AJ's Consulting

* Industrial Security * Marketing * Training *

Industrial Security & You
 Securing Management Support
 
April 2009 
Greetings! 
 
This month might be a good month to use a poster like the one below to encourage folks to report suspicious contacts, possible espionage, or those who are not qualified to protect classified information or material.
 
April Fool
 
Those who report suspicious activities and individuals assist the gathering of key information such as trends in information/materials sought, ways of obtaining or requesting such information or materials as well as positioning themselves for authorized payments. 
 
What authorized payments?  The United States government has authorized payments up to $500,000 for information leading to the arrest and/or conviction of spies and terrorists.  What better way to sell security to your staff? 
 
Other ways to sell security to your staff require that you secure management support for security -- then the support flows down.  This month's newsletter is about securing management's support for your security program.
 
Enjoy,
 I just wanted to let you know how much I appreciate the help you always give when I call with questions or the need for advice.  You are a fabulous resource.
Diane Gallatin
Manchaca, TX
Our Focus This Month
Associate with the Prime Directive
Securing Management Support
ISP Certification, The Next Step
Updates & Reminders
One on One training is the bomb!!!  Labtime was very informative and All questions plus ones that I was thinking of were answered clearly.  Really enjoyed the whole process.
Linda Wilson
San Antonio, TX 
Associate with the Prime Directive
Concepts 
 All companies and military stations have a prime directive or mission statement.  Do you know your company's?  If not, why not?  If so, how does your security program fit with the overall mission?
 
Does management see security as part of the mission or as an obstacle to be overcome?  Do the staff see security as part of the mission or as an obstacle? 
 
Unsure?  Ask for feedback -- from both management and staff.  Use a survey form or ask key individuals how they see security.  If using a survey, make it short and sweet, but leave room for extra comments.  Include answers they can choose from as well as an option for more detailed answers.
 
Include questions similar to:
  • Is security a vital part of your contract deliverable?
  • How is your relationship with security?
  • How can security improve?
  • What topics or questions would you like security to cover in the next briefing?

If you are in the process of setting policies or revising policies for the security department, then this would be a good time to consider including a mission statement that associates security with the prime directive of your company or unit.

Use the survey feedback plus the security department's mission statement to indicate to both management and staff that security is part of the team and part of the effort to reach the common goal.
 
This is just one of the ideas discussed in the FSO & SSO Personnel Security Administration training course.  Register Now for the May 8th session or contact me for On-Demand FSO Surrogate support.
She's fabulous!  I'm so thankful to have had this [JPAS] training.  I would highly recommend her to anyone.
Jennifer Schulmeier
 San Antonio, TX
Securing Management Support
 
PlannerAn open door and free candy (usually chocolate) can convince staff to drop by your office to chat -- or just to grab a handful.  Either way, it is one way to establish the perception of availability.  Being seen as available and flexible enough to assist project managers to effectively complete their contracted tasks is a sure way to gain and/or maintain management support.
 
Do you have management's support?  Can you document and prove to your Industrial Security Representative that you have management's support?  This is one of many areas that your Industrial Security Representative will touch on in their annual security review.  Perceived lack of management support for security can lead to a harsher evaluation of your security program. 
 
Your security department's mission should be seen as part of the overall company's or unit's mission statement.  Then you can easily state that XYZ company does two things well: 1) their primary mission, and 2) protect national security.
 
Documenting management's support of your security department is the topic of another article (maybe next month's), but if you need some ideas before then feel free to call me (512-650-4819 or send me an email at ajsconsulting@earthlink.net) for a list of ideas.
 
If you are unsure of management's support or you are attempting to bolster security's relevance, credibility, and importance to management and staff, check out the following suggestions:
  • Have the same vision for security as management
    • document top priorities (no more than 10)
    • set up standard operating procedures
  • Document your requests for information or the importance of briefings by citing the NISPOM regulation and/or the contractual basis;
    • document all secularity waivers received whether written or oral
    • document security review ratings
  • Always dig for the end result wanted when management or staff bring a request to you;
    • sometimes a request is worded such that your first impulse is to say no
    • you want to find a way to say yes -- even if that means the process to get there is different than originally requested
  • Network with management and key personnel in: (learn to play office politics if necessary)
    • Human Resources
    • Contracts
    • Legal
    • Project Managers
  • Be aware of your company's or unit's culture and incorporate security into it as appropriate
  • Take your career seriously
    • continue your training -- even if on your own  dime and time
    • post your certificates of training (both security and non-security)
    • if you are not passionate about security, why should anyone else be?
    • network with colleagues
  • Become a visible and familiar sight other than when something has gone wrong or it is time for the annual security briefing (this will keep you in the loop of what is going on);
  • Read the RFPs, contracts, and DD-254s for specific security requirements or tasks
    • can result in additional security costs (that may or may not be billable)
    • you will then be prepared instead of blind-sided by requirements
  • Develop policies with feedback from management and key personnel; and
    • consider amending current policies to incorporate security
    • determine if policy is required
    • obtain top-down support
  • Become more visitable and accessible to management and staff.

Did I leave out any suggestions that worked for you?  Please share your success stories on obtaining management support by sending them to ajsconsulting@earthlink.net.  I'll tabulate them and include them in another article.

 Tailored the training to the areas I needed and provided me with updated information.  Awesome continuity book!  Thanks for the class.
Erin O'Connor
 Peterson AFB, CO
ISP Certification, The Next Step
by Jeffrey W. Bennett, ISP, MBA
 
Have you taken the next step to being competitive in the security and intelligence arena?  If not, this article will provide information and tips based on a proven method of studying for and passing the exam.
 
