sample only order at security awareness training a threat awareness briefing. a defensive security...
TRANSCRIPT
Sample
only
Order
at
www.redbik
epublis
hing.c
omSecurity Awareness Training
• A threat awareness briefing.• A defensive security briefing.• An overview of the security
classification system.• Employee reporting obligations and
requirements.• Security procedures and duties
applicable to the employee's job.
Sample
only
Order
at
www.redbik
epublis
hing.c
omReport to DISCO
• Employees who do not want to perform on classified work
• Refusal to sign SF 312
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-207 Hotlines
• Hotlines are available. However, recommend that company officers have chance to handle situation
• Not to take place of investigations
• May be used to tip off
Defense HotlineThe PentagonWashington, DC 20301-1900(800) 424-9098
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-3 Reporting
• Events that impact:– FCL– PCL– Protection of classified information– Loss or compromise
• Contractors cleared employees on reporting channels with:– Federal agencies– FBI– CSA
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-3 Reporting (To FBI)
• Reports to FBI– Espionage– Sabotage– Terrorism– Subversive activities– Submit copy of written report to CSA
Sample
only
Order
at
www.redbik
epublis
hing.c
omHow to Report
• Report to the FBI
• Follow up with written report
• Send copy to IS Rep with FBI approval
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-3 Reporting (To CSA)
• Reports to CSA– Adverse information– Suspicious contacts– Change in cleared employee status– Naturalization– Not desiring to work on classified contract
Sample
only
Order
at
www.redbik
epublis
hing.c
omDISCO
• Adverse Information• Changes in Cleared Employee Status• Citizenship by Naturalization• Employees Desiring Not to Perform on
Classified Work• Standard Form (SF) 312
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-3 Reporting (to CSA)
• Reports to CSA– SF 312– Changes affecting FCL– Changes in storage capability– Inability to protect classified– Security equipment vulnerabilities– Unauthorized receipt of classified– Compromise information– Disposition of classified information– Foreign classified contracts
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-3 Reporting (to CSA)
• Reports to CSA– Refusal to sign SF 312– Changes affecting FCL– Changes in storage capability– Inability to protect classified– Security equipment vulnerabilities– Unauthorized receipt of classified– Compromise information– Disposition of classified information– Foreign classified contracts
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-303 Loss, Compromise or Suspected Compromise
Sample
only
Order
at
www.redbik
epublis
hing.c
om1-303 Loss, Compromise or Suspected Compromise
Discover circumstances surrounding the reported loss, compromise or suspected compromise.
www.ispcert.com
Threat Awareness Briefing
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Why Our Information
Employee Responsibilities
Threat Awareness and Defensive Information
Methods of Contact
Countermeasures
Test
CONTENTS
www.ispcert.com
Why go through process of Research and Development
Let someone else pay for R&D
Possible military application
WHY OUR TECHNOLOGY?
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Protect Proprietary, For Official Use Only and Sensitive Information
This information includes:Vendor pricespersonnel ratings medical recordscorporate financial investments and resourcestrade secret informationcorporate/government relationscorporate security vulnerabilitiesfinancial forecasts and budget information
EMPLOYEE RESPONSIBILITY
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Company Computer Security Safeguards Use computers for authorized business Establish and protect passwords Visit only authorized websites Use caution when downloading attachments Save all work Use classified systems for classified processing
EMPLOYEE RESPONSIBILITY
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
The following may indicate that you could be targeted: Your access to active intelligence interest Overseas locations where foreign intelligence operates Located in the U.S. where foreign nationals can gain access to you Ethnic, racial, or religious background that may attract the attention
of a foreign intelligence operative
EMPLOYEE RESPONSIBILITY
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Foreign Threat Economic – theft of technology and commerce Classified information-solicitation for unauthorized
disclosure Intelligence-collection efforts
Conduct Risk Analysis Who is targeting What do they want How do they get it
THREAT AWARENESS AND DEFENSE
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Collection effortsElicitationEavesdroppingSurveillanceTheft Interception
THREAT AWARENESS AND DEFENSE
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Suspicious Activities
Requests for information outside of need to know
Unauthorized reproduction of materials
Unauthorized removal/destruction of materials
Unexplained affluence
Regular, unexplained foreign travel
Maintains long hours in spite of job dissatisfaction
Employees are required to report efforts by any individual to obtain illegal or unauthorized access to classified or sensitive information— This include proprietary information
INSIDER THREAT
Robert Philip Hanssen
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Fax Snail Mail E-mail Telephone Personal Contact
May seem innocent enough, but…. Legitimate business requests will come through appropriate channels
Personal Contact: Asks about project specifics, whether or not classified or proprietary details
Email address originated in a foreign country
METHODS OF CONTACT
Sample
only
Order
at
www.redbik
epublis
hing.c
om
www.ispcert.com
Remain non-committal if approached Report all suspicious activities to FSO Practice smart information systems security Escort visitors Pay attention to surroundings Secure building at the end of the day
COUNTERMEASURES