SlideShare a Scribd company logo

Facility security clearance refresher training video.

Download as PPT, PDF
P
Philip Barquer

The document provides a refresher training for cleared employees at The George Washington University Medical Faculty Associates (GW MFA) on security practices and procedures. GW MFA has a facility security clearance allowing access to secret classified information due to its work with the Department of Defense. The training covers topics such as facility security contacts, operations security, information security classifications, counterintelligence threats, and reporting requirements for cleared employees. Cleared employees must receive annual refresher training to review security policies and procedures.

Law
1 of 29
CLEARED REFRESHER SECURITY TRAINING Updated: October 2012 FACILITY SECURITY CLEARANCE REFRESHER TRAINING FOR CLEARED GW MFA EMPLOYEES J U N E 2 0 1 6
CLEARED REFRESHER SECURITY TRAINING Briefing Contents Updated: June 2016 The Innovative Practice Section in the Department of Emergency Medicine works as a sub-contractor with the Department of Defense (DoD) to provide medical staffing support services on government contracts where securityclearancesmayberequired. The objective of this refresher training is to provide all cleared personnel with a reviewof the basic knowledge of The George Washington University Medical Faculty Associates’ security practices and procedures as a secured facilityandtoidentifytheir securityresponsibilitiesandobligationsasemployees. > Overview > Introduction > Cleared Facility Points Of Contact(POCs) > OPSEC > InformationSecurity > Counterintelligence Threats and Awareness > Cleared Employee Reporting Requirements > Acknowledgement
CLEARED REFRESHER SECURITY TRAINING Overview The George Washington University Medical Faculty Associates (GWMFA) is a non-possessing cleared facility (referred to as Facility Security Clearance, or FCL) withasecret-level clearance. GW MFA has entered into a security agreement with the Department of Defense in order to have access to information that has been classified because of its importance to the national defense. This agreement details the security responsibilities of both the cleared organization and the United States Government. The GW MFA and many of its activities and programs are vital parts of the defense and security systems of the United States of America. The National Industrial Security Program Operating Manual (NISPOM) prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information. A copy of the NISPOM is available to all GW MFA employees by contacting the Facility Security Officer (FSO). Per the requirements outlined in the NISPOM, all cleared employees must received refresher training at least annually to review the information provided in the Initial Security Briefing for Cleared GW MFA Employees and notify personnel of changes in security regulations. KEYTERMS Classified National Security Information (“Classified Information”): official information or material that requires protection in the interests of National Security and that is classified for such purpose by appropriate classifying authority in accordance with the provisions of Executive Order 13526 Facility Security Clearance (FCL): an administrative determination that, from a security viewpoint, a company is eligible for access to classified information of a certain category (and all lower categories) Non-possessing facility: facility with no approved storage for classified material Facility Security Officer (FSO): a U.S. citizen contractor employee, who is cleared as part of the facility clearance, responsible for supervising and directing security measures necessary for implementing applicable NISPOM and related Federal requirements for the protection of classified information SECRET Classification Level: as applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Introduction In order to have a successful security program, we need active participation not only from the FSO and management, butalso YOUas a cleared employee. By being a cleared contractor/sub-contractor to the U.S. Government, we all have an obligation to the security and reputation of our organization and country. The most important thing we can do each day is to be AWARE. Each one of us can make a difference by familiarizing ourselves with GW MFA’s facility security clearance policies and procedures, being cognizant of our reporting requirements, and understanding the threat and dangers of intelligence collection and the steps we can take to countermeasure the risks. Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Kyle Majchrzak Operations Manager/ Facility Security Officer(FSO) International Special Projects & Medical Education Training Programs Department of Emergency Medicine 2120 L Street, NW Suite 530, Office 5-119 Washington, DC 20037 Telephone: (202) 741-2944 Email: kmajchrzak@mfa.gwu.edu Jason McKay Training CenterManager/ Assistant Facility Security Officer(FSO) International Special Projects & Medical Education Training Programs Department of Emergency Medicine 2120 L Street, NW Suite 530, Office 5-107 Washington, DC 20037 Telephone: (202) 741-3421 Email: jmckay@mfa.gwu.edu Updated: June 2016 Cleared Facility Points of Contact (POCs) Yo u must report any known orsuspected security violation, suspicious contacts, or vulnerability of which you become aware to the FSO, inde pe nde nt o f who is re spo nsible o rat fault fo rthe situatio n, so se c urity issue sc an be addre sse d imme diate ly.
CLEARED REFRESHER SECURITY TRAINING Operations Security (OPSEC) Violatorsof OPSEC: #1 USMilitary #2 U.S. CONTRACTORS!!! …Don’t bea statistic OPSEC: > Is a process that identifies critical information and protects it from our adversaries > Is an important part of every organization and we all have the responsibility to manage criticalinformation > Helps to control information that could be used against us (the organization). Increased safety and security in any setting and for any purpose is the benefit Updated: June 2016 The most important security tool in operations security is YOU!
CLEARED REFRESHER SECURITY TRAINING OPSEC &the 5-Step Cycle OPSEC 5-Step Cycle 1. Identify Critical Information – What needs to be protected and how do we protect it? 2. Analyze the Threat – Who is a potential adversary? (i.e. criminals, hackers, competitors, foreign intelligence services, insider threats) 3. Analyze Vulnerabilities – (i.e. public conversations, poor document control, with which information is not handled, stored or destroyed properly) 4. Assess Risk – What could happen? RISK= THREATx VULNERABILITY x IMPACT 5. Apply Countermeasures IdentifyCritical Information Analyze the Threat Analyze Vulnerabilities AssessRisk Apply Countermeasures Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Information Security Classified information (official information or material that requires protection in the interests of National Security and that is classified for such purpose by appropriate classifying authority) can be in the form of: Updated: June 2016 The three levels applied to classified information are: X TOP SECRET – the unauthorized disclosure of Top Secret information reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe SECRET – the unauthorized disclosure of Secret information reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe CONFIDENTIAL– the unauthorized disclosure of Confidential information reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe A cleared contractor with a “need-to-know” (determination made by an authorized holder of classified information that a prospective recipient has a requirement for access to, knowledge, or possession of the classified information to perform tasks or services essential to the fulfillment of a classified contract or program), possessing the necessary clearance level, and having been briefed accordingly may view classified material at or below their clearance level Remember, GW MFA is cleared to the levels of Secret and Confidential > Documents > Faxes > Personnel files > Equipment and machinery > Working papers > Photographs > Maps & sketches > Meeting notes > Emails > Medical records > Storage media > Employee travel plans/records
CLEARED REFRESHER SECURITY TRAINING Information Security Need-to-Know Things to rememberabout Need-to-Know: > No one is entitled to classified information solely by virtue of office, position, rank or clearance > You, as an authorized holder of classified information, have three choices in deciding whether or not to share classified material entrusted to you: i. Allowaccess when all items in the above formula are present ii. Deny access when any item in the above formula is missing iii. Delay access when any of the items in the above formula are unknown Questions about Need-to-Know? Contact the Facility Security Officer CLEARANCE SF312 (ClassifiedInformation Non-DisclosureAgreement) NEED-TO-KNOW+ + = Updated: June 2016 ACCESS
