pfpa lesson plan_042014 - web viewmaintain the dd form 2501, ... 4. classified material in the...

Pentagon Force Protection Agency 031201017- Operation, Information & Personnel Security

Table of ContentsVersion Information......................................................................................................................2

Course Administrative Information............................................................................................2Lesson Title:................................................................................................................................2Instructional Methodologies:.......................................................................................................2Length of Presentation:................................................................................................................2Description:..................................................................................................................................3Terminal Performance Objective (TPO):....................................................................................3Enabling Performance Objectives (EPO):...................................................................................3Training Aids:..............................................................................................................................3Instructor Resources (needed to prepare for class but not a training aid)...................................3Instructor Training Requirements:...............................................................................................5Student Requirements (Course Pre-Requisites):.........................................................................5Method of Evaluation:.................................................................................................................5Target Audience:.........................................................................................................................5Risk Level and Mitigation Requirements:...................................................................................5Instructor/Student Ratio by Topic:*............................................................................................5Icon Legend.................................................................................................................................6

Instructional Content....................................................................................................................7Topic: Introduction to Operation, Information & Personal Security...........................................7Topic: Terminal Performance Objective (TPO)..........................................................................9Topic: Enabling Performance Objectives (EPOs).....................................................................10Topic: Building Passes..............................................................................................................11Topic: PPD Credentials, Badges and Placards..........................................................................13Topic: Handling Personal Identifiable Information (PII)..........................................................17Topic: Handling Classified Materials........................................................................................19Topic: Identify how to secure personal information while off-duty..........................................23Topic: Lesson Review...............................................................................................................28

Draft v. 2.04/09/2014 FOUO/Law Enforcement Sensitive


Version Information VERSION NUMBER

ISSUE DATE

CHANGES MADE

MISC. INFORMATION

1 3/20/15

Course Administrative Information Lesson Title:

Operation, Information & Personnel Security

Instructional Methodologies:

The instructional strategies used throughout the course engage, instruct, establish relevance, and enhance knowledge retention and transfer. The strategies to be used in this course are as follows:

Lecture/Instructor Presentation: All instructor presentations are interactive. The instructor asks questions to encourage the students to discover the correct answers, and to develop the critical thinking skills and self-reliance needed to perform the tasks on the job.

Demonstration: During the lecture/presentation, the instructor will regularly demonstrate processes, tasks, and other workplace performances.

Class Discussion: The instructor guides all group discussions and leads students toward the desired answers or outcomes. This exchange allows students to benefit from others prior knowledge and experience with the subject matter.

Graded Practical Exercise: Students are required to demonstrate and apply their knowledge obtained during the lecture by participating in a graded practical exercise related to incident response regulations and procedures at the Reservation.

Length of Presentation:

LECTURE & DEMO LAB P.E. TOTAL PROGRAM

1 hour 0 0 1 Pre- FTEP Operation, Information & Personnel Security



Description:

This course is designed to provide students with the fundamental knowledge on the responsibilities required for the protection of operational information and personnel security.

Through lecture, demonstration, class discussion, and classroom activities, students will be able to become familiarized on the roles and responsibilities of protecting operational information and personnel security.

Terminal Performance Objective (TPO):

Student will identify how to protect operation, information and personnel security, based on PFPA regulation 9307 (Displaying PFPA Credentials), and regulation .0009 (Information Security Program for PFPA).

Enabling Performance Objectives (EPO):

EPO #1: Examine how to safe guard personnel information.

EPO #2: Demonstrate how to manage classified materials.

EPO#3: Identify how to secure personal information while off-duty.

Training Aids:

Instructor Classroom

Lesson activity questions

Operation, Information & Personnel Security Design Guide

Operation, Information & Personnel Security Student Handout

Operation, Information & Personnel Security PowerPoint

Student Handouts

Facebook SmartCard Google+ SmartCard LinkedIn SmartCard Twitter SmartCard

StudentInstructors will provide students with all training materials for this course.

Instructor Resources (needed to prepare for class but not a training aid)



Instructor(s) can access the PFPA Intranet (https://intranet.pfpa.mil/) for regulations used for this course.



