AJ's Consulting

* Industrial Security * Marketing * Training *

Industrial Security & You
WIIFM, Weak Links, & JPAS 
October 2008
Greetings!
 The best leader does not ask people to serve him, but the common end.  The best leader has not followers, but men and women working with him.  Mary Parker Follett
Networking is a major part of security's role.  How else are you to stay abreast of the changes and current activities whether it be of the staff individually or of the company as a whole.  How else are you to find out the hidden need behind the spoken wish -- sometimes it is difficult to identify and/or state what the actual need is versus what is being asked.  Can you find a way to say yes while still fulfilling your role in enforcing national security protective measures?
 
How can you best express the benefits to the employee, consultant, or manager?  Become familiar with those you work with, peers at other facilities, your security representatives and you find the "win-win" solutions.
 
Enjoy Leading! 
 I just wanted to let you know how much I appreciate the help you always give when I call with questions or the need for advice.  You are a fabulous resource.
Diane Gallatin
Integrated Security Solutions
Our Focus This Month
Mixed Generations & WIFM
Are You the Weakest Link?
JPAS Q & A
Thank you...for the training, the information was timely as well as presented in an easy to understand professional manner.  I enjoyed the pace as well as the instructor's styles and the one-on-one assistance that was given to all the trainees.
 Nick Meyer
CTI Contracts Manager and AFSO
Mixed Generations & WIIFM
Maslow
 When you provide a security briefing to management or to the rest of your company's employees, remember two (2) items: WIIFM or What's in it for me? and What is the generation makeup of my audience?

Determining WIIFM is difficult unless you first understand your target market or audience. What interests your audience? What motivates your audience? Where are they in terms of Maslow's Hierarchy of Needs?

Maslow's Hierarchy of Needs published in Motivation and Personality (1943) by American psychologist Abraham H. Maslow, is one of many frameworks for understanding the strength of common needs or where an individual may be coming from. 
 
Part of where an individual is coming from can be determined by his or her generation.  Today's workforce can be segregated into three (3) main stereotypes (Security and the Generational Divide, CSOOnline):
  1. Baby Boomers: born between 1946 and 1965
  2. Gen Xers: born between 1965 and 1980
  3. Gen Yers (aka Millennials): born after 1980

Does your staff have a mixture of the above or is is it more one generation than mixed?  How do the different generations interact with each other?  They obviously learn differently and apply their knowledge differently.  How does this affect your training methods?  How do your policies reflect the various means your staff can apply national security protections and still effectively and efficiently produce a product or service for the client?

Answering the above questions allows you to focus your training and networking so that you market security as a must have. You are able to persuade them that it is in their best interest to incorporate security and you have a "win-win" situation.

An excellent method of building consensus and buy-in is networking with both staff and management. The Hawthorne Effect experiments indicated networking and inclusion in the goal setting increase both productivity and motivation to reach company goal(s). Remember we are social creatures and the office is one of our social environments.

If security is a priority of management, that positively multiplies your needs-based marketing to the rest of the staff. One lecturer at the 2005 September's TRISC Conference stated that his whole company is the security team. With the assistance of management, he had made it a feature of his company that all employees were aware and deeply involved with security.
 
Remember your training is required to include a defensive briefing (how to recognize elicitation or that I'm the target); a security awareness briefing (collection techniques, espionage, and OPSEC training); an overview of the classification system (Confidential, Secret, Top Secret and handling caveats); employee reporting responsibilities (and how they relate to the 13 adjudicative guidelines); and facility or contract specific security policies and duties.
 
There are several free resources: NCMS Member Resources, IOSS, Extranet for Security Professionals, seminars, and local NCMS meetings or brown bags. 
 
Of course, if you are looking for a short cut, purchase a customized annual security briefing like AJ's Consulting's To Be Aware -- a $100 value currently priced at $75.
 Very well organized training material.  Instructor, knowledge and training techniques were the best I've experienced.  I thoroughly appreciate the small class size that allowed personalized training and allowed extra time for specific questions and exercises.
Gail Madriaga
Honolulu, HI
Are You the Weakest Link? 
by John Hille, ISP 

When thinking about your annual security refresher training for employees remember:  

NISPOM (3-107) Security Training and Briefings. 

 Two objectives:

  1. Comply with the NISPOM and 
  2. Employee awareness/education of security issues. 

Feel free to modify the contents to fit your facility operations.  Remember to keep records of the training and education you provide your employees.

          Weak_link *******************************************
 
Most have heard the expression, "A chain is only as strong as its weakest link".  This has been applied to any process that will fail if some step in that process goes wrong.
 
 Example: the least dependable member of a group, as in "The shipping department, slow in getting out orders, is our weak link in customer service."  No department or employee wants to be categorized as that 'weak link'.  And again; the longer the chain (company growth) the greater possibility of increasingly weak links.  So, how to be the STRONG link?  Mechanically speaking, you would reinforce the weak area.  
 
Let's do just that:
 
Passwords:
Do not use 'cute or chump' passwords like your favorite sports team, or your birth date, all numbers (2468), or all letters (xxxxx). Do not share you password with anyone, because then, they could pretend to be you and there goes all accountability. Change your password on a regular basis, at least every 90 to 120 days.
 