CLEARED REFRESHER SECURITY TRAINING The mission of counterintelligence (CI) as defined by DSS is to “identify unlawful penetrators of cleared U.S. defense industry and articulate the threat for industry and U.S. governmentleaders.” Timely and accurate reporting from cleared industry is the primary tool to identify and mitigate collection efforts targeting technologies and information resident in cleared industry. On the following slides we will review: > Overview of Counterintelligence Threats > Insider Threats > Reporting the Threat > Cyber Security > Elicitation: Can You Recognize It? > Foreign Travel Vulnerability Updated: June 2016 Counterintelligence Threats and Awareness
CLEARED REFRESHER SECURITY TRAINING The technology base ofthe U.S. is underconstant attack. DSS has identified foreign entities (most aggressively East Asia and the Pacific, as well as Africa) seeking intelligence value in our: > Information systems technology > Aeronautics > Lasers, optics and sensor technology > In the commercial space, government-tendered requirements as well as information to compete against competitors Foreign Entities seek classified information formany reasons. Below are some examples: > To obtain an advantage against regional adversaries > Replicate U.S. capabilities > Develop countermeasures to U.S. systems > Profit commercially As collection methods evolve, DSShas recognized the following trends: > Collectors view request for information (RFI) (i.e. seemingly innocent requests made by collectors regarding shipping logistics and export regulations) > Cyber collection (i.e. foreign entities gaining access to unclassified cleared contractor networks, potentially compromising sensitive, but unclassified, information present on those networks) > Academic solicitation (foreign entities use students, professors, scientists and researchers as collectors ; i.e. foreign students applying to cleared contractors associated with U.S. universities) Updated: June 2016 Counterintelligence Threats and Awareness Overview of Threats
CLEARED REFRESHER SECURITY TRAINING The numberone threat to national security comes from the “InsiderThreat”. An insider can have a negative impact on national security and industry security in: > Loss or compromise of classified, export-controlled, or proprietary information > Loss of technological superiority > Economic loss and/or loss of life Updated: June 2016 Some indicators of an insiderthreat are: > Engaging in classified conversations without a ne e d-to -kno w > Working hours inconsistent with job assignment or insistence on working in private > Repeated security violations Ifnoticed, it is best to report these examples of suspicious activity to yourFSO. Again, be aware of yoursurroundings and those around you. Counterintelligence Threats and Awareness InsiderThreats
CLEARED REFRESHER SECURITY TRAINING Itis yourOBLIGATIONTO REPORTactual, probable orpossible espionage, sabotage, terrorism orsubversion promptly to the FSO. DSS has warned that the majority of suspicious contacts originate from commercial entities. Examples include: > Feb 2012: Pangang Group (steel manufacturer in Sichuan province of China) indicted in Northern California for conspiracy to commit economic espionage including conspiracy to steal valuable trade secrets from DuPont. > Feb 2012: Hanjuan Jin was found guilty in Illinois for theft of trade secrets; she illegally possessed thousands of Motorola trade secrets on her computer and in other forms of digital storage; her intent was to pass the information to the Chinese military. Hanjuan Jin- November 7, 2011 (AP) Attempted intrusions are the mostcommon suspicious activity in: > Socially engineered emails with malicious attachments to exploit commercial software > Spoofing emails that imitate valid domains > Attempted intrusion from removable media Counterintelligence Threats and Awareness Reporting the Threat Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Cybercriminals, hackers, insiderthreats, terrorists and foreign intelligence entities are targeting ourtechnology by using the following methods: > Phishing emails with malicious links or attachments > Unpatched or outdated security software > Removable media > Weak or default passwords > Website vulnerabilities > Seeking information on social networks Steps that can be taken to mitigate the risk include: > Changing your passwords regularly > Using complex alphanumeric passwords with combinations of numbers, symbols, letters, and multiple characters > Do not open emails/attachments from unfamiliar sources > Do not install or connect personal software or hardware to your organization’s network without permission from the IT department > Do not share work information on social networks Updated: June 2016 Counterintelligence Threats and Awareness CyberSecurity
CLEARED REFRESHER SECURITY TRAINING Elicitation is used by intelligence officers in orderto subtly extract information about you, yourwork and/ oryourcolleagues. Mostoften, illegal orunauthorized access to classified orsensitive information is sought. Updated: June 2016 Whatare some recruitmenttools thatintelligence officers use to lure a targetthatyou should be aware of? > Money is offered by an intelligence officer (IO) to a target in exchange for information > Appealing to ideology (IO expresses same worldview or political leanings with a target in order to gain trust) > Ego (target becomes the subject of immense flattery and praise) > Revenge (IO learns target is disgruntled and encourages retribution by passing on classified information) > Blackmail (IO learns of damaging information and forces target to cooperate by threatening to expose personal secrets) > Industrial spies attend trade shows and conferences, which allows them to ask questions that might otherwise seem suspicious in a different environment Counterintelligence Threats and Awareness Elicitation: Can You Recognize It?
CLEARED REFRESHER SECURITY TRAINING Whatcan be done to counterrecruitment attempts? > Safeguard your words and actions to avoid becoming an easy target. > Examine your own vulnerabilities and adjust your lifestyle to close gaps that hostile entities could exploit. Updated: June 2016 Report any suspicious conversations to yourFSO. This information willbe passed on to DSS, who willthen review and determine ifa potentialcounterintelligence threat concern exists. Counterintelligence Threats and Awareness Elicitationand Recruitment
CLEARED REFRESHER SECURITY TRAINING As cleared contractors travel for business and/ or personal use, the knowledge they have is sought-afterby foreign entities. Collection techniques include the following: > Bugged hotel rooms or airline cabins for audio and/or visual surveillance > Intercepting faxes or email transmissions > Recording of telephone calls/conversations > Theft of electronic devices > Unauthorized access to electronic devices > Installation of malicious software > Unnecessary and often unknown search of briefcases/luggage Updated: June 2016 Counterintelligence Threats and Awareness Foreign TravelVulnerability: CollectionTechniques
CLEARED REFRESHER SECURITY TRAINING To combat potential vulnerabilities, please apply the following countermeasures when traveling abroad: > Do not publicize travel plans and limit sharing of this information to people who need to know > Inform the FSO prior to departure and receive an official foreign travel briefing > Maintain control of media and equipment; do not leave them unattended in hotel rooms > Keep hotel room doors locked and make a mental note of how the room looks when you leave/return > Do not use computer or fax equipment at foreign hotels or business centers for sensitive matters > Ignore or deflect intrusive or suspect inquiries or conversations about professional or personal matters > Refrain from bringing portable electronic devices, especially if company-issued > If using portable electronic devices, set passwords to restrict access and clear the device in the event of theft > Encrypt data, hard drives and storage devices whenever possible > Use complex passwords > Please refer to the State Department website for travel warnings prior to departure Updated: June 2016 Counterintelligence Threats and Awareness Foreign TravelVulnerability: Countermeasures
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 In accordance with requirements outlined in the NISPOM, all cleared employees are required to report the following issues to the FSO for investigation, resolution and reporting to the appropriate government agency : > Adverse Information > Change in Personal Status > Security Violations/Vulnerabilities > Espionage, Sabotage, Subversive Activities > Suspicious Contacts
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Adverse Information Adverse information is any information that unfavorably reflects on the integrity or character of a cleared employee, that suggests his or her ability to safeguard classified information may be impaired, or that his or her access to classified information clearly may not be in the best interest of national security. All cleared employees are required to notify the FSO if any of the following exist: > Serious financial difficulties (excessive indebtedness, bankruptcy or wage garnishments) > Excessive use of intoxicants (alcohol, prescription medications) > Use of illegal drugs > Required counseling for emotional or psychological problems > Arrests or convictions for criminal offenses including drunk driving > Tickets (over $300) > Excessive/unexplained wealth > Unusual/bizarre behavior