Instructor Training Requirements:

The instructor(s) must have a strong understanding of the procedures of Operation, Information & Personnel Security.

Student Requirements (Course Pre-Requisites):

Police Officers in this course must have attended the Uniform Police Training Program (UPTP).

Method of Evaluation:

Practical Exercise

Target Audience:

The target audience consists of PFPA Uniformed Law Enforcement Officers (083) in-service and pre-FTEP recruits.

Risk Level and Mitigation Requirements:

The risk level for this course is negligible. There are no mitigation requirements.

Instructor/Student Ratio by Topic:*

TOPIC ACTIVITY RATIO

All Classroom Lecture 1:24

Lab/P.E Lab 1:24

*See PFPA Training Safety SOP for recommended ratios



Icon Legend

The following icons may be used in this course:

TIME PLAY MOVIE DEMONSTRATION

REFERENCE/ APPENDIX SAFETY WARNING IMPORTANT NOTE, MUST BE STRESSED

CHECKLIST ITEM



Instructional ContentTime: 30 minutes

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Topic: Introduction to Operation, Information & Personal SecurityWhat you hope to get out of this course:

Operation Security (OPSEC) identifies, controls, and protects unclassified evidence of the planning and execution of sensitive information. The functionality of OPSEC and personnel security starts with each PFPA individual.

This course is designed to provide you with the fundamental starting points to comprehend and apply the proper way to secure operational information and personnel material.



Slide 6

Instructor Notes:

Welcome the class to the Operation, Information and Personal Security lesson. Briefly go over the course schedule, logistics, conduct, and evaluation requirements (Slides 2-5).

Operation Security (OPSEC) identifies, controls, and protects unclassified evidence of the planning and execution of sensitive information. The functionality of OPSEC and personnel security starts with each PFPA individual.

This course is designed to provide you with the fundamental starting points in comprehending and applying the proper way to secure operational information and personnel material.

Introduce lesson by playing OPSEC video clip (embedded within the PowerPoint Presentation, slide #6).



Time: 30minutes

Slide 7

Topic: Terminal Performance Objective (TPO)Student will identify how to protect operation, information and personnel security, based on PFPA regulation 9307 (Displaying PFPA Credentials), and regulation .0009 (Information Security Program for PFPA).

Instructor Notes:

Review TPO for the course:

Student will identify how to protect operation, information and personnel security, based on PFPA regulation 9307 (Displaying PFPA Credentials), and regulation .0009 (Information Security Program for PFPA).



Time:30 minutes

Slide 8

Topic: Enabling Performance Objectives (EPOs)1. Examine how to safe guard personnel information.

2. Demonstrate how to manage classified materials.

3. Identify how to secure personal information while off-duty.

Instructor Notes:Explain each of the EPOs and highlight their relevance. EPO #1: Examine how to safe guard personnel information.

EPO #2: Demonstrate how to manage classified materials.

EPO#3: Identify how to secure personal information while off-duty.

Transition: Next, we will discuss our first EPO, and discuss how to safe guard personnel information.



Time: 30 minutes


Slide 9

Slide 10

Topic: Building PassesEPO #1: Examine how to safe guard personnel information.

The Pentagon is considered a National Command Center and strict adherence to admittance procedures is required.

All personnel are currently required to prominently display their DoD Building Pass on outer clothing, above the waist, at all times while at the Pentagon.

Upon departing the Pentagon, all identity credentials will be removed and secured.

The lending of a DoD Building Pass or Common Access Card (CAC) to another individual, or alteration of a pass, is in violation of section 499, and may result in prosecution.

Common Access Card (CAC)

CAC cards and building pass are your primary means of identification, access and authorization with regard to controlled access areas within DoD.

Email and identity certificates, as well as personal and administrative data are contained on or accessed via the chip and magnetic strip on your cards.

An individual with malicious intent can do much damage with a misplaced or stolen CAC.

It is up to individual users to protect this asset and prevent unauthorized access to your workspaces, systems and equipment.

Any time you step away from your workstation for ANY reason, remove your CAC from its reader.

