AJ's Consulting

* Industrial Security * Marketing * Training *

Industrial Security & You
Social Networking Sites & FSO Responsibilities
 
July 2009 
Greetings! 
 
Networking is important for many reasons.  Networking assists in finding subject matter experts (SMEs), assists in keeping up with the latest tip, technique, or policy coming down the pike, assists in improving your security program, and assists in finding that next step on your career ladder.  Networking has its pluses, but networking can also be dangerous to both you personally and to your organization.
 
Are you aware of the different types of networking, which types are favored by your organization's staff, and the dangers?  Does your security training keep staff up-to-date and aware?  Networking is changing -- are you ready to both use the advantages and to protect against the dangers?
 
This month's issue will delve into some of the advantages and some of the dangers of social networking and how they relate to our responsibilities as FSOs and/or SSOs.
 
Enjoy,
Your newsletters are always great, and I just wanted you to know that I thoroughly enjoyed this past one!  Thank you for putting together such helpful information!
Debra Hula
West Lafayette, IN
Our Focus This Month
Social Networking Sites & You
Networking & Training Opportunities
What is Your Role as Security?
Updates & Reminders
 Ann Martick is an Industrial Security ace. Her professional credibility comes from her depth of experience and thorough knowledge of Industrial Security policies and procedures. Her expertise does not detract from her customer focus; this makes her an exceptionally effective consultant.
J. Graham King, CPP, PSP
Stationed in Iraq
Social Networking Sites & You
 Unsend
 
Are you aware of the multitude of social networking sites that you and your staff can access?  Have you actually signed up and used these sites on a regular basis?  Does your organization promote the use of these networking sites or forbid access to them during the work day?  Would you know if intellectual property and/or classified were being distributed via home or office access?
 
How many social networking sites can you name without doing a search?  Twitter, Facebook, MySpace, Reunion.com, Friendster, Classmates.com, Plaxo, MyLot, Angie's List, Craig's List, and Linkedin are the ones that I am most familiar with.  How about a couple of more selective networking sites -- Extranet for Security Professionals and Infragard?
 
Regardless of whether the social networking site is very selective or very open with it's membership, are you or your staff taking precautions?  Are you using the provided privacy options and being very careful with what you share or could you experience a faux pax moment like Britain's new MI6 Chief and family?
 
Are there members of your staff who "tweet" every activity they are doing or consider doing?  Do they know who may have decided to follow them?  There are spam attacks happening on Twitter where a member receives a tweet stating so-in-so is following you, would you like to follow him/her?  And the shortened URL provided leads to an adult website -- not the person's Twitter profile.  In fact Twitter's management has their own security issues-- possible opening for a security professional here.
 
Additional articles you may be interested in --

Interested in learning more? 

Have you a copy of the Killing with Keyboards video?  How long has it been since your staff viewed it?  Contact me and request a copy -- it is eye-opening.

Or purchase a customized NISPOM compliant briefing for your organization featuring this and one other specialty topic.

She's fabulous!  I'm so thankful to have had this [JPAS] training.  I would highly recommend her to anyone.
Jennifer Schulmeier
 San Antonio, TX
Networking & Training Opportunities
 
ConceptsWork hard, but work smart. Part of an industrial security professional's responsibilities include maintaining and increasing contacts (networking) both within and without the facility, continuing to increase one's knowledge base with training (sometimes in one's field and sometimes outside of one's specialty), and also to keep abreast of ongoing changes which affect how industrial security is applied and how it correspondingly affects a facility's livelihood. With so many training opportunities available and so many with overlapping dates, how does one select which opportunities to request budget dollars for?
Selection methods include comparing:
  • Required or Strongly Suggested Training
    • FSO Management Training*
    • Chapter 8 NISPOM Training*
    • Personally Identifiable Information (PII)
    • JPAS Training
  • Location of Training (or cost of travel)
  • Return on Investment (will training result in more efficient or cost-effective application of requirements?)
  • Application of Training to current or upcoming requirements
  • Cost of Training or Seminar and
    • ASIS Seminar ~$800.00 plus travel and lodging (4 days)
    • JSAC Seminar ~$75.00 plus travel and lodging (2 days)
    • NCMS Seminar ~$600.00 plus travel and lodging (3 days)
    • OPSEC Conference(East or West) Free plus travel and lodging (3 days)
    • NCMS Alamo & Lone Star Chapters' Seminar -- TBD (October?)
  • Time Out of Office
Once your selection has been made and your budget finalized, then networking with local peers can supplement with information from seminars you were not able to attend. In Central Texas, we have several opportunities for such networking: The Austin (CT-GA2SP) & San Antonio FSO Brown Bags, the Austin ISSM (AAIRG) Brown Bag, the Alamo Chapter and the Lone Star Chapter meetings (every even month). Attendance to one or more of these local groups can leverage the training and information received and all work both hard and smart.
 