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Change in PersonalStatus The following should be reported to the FSO for proper documentation: > A change in name > A recent change in marital status or a spouse-like relationship > A change in citizenship > When access to classified information is no longer required due to a change in job assignments You must reportif you begin to act as a representative of or consultant to any foreign entity. This includes a foreign government (or government agency), commercial business or an individual. Example: Obtaining a foreign passport or entering into a business/partnership with a foreign national.
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Security Violations / Vulnerabilities In addition to personnel security reporting requirements, you must reportany known orsuspected security violationor vulnerability of which you become aware, independent of who is responsible or at fault for the situation. Security violations/vulnerabilities include: > The careless, intentional, or unintentional failure to comply with or disregard of facility security clearance policies and procedures, regardless of intent, that has resulted in the loss, compromise or suspected compromise of classified information > The unauthorized receipt of classified material > Report suspicious contacts, which are efforts by any individual, regardless of nationality, i) to obtain illegal or unauthorized access to classified information, ii) to compromise a cleared employee, iii) all contacts by employees with known or suspected intelligence officers from any country, or iv) any contact which suggests the employee concerned may be the target of an attempted exploitation by the intelligence services of another country > You must immediately report any situation related to actual, probable, or possible espionage, sabotage or subversive activities directed at the United States
INITIAL SECURITY BRIEFING Per the NISPOM, Section 1-304 a graduated scale of discipline has been put into place in the event of an employee that violates or is negligent of his/her security requirements. The action must be reported directly to the FSO and will be reviewed for a security violation if one or more of the following factors are present: a. The violation involved a deliberate disregard of security requirements. b. The violation involved gross negligence in the handling of classified materials. c. The violation involved was not deliberate in nature but involved a pattern of negligence or carelessness. You must immediately report any situation related to actual, probable, or possible violation directly to the FSO. The FSO, if necessary will meet with the Compliance Officer and/or General Counsel to discuss the known or suspected violation. It will be determined at that time is action consists of remedial or corrective measures and/or if appropriate, disciplinary action, up to and including suspension or termination of employment pursuant to the MFA’s disciplinary policies and procedures. The FSO will maintain a record of all disciplinary and corrective actions. All disciplinary actions should be fairly and firmly enforced. If, after review with the Compliance Officer and General Counsel it is determined that an allegation does not warrant an investigation, a report will be provided based on the initial review of the allegation and why the investigation is not warranted. Updated: June 2016 Cleared Employee Reporting Requirements Security Violations / Vulnerabilities
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Espionage, Sabotage, Subversive Activities Espionage is the act orpractice of spying orof using spies to obtain secretintelligence. You mustreport potential espionage indicators exhibited by others: > Unexplained affluence of wealth > Keeping unusual work hours > Divided loyalty or allegiance to the U.S. > Disregarding security procedures > Unauthorized removal of classified information > Unreported foreign contact and travel (applie s to c le are d e mplo ye e s) > Pattern of lying > Attempts to enlist others in illegal or questionable activity > Verbal or physical threats > Inquiry about operations/projects where no legitimate need-to-know exists Statute of limitations does NOTapply to Espionage Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Suspicious contacts are: > Any efforts by any individual, regardless or nationality, to obtain illegal or unauthorized access to classified information or to compromise any cleared employee. > Any contact by a cleared employee with known or suspected intelligence officers from any country. > Any contact which suggests you or another employee may be the target of an attempted exploitation by foreign intelligence. Ifyou receive suspicious contacts please report them immediately to the FSO, as they willthen be reported to DSS Cleared Employee Reporting Requirements Suspicious Contacts Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING DSSCase Study In March 2009, a presumed South and Central Asian national contacted a cleared contractor in an attempt to acquire export-controlled parts used in counter-battery radar systems. In November 2009, a different U.S. cleared contractor received an unsolicited email from the same individual expressing interest in purchasing the same radar system that was requested in the March incident. The suspicious individual was a representative of a trading company from his home country. Multiple sources indicate that his home government established the trading company as a front company to procure export- controlled technology and equipment for the national military, and that the trading company had previously sought products on behalf of several military services and defense-affiliated entities. The trading company was the subject of several other SCRs reporting attempts to purchase export-controlled electronics products and communications equipment used in military aircraft. Updated: June 2016 Ifyou receive suspicious contacts please report them immediately to the FSO, as they willthen be reported to DSS Cleared Employee Reporting Requirements Suspicious Contacts – DSSCase Study
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Reporting Hotlines &Contact Information •In addition to the FSO within our organization, Federal agencies maintain hotlines to allow an unconstrained avenue for government and contractor personnel to report, without fear of reprisal, any known or suspected instances of security irregularities or infractions concerning defense-affiliated contracts, programs, or projects. •You are also required to report any fraud, waste or abuse regarding work while working on a government contract. •WARNING: Do NOTdisclose classified information when reporting via one of the DoD Hotline methods, as these channels are not secure! DEPARTMENTOFDEFENSE(DoD) HOTLINE The Pentagon Washington, D.C. 20301-1900 (800) 424-9098 hotline.dodig.jil http://www.dodig.mil/hotline Updated: June 2016 NRC HOTLINE U.S. NuclearRegulatory Commission Office of the InspectorGeneral Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 (800) 233-3497 CIA HOTLINE Office of the InspectorGeneral Central Intelligence Agency Washington, D.C. 20505 (703) 874-2600 DOEHOTLINE Departmentof Energy Office of the InspectorGeneral(IG) ATTN: IG Hotline 1000 Independence Avenue, S.W. Mail Stop 5D-031 Washington, D.C. 20585 (202) 586-4073 (800) 541-1625 DEFENSESECURITY SERVICE(DSS) DSS IG Hotline: (571) 305-6660 MichaelIrvine, IndustrialSecurity Specialist michael.irvine@dss.mil (703) 617-2300 HectorRodriguez, Field CISpecialist hector.Rodriguez@dss.mil (571) 289-0657
CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements GlobalCompliance (Non Security-Related Reporting) Ifyou suspect, orare asked to coverup, any of the following, report it to your supervisor, to the MFA’s Compliance Office orLegal Department, orcontact Global Compliance: > Fraud/False Claims/Upcoding > Kickbacks for referrals > Conflicts of interest > Theft > Harassment or discrimination > Criminal activity > Violations of laws or regulations > Health, safety, environmental issues > Violations of company policy or procedure Updated: June 2016
CLEARED REFRESHER SECURITY TRAINING Acknowledgement Ihereby certify by my signature below that Ihave reviewed the information contained herein and understand it is my responsibility to comply with all necessary security measures outlined in the June 2016 Facility Security Clearance RefresherTraining forCleared GW MFA Employees. Name Signature Date Position and Department Ple ase re turn this page to the Fac ility Se c urity Offic e ronc e it has be e n signe d via e mailto kmajchrzak@mfa.gwu.edu orfac simile at 202-741-2214 Updated: June 2016