Ensure that the terminal is locked and cannot be accessed without proper credentials.

Make a habit of checking your CAC card before you leave your work area.

Always place it in the same location (lanyard, badge holder, etc.) so that it becomes part of your routine.

After you pass the last access control point at your workplace when leaving (e.g. Pentagon/Mark Center Main entrance), place your CAC in a secure, hidden place where it cannot be easily observed by individuals seeking to target DoD employees and contractors.

If your CAC card has been lost or stolen immediately alert the Security Manager/Representative for your area so that your card can be deactivated, hampering the ability of unauthorized personnel to use it to access controlled spaces.

Instructor Notes:

The Pentagon is considered a National Command Center and strict adherence to admittance procedures are required.

All personnel are currently required to notably display their DoD Building Pass on outer clothing, above the waist, at all times while at the Pentagon.

Upon departing the Pentagon, all identity credentials will be removed and secured.

The lending of a DoD Building Pass or Common Access Card (CAC) to another individual, or alteration of a pass, is in violation of section 499, and may result in prosecution.



Common Access Card (CAC) CAC cards and building pass are your primary means of identification, access and

authorization with regard to controlled access areas within DoD.

Email and identity certificates, as well as personal and administrative data are contained on or accessed via the chip and magnetic strip on your cards.

An individual with malicious intent can do much damage with a misplaced or stolen CAC.

It is up to individual users to protect this asset and prevent unauthorized access to your workspaces, systems and equipment.

Any time you step away from your workstation for ANY reason, remove your CAC from its reader.

Ensure that the terminal is locked and cannot be accessed without proper credentials.

Make a habit of checking your CAC card before you leave your work area.

Always place it in the same location (lanyard, badge holder, etc.) so that it becomes part of your routine.

After you pass the last access control point at your workplace when leaving (e.g. Pentagon/Mark Center Main entrance), place your CAC in a secure, hidden place where it cannot be easily observed by individuals seeking to target DoD employees and contractors.

If your CAC card has been lost or stolen immediately alert the Security Manager/Representative for your area so that your card can be deactivated, hampering the ability of unauthorized personnel to use it to access controlled spaces.



Time: 30 minutes


Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Topic: PPD Credentials, Badges and PlacardsEPO #1: Examine how to safe guard personnel information.

Regulation Number 9307, Displaying PFPA Credentials.

PFPA defines credentials as the identification issued by PFPA to authorized personnel. Credentials consist of an employee’s photograph and/or law enforcement badge.

Officers are required to protect and safeguard their credentials.

If credentials are stolen or lost, employees should notify immediately their first-line supervisor and PFPA Command Center (PCC).

While on-duty Officers are required to limit their identification to the following situations:

When requested by a member of the public, law enforcement personnel, or government official in order to positively establish a PFPA employee's identity and status.

When conducting official duties in plain clothes and not otherwise recognized by the general public or surrounding jurisdictions as an authorized PFPA employee.

When operating unmarked government vehicles that are not recognized by the general public or by surrounding jurisdictions.

When traveling on official government orders and authorized to carry government issued weapons.

When off-duty, Officers only display PFPA credentials when:

Another law enforcement officer specifically requests for official identification.

Required by law.

Placards

Security Placards are assigned to all unmarked PFPA and PPD vehicles.

Placards are to be displayed in the driver’s front window, in order for PPD personnel to verify vehicle assignment.

Placards are assigned to each specific vehicle and not a directorate or section.

Placards are not to be switched among other assigned vehicles and will not be removed from the vehicle unless it is being left at an off -site location.

Placards are to be considered a sensitive item and will be safeguarded accordingly to prevent theft or reproduction.

If a Placard is missing, a missing property report will be filed with PPD.

It is up to the directorate to control and account for placards assigned to their vehicles and will report any discrepancies.

Vehicles with missing placards will be denied access to the desired location and incorrect placards will be confiscated.

Remember:

It is every person’s responsibility to maintain security and safeguard government property in their possession.



Slide 16

Slide 17

Instructor Notes:

Introduce lesson, by handing out to student Regulation Number 9307, Displaying PFPA Credentials. Review the purpose and the applicability of this regulation.

