2013 ANNUAL SECURITY REFRESHER BRIEFING PowerPoint Presentation
IIF. . DATA. SOLUTIONS, INC. . . PURPOSE. Satisfy the . NISPOM requirement . that all cleared employees receive a . MANDATORY. Annual Security Refresher Briefing. Employee Reporting . Responsibilities. ID: 643775Embed code:
Download this presentation
DownloadNote - The PPT/PDF document "2013 ANNUAL SECURITY REFRESHER BRIEFIN..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in 2013 ANNUAL SECURITY REFRESHER BRIEFING
2013 ANNUAL SECURITY REFRESHER BRIEFING
PURPOSESatisfy the NISPOM requirement
that all cleared employees receive a
Annual Security Refresher BriefingEmployee Reporting Responsibilities* *IT IS EXTREMELY IMPORTANT TO KNOW YOUR RESPONSIBILITIES FOR REPORTING!Educate cleared employees on their personal security responsibilitiesOverview of the classification system ~ Back to the BasicsThreat Awareness/Trends Defensive Security NATOWhere to go for helpSlide3
A SECURITY CLEARANCEHaving a security clearance is a privilege – not a right
Security Training reinforces information provided during the initial security briefing and is intended to reinforce security requirements of all cleared personnel
When you accept the privilege of access to classified information you are also accepting the responsibilities that accompany it. The SF312 is a contractual agreement between the U.S. Government and you. This agreement is binding upon you for life (even if you no longer require a security clearance)
Refusal to sign the SF312 must be reported and access will be denied
REPORTING REQUIREMENTSSELF REPORTING YOU ARE REQUIRED TO REPORT TO SECURITY:
Change in Personal Status
Change of NameLoss or Compromise of Information (Classified or other sensitive information)Foreign Contacts (either within or outside the scope of your official duties where unauthorized access is sought to classified or otherwise sensitive information / if you acquire relatives-through marriage- who are residents or citizens of a foreign country
~Filing for Bankruptcy / Foreclosures
~Excessive Debt / Credit card charge off
~Eviction for failing to pay rent ~Garnishment of wages
~Having a lien placed upon your property (failing to pay a creditor) ~Credit Card Charge offsSlide5
ADDITIONAL SELF REPORTING REQUIREMENTS
ALL FOREIGN TRAVEL SHOULD BE REPORTED TO THE FSO IN ADVANCE OF YOUR TRIP. ALL EMPLOYEES WILL RECEIVE A FOREIGN TRAVEL BRIEFING PRIOR TO DEPARTURE AND WILL RECEIVE A DEBRIEF UPON RETURN.
Change in Cohabitation
Change of AddressCitizenship ChangeSuspicious ContactCoercion, blackmail or recruitment attempts
Participation in an alcohol or drug abuse rehabilitation program
Do not report if it is not court ordered and is for marital, family or grief counseling (not related to violence by you) or is related to adjustment from military service in a combat environment
(Seeking help for routine life crises does not reflect adversely on an individuals judgment.)REPORT ANY CONCERNS YOU MAY HAVE TO YOUR FACILITY SECURITY OFFICERSlide6
REPORTING REQUIREMENTSYOU ARE REQUIRED TO REPORT:Unauthorized disclosures
Loss of classified information
Taking classified information home (or any unauthorized location)
Deliberate failure to comply with security regulationsSharing and unauthorized use of someone else’s passwordInadvertent or deliberate removal of classified material from a classified areaBehaviors in yourself and others that may signal a need for assistanceDownloading, storing or transmitting classified on or to unauthorized software, hardware or systemsDiscussing classified information in a non secure area or over non secure lines
Requests for classified material through improper channels
Any security violation or possible compromise of classified information
If you have any questions or concerns, please check with security
regarding reporting requirements.Slide7
ADDITONAL REPORTING REQUIREMENTSUnexplained Affluence Substance AbuseFrequent Foreign Travel
Close Association with a Foreign National
Frequent Evening/Weekend Hours
Drastic Change in BehaviorUnauthorized entry into Classified Automated Information Systems/ Copiers/Fax Machines/Computers/Printers MODIFYING INFORMATION ON ANOTHER PERSONS ACCOUNT WITHOUT FORMAL CONSENT If you witness any of the above you are required to
report it to your corporate FSO or the security office
of the location where you are workingSlide8
BACK TO THE BASICSOverview of Security Classification System
Could be expected to cause exceptionally grave damage to national securitySecret: Could be expected to cause serious damageConfidential: Could be expected to cause damageCFR, Title 32 and DCID 6/1 require the use of cover sheetsUsed to protect against unauthorized visual access Warn the reader
Remind the holderSlide9
MORE BASICSAccess = Eligibility + Need-to-Know
Each time you allow access to
classified material you should verify:
The intended recipient has a security clearance equal to or higher than the information to be made available (eligibility), and The recipient requires the information to fulfill a specific task or service essential to a classified contract or program (need-to-know). It is your responsibility as the holder of the classified information to determine the need-to-know. Establishment of need-to-know is essential. It is the responsibility of the possessor of classified information to ensure the proper clearance and need-to-know of the recipient.The possessor must also advise the recipient of the classification of the information disclosed.