Recommended

Facility security clearance refresher training
Facility security clearance refresher trainingFacility security clearance refresher training
Facility security clearance refresher trainingPhilip Barquer
 
HLM Associates Brochure 2015
HLM Associates Brochure 2015HLM Associates Brochure 2015
HLM Associates Brochure 2015Andrew Hall, PSP, ISP, PSC, SPIPC, SAPPC, SFPC
 
Anvil TRIS Brochure FINAL_US
Anvil TRIS Brochure FINAL_USAnvil TRIS Brochure FINAL_US
Anvil TRIS Brochure FINAL_USDylan Shaver
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Security Clearance Information
Security Clearance InformationSecurity Clearance Information
Security Clearance InformationClearanceJobs
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
Risk assessment report
Risk assessment reportRisk assessment report
Risk assessment reportEugene Mukuka, BSc. MBA, MSc
 

Recommended

Facility security clearance refresher training
Facility security clearance refresher trainingFacility security clearance refresher training
Facility security clearance refresher trainingPhilip Barquer
 
HLM Associates Brochure 2015
HLM Associates Brochure 2015HLM Associates Brochure 2015
HLM Associates Brochure 2015Andrew Hall, PSP, ISP, PSC, SPIPC, SAPPC, SFPC
 
Anvil TRIS Brochure FINAL_US
Anvil TRIS Brochure FINAL_USAnvil TRIS Brochure FINAL_US
Anvil TRIS Brochure FINAL_USDylan Shaver
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Security Clearance Information
Security Clearance InformationSecurity Clearance Information
Security Clearance InformationClearanceJobs
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
Risk assessment report
Risk assessment reportRisk assessment report
Risk assessment reportEugene Mukuka, BSc. MBA, MSc
 
Facility security clearance refresher training.
Facility security clearance refresher training.Facility security clearance refresher training.
Facility security clearance refresher training.Philip Barquer
 
Security clearance
Security clearanceSecurity clearance
Security clearanceKartheek Guntuku
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Mandatory requirements for physical security 2
Mandatory requirements for physical security 2Mandatory requirements for physical security 2
Mandatory requirements for physical security 2Robin Patras
 
Oig 15 55-mar15
Oig 15 55-mar15Oig 15 55-mar15
Oig 15 55-mar15Andrey Apuhtin
 
U.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure AgreementU.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure AgreementRafaelleMD
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Module 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdfModule 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdfPercivalAdao7
 
Oef one scg
Oef one scgOef one scg
Oef one scgBaddddBoyyyy
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
security_clearance_faq
security_clearance_faqsecurity_clearance_faq
security_clearance_faqwebuploader
 
2010 Security Clearance Talent Assessment
2010 Security Clearance Talent Assessment2010 Security Clearance Talent Assessment
2010 Security Clearance Talent AssessmentMonster
 
WOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to knowWOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to knowCareer Communications Group
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 
ExecBriefFinal
ExecBriefFinalExecBriefFinal
ExecBriefFinalSteve Cochennet
 
2004-annual-report
2004-annual-report2004-annual-report
2004-annual-reportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理e9733fc35af6
 

More Related Content

Similar to Facility security clearance refresher training video.

