SECURITY BRIEFING PowerPoint Presentation
for . uncleared. personnel. IIF. . DATA. SOLUTIONS, INC. . January 2014. . PURPOSE. Provide all IIF employees with a brief overview of IIF’s facility security clearance and the rules and responsibilities that come with being part of the National Industrial Security Program (NISP). ID: 622624Embed code:
Download this presentation
DownloadNote - The PPT/PDF document "SECURITY BRIEFING" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in SECURITY BRIEFING
SECURITY BRIEFINGfor uncleared personnel
IIF DATA SOLUTIONS, INC.
Provide all IIF employees with a brief overview of IIF’s facility security clearance and the rules and responsibilities that come with being part of the National Industrial Security Program (NISP)IIF Facility ClearanceOverview of the classification systemEmployee Reporting ResponsibilitiesThreat Awareness/Trends In The News…Snowden articleWhere to go for help IT IS EXTREMELY IMPORTANT TO KNOW YOUR RESPONSIBILITIES FOR REPORTING!Slide3
IIF’s Facility Clearance
IIF Data Solutions is a non-possessing facility that is cleared at the Top Secret level. We are a part of the National Industrial Security Program (NISP) and have an agreement on file with the government to follow the rules of the NISP.
on contracts that have requirements for employees to be cleared at the Secret or Top Secret level but we do not
hold or posses
any classified information at our facility
“Need to know” means that access to information must be necessary for the conduct of one’s official duties. (In the case of classified information a person must also meet the security clearance requirements as well as have a “need to know” before being given access.)Slide4
THE BASICSOverview of Security Classification System
The cover sheets to the right are used to identify classified information. Top Secret: Could be expected to cause exceptionally grave damage to national securitySecret: Could be expected to cause serious damageConfidential: Could be expected to cause damageCFR, Title 32 and DCID 6/1 require the use of cover sheetsUsed to protect against unauthorized visual access Warn the readerRemind the holderSlide5
MORE BASICSMARKING CLASSIFIED INFORMATION An example of the markings you might see on a classified document
Paragraph / Portion Markings SECRET Overall Classification Marking (U) This memo is for training purposes only (U) This paragraph contains unclassified information (S) This paragraph contains secret information relating to U.S. National Security (U) This paragraph contains unclassified information Classify By line or Derive From line Classified By: Amanda Ray, Under Secretary for Economic Affairs Reason: 1.4 (e) through (h) Reason Line Declassify on: 20151206 Declassification Date/Event SECRET Overall Classification MarkingSlide6
MORE BASICSMedia Markings
CLASSIFIED MEDIA REQUIRES CLASSIFICATION MARKINGS and MUST BE PROTECTEDSlide7
Any person who becomes aware of a security violation or a possible compromise of classified information shall immediately report it to their FSO or security office at your work location. Anyone finding classified material out of proper control:Take custody of the materialImmediately notify an appropriate security authority Protect the classified information until the responsible customer or other such official regains proper custodySlide8
MORE REPORTING REQUIREMENTS
YOU ARE REQUIRED TO REPORT:Unauthorized disclosuresLoss of classified informationTaking classified information home (or any unauthorized location)Deliberate failure to comply with security regulationsSharing and unauthorized use of someone else’s passwordInadvertent or deliberate removal of classified material from a classified areaBehaviors in yourself and others that may signal a need for assistanceDownloading, storing or transmitting classified on or to unauthorized software, hardware or systemsDiscussing classified information in a non secure area or over non secure linesRequests for classified material through improper channelsAny security violation or possible compromise of classified information If you have any questions or concerns, please check with security regarding reporting requirements.Slide9
America’s role as the dominant political, economic, and military force in the world make it the Number 1 target for foreign espionage. It is not just intelligence sources that are targeting us. Other sources of the threat to classified and other protected information include:Foreign or multinational corporationsForeign government-sponsored educational and scientific institutionsFreelance agents (some of whom are unemployed former intelligence officers)Computer hackersTerrorist organizationsRevolutionary groupsExtremist ethnic/religious organizationsDrug syndicatesOrganized crimeIIF works with the Defense Security Service and their Counter Intelligence agents to research questionable emails, telephone calls or suspicious contacts so be sure to REPORT THEM TO SECURITY!Slide10
THREATS – Targeting
Based on Industry Reporting to the Defense Security Service (DSS) from fiscal year 2012, collection efforts linked to East Asia and the Pacific represented the most significant and prolific threat against information and technology resident in cleared industry. Suspicious incidents reported by cleared industry and connected to East Asia and the Pacific increased by 88 percent over fiscal year 2011. Requests originating in or assessed as affiliated with East Asia and the Pacific accounted for half of all industry reporting DSS received in fiscal year 2012, an increase from 43 percent the year before.