Need-to-know confirmation for both internal employees and visitors should come from a security department advisor or representative. If there is doubt as to whether or not a person has a need-to-know, check with the proper authority prior to release of any classified information. It is far better to delay release to an authorized person than to disclose classified information to one who is unauthorized.
A reminder – Unauthorized disclosures of classified information in the public domain do not alter the classified status of the information or automatically result in declassification of the information.
Classified information, whether or not already posted on public websites or disclosed to the media, remains classified and must be treated as such by DoD employees and contractors until it is declassified by an appropriate original classification authority.Slide10
MORE BASICS ORIGINAL/DERIVATIVE CLASSIFICATION
Original Classification: An initial determination that information needs protection in the interests of national security
Must have written authority to originally classify information
Derivative Classification: The process of determining whether information that is to be included in a document or material has been classified and, if it has, ensuring that it is identified as classified information by marking or similar means. Information is derivatively classified whenever it is extracted, paraphrased, restated, or generated in a new form. Application of classification markings to a document or other material as directed by a security classification guide or other source material is derivative classification.Slide11
MORE BASICSMarking Classified InformationNew Marking Changes :
Executive Order (EO) 13526, Classified National Security Information, dated December 2009, changed and added some marking requirements.
All portion markings must now be placed before the portion. This includes subjects, titles, graphics, tables, charts, lists (e.g., bullets), statements, sub-paragraphs.
The declassification date must be entered in one of these forms: Month, day, and year (e.g, May 27, 2011) or YYYYMMDD (20110527) The establishment of a “Classified By” line. When a document is derived from “Multiple Sources,” a listing of the source materials used must be in or attached to each copy of each derivatively classified document. EO 13526 also updates the list of unauthorized markings and gives additional guidance on determining declassification instructions for derivatively classified documents.Slide12
MORE BASICSMARKING CLASSIFIED INFORMATIONParagraph / Portion Markings
Overall Classification Marking (U) This memo is for training purposes only (U) This paragraph contains unclassified information (S) This paragraph contains secret information relating to U.S. National Security (U) This paragraph contains unclassified information Classify By line or Derive From line Classified By: Amanda Ray, Under Secretary for Economic Affairs Reason: 1.4 (e) through (h) Reason Line
Declassify on: 20151206
SECRET Overall Classification MarkingSlide13
MORE BASICSMARKING CLASSIFIED INFORMATIONThe following marking requirements apply to all classified documents and classified emails, briefings , memos, etc. The only exception is Working Papers which do not have to have all markings until they are 180 days old for Secret and 30 days old for Top Secret.
All classified documents must have the overall classification of the document at the top and bottom of each page. The overall classification will be the highest level of classified information in the document. For example, if a document contains Confidential and Secret material, the overall classification will be Secret.
If any of the information is special requirements material (NATO, RD, FRD, CNWDI), these markings must also be at the top and bottom of each page along with the classification marking (e.g., SECRET//RESTRICTED DATA).
Each portion in the document must be marked with the appropriate classification level (C), (S), (TS) or with (U) if the information is unclassified. If the portion contains special requirements information, the portion must reflect this also (e.g., (S//RD)). The overall classification level and any special requirements markings must be on the back cover/page. The document will reflect a “Classified By,” “Derived From,” “Downgrade To” (if appropriate) and “Declassify By.” These markings are usually on the front cover, title page or first page. The NISPOM also requires that all classified material show the name and address of the contractor responsible for its preparation and the date of preparation. This information is required on the face of all classified documents.Slide14
MORE BASICSMARKING CLASSIFIED INFORMATIONWorking Papers:
The only time you can have a classified document, CD, or DVD that does not have all the required classification markings is if the document, CD, or DVD is a working paper. To be a working paper, the document, CD, or DVD must be marked “Working Paper.” Recommend you use a Working Paper cover sheet.
If the document, CD, or DVD is a Working Paper, it needs only the title, the date it was created, the overall classification marking, and any special handling markings until it reaches the
180-day* mark. After 180 days or if the document, CD, or DVD leaves PIPS (whichever comes first), the Working Paper must be completely marked just as you would a final document – it must have the overall classification, any special handling markings (NATO, RD, FRD, CNWDI), portion markings, and Classified By, Derived From, and Declassify On statements. (*After 30-days for Top Secret information.) Recommend you portion-mark Working Papers as they are created and use a derivative worksheet to keep track of the classified sources. The worksheet will help you determine the proper declassification date when many sources are used.Slide15
MORE BASICSTRANSPORTATION OF CLASSIFIED INFORMATION
All classified material must have a classified cover sheet and have the overall classification marked on the back of the document.