Why earn a security certification?  There are several reasons to achieve certification.  One of which allows security managers to take advantage of opportunities offered in the recent Presidential Executive Order: National Security Professional Development.  The Executive order states: "In order to enhance the national security of the United states...it is the policy of the United States to promote the education, training, and experience of current and future professionals in national security positions (security professionals)...."
 
The National Strategy identified in the Executive Order provides a plan to give security professionals access to education, training to increase their professional experience in efforts to increase their skill level and ability to protect our nation's secrets.
 
The ISP Certification is sponsored by NCMS (Society for Industrial Security) a professional organization specializing in protecting classified information.  The ISP holder demonstrates a high level of knowledge in this area.  The certification is based on the National Industrial Security Program Operating Manual (NISPOM), but also covers electives such as COMSEC, OPSEC, and other topics.
 
The NISPOM may not be familiar to you, but the security functions identified within are.  The NISPOM is the government contractor's guidance from DoD on how to receive, process, and distribute classified information.  It covers how to mark, document, store, disseminate, and destroy classified as well as how to set up classified computing.  If you have worked with contractors, or plan to work with contractors, you should be familiar with the NISPOM.  Chances are that you are already familiar with the processes from your military and government experiences.
 
This professional certification communicates to supervisors, the promotion board, and others that an individual is committed to the business, the industry, and the protection of national interests.  It equips the security manager with the knowledge and skills to perform critical tasks as well as relate well to both civilian and military (or government agency) counterpart requirements.  Most of all, it gives the bearer confidence in his ability to apply his knowledge.  As this certification program evolves, more and more employers will require the certification.
 
the ISP Certification Exam is an open book online test consisting of 110 multiple choice questions, and takes up to 120 minutes.  There is a clock that keeps track of the time and the test times out automatically.  You can download the NISPOM to your desktop and use it to help search the test questions.
 
What can you do to increase your experience and skills?  Professional certification is a great move for security managers.  Whether or not you make the military a career, you will find this certification is a career enhancer.  With the advent of the new Executive Order, certifications may become requirements in the civilian sector and perhaps even in government security positions.  Also, consider joining a professional security organization.
 
Future newsletters will include sample ISP Certification questions from Jeffrey W. Bennett, ISP, MBA.
 Training was great.  The reference book provided has been a lifesaver.
Joseph Cole
Pepperell, MA
Thank you for reading my newsletter.  If you know of someone who could benefit from the information shared, please pass it on.  If you know of someone who could use my expertise please tell them about me and pass their contact information to me at ajsconsulting@earthlink.net so I may assist them.
 
What I do best is assist you with solutions to difficult industrial security challenges.  How may I assist you today?
 
Sincerely,
 

Ann J. Martick, ISP
AJ's Consulting
 
 redtape
What I Do Best
Consulting
AJ's Consulting
18+ years experience in the Industrial Security arena.
  • On-Demand JPAS & e-QIP Support
  • On-Demand FSO Surrogate Support
  • Industrial Security Training
    • JPAS & e-QIP Immersion
    • JPAS & e-QIP Proficiency & Troubleshooting
    • FSO/SSO Personnel Security Administration
    • Webinars
      • Got JPAS Access - Now What?
      • NISPOM Compliance - Reporting Responsibilites
    • Customized Briefing Packages
  • Marketing
    • Internal Newsletters
    • External Newsletters

Call: (512) 650-4819 or email ajsconsulting@earthlink.net for a solution to your industrial security challenges.

Quick Links
Join Our Mailing List
Security Resources
Networking Opportunities 
Remember it is always who you know...
 
Brown Bag  
Austin FSO Brown Bag
April 22, 2009
11:30-1:30 PM
 *New Location*
Visit Authorization Letters Requested
 Topic: Q & A from JPAS Train the Trainers
Ed Fitzgerald &
Ann Martick 
For more information
Contact: Mary Marsden
Questions
AIARG* Brown Bag
 May 19, 2009
10:30 AM Sharp
UT:ARL
 10000 Burnet Road
 Austin, TX
For more information
Contact:  
*Austin Information Awareness Resource Group
Join Our Mailing List
Consulting
 
Looking For Local or Onsite Training?

March hat

  • Part-Time FSO
  • On-Demand FSO Support
  • On-Demand JPAS & e-QIP Support

Contact me: ajsconsulting@earthlink.net or (512) 650-4819

The [JPAS] class was outstanding - I really enjoyed the hands-on approach to the class.  I would highly recommend this class and the instructor. 
Kevin Cloud
Austin, TX
Updates & Reminders 

DSS Website Updates:

  • (4/6/09) DSS PSI Survey: This survey assists DSS in forming budgets for future year investigation needs.  Remember the deadline for this survey is 04/28/09.
  • (4/2/09) Attention System Access Requests (SAR) Applicants: The DoD Security Services (Call) Center has consolidated its JPAS/ISFD/DCII applications System Access Request (SAR) processing operations at a single site (Columbus, OH). Please submit all applicable JPAS/ISFD/DCII SARs and JPAS/ISFD/DCII SAR-related correspondence via fax number (614) 827-1544, e-mail address account.request@dss.mil, or mailing address: Defense Security Service, Attn: Customer Service, 2780 Airport Drive, Ste 400, Columbus, OH, 43219-2268. FYI, we have revised the downloadable SAR form (dated April 1, 2009) to align with this change. Please also refer to JPAS, ISFD and DCII Frequently Asked Questions on other pages of this web site for additional SAR submission procedures pertaining to the respective applications.  Download the SAR here.
  • (3/30/09) Error Message Regarding the Server Certificate:
    If you are receiving an error message regarding the server certificate when you try to open the DSS.mil webpage, it is because your version of Internet Explorer is not configured with the DoD certificates. Read more.