PFPA defines credentials as the identification issued by PFPA to authorized personnel. Credentials consist of an employee’s photograph and/or law enforcement badge.

Officers are required to protect and safeguard their credentials.

If credentials are stolen or lost, employees should immediately notify their first-line supervisor and PFPA Command Center (PCC).

While on-duty Officers are required to limit their identification to the following situations: When requested by a member of the public, law enforcement personnel, or

government official in order to positively establish a PFPA employee's identity and status.

When conducting official duties in plain clothes and not otherwise recognized by the general public or surrounding jurisdictions as an authorized PFPA employee.

When operating unmarked government vehicles that are not recognized by the general public or by surrounding jurisdictions.

When traveling on official government orders and authorized to carry government issued weapons.

When off-duty, Officers only display PFPA credentials when: Another law enforcement officer specifically requests for official identification.

Required by law.



Placards Security Placards are assigned to all unmarked PFPA and PPD vehicles.

Placards are to be displayed in the driver’s front window, in order for PPD personnel to verify vehicle assignment.

Placards are assigned to each specific vehicle and not a directorate or section.


Placards are to be considered a sensitive item and will be safeguarded accordingly to prevent theft or reproduction.

If a Placard is missing, a missing property report will be filed with PPD.

It is up to the directorate to control and account for placards assigned to their vehicles and will report any discrepancies.

Vehicles with missing placards will be denied access to the desired location and incorrect placards will be confiscated.

Remember:It is every person’s responsibility to maintain security and safeguard government property in their possession.

Review and SummaryPlay the crossword puzzle topic review activity as a class (slide #16).

Instructions:

Ask the class the following crossword questions, either going across or down. Display the answers on the crossword board by clicking on the colored squares.



Answers:

Transition: Next, we will discuss how to secure personal identifiable information.



Time: 13 minutes

EPO#2: Demonstrate how to manage classified materials.

Slide 18

Slide 19

Slide 20

Topic: Handling Personal Identifiable Information (PII)EPO#2: Demonstrate how to manage classified materials.

Do’s and Don’ts that will assist in making private data more secured from attack or exploitation.

Do’s

Make sure all personnel-related data is marked “For Official Use Only (FOUO)” or “Privacy Data”.

Protect personnel-related data according to the privacy and security safeguarding policies.

Report any unauthorized disclosures of personnel-related data to your supervisor, Program Manager, or Information System Security Manager.

Immediately report any suspected security violations or poor security practices relating to personnel related data.

Lock up all notes, documents, removable media, laptops, and other material containing personnel-related data when not in use and/or under the control of a person with a need to know.

Log off, turn off, or lock your computer whenever you leave your desk to ensure that no personnel-related data is compromised

Protect password and, as appropriate, encrypt all documents containing personnel-related data you send via e-mail. Remember not to include the password in the body of the email containing the attachment.

Don’ts

Leave personnel-related data unattended. Secure it in a locked drawer, locked file cabinet, or similar locking enclosure, or in a room/area where access is controlled and limited to persons with a need to know.

Take personnel-related data home, in either paper or electronic format, without written permission of your supervisors, office chief, or Information Security Systems Manager, as required.

Discuss or entrust personnel-related data to individuals who do not have a need to know.

Discuss personnel-related data on wireless or cordless phones unless absolutely necessary. Unlike landline phones, these phones can be more easily intercepted.

Put personnel-related data in the body of an e-mail. It must be password-protected as an attachment.

Dispose of personnel related data in recycling bins or regular trash unless it has first been shredded.

Instructor Notes:

Protecting government and personal identifiable information (PII), requires attentiveness on our part. Being alert is our first line of defense. Our data and systems reach a high level of vulnerability when government personnel perform with curiosity and carelessness, and do not follow policies. These actions can result in our data and systems to be exposed to malicious software, unauthorized individuals, hackers and foreign governments.

Vigilance on our part will strengthen the security posture of our whole organization, allowing us to better serve our customers, protect ourselves, and support our servicemen and women.



Review Do’s and Don’ts that will assist in making private data more secured from attack or exploitation.