Facility security clearance refresher training.
Facility security clearance refresher training.Facility security clearance refresher training.
Facility security clearance refresher training.Philip Barquer
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Mandatory requirements for physical security 2
Mandatory requirements for physical security 2Mandatory requirements for physical security 2
Mandatory requirements for physical security 2Robin Patras
 
U.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure AgreementU.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure AgreementRafaelleMD
 
Module 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdfModule 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdfPercivalAdao7
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
security_clearance_faq
security_clearance_faqsecurity_clearance_faq
security_clearance_faqwebuploader
 
2010 Security Clearance Talent Assessment
2010 Security Clearance Talent Assessment2010 Security Clearance Talent Assessment
2010 Security Clearance Talent AssessmentMonster
 
WOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to knowWOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to knowCareer Communications Group
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 

Similar to Facility security clearance refresher training video. (20)

Facility security clearance refresher training.
Facility security clearance refresher training.Facility security clearance refresher training.
Facility security clearance refresher training.
 
Security clearance
Security clearanceSecurity clearance
Security clearance
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Mandatory requirements for physical security 2
Mandatory requirements for physical security 2Mandatory requirements for physical security 2
Mandatory requirements for physical security 2
 
Oig 15 55-mar15
Oig 15 55-mar15Oig 15 55-mar15
Oig 15 55-mar15
 
U.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure AgreementU.S. Department of State; Non Disclosure Agreement
U.S. Department of State; Non Disclosure Agreement
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Module 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdfModule 3 - Information Assurance Concepts.pdf
Module 3 - Information Assurance Concepts.pdf
 
Oef one scg
Oef one scgOef one scg
Oef one scg
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 
security_clearance_faq
security_clearance_faqsecurity_clearance_faq
security_clearance_faq
 
2010 Security Clearance Talent Assessment
2010 Security Clearance Talent Assessment2010 Security Clearance Talent Assessment
2010 Security Clearance Talent Assessment
 
WOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to knowWOC 2016: Want a Security Clearance? This is what you need to know
WOC 2016: Want a Security Clearance? This is what you need to know
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptx
 
ExecBriefFinal
ExecBriefFinalExecBriefFinal
ExecBriefFinal
 
2004-annual-report
2004-annual-report2004-annual-report
2004-annual-report
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 

Recently uploaded

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理Airst S
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理e9733fc35af6
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理bd2c5966a56d
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理e9733fc35af6
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdfTodd Spodek
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理Airst S
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理A AA
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for projectVarshRR
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书irst
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理Fir La
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaYash
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYJulian Scutts
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptJosephCanama
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.tanughoshal0
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量acyefsa
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理e9733fc35af6
 

Recently uploaded (20)

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)加拿大昆特兰理工大学毕业证如何办理
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
Chambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&AChambers Global Practice Guide - Canada M&A
Chambers Global Practice Guide - Canada M&A
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 

Facility security clearance refresher training video.

