Annual Department of Defense (DoD) Security Refresher Training · Annual Security Refresher...

Annual Department of Defense (DoD)Security Refresher Training

Protect & Secure Our Nation, Our Company and Our Jobs

IPKeys Technologies, LLC Proprietary 2019 | 1

Annual Security Refresher TrainingWelcome to your annual security refresher training!

The purpose of this briefing is toremind you of your personalresponsibilities and liabilities underthe United States Espionage andSabotage Acts and to reaffirm keysecurity policies and procedures.

A security clearance is a privilege, not a right.

When you accept the privilege of access to classified or sensitive information, you are also accepting the responsibilities that accompany this privilege.

This is a lifelong responsibility!


Your Obligation• When you received your security

clearance, you signed a classified information non-disclosure agreement form(SF312)

• By signing this form, you agreedto:o Accept lifelong obligation to

protect classified, SCI andsensitive information

o To submit any writing to a pre-publication review

• You vowed to avoid unauthorizeddisclosure, retention or negligenthandling of sensitive materials

• You also verified, by yoursignature, that you understoodthe consequences of violatingthis non-disclosure agreement


Legal & BindingWhile there are several statutes mentioned in thisagreement, there are two titles that provide specificpunishments for violations.

Disobeying any of the statutes of Title 18 or Title 50can lead to:

• Prison Sentences• Fines• Or Both

This annual refresher training is provided to you as areminder of appropriate handling measures, yourobligations, reporting requirements andresponsibilities as a cleared employee because ofthis agreement.

For more information on these titles:Title 18:http://uscode.house.gov/browse/prelim@title18&edition=prelimTitle 50:http://uscode.house.gov/browse/prelim@title50&edition=prelim


http://uscode.house.gov/browse/prelim@title18&edition=prelim




Types of Classified Information

This medium is classified

CONTROLLED UNCLASSIFIEDINFORMATION

(CUI)

U.S. Government Property

SF

710

(1-8

7)

Classified material doesrequire special clearances &

considerations to have access

Unclassified material does not requirea security clearance


SECRETProtect it from unauthorized

disclosure in compliance withapplicable executive orders,

statutes and regulations.

SF

706

(1-8

7)


TOP SECRETProtect it from unauthorized

disclosure in compliance withapplicable executive orders,

statutes and regulations.

SF

706

(1-8

7)


FOR OFFICIAL USE ONLY(FOUO)

U.S. Government Property

SF

710

(1-8

7)


Classified Government Information


CONFIDENTIALProtect it from unauthorized disclosure in

compliance with applicable executive orders,statutes and regulations.

SF 7

06(1

-87)

is information,that when compromised, could

expect to cause DAMAGEto our national security


SECRETProtect it from unauthorized disclosure in


SF 7

06(1

-87)

is information, that whencompromised, could result in

GRAVE DAMAGEto our national security


TOP SECRETProtect it from unauthorized disclosure in


SF 7

06(1

-87)

is information, that whencompromised, could result in

EXCEPTIONALLYGRAVE DAMAGE

to our national security


Classified Government Information• To access any of these three

types of information, you musthave a clearance at that level orhigher and a valid need-to-know.

• Employees are responsible forfamiliarizing themselves with theclassification guides anddirectives associated with theprogram they are supporting.

• When creating a classifieddocument it is the originatorsresponsibility to determine theappropriate classification level.

• When you are unsure how tointerpret the classification guide,discuss with your supervisor ormanager.

• Classification guides areavailable from your programsecurity office.


Economic Espionage• The American Society of

Industrial Security recentlyconducted a survey of tradesecret theft.

• This survey found, that the mostcommon targets were customerrelated information, such as:

o Business Volume &Preferences

o Financial Data

o New Product Information

o Manufacturing Process Information

Use caution whensharing these types ofinformation during timesyou may be workingwith our competitors.


Protecting Classified Materials• Your due diligence is exercising

the need-to-know principle, byrestricting access to the materialyou possess, plays a key role inthe prevention of potentialespionage.