When carrying classified material, double wrap the material and address it for mailing.
If you transport classified information, you are required to carry a courier card. If you are traveling on a commercial airliner with classified information, you are required to carry a courier card and a courier letter. For more information on the courier letter process, contact your FSO. Do not: Leave the classified material unattended
Work on the material in public
Go shopping or to bars with the material
Take the material home with you
Give the material to unauthorized personsSlide16
MORE BASICSTRANSPORTATION OF CLASSIFIED INFORMATIONHow does someone send and receive classified material?
Outgoing classified material by mail or courier must go through the FSO for proper wrapping and the creation of a receipt. You must go through the FSO even when using a courier bag. They will document where the classified material is going and prepare a receipt.
Couriers must have a courier card and briefing.
Confidential and Secret can be mailed via U.S. Postal Service Registered Mail or Express Mail and by Federal Express You may send Top Secret by: Courier Defense Courier Service Always use a STE/STU-III telephone for classified calls The FSO must sign for and accept classified packagesSlide17
MORE BASICSControlled Unclassified Information (CUI)Executive Order 13556 November 4, 2010 establishes the CUI program. The purpose is to standardize the way the Executive Branch handles sensitive unclassified material.
Executive Order 13556 November 4, 2010
CUI Office Notice 2011‐01: Initial ImplementationGuidance for Executive Order 13556FIPS PUB 200: Minimum Security Requirements for FederalInformation and Information SystemsFIPS PUB 199: Standards for Security Categorization ofFederal Information and Information SystemsNIST Special Publication 800‐53: Information SecurityNIST Special Publication 800‐60: Information SecurityArmy Regulation 25‐2: Information AssuranceSECNAV M‐5239.1: DON Information Assurance ProgramOPNAVINST 5210.20: Navy Records ManagementDHS MD 11042: Sensitive But Unclassified Information
DHS 4300A: Information Technology Security ProgramSlide18
MORE BASICSMedia Markings
CLASSIFIED MEDIA REQUIRES CLASSIFICATION MARKINGS and MUST BE PROTECTEDSlide19
More BasicsItems prohibited inside secure areasCell phonesTwo-way pagers
Recording devices (audio/visual)
Recordable greeting cards
Personal computer equipmentPDA’sTelephone SecurityCommercial Phones: Do NOT discuss classified Do NOT attempt to “talk around” classifiedBe Alert to Classified discussions around youBe Aware that your non-secure phone call can be monitoredE-mail Correspondence Always apply discretion with information about programs, contracts, proposals, employees and job responsibilities when sending or responding to e-mail. Your responsibility with email is the same as with any other type of communication. Know the rules and if in doubt - ask!Slide20
THREAT AWARENESS AND DEFENSIVE SECURITYPeople are our greatest asset however our national security can be compromised greatly by the following threats:
Foreign Intelligence Service
Disgruntled workersIndividuals engaging in Industrial EspionageHow do you recognize these new threats? They maybe reps at a trade show, foreign students doing research,foreign moles placed in American companies, liaison
officers at their foreign embassies here…It is not always
easy to recognize the foreign threat.
Classic espionage cases still occur but we are seeing
economic espionage not based just on theft of
classified information but on theft of high
technology information (classified or not) and other proprietary types of information.
Be aware, be alert and be informed.
Suspect contact whether in person, via
telephone, e-mail or social networking sites should be reported to your FSO.Slide21
THE THREATSAmerica’s role as the dominant political, economic, and military force in the world make it the Number 1 target for foreign espionage. It is not just intelligence sources that are targeting us. Other sources of the threat to classified and other protected information include:
Foreign or multinational corporations
Foreign government-sponsored educational and scientific institutions
Freelance agents (some of whom are unemployed former intelligence officers)Computer hackersTerrorist organizationsRevolutionary groupsExtremist ethnic/religious organizationsDrug syndicatesOrganized crimeSlide22
THE THREATSSOCIAL ENGINEERING PHISHING: A technique of fraudulently obtaining private information. Typically the
sends an e-mail that appears to come from a legitimate business – a bank, or credit card company – requesting “verification” of information. The email usually contains a link to a fraudulent web page and has a form requesting everything from a home address to an ATM card’s PIN.