  • 1. CLEARED REFRESHER SECURITY TRAINING Updated: October 2012 FACILITY SECURITY CLEARANCE REFRESHER TRAINING FOR CLEARED GW MFA EMPLOYEES J U N E 2 0 1 6
  • 2. CLEARED REFRESHER SECURITY TRAINING Briefing Contents Updated: June 2016 The Innovative Practice Section in the Department of Emergency Medicine works as a sub-contractor with the Department of Defense (DoD) to provide medical staffing support services on government contracts where securityclearancesmayberequired. The objective of this refresher training is to provide all cleared personnel with a reviewof the basic knowledge of The George Washington University Medical Faculty Associates’ security practices and procedures as a secured facilityandtoidentifytheir securityresponsibilitiesandobligationsasemployees. > Overview > Introduction > Cleared Facility Points Of Contact(POCs) > OPSEC > InformationSecurity > Counterintelligence Threats and Awareness > Cleared Employee Reporting Requirements > Acknowledgement
  • 3. CLEARED REFRESHER SECURITY TRAINING Overview The George Washington University Medical Faculty Associates (GWMFA) is a non-possessing cleared facility (referred to as Facility Security Clearance, or FCL) withasecret-level clearance. GW MFA has entered into a security agreement with the Department of Defense in order to have access to information that has been classified because of its importance to the national defense. This agreement details the security responsibilities of both the cleared organization and the United States Government. The GW MFA and many of its activities and programs are vital parts of the defense and security systems of the United States of America. The National Industrial Security Program Operating Manual (NISPOM) prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information. A copy of the NISPOM is available to all GW MFA employees by contacting the Facility Security Officer (FSO). Per the requirements outlined in the NISPOM, all cleared employees must received refresher training at least annually to review the information provided in the Initial Security Briefing for Cleared GW MFA Employees and notify personnel of changes in security regulations. KEYTERMS Classified National Security Information (“Classified Information”): official information or material that requires protection in the interests of National Security and that is classified for such purpose by appropriate classifying authority in accordance with the provisions of Executive Order 13526 Facility Security Clearance (FCL): an administrative determination that, from a security viewpoint, a company is eligible for access to classified information of a certain category (and all lower categories) Non-possessing facility: facility with no approved storage for classified material Facility Security Officer (FSO): a U.S. citizen contractor employee, who is cleared as part of the facility clearance, responsible for supervising and directing security measures necessary for implementing applicable NISPOM and related Federal requirements for the protection of classified information SECRET Classification Level: as applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe Updated: June 2016
  • 4. CLEARED REFRESHER SECURITY TRAINING Introduction In order to have a successful security program, we need active participation not only from the FSO and management, butalso YOUas a cleared employee. By being a cleared contractor/sub-contractor to the U.S. Government, we all have an obligation to the security and reputation of our organization and country. The most important thing we can do each day is to be AWARE. Each one of us can make a difference by familiarizing ourselves with GW MFA’s facility security clearance policies and procedures, being cognizant of our reporting requirements, and understanding the threat and dangers of intelligence collection and the steps we can take to countermeasure the risks. Updated: June 2016
  • 5. CLEARED REFRESHER SECURITY TRAINING Kyle Majchrzak Operations Manager/ Facility Security Officer(FSO) International Special Projects & Medical Education Training Programs Department of Emergency Medicine 2120 L Street, NW Suite 530, Office 5-119 Washington, DC 20037 Telephone: (202) 741-2944 Email: kmajchrzak@mfa.gwu.edu Jason McKay Training CenterManager/ Assistant Facility Security Officer(FSO) International Special Projects & Medical Education Training Programs Department of Emergency Medicine 2120 L Street, NW Suite 530, Office 5-107 Washington, DC 20037 Telephone: (202) 741-3421 Email: jmckay@mfa.gwu.edu Updated: June 2016 Cleared Facility Points of Contact (POCs) Yo u must report any known orsuspected security violation, suspicious contacts, or vulnerability of which you become aware to the FSO, inde pe nde nt o f who is re spo nsible o rat fault fo rthe situatio n, so se c urity issue sc an be addre sse d imme diate ly.
  • 6. CLEARED REFRESHER SECURITY TRAINING Operations Security (OPSEC) Violatorsof OPSEC: #1 USMilitary #2 U.S. CONTRACTORS!!! …Don’t bea statistic OPSEC: > Is a process that identifies critical information and protects it from our adversaries > Is an important part of every organization and we all have the responsibility to manage criticalinformation > Helps to control information that could be used against us (the organization). Increased safety and security in any setting and for any purpose is the benefit Updated: June 2016 The most important security tool in operations security is YOU!
  • 7. CLEARED REFRESHER SECURITY TRAINING OPSEC &the 5-Step Cycle OPSEC 5-Step Cycle 1. Identify Critical Information – What needs to be protected and how do we protect it? 2. Analyze the Threat – Who is a potential adversary? (i.e. criminals, hackers, competitors, foreign intelligence services, insider threats) 3. Analyze Vulnerabilities – (i.e. public conversations, poor document control, with which information is not handled, stored or destroyed properly) 4. Assess Risk – What could happen? RISK= THREATx VULNERABILITY x IMPACT 5. Apply Countermeasures IdentifyCritical Information Analyze the Threat Analyze Vulnerabilities AssessRisk Apply Countermeasures Updated: June 2016
  • 8. CLEARED REFRESHER SECURITY TRAINING Information Security Classified information (official information or material that requires protection in the interests of National Security and that is classified for such purpose by appropriate classifying authority) can be in the form of: Updated: June 2016 The three levels applied to classified information are: X TOP SECRET – the unauthorized disclosure of Top Secret information reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe SECRET – the unauthorized disclosure of Secret information reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe CONFIDENTIAL– the unauthorized disclosure of Confidential information reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe A cleared contractor with a “need-to-know” (determination made by an authorized holder of classified information that a prospective recipient has a requirement for access to, knowledge, or possession of the classified information to perform tasks or services essential to the fulfillment of a classified contract or program), possessing the necessary clearance level, and having been briefed accordingly may view classified material at or below their clearance level Remember, GW MFA is cleared to the levels of Secret and Confidential > Documents > Faxes > Personnel files > Equipment and machinery > Working papers > Photographs > Maps & sketches > Meeting notes > Emails > Medical records > Storage media > Employee travel plans/records
  • 9. CLEARED REFRESHER SECURITY TRAINING Information Security Need-to-Know Things to rememberabout Need-to-Know: > No one is entitled to classified information solely by virtue of office, position, rank or clearance > You, as an authorized holder of classified information, have three choices in deciding whether or not to share classified material entrusted to you: i. Allowaccess when all items in the above formula are present ii. Deny access when any item in the above formula is missing iii. Delay access when any of the items in the above formula are unknown Questions about Need-to-Know? Contact the Facility Security Officer CLEARANCE SF312 (ClassifiedInformation Non-DisclosureAgreement) NEED-TO-KNOW+ + = Updated: June 2016 ACCESS
  • 10. CLEARED REFRESHER SECURITY TRAINING The mission of counterintelligence (CI) as defined by DSS is to “identify unlawful penetrators of cleared U.S. defense industry and articulate the threat for industry and U.S. governmentleaders.” Timely and accurate reporting from cleared industry is the primary tool to identify and mitigate collection efforts targeting technologies and information resident in cleared industry. On the following slides we will review: > Overview of Counterintelligence Threats > Insider Threats > Reporting the Threat > Cyber Security > Elicitation: Can You Recognize It? > Foreign Travel Vulnerability Updated: June 2016 Counterintelligence Threats and Awareness