* NISPOM § 1-201: The contractor shall appoint a U.S. Citizen employee, who is cleared as part of the facility clearance (FCL) to be the FSO.  The FSO will supervise and direct security measures necessary for implementing applicable requirements of this Manual and related Federal requirements for classified information.  The FSO, or those otherwise performing security duties, shall complete security training as specified in Chapter 3 and as deemed appropriate by the CSA
 Tailored the training to the areas I needed and provided me with updated Information.  Awesome continuity book!  Thanks for the great class!
Erin O'Connor
Peterson AFB, CO
What is Your Role as Security?
Questions
 
The role of the corporate security professional is a protective role: the protection of people, information, and physical assets that belong to or are a part of any corporation. It is more than just a checklist of duties to be performed and responsibilities to be met. It is a commitment to a corporation's management and employees to provide a safe and secure work environment.
 
A safe and secure work environment reduces the chances of disruption to the business. (Kovachich & Halibozek's The Manager's Handbook for Corporate Security: Establishing and Managing A Successful Assets Protection Program.)

The NISPOM (February 2006) states that the FSO is an appointed contractor employee responsible for supervising and directing security measures for implementing the NISPOM and related Federal requirements for the protection of classified information.

Your role may be either the corporate description, the NISPOM definition, or somewhere in-between. Does your job description indicate which? Do you know what management feels is the top 3 priorities of your position? The top 10?
 
Too often the FSO or SSO have multiple roles in an organization and must learn to prioritize what is most important and when it is due. Sometimes we need the list of top 3 (or 10) priorities to enable us to work efficiently and meet expectations.
 
Examples of the many hats of the FSO (courtesy of Teresa F. Dyer, Mid South Chapter's presentation -- The Role and Responsibilities of the Facility Security Officer (FSO), October 14, 2008):
  • Key Management Personnel
  • Program Manager
  • Salesman/Marketer
  • Educator
  • Student
  • Investigator
  • Auditor/Inspector
  • Social Engineer
  • Contract Specialist
  • Security Specialist
  • other titles as required

Always consider how much disruption to business is caused by protective measures -- no business equals no job. Is it possible to say "Yes" instead of "No" and still protect what needs protecting?  Practice risk management not risk aversion.

Business disruption can also occur due to failure to follow security requirements and policies -- you are the company's point of contact for all security matters and thus must educate and train both management and staff on
  • NISPOM and Industrial Security Letters (ISLs) requirements
    • ISL 2006-01
    • ISL 2006-02
    • ISL 2007-01
    • ISL 2009-01
    • ISL 2009-02
  • Federal Regulations incorporated into the NISPOM
    • Title 22, Code of Federal Regulations, Parts 120-130, "International traffic in Arms Regulations," current edition (ITAR)
    •  Title 15, Code of Federal Regulations, parts 368.1-399.2, "Export Administration Regulation (EAR)," current edition
    • Privacy Act of 1974
    • And other regulations listed as being included by reference (References, NISPOM page 12)
  • Company/Client security policies
  • Defense Security Services' Interpretations and Policy memorandums
  • Signed Security Agreements
    • DoD Form 441 (signed by Management)
    • SF 312 (Non-Disclosure Agreement)
    • etc.
  • Responsibilities of Cleared Individuals
  • Threat Awareness
    • Collection Trends
    • Espionage
    • Social Engineering
      • face-to-face
      • over the phone
      • over the Internet/e-mail
  • How to Protect Classified Information
    • Hands-On Control
    • Appropriate Markings
    • How to Transmit/Ship