The Near East entities continue to be among the most active at attempting to obtain illegal or unauthorized access to sensitive or classified information and technology resident in the U.S. cleared industrial base – second only to East Asia and the Pacific. Reported attempts increased by over 40 percent from fiscal year 2011.
Industry needs to remain vigilant in reporting attempts to gain information. The Defense Security Service relies on the support of U.S. cleared contract employee reporting and the U.S. intelligence and law enforcement communities. Report
any suspicious contacts
immediately to your FSO or the security office at your work location.Slide11
THE THREATSSOCIAL ENGINEERING
PHISHING: A technique of fraudulently obtaining private information. Typically the phisher sends an e-mail that appears to come from a legitimate business – a bank, or credit card company – requesting “verification” of information. The email usually contains a link to a fraudulent web page and has a form requesting everything from a home address to an ATM card’s PIN.
BAITING: An attacker leaves a malware infected floppy disk, DC ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply wait for the victim to use the device.
IVR or PHONE PHISHING: Technique that uses a rogue Interactive Voice Response system to recreate a legitimate-sounding copy of a bank or other institutions.
PRETEXTING: Act of creating and using and invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
QUID PRO QUO: Something for something - may offer gift for password or other information
SPOOFING: Cracking ID’s of people having popular email ID’s such as Yahoo!,
Hotmail…or cracking websites of companies or organizations to destroy reputation.Slide12
IN THE NEWS…
Snowden damage the worst, says ex-CIA No. 2The former No. 2 man at the CIA says Edward Snowden's leak of classified intelligence documents caused more damage to U.S. security than any other in history. Former CIA Deputy Director Michael Morell, who also says the acrimony in Congress could be bad for national security, speaks to John Miller for a 60 Minutes report to be broadcast Sunday, Oct. 27 at 7 p.m. ET/PT.Snowden is no whistle-blower as some have portrayed him, says Morell, but a traitor of the worst kind. "I think this is the most serious leak-- the most serious compromise of classified information in the history of the U.S. intelligence community," he tells Miller.Of the hundreds of documents Snowden leaked, none was more damaging than the classified document the CIA calls the "Black Budget." It's like a playbook, says Morell, revealing where the U.S. spends its money on its intelligence efforts. It would give adversaries an advantage. "They could focus their counterintelligence efforts on those places where we're being successful. And not have to worry as much about those places where we're not being successful," says Morell.Morell says the information Snowden has leaked will hamper U.S. efforts to track and learn about terrorists, taking away an advantage and blunting the war on terror. "What Edward Snowden did has put Americans at greater risk because terrorists learn from leaks and they will be more careful, and we will not get the intelligence we would have gotten otherwise."The CIA gathers intelligence about countries and one of the aspects of a nation it studies is its economy. Morell tells Miller he believes the partisan rancor in Congress is bad for national security. "What really keeps me up at night is the inability of our government to make decisions that will push this country forward," says Morell. "...Any country's national security is more dependent on the strength of its economy and on the strength of its society than anything else."There's been a change from a willingness of the two parties to work together to get things done to today, the two parties at each other's throat and simply trying to score political points," Morell says. © 2013 CBS Interactive Inc. All Rights Reserved.Slide13
THREAT AWARENESS AND DEFENSIVE SECURITY
“Limiting details is an easily applied countermeasure that can decrease vulnerabilities while still conveying the essential information.” ~Secretary Rumsfeld YOU NEED TO:Be alertBe aware of your surroundings Report suspicious activityProtect your badge/CACAvoid predictable routinesReport suspicious contacts whether in person, by phone, or via email or textBe familiar with the security rules and requirements - and who to contact when you have a questionShred sensitive/personal informationPractice good operational security (OPSEC)Be aware, be alert and be informed. Suspect contact whether in person, viatelephone, e-mail or social networking sites should be reported to your FSO.Slide14
WHERE TO GO FOR HELP
Your Corporate Facility Security Officer: Tania Leppert, email@example.com 703-637-5192Your Corporate Security Administrator: Lynn Argueta, firstname.lastname@example.org 571-281-1865The security office at your work locationThe Defense Security Service Hotline1-800-424-9098, www.dodig.mil/hotline