Do’s Make sure all personnel-related data is marked “For Official Use Only (FOUO)” or

“Privacy Data”.

Protect personnel-related data according to the privacy and security safeguarding policies.

Report any unauthorized disclosures of personnel-related data to your supervisor, Program Manager, or Information System Security Manager.

Immediately report any suspected security violations or poor security practices relating to personnel related data.

Lock up all notes, documents, removable media, laptops, and other material containing personnel-related data when not in use and/or under the control of a person with a need to know.

Log off, turn off, or lock your computer whenever you leave your desk to ensure that no personnel-related data is compromised

Protect passwords and, as appropriate, encrypt all documents containing personnel-related data you send via e-mail. Remember not to include the password in the body of the email containing the attachment.

Don’ts Leave personnel-related data unattended. Secure it in a locked drawer, locked file

cabinet, or similar locking enclosure, or in a room/area where access is controlled and limited to persons with a need to know.

Take personnel-related data home, in either paper or electronic format, without written permission of your supervisors, office chief, or Information Security Systems Manager, as required.

Discuss or entrust personnel-related data to individuals who do not have a need to know.

Discuss personnel-related data on wireless or cordless phones unless absolutely necessary. Unlike landline phones, these phones can be more easily intercepted.

Put personnel-related data in the body of an e-mail. It must be password-protected as an attachment.

Dispose of personnel related data in recycling bins or regular trash unless it has first been shredded.



Time: 13 minutes

EPO#2: Demonstrate how to manage classified materials.

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Topic: Handling Classified MaterialsEPO#2: Demonstrate how to manage classified materials.

Regulation Number .0009 explains procedures for handling, safeguarding, hand carrying, destroying, reproducing, and transmitting classified material.

This regulation applies to each individual who possesses or who has knowledge of such information, and how classified information should be protected.

Compliance with the provisions of this regulation is mandatory. Violators are subject to administrative or judicial sanctions, or both.

Handling and Safeguarding Classified Documents

Do not place classified materials in unclassified distribution boxes.

Do not co-mingle classified and unclassified distribution.

Hand Carrying Classified Material

Never hand carry classified material until you receive approval and an appropriate briefing on your responsibilities.

Attach the appropriate classified cover sheet to the document or message.

If transporting a classified document outside of the Pentagon, place the classified material inside another opaque container, such as an envelope or locked briefcase.

Do NOT mark the outer container with classification markings.

Transport the material, by the most direct route, to the designated location for safekeeping.

Do not conduct unofficial business when escorting classified material, especially personal errands.

Stops at public use areas, concessionaires on the Pentagon Concourse, cafeterias, etc., are strictly prohibited!

Do not remove any classified information from the Pentagon without prior written authorization approval.

Maintain the DD Form 2501, Courier Authorization Card.

Any area outside of the confines of the Pentagon to include the Pentagon Village is considered outside of the Pentagon and requires such written approval.

Safeguard the material until it is properly secured.

Destroying Classified Material

Classified material in the National Capital Region (NCR) is destroyed by burning.

Place classified material in a preprinted red and white striped bag. If these bags are unavailable, plain brown bags shall be marked with bold red stripes and used as a substitute.

Label the outside with the highest classification, PFPA Office Symbol, Room Number and Telephone Number.

Seal bags with 1-inch masking tape or fold and staple.

Bags shall not exceed 10 lbs. or three fourths of the bags capacity.

Unattended Classified Materials

If an officer suspects or identifies unattended classified material, notify the IEOC, and then notify a supervisor.



Slide 26

Slide 27

Instructor Notes:

Introduce this topic by briefly discussing Regulation Number.0009, Information Security Program for PFPA.


This regulation applies to each individual who possesses or who has knowledge of such information, and how classified information should be protected.

Compliance with the provisions of this regulation is mandatory. Violators are subject to administrative or judicial sanctions, or both.

Handling and Safeguarding Classified Documents Do not place classified materials in unclassified distribution boxes.

Do not co-mingle classified and unclassified distribution.

Hand Carrying Classified Material Never hand carry classified material until you receive approval and an appropriate

briefing on your responsibilities.