Interested in how to ensure NISPOM compliance or about FSO Best Practices?  Register now for either the NISPOM Compliance -- Reporting Responsibilities webinar or for the FSO/SSO Personnel Security Administration training.

 stretch
 One on One training is the bomb!!! :)
Lab time was very informative and All questions plus ones that I was thinking of were answered clearly.  Really enjoyed the whole process.
Linda Wilson
San Antonio, TX
Thank you for reading my newsletter.  If you know of someone who could benefit from the information shared, please pass it on.  If you know of someone who could use my expertise please tell them about me and pass their contact information to me at ajsconsulting@earthlink.net so I may assist them.
 
What I do best is assist you with solutions to difficult industrial security challenges.  How may I assist you today?
 
Sincerely,
 

Ann J. Martick, ISP
AJ's Consulting
What I Do Best
Consulting
AJ's Consulting
18+ years experience in the Industrial Security arena.
  • On-Demand JPAS & e-QIP Support
  • On-Demand FSO Surrogate Support
  • Industrial Security Training
    • JPAS & e-QIP Immersion
    • JPAS & e-QIP Proficiency & Troubleshooting
    • FSO/SSO Personnel Security Administration
    • Webinars
      • Got JPAS Access - Now What?
      • NISPOM Compliance - Reporting Responsibilites
    • Customized Briefing Packages
  • Marketing
    • Internal Newsletters
    • External Newsletters

Call: (512) 650-4819 or email ajsconsulting@earthlink.net for a solution to your industrial security challenges.

Join Our Mailing List
Quick Links
Security Resources
Networking Opportunities 
Remember it is always who you know...
LoneStar
Lone Star Chapter 28
 
August 12, 2009
11:30-1:00
  
 For More Information Contact:
NCMS
NCMS Alamo Chapter 
 
August 13, 2009
11:30-1:00
 
Dave & Busters
440 Crossroads Blvd,
San Antonio,TX
 
For More Information Contact: Russ Rinklin

ASIS Chapter 179
 Austin ASIS Chapter 179
 
August 13, 2009
11:30-1:00
 
Texas Land & Cattle
1101 S. MOPAC
Austin, TX
(Rollingwood Exit) 
 
 Speaker
Joshua Builta
DHS Office of Intelligence and Analysis
Texas Fusion Center
 
Lunch: $20.00
 
Brown Bag
Austin FSO Brown Bag
 
August 19, 2009
11:30-12:30
 
10000 Burnet Rd.
Austin, TX
 
For More Information Contact: Mary Marsden 
Join Our Mailing List
Consulting
 
Looking For Local or Onsite Training?
 
On-Site & Local Training 

45-Minute Webinars ($75/Attendee -- a $99 Value)

Got JPAS Access -- Now What? Request a Webinar

NISPOM Compliance -- Reporting Responsibilities 11 AM, 7/31/09

Looking for On-Demand Support?

  • Part-Time FSO
  • On-Demand FSO Support
  • On-Demand JPAS & e-QIP Support

Contact me: ajsconsulting@earthlink.net or (512) 650-4819

Best money spent on consulting services in my career.
Current Customer
Updates & Reminders Announcing

DSS Updates:

(07/17/09) Updated System Access Form (SAR): Download here. 

 (07/17/09) Attention DoD Security Services (Call) Center Customers: Updated to include SWFT Assistance (Option 6) 

(07/17/09) SWFT: Additional Contractors can be added to SWFT beta test as of August 3, 2009.  Minimum requirements can be found here.

(07/08/09) DSSA offers online JPAS Course: Register here.

(07/02/09) SETA releases the July "Focus on Security" newsletter: Download here.

(06/30/09) DSSA Launches the Introduction to Information Security Course: Register here.

 (6/22/2009) Industrial Security Letter 2009-02: Download here. 

JPAS Updates

(7/16/2009) Security Management Office Contact Information in JPAS: DSS is requesting that all SMO Contact information be updated in JPAS by December 31, 2009.  Click here for more details.

[Y]our class was the best thing this office could have done to get their security up and running.
Eugene Turner
Huntsville, AL