• Most spies reported that theywere able to obtain moreinformation than they wereinitially seeking.

• Always maintain direct control ofclassified and sensitiveinformation and mark materialsproperly.

• Review your holdings annuallyfor proper disposition and keepretention to a minimum.

• This will cut costs by dealing lesswith the storage andmaintenance of materials.


Hosting MeetingsAs the meeting host you are responsibleto ensure prior to dissemination of anyclassified information that:• The location is secure and

discussions are not able to beoverheard

• All attendees have the appropriateclearance & access levels

• All attendees have a need-to-knowthe information

• All electronic devices are removed orpowered off depending upon site andprogram procedures

• And, prior to beginning any classifieddiscussions, set and announce thelevel of the meeting

As a reminder you should neverprocess classified informationon an unclassified systemCoordinate with your securityrepresentative if a classifiedcomputer is required


“No Comment” is Your Best Choice

NEVERConfirm Deny Comment

Classified information in the open press is still CLASSIFIED.You should never confirm, deny or comment on this type of information.

After all, you are recognized as a knowledgeable expert and comments you makecould be very damaging to you, personally, as well as the company.


Internet Security• When utilizing your company

computer on the Internet, don’t drawattention to yourself, or yourclearance by surfing foreignintelligence sites, or sites that arephishing for individuals with a specific clearance level.

• Be careful what you download. If youmust download a file or application,make sure it’s from a trusted andsecure site.

• Avoid accessing sites that post speculative information.

• Above all, remember, there is nosecurity on the Internet!


Dealing with Suspicious RequestsYour main defense against espionage is awareness andreporting all suspicious contacts to your security office.If you inform security, we can alert you when you aredealing with a known foreign intelligence operative orwe may help you identify an agent.If you do find yourself in contact with a suspiciousperson or foreign intelligence operative, no need topanic but remember to use caution.You are more likely to be charmed by afriend than blackmailed by an enemy.If the contact goes so far that you are asked to provideinformation, perhaps as a consultant, you should:ü Listen carefullyü Be observant and remember as many details as

possibleü Keep all options open by neither agreeing or

refusing to cooperateü Remain calmü Be non-committalü Ask for timeü Report immediately to your security office


Reporting Requirements

Employees have a legal obligation to report certain events, not only about yourself but your coworkers. These include:

• Loss, compromise or suspected compromise of classified information

• Known, or suspected security violations involving classified data

• Changes in personal status such as, name changes, marital status, citizenship or when access to classified information is no longer required due to a change in job assignments.

• On becoming a representative of a foreign interest, including work or support for a foreigngovernment, company or individual


Reporting RequirementsYou are also required to report information of anadverse nature. Adverse information such as:• Arrest or detention by any law enforcement agency• Financial situations, such as bankruptcy, garnishment

of wages and excessive indebtedness.• Unexplained affluence, such as, a sudden wealthy

lifestyle without an increase in salary and moneytransfers beyond known sources of income.

• Uncontrolled use of alcohol, prescription medicationsand/or illegal narcotics.

• Treatment and counseling for mental or emotionaldisorders, excluding grief, family or maritalcounseling and treatment related to adjusting frommilitary service, unless medication has beenprescribed.

• Other matters which many have an adverse impactto safeguard classified or proprietary information.

• Your security officer acts on behalf of theGovernment and you can be assured this informationis kept in the strictest confidence. If you are not sureif information is reportable, check with your securityofficer for additional guidance.


Examples of Adverse Information


� Example #1 Individual was discovered illegally downloading movies and has beenserved with a civil suit.

� Example #2 Individual was involved in a case of road rage where he actually assaulted another individual. (Charges have been pressed.)

� Example #3 Individual has a foreign passport that he refuses to turn in.

� Example #4 Individual is in the process of a short sale of his house.

� Example #5 Individual is filing for bankruptcy.