BAITING: An attacker leaves a malware infected floppy disk, DC ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply wait for the victim to use the device.IVR or PHONE PHISHING: Technique that uses a rogue Interactive Voice Response system to recreate a legitimate-sounding copy of a bank or other institutions.PRETEXTING: Act of creating and using and invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. QUID PRO QUO: Something for something - may offer gift for password or other informationSPOOFING: Cracking ID’s of people having popular email ID’s such as Yahoo!, GMail, Hotmail…or cracking websites of companies or organizations to destroy reputation.Slide23
THREATS – TargetingBased on Industry Reporting to the Defense Security Service (DSS) from fiscal year 2012, collection efforts linked to East Asia and the Pacific represented the most significant and prolific threat against information and technology resident in cleared industry. Suspicious incidents reported by cleared industry and connected to East Asia and the Pacific increased by 88 percent over fiscal year 2011. Requests originating in or assessed as affiliated with East Asia and the Pacific accounted for half of all industry reporting DSS received in fiscal year 2012, an increase from 43 percent the year before.
The Near East entities continue to be among the most active at attempting to obtain illegal or unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base – second only to East Asia and the Pacific. Reported attempts increased by over 40 percent from fiscal year 2011.
Industry needs to remain vigilant in reporting attempts to gain information. The Defense Security Service relies on the support of U.S. cleared contract employee reporting and the U.S. intelligence and law enforcement communities. Report
any suspicious contacts immediately to your FSO.Slide24
THREATS – The Trends Top Targeted Technologies for 2012*:Information Systems
Laser, Optics, & Sensors
AeronauticsMaterials & ProcessesSpace SystemsPositioning, Navigation, & TimeMarine SystemsInformation SecurityProcessing & Manufacturing* 2013 Targeting U.S. Technologies, A Trend Analysis of Cleared Industry ReportingSlide25
THREATS – Methods of OperationTop Methods of Operation 2012*Suspicious Network Activity
Attempted Acquisition of Technology
Request for InformationSolicitation or Marketing ServicesForeign VisitSeeking EmploymentExploitation of RelationshipsSurveillanceCriminal ActivitiesSearch/Seizure* 2013 Targeting U.S. Technologies, A Trend Analysis of Cleared Industry ReportingSlide26
DEFENSIVE SECURITYDEALING WITH THE THREAT
is an easily applied countermeasure that can decrease vulnerabilities while still conveying the essential information.” ~Secretary RumsfeldBe alertBe aware of your surroundings Report suspicious activityProtect your badge/CACAvoid predictable routinesDon’t be a targetReport suspicious contacts whether in person, by phone, or via email or textKnow the emergency procedures for the location where you work
Be familiar with the security rules and requirements - and who to contact when you have a question
Shred sensitive/personal information
Practice good OPSECSlide27
IN THE NEWS…Snowden damage the worst, says ex-CIA No. 2
The former No. 2 man at the CIA says Edward Snowden's leak of classified
caused more damage to U.S. security than any other in history. Former CIA Deputy Director Michael Morell, who also says the acrimony in Congress could be bad for national security, speaks to John Miller for a 60 Minutes report to be broadcast Sunday, Oct. 27 at 7 p.m. ET/PT.Snowden is no whistle-blower as some have portrayed him, says Morell, but a traitor of the worst kind. "I think this is the most serious leak-- the most serious compromise of classified information in the history of the U.S. intelligence community," he tells Miller.Of the hundreds of documents Snowden leaked, none was more damaging than the classified document the CIA calls the "Black Budget." It's like a playbook, says Morell, revealing where the U.S. spends its money on its intelligence efforts. It would give adversaries an advantage. "They could focus their counterintelligence efforts on those places where we're being successful. And not have to worry as much about those places where we're not being successful," says Morell
says the information Snowden has leaked will hamper U.S. efforts to track and learn about terrorists, taking away an advantage and blunting the war on terror. "What Edward Snowden did has put Americans at greater risk because terrorists learn from leaks and they will be more careful, and we will not get the intelligence we would have gotten otherwise."The CIA gathers intelligence about countries and one of the aspects of a nation it studies is its economy. Morell tells Miller he believes the partisan rancor in Congress is bad for national security. "What really keeps me up at night is the inability of our government to make decisions that will push this country forward," says
Morell. "...Any country's national security is more dependent on the strength of its economy and on the strength of its society than anything else."There's been a change from a willingness of the two parties to work together to get things done to today, the two parties at each other's throat and simply trying to score political points,"
Morell says. © 2013 CBS Interactive Inc. All Rights Reserved.Slide28
WHERE TO GO FOR HELPYour Corporate Facility Security Officer: Tania Leppert, email@example.com
The security office at your work location
The Defense Security Service Hotline1-800-424-9098, www.dodig.mil/hotlineSlide29
WHO IS RESPONSIBLE FOR SECURITY?
THERE IS NO