so that we could then concentrate
on protecting that information which is most at risk. Unfortunately, waiting for that
kind of specific information before taking appropriate security measures would
usually mean locking the barn door after the horses have left.
March 7, 2008: a Reston, VA company, pleads guilty in federal court to illegally exporting
"controlled power amplifiers," which have military applications
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
26
DSS Intel tells us that …
In FY11, suspicious
network activity (SNA)
was the most prevalent
collection MO for
entities originating from
East Asia and the
Pacific; SNA figured no
more prominently than
fifth in any other region.
Due to the nature of
SNA, it remains difficult
to
attribute such collection
attempts to an entity or
even to a region of
origin.
The top four most targeted technology categories in FY11—
information systems (IS); lasers, optics, and sensors (LO&S);
aeronautics systems; and electronics— remained unchanged.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
27
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
28
DSS Tells Us that …
• Technologies resident in U.S. cleared industry remain highly sought after.
Foreign intelligence entities (FIEs) continue to expand their collection
networks and activities. These networks are growing like a malignant vine.
• This ongoing theft—FIEs’ pilfering of U.S. technologies from cleared
industry—could reduce or even end advantages in military capabilities the
United States possesses over potential adversaries, thereby adversely
affecting U.S. battlefield dominance. It also could strangle U.S economic
growth, vitiating the nation’s economic health.
• The overall number of reports submitted by cleared industry to the
Defense Security Service (DSS) in FY11 increased by nearly 65 percent
over FY10, and the number that actually became suspicious contact
reports (SCRs) increased by 75 percent, likely due in large part to
increased awareness and reporting by industry.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
29
The Threat – Economic & Industrial Espionage
Foreign governments’ continued ability to acquire state-of-the-art U.S.
technology at little or no expense has undermined U.S. national security by
enabling foreign firms to push aside U.S. businesses in the marketplace and by
eroding the U.S. military lead.
A clear line must be drawn to protect information that is:
• classified, or
• subject to export controls because it concerns militarily critical
technologies, or
• proprietary information that is the intellectual property of a specific
firm or individual.
March 24, 2008: a former engineer at a naval contractor, is sentenced to 24 1/2 years in
prison for conspiring to export warship technology.
Aug. 1, 2007: Engineer pleads guilty to violating the Economic Espionage Act to benefit China's Navy Research
Center. He exported source code for simulation software for the precision training of fighter pilots.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
30
“Globalization and growing
economic interdependence,
while creating new levels of
wealth and opportunity,
Department of Defense
National Defense Strategy
also create a web of
interrelated vulnerabilities
and spread risks even
further…
July, 2008
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
31
Let us not forget who we support.
Information concerning troop rotations, locations, equipment; and technology is
classified for a reason. Unauthorized release of this information can have a
detrimental effect on the Warfighters’ survivability.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
32
This concludes the briefing for Project Management Professionals. If
you have questions, please do not hesitate to contact us.
SECURITY EDUCATION
TRAINING
AWARENESS
2013 Security for PMP
33