Unattended computers:
When you leave your desk, log off or lock you computer's desktop access and/or have a screen saver password. This helps prevent unauthorized persons accessing your computer system.
 
Documents and backup media:
When you printout sensitive documents on a company shared or network printer, don't leave it there, go and pick it up as soon as you send the print job. Sensitive documents seem to just disappear and people don't think about it, they just go back and print another set  Really?  How much walks out the door to our competition? 

Backup documents on thumb or flash drives (new version of the old floppy) being left unattended or unsecured is just as dangerous.  They just disappear, and so might your job.
 
Laptops:
80% of our company's daily operations are conducted on laptop computers, mobile, easily lost or stolen.
Your sensitive data should be encrypted and the physical system secured with a locking cable, so someone doesn't just walk away with it. If necessary, contact your supervisor or IT Staff about these issues.
 
Our IT staff has done excellent in system level security; definitely not the weakest link. Our corporate infrastructure however is only as strong as our weakest end user; let's strengthen each other's skill-set and keep the whole chain of command as strong as our American Heritage. 
 Training was on target and met our needs.  [We] learned the info required to perform our jobs as FSO.
Timothy Pullen
San Antonio, TX
JPAS Q & A
Please feel free to email your questions or tips and techniques to [email protected].
 
Q. Who can reset JPAS passwords and logins?

A. Either the JPAS Help Desk (888-282-7682) or any JPAS Account Manager at your User Level or above can reset your JPAS password and/or login. 

   * Remember that JPAS Account Managers must be employees (full-time or part-time) of the facility for which they obtain a JPAS account --  per the Procedures Governing Use of JPAS by Cleared Contractors.
 
Q. How can a consultant provide JPAS surrogate or virtual office support for my facility?
 
A. First the consultant must fill out a System Access Request (SAR) form and submit it to the facility's FSO or JPAS Account Manager.  Next, the consultant is only able to provide JPAS surrogate or virtual office support for a facility at the User Level -- per the Procedures Governing Use of JPAS by Cleared Contractors.
 
Depending upon the User Level assigned by the FSO or JPAS Account Manager, the consultant is able to perform any and all duties of a regular user based upon privileges assigned by the Account Manager such as Initiate PSI (initiating investigations) and/or Review PSQ (review submitted e-QIP). 
Great facilities and instructor.  Ann really was helpful and made the system easy to use.  Very organized.
Kenneth Browning
Round Rock, TX
Thank you for reading my newsletter.  If you know of someone who could benefit from the information shared, please pass it on.  If you have a topic suggestion, or a how-to-question, please submit it to [email protected].
 
What I do best is assist you with solutions to difficult industrial security challenges.  How may I assist you today?
 
Sincerely,
 

Ann J. Martick, ISP
AJ's Consulting
 
P.S.  Would you like a one page handout of 20 Responsibilities of the Cleared Individual or a two page Table of Security Acronyms?  If so, please send an email to [email protected] specifing which you would like and letting me know what obvious typographical error was most visible in September's newsletter?
What I Do Best
Consulting
AJ's Consulting
17+ years experience in the Industrial Security arena.
  • On-Demand JPAS & e-QIP Support
  • On-Demand FSO Surrogate Support
  • Industrial Security Training
  • Marketing
    • Internal Newsletters
    • External Newsletters

Call: (512) 650-4819 or email [email protected] for a solution to your industrial security challenges.

Quick Links
Join Our Mailing List
Security Resources
Networking Opportunities 
Remember it is always who you know...
NCMS LoneStar Chapter
October 8, 2008
11:45-1:00 PM
NetQos 
 5001 Plaza on the Lake
Austin, TX 78746
R.S.V.P.
 to Ed Fitzgerald
Lunch: $15.00
Cash or check only 
NCMS Alamo Chapter
 October 9, 2008
11:45-1:00 PM
Dave & Busters
San Antonio, TX 
 
Brown Bag  
Austin FSO Brown Bag
Thursday, October 16, 2008
11:00-12:30 PM
1205 Sam Bass Road
Round Rock, TX 
Topic: TBD
For more information
contact: Bob Morgan
Brown Bag
 
 San Antonio FSO
Brown Bag
  November 12, 2008
 11:00-1:00 p.m
 TBD
San Antonio, TX 78232
Topic: TBD
RSVP to Shannon Alvarado
Join Our Mailing List

NISPOM Compliance Reporting Responsibilities 

Questions
 
Register now for the
Wednesday,
11:00-11:45 CTZ
or
  Wednesday,
11:00-11:45 CTZ
 or
 Wednesday,
11:00-11:45 CTZ
45-minute NISPOM Compliance Webinar!
Got JPAS Access Now What?
 
Questions 
 
 Register Now
 for the:
 Wednesday,
11:00-11:45 CTZ
or
Wednesday,
11:00-11:45 CTZ
45-minute JPAS Webinar!
 
Update your subscriber profile to indicate an interest in webinars to receive future invitations.