  • 11. CLEARED REFRESHER SECURITY TRAINING The technology base ofthe U.S. is underconstant attack. DSS has identified foreign entities (most aggressively East Asia and the Pacific, as well as Africa) seeking intelligence value in our: > Information systems technology > Aeronautics > Lasers, optics and sensor technology > In the commercial space, government-tendered requirements as well as information to compete against competitors Foreign Entities seek classified information formany reasons. Below are some examples: > To obtain an advantage against regional adversaries > Replicate U.S. capabilities > Develop countermeasures to U.S. systems > Profit commercially As collection methods evolve, DSShas recognized the following trends: > Collectors view request for information (RFI) (i.e. seemingly innocent requests made by collectors regarding shipping logistics and export regulations) > Cyber collection (i.e. foreign entities gaining access to unclassified cleared contractor networks, potentially compromising sensitive, but unclassified, information present on those networks) > Academic solicitation (foreign entities use students, professors, scientists and researchers as collectors ; i.e. foreign students applying to cleared contractors associated with U.S. universities) Updated: June 2016 Counterintelligence Threats and Awareness Overview of Threats
  • 12. CLEARED REFRESHER SECURITY TRAINING The numberone threat to national security comes from the “InsiderThreat”. An insider can have a negative impact on national security and industry security in: > Loss or compromise of classified, export-controlled, or proprietary information > Loss of technological superiority > Economic loss and/or loss of life Updated: June 2016 Some indicators of an insiderthreat are: > Engaging in classified conversations without a ne e d-to -kno w > Working hours inconsistent with job assignment or insistence on working in private > Repeated security violations Ifnoticed, it is best to report these examples of suspicious activity to yourFSO. Again, be aware of yoursurroundings and those around you. Counterintelligence Threats and Awareness InsiderThreats
  • 13. CLEARED REFRESHER SECURITY TRAINING Itis yourOBLIGATIONTO REPORTactual, probable orpossible espionage, sabotage, terrorism orsubversion promptly to the FSO. DSS has warned that the majority of suspicious contacts originate from commercial entities. Examples include: > Feb 2012: Pangang Group (steel manufacturer in Sichuan province of China) indicted in Northern California for conspiracy to commit economic espionage including conspiracy to steal valuable trade secrets from DuPont. > Feb 2012: Hanjuan Jin was found guilty in Illinois for theft of trade secrets; she illegally possessed thousands of Motorola trade secrets on her computer and in other forms of digital storage; her intent was to pass the information to the Chinese military. Hanjuan Jin- November 7, 2011 (AP) Attempted intrusions are the mostcommon suspicious activity in: > Socially engineered emails with malicious attachments to exploit commercial software > Spoofing emails that imitate valid domains > Attempted intrusion from removable media Counterintelligence Threats and Awareness Reporting the Threat Updated: June 2016
  • 14. CLEARED REFRESHER SECURITY TRAINING Cybercriminals, hackers, insiderthreats, terrorists and foreign intelligence entities are targeting ourtechnology by using the following methods: > Phishing emails with malicious links or attachments > Unpatched or outdated security software > Removable media > Weak or default passwords > Website vulnerabilities > Seeking information on social networks Steps that can be taken to mitigate the risk include: > Changing your passwords regularly > Using complex alphanumeric passwords with combinations of numbers, symbols, letters, and multiple characters > Do not open emails/attachments from unfamiliar sources > Do not install or connect personal software or hardware to your organization’s network without permission from the IT department > Do not share work information on social networks Updated: June 2016 Counterintelligence Threats and Awareness CyberSecurity
  • 15. CLEARED REFRESHER SECURITY TRAINING Elicitation is used by intelligence officers in orderto subtly extract information about you, yourwork and/ oryourcolleagues. Mostoften, illegal orunauthorized access to classified orsensitive information is sought. Updated: June 2016 Whatare some recruitmenttools thatintelligence officers use to lure a targetthatyou should be aware of? > Money is offered by an intelligence officer (IO) to a target in exchange for information > Appealing to ideology (IO expresses same worldview or political leanings with a target in order to gain trust) > Ego (target becomes the subject of immense flattery and praise) > Revenge (IO learns target is disgruntled and encourages retribution by passing on classified information) > Blackmail (IO learns of damaging information and forces target to cooperate by threatening to expose personal secrets) > Industrial spies attend trade shows and conferences, which allows them to ask questions that might otherwise seem suspicious in a different environment Counterintelligence Threats and Awareness Elicitation: Can You Recognize It?
  • 16. CLEARED REFRESHER SECURITY TRAINING Whatcan be done to counterrecruitment attempts? > Safeguard your words and actions to avoid becoming an easy target. > Examine your own vulnerabilities and adjust your lifestyle to close gaps that hostile entities could exploit. Updated: June 2016 Report any suspicious conversations to yourFSO. This information willbe passed on to DSS, who willthen review and determine ifa potentialcounterintelligence threat concern exists. Counterintelligence Threats and Awareness Elicitationand Recruitment
  • 17. CLEARED REFRESHER SECURITY TRAINING As cleared contractors travel for business and/ or personal use, the knowledge they have is sought-afterby foreign entities. Collection techniques include the following: > Bugged hotel rooms or airline cabins for audio and/or visual surveillance > Intercepting faxes or email transmissions > Recording of telephone calls/conversations > Theft of electronic devices > Unauthorized access to electronic devices > Installation of malicious software > Unnecessary and often unknown search of briefcases/luggage Updated: June 2016 Counterintelligence Threats and Awareness Foreign TravelVulnerability: CollectionTechniques
  • 18. CLEARED REFRESHER SECURITY TRAINING To combat potential vulnerabilities, please apply the following countermeasures when traveling abroad: > Do not publicize travel plans and limit sharing of this information to people who need to know > Inform the FSO prior to departure and receive an official foreign travel briefing > Maintain control of media and equipment; do not leave them unattended in hotel rooms > Keep hotel room doors locked and make a mental note of how the room looks when you leave/return > Do not use computer or fax equipment at foreign hotels or business centers for sensitive matters > Ignore or deflect intrusive or suspect inquiries or conversations about professional or personal matters > Refrain from bringing portable electronic devices, especially if company-issued > If using portable electronic devices, set passwords to restrict access and clear the device in the event of theft > Encrypt data, hard drives and storage devices whenever possible > Use complex passwords > Please refer to the State Department website for travel warnings prior to departure Updated: June 2016 Counterintelligence Threats and Awareness Foreign TravelVulnerability: Countermeasures
  • 19. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 In accordance with requirements outlined in the NISPOM, all cleared employees are required to report the following issues to the FSO for investigation, resolution and reporting to the appropriate government agency : > Adverse Information > Change in Personal Status > Security Violations/Vulnerabilities > Espionage, Sabotage, Subversive Activities > Suspicious Contacts
  • 20. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Adverse Information Adverse information is any information that unfavorably reflects on the integrity or character of a cleared employee, that suggests his or her ability to safeguard classified information may be impaired, or that his or her access to classified information clearly may not be in the best interest of national security. All cleared employees are required to notify the FSO if any of the following exist: > Serious financial difficulties (excessive indebtedness, bankruptcy or wage garnishments) > Excessive use of intoxicants (alcohol, prescription medications) > Use of illegal drugs > Required counseling for emotional or psychological problems > Arrests or convictions for criminal offenses including drunk driving > Tickets (over $300) > Excessive/unexplained wealth > Unusual/bizarre behavior