Attach the appropriate classified cover sheet to the document or message.

If transporting a classified document outside of the Pentagon, place the classified material inside another opaque container, such as an envelope or locked briefcase.

Do NOT mark the outer container with classification markings.

Transport the material, by the most direct route, to the designated location for safekeeping.

Do not conduct unofficial business when escorting classified material, especially personal errands.



Stops at public use areas, concessionaires on the Pentagon Concourse, cafeterias, etc., are strictly prohibited!

Do not remove any classified information from the Pentagon without prior written authorization approval.

Maintain the DD Form 2501, Courier Authorization Card. Any area outside of the confines of the Pentagon to include the Pentagon

Village is considered outside of the Pentagon and requires such written approval.

Safeguard the material until it is properly secured.

Destroying Classified Material Classified material in the National Capital Region (NCR) is destroyed by burning.

Place classified material in a preprinted red and white striped bag. If these bags are unavailable, plain brown bags shall be marked with bold red stripes and used as a substitute.

Label the outside with the highest classification, PFPA Office Symbol, Room Number and Telephone Number.

Seal bags with 1-inch masking tape or fold and staple.

Bags shall not exceed 10 lbs. or three fourths of the bags capacity.

Unattended Classified Materials If an officer suspects or identifies unattended classified material, notify the IEOC,

and then notify a supervisor.

Remember Discussion of classified subjects or materials is only allowed in approved and secure

areas.

Discussions of classified subjects in the Pentagon hallways or dining areas, the center court area, the Pentagon Athletic Center, DoD shuttles, cellular phones, or in private vehicles during commutes to and from the Pentagon are strictly prohibited.

Every individual must ensure operations security



Summary and Review:Ask the class the following group discussion questions (located within the PowerPoint slide #26).

Instructions:

Click the “next” or “forward arrow” button after each question to reveal answer.

1. What is our first line of defense when protecting personal identifiable information (PII)?

Answer: Being Alert

2. Make sure all personnel-related data is marked how?

Answer: For Official Use Only (FOUO) or Privacy Data

3. Which regulation explains the procedures for handling, safeguarding, hand carrying, destroying, reproducing, and transmitting classified materials?

Answer: Regulation Number .0009

4. Classified material in the National Capital Region (NCR) is destroyed how?

Answer: Burning

Transition: Next, we will discuss how Officers can safely protect their personal information while off-duty.



Time: 13 minutesEPO #3: Identify how to secure personal information while off-duty.

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Topic: Identify how to secure personal information while off-duty.EPO #3: Identify how to secure personal information while off-duty.

Things You Should NOT Share on Social Networking Sites

Names and photos of you, your family and co-workers.

Usernames, passwords, network details.

Job title, location, salary, clearances.

Physical security and logistics.

Mission capabilities and limitations.

Schedules and travel itineraries.

Social security number, credit cards, banking information.

Hobbies, likes, dislikes, etc.

Do’s

Remember Computer Security.

An adversary won’t waste time on the “human factor” if they can go after the computer system directly.

Hacking Theft Planted code

Before posting data to social networks, ask yourself:

Who owns the company? Who are their partners? Where are they hosted? Who has access to the data?

Modify your search profile.

Search profile: the data about you that is visible when someone is searching for “friends”

Check for publicly visible information about yourself, even if profile isn’t: Name Photo List of networks and groups List of friends Age/ Sex/ Location

Be especially cautious about dating sites.

Verify supposed “real” friends.

Watch your friends.

You didn’t post sensitive pictures of you and your kids, but your brother, wife, mother, or friend did.

Treat links and files carefully.

Question the usefulness of you owning a social networking account. Ask yourself the following questions:

Do you really have a purpose for using an social networking site, or do you use it “just because”?

Are you very careful with the data and understand data aggregation issues?

Are you willing to find and learn all the security controls and keep up with them as they change?

Don’ts

Don’t discuss work.



Instructor Notes:

Introduce this lesson by playing the video that is in the PowerPoint slide.