Foreign Travel Procedures• You must report all personal and official foreign travel

to your Facility Security Officer.

• All personnel must review and complete an IPKeys

Foreign Travel Briefing at least 8 days prior to their

departure; completing the form before they depart and

immediately upon return.

• Visit Travel.State.Gov > International Travel for passport

and other travel guidance.


https://ipkeysnj.sharepoint.com/:b:/g/security/EWfI2JnQ8oNNsu95zkD_Rs0Be9mbaxvE_vT0FX-mGRUyCw?e=x5woc3

https://travel.state.gov/content/travel/en/international-travel.html

Security Infractions & Violations


Report Security ViolationsImmediately:• Leaving a safe containing classified

material open and unattended• Allowing uncleared individuals to

have access to classified material,either by viewing the material or byconducting classified discussions in anon-secured area or overunapproved communication lines

• Leaving classified materialunattended

• Removing classified material from aparticular location without approval

• Copying or destroying classifiedmaterial without approval

• Generating classified material on anon-approved computer

If a situation occurs that you thinkmay be a violation of securityprocedures, contact the FacilitySecurity Officer immediately.

Suspicious Contact Reports


Report Unusual Requests forInformation or AssistanceGeneral Information (Email,Fax or Telephone)

• Seeking specific technology, or

specifications on products

advertised

• Solicitations and marketing

services

• Hyperlinks or attachments –

DO NOT OPEN!• Student seeking help, peer

review or comments

• Targeting employees ethnicity

• “I need the names of all the

engineers for company

sweatshirts…”

Report Phishing or AdvancePersistent Threat

Counter-Intelligence

is a proactive discipline that deters and detects attempts by aforeign government, agent or competitor from illicitly acquiringnational security-related information or technology.


Its mission is to protect the company’s classified and proprietary technology from theft orcompromise and to protect its most valuable asset, its personnel, from exploitation.

Operational Security (OPSEC)

• OPSEC is the process of protecting individual pieces of data that could be grouped together to give the bigger picture (called aggregation).

• OPSEC is the protection of critical information deemed mission essential from military commanders, senior leaders, management or other decision-making bodies

• The process results in the development of countermeasures, which include technical and non-technical measures such as the use of email encryption software, taking precautions against eavesdropping, paying close attention to a picture you have taken (such as items in the background), or not talking openly on social media sites about information on the unit, activity or organization's Critical Information List.


Insider Threat Awareness


Insider Threat Awareness

• What is an Insider Threat?

• Results of Insider Threats

• How Can You Help?

• Insider Threat Indicators

• General Suspicious Behaviors


A person using his or her authorized access, wittingly or unwittingly, to do harm to thenational security and industry.

Definitions• Insider – Any person with authorized access to any government or contract resource to

include personnel, facilities, information, equipment, networks or systems. This caninclude employees, former employees, consultants, and anyone with access.

• Insider Threat – The threat that an insider will use his or her access, wittingly orunwittingly, to do harm to the security of the United States. This threat includes damageto the United States through espionage, terrorism, unauthorized disclosure of nationalsecurity information, or the loss or degradation of government, company, contract orprogram information, resources, or capabilities.

Insider Threats also include:

• Criminal activity – including theft and fraud

• Safety – including active shooter incidents

• Financial harm to industry – stealing unclassified, but sensitive or proprietaryinformation


What is an Insider Threat?

Results of Insider Threats:Why is the Insider ThreatSignificant?

An insider can have a negativeimpact on national security andindustry resulting in:• Loss or compromise of classified

or controlled sensitiveinformation

• Weapons systems cloned,destroyed, or countered

• Loss of technological superiority

• Economic loss

• Physical harm or loss of life


How Can You Help?• You are the first line of defense

against insider threats. Helpprotect our national security byreporting any suspiciousbehavior that may be related toan insider threat.

• Each employee has aresponsibility to ensure theprotection of classified andcontrolled sensitive informationentrusted to them.