  • 21. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Change in PersonalStatus The following should be reported to the FSO for proper documentation: > A change in name > A recent change in marital status or a spouse-like relationship > A change in citizenship > When access to classified information is no longer required due to a change in job assignments You must reportif you begin to act as a representative of or consultant to any foreign entity. This includes a foreign government (or government agency), commercial business or an individual. Example: Obtaining a foreign passport or entering into a business/partnership with a foreign national.
  • 22. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Updated: June 2016 Security Violations / Vulnerabilities In addition to personnel security reporting requirements, you must reportany known orsuspected security violationor vulnerability of which you become aware, independent of who is responsible or at fault for the situation. Security violations/vulnerabilities include: > The careless, intentional, or unintentional failure to comply with or disregard of facility security clearance policies and procedures, regardless of intent, that has resulted in the loss, compromise or suspected compromise of classified information > The unauthorized receipt of classified material > Report suspicious contacts, which are efforts by any individual, regardless of nationality, i) to obtain illegal or unauthorized access to classified information, ii) to compromise a cleared employee, iii) all contacts by employees with known or suspected intelligence officers from any country, or iv) any contact which suggests the employee concerned may be the target of an attempted exploitation by the intelligence services of another country > You must immediately report any situation related to actual, probable, or possible espionage, sabotage or subversive activities directed at the United States
  • 23. INITIAL SECURITY BRIEFING Per the NISPOM, Section 1-304 a graduated scale of discipline has been put into place in the event of an employee that violates or is negligent of his/her security requirements. The action must be reported directly to the FSO and will be reviewed for a security violation if one or more of the following factors are present: a. The violation involved a deliberate disregard of security requirements. b. The violation involved gross negligence in the handling of classified materials. c. The violation involved was not deliberate in nature but involved a pattern of negligence or carelessness. You must immediately report any situation related to actual, probable, or possible violation directly to the FSO. The FSO, if necessary will meet with the Compliance Officer and/or General Counsel to discuss the known or suspected violation. It will be determined at that time is action consists of remedial or corrective measures and/or if appropriate, disciplinary action, up to and including suspension or termination of employment pursuant to the MFA’s disciplinary policies and procedures. The FSO will maintain a record of all disciplinary and corrective actions. All disciplinary actions should be fairly and firmly enforced. If, after review with the Compliance Officer and General Counsel it is determined that an allegation does not warrant an investigation, a report will be provided based on the initial review of the allegation and why the investigation is not warranted. Updated: June 2016 Cleared Employee Reporting Requirements Security Violations / Vulnerabilities
  • 24. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Espionage, Sabotage, Subversive Activities Espionage is the act orpractice of spying orof using spies to obtain secretintelligence. You mustreport potential espionage indicators exhibited by others: > Unexplained affluence of wealth > Keeping unusual work hours > Divided loyalty or allegiance to the U.S. > Disregarding security procedures > Unauthorized removal of classified information > Unreported foreign contact and travel (applie s to c le are d e mplo ye e s) > Pattern of lying > Attempts to enlist others in illegal or questionable activity > Verbal or physical threats > Inquiry about operations/projects where no legitimate need-to-know exists Statute of limitations does NOTapply to Espionage Updated: June 2016
  • 25. CLEARED REFRESHER SECURITY TRAINING Suspicious contacts are: > Any efforts by any individual, regardless or nationality, to obtain illegal or unauthorized access to classified information or to compromise any cleared employee. > Any contact by a cleared employee with known or suspected intelligence officers from any country. > Any contact which suggests you or another employee may be the target of an attempted exploitation by foreign intelligence. Ifyou receive suspicious contacts please report them immediately to the FSO, as they willthen be reported to DSS Cleared Employee Reporting Requirements Suspicious Contacts Updated: June 2016
  • 26. CLEARED REFRESHER SECURITY TRAINING DSSCase Study In March 2009, a presumed South and Central Asian national contacted a cleared contractor in an attempt to acquire export-controlled parts used in counter-battery radar systems. In November 2009, a different U.S. cleared contractor received an unsolicited email from the same individual expressing interest in purchasing the same radar system that was requested in the March incident. The suspicious individual was a representative of a trading company from his home country. Multiple sources indicate that his home government established the trading company as a front company to procure export- controlled technology and equipment for the national military, and that the trading company had previously sought products on behalf of several military services and defense-affiliated entities. The trading company was the subject of several other SCRs reporting attempts to purchase export-controlled electronics products and communications equipment used in military aircraft. Updated: June 2016 Ifyou receive suspicious contacts please report them immediately to the FSO, as they willthen be reported to DSS Cleared Employee Reporting Requirements Suspicious Contacts – DSSCase Study
  • 27. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements Reporting Hotlines &Contact Information •In addition to the FSO within our organization, Federal agencies maintain hotlines to allow an unconstrained avenue for government and contractor personnel to report, without fear of reprisal, any known or suspected instances of security irregularities or infractions concerning defense-affiliated contracts, programs, or projects. •You are also required to report any fraud, waste or abuse regarding work while working on a government contract. •WARNING: Do NOTdisclose classified information when reporting via one of the DoD Hotline methods, as these channels are not secure! DEPARTMENTOFDEFENSE(DoD) HOTLINE The Pentagon Washington, D.C. 20301-1900 (800) 424-9098 hotline.dodig.jil http://www.dodig.mil/hotline Updated: June 2016 NRC HOTLINE U.S. NuclearRegulatory Commission Office of the InspectorGeneral Mail Stop O5-E13 11555 Rockville Pike Rockville, MD 20852 (800) 233-3497 CIA HOTLINE Office of the InspectorGeneral Central Intelligence Agency Washington, D.C. 20505 (703) 874-2600 DOEHOTLINE Departmentof Energy Office of the InspectorGeneral(IG) ATTN: IG Hotline 1000 Independence Avenue, S.W. Mail Stop 5D-031 Washington, D.C. 20585 (202) 586-4073 (800) 541-1625 DEFENSESECURITY SERVICE(DSS) DSS IG Hotline: (571) 305-6660 MichaelIrvine, IndustrialSecurity Specialist michael.irvine@dss.mil (703) 617-2300 HectorRodriguez, Field CISpecialist hector.Rodriguez@dss.mil (571) 289-0657
  • 28. CLEARED REFRESHER SECURITY TRAINING Cleared Employee Reporting Requirements GlobalCompliance (Non Security-Related Reporting) Ifyou suspect, orare asked to coverup, any of the following, report it to your supervisor, to the MFA’s Compliance Office orLegal Department, orcontact Global Compliance: > Fraud/False Claims/Upcoding > Kickbacks for referrals > Conflicts of interest > Theft > Harassment or discrimination > Criminal activity > Violations of laws or regulations > Health, safety, environmental issues > Violations of company policy or procedure Updated: June 2016
  • 29. CLEARED REFRESHER SECURITY TRAINING Acknowledgement Ihereby certify by my signature below that Ihave reviewed the information contained herein and understand it is my responsibility to comply with all necessary security measures outlined in the June 2016 Facility Security Clearance RefresherTraining forCleared GW MFA Employees. Name Signature Date Position and Department Ple ase re turn this page to the Fac ility Se c urity Offic e ronc e it has be e n signe d via e mailto kmajchrzak@mfa.gwu.edu orfac simile at 202-741-2214 Updated: June 2016