Off- duty Officers need to be extremely careful and protect their personal information. Especially, when communicating online using social networks. From the video, you can better rationalize how adversaries use social media to obtain as much information as possible from users (specifically, individuals who work for US government agencies).

Things You Should NOT Share on Social Networking Sites Names and photos of you, your family and co-workers.

Usernames, passwords, network details.

Job title, location, salary, clearances.

Physical security and logistics.

Mission capabilities and limitations.

Schedules and travel itineraries.

Social security number, credit cards, banking information.

Hobbies, likes, dislikes, etc.

Do’s Remember Computer Security.

An adversary won’t waste time on the “human factor” if they can go after the computer system directly.

Hacking Theft Planted code

Before posting data to social networks, ask yourself:

Who owns the company? Who are their partners? Where are they hosted? Who has access to the data?

Modify your search profile.

Search profile: the data about you that is visible when someone is searching for “friends”

Check for publicly visible information about yourself, even if profile isn’t: Name Photo List of networks and groups List of friends



Age/ Sex/ Location Be especially cautious about dating sites.

Verify supposed “real” friends.

Watch your friends.

You didn’t post sensitive pictures of you and your kids, but your brother, wife, mother, or friend did.

Treat links and files carefully.

Question the usefulness of you owing a social networking account. Ask yourself the following questions:

Do you really have a purpose for using an social networking site, or do you use it “just because”?

Are you very careful with the data and understand data aggregation issues? Are you willing to find and learn all the security controls and keep up with

them as they change?Don’ts Don’t discuss work.

Don’t use the same passwords.

Don’t give away passwords.

Don’t use unsecured logon at public hotspots.

Most social networking sites do NOT have a secure login capability. Don’t depend on the social networking sites for security.

Don’t trust Add-Ons.

Plugins, Games, Applications The social networking site did not make the application, someone else did. Do

you know who? What their motives are? What they put in the code? Don’t be too generous with permissions.

Create groups (such as “poker club”, “co-workers”, “family”) --organize friends based on the access you want them to have.

Set permissions for: your status, photos, postings etc. Don’t post personal information.

Don’t post what the public can’t know.

No matter what, things you post might spread. If you’re not comfortable with it being public knowledge, don’t post it.

Play social networking video, which is embedded within the PowerPoint slide.



Hand out to students the social networking Smartcard information (Facebook, Google+, LinkedIn, and Twitter). This information is for students’ personal records, and instructs them on how to make their individual social networking sites secure.



Summary and ReviewHave students fill out the matching activity within their student handout entitled: Do’s and Don’ts of Social Networking. Once students have completed the activity, review and discuss as a class.

Instruction:Label each of the social networking action as a Do or Don’t.

1. ___Do___ Be cautious about dating sites.

2. ___Do___ Watch your friends.

3. __Don’t__ Use unsecured logons at public hotspots.

4. __Don’t__ Discuss work.

5. __Don’t__ Trust Add-Ons.

7. Don’t Use the same passwords.

8. __Don’t__ Depend on the social networking sites for security.

9. ___Do___ Check for publicly visible information about yourself.

10. __Do___ Modify your search profile.

6. ___Do___ Treat links and files carefully.

Transition:Let’s review the key points we have discussed within this lesson.



Time: 4 minutes

Slide 33

Slide 34

Topic: Lesson ReviewKeep In Mind:

CAC cards and building pass are your primary means of identification, access and authorization with regard to controlled access areas within DoD. Make a habit of checking your CAC card before you leave your work area.

Credentials consist of an employee’s photograph and/or law enforcement badge.



Remember the Do’s and Don’ts in making private data more secured from attack or exploitation


Off- duty Officers need to be extremely careful and protect their personal information. Especially, when communicating online using social networks.

Instructor Notes:

Keep In Mind: CAC cards and building pass are your primary means of identification, access and

authorization with regard to controlled access areas within DoD. Make a habit of checking your CAC card before you leave your work area.

Credentials consist of an employee’s photograph and/or law enforcement badge.



Remember the Do’s and Don’ts in making private data more secured from attack or exploitation.


Off- duty Officers need to be extremely careful and protect their personal information. Especially, when communicating online using social networks.