• Be aware of potential issues andthe actions of those around youand report suspicious behaviors.

• Please watch this video provided by the Office of the Director of National Intelligence on how one employee struggles to deal with his stressors…and how a co-worker responds to a potential insider threat.


https://www.youtube.com/watch?v=nkWc7ZVyN9Q&feature=youtu.be

Recruitment• Unreported request for critical assets outside official channels

• Unreported or frequent foreign travel

• Suspicious foreign contacts

• Contact with individuals known or suspected to be associated with foreign intelligence,security, or terrorism

• Unreported offers of financial assistance, gifts, or favors by a foreign national or stranger

• Suspected recruitment of employee by foreign or domestic competitive companies


Insider Threat Indicators

Information Collection• Using unclassified medium to transmit classified materials

• Discussing classified materials on a non-secure telephone

• Removing classification markings from documents

• Unauthorized downloading or copying of files

• Keeping classified materials/critical assets in unauthorized locations

• Attempting to or accessing sensitive information, critical assets, or information systemswhen not required or without authorization

• Asking others to obtain critical assets to which the requestor does not have authorizedaccess

• Operating unauthorized cameras, recording devices, computers, or modems wherecritical assets are stored/discussed/processed


Insider Threat Indicators (continued)

Information Transmittal• Removing critical assets from the work area without authorization

• Extensively reproducing/transmitting critical asset-related information beyond jobrequirements

• Discussing critical asset-related information in public or on a non-secure telephone

• Using an unauthorized fax or computer to transmit classified information

• Attempting to conceal foreign travel – business or personal


Insider Threat Indicators (continued)

General Suspicious Behaviors• Attempts to expand access to critical assets by often

volunteering for duties beyond normal job responsibilities• Performs repeated or unrequired work outside of

normal hours, especially unaccompanied• Repeated security violations• Engagement in illegal activity or requesting others to do

so• Unexplained or undue affluence explained by

inheritance, luck in gambling, or some business venture• Sudden reversal of financial situation or repayment of

large debts• Attempts to compromise personnel with access to

critical assets special treatment, favors, gifts, money orother means

• Displays questionable loyalty to U.S. Government• Behaviors associated with disgruntled employees:

• Conflicts with supervisors and coworkers• Decline in work performance• Tardiness• Unexplained absenteeism


Failure to Report• Risks YOUR physical security, the

Information Security of yourorganization, and the security ofthe United States!

• Risks YOU:• Losing your security clearance• Losing your employment• Facing possible criminal

charges

• Employees should report potential insider threats to their FSO or other designated channels such as their human resources manager.


Reminder to All Employees• All employees are to comply with the requirements for

handling, transmitting & disposing of classified and unclassified information.

• The NISPOM requires random inspections of anyone entering or exiting the facility, including employees and customers (NISP 5-103.a)

• All Proprietary and Personally Identifiable Information (PII) stored on portable media and transmitted over the Internet MUST BE ENCRYPTED. If stored on a computer, the computer needs encrypting as well.

• Cleared Employees are required to report all foreign travel to their Facility Security Officer.

• It is the employee’s responsibility to safeguard classifiedand Proprietary Information & to report suspiciouscontacts.


Online Training ResourcesSecurity Awareness Hub - Insider Threat Awareness Coursehttps://securityawareness.usalearning.gov/itawareness/

Cyber Awareness Challenge 2019 Coursehttps://iatraining.disa.mil/eta/cyber-awareness-challenge/launchPage.htm

CDSE (Center for Development of Security Excellence)https://www.cdse.edu/catalog/index.html

STEPP (Security Training, Education and Professionalization Portal)https://www.cdse.edu/stepp/index.html


https://securityawareness.usalearning.gov/itawareness/

https://iatraining.disa.mil/eta/cyber-awareness-challenge/launchPage.htm

https://www.cdse.edu/catalog/index.html

https://www.cdse.edu/stepp/index.html

Message from the Corporate FSOThank You for Reviewing the 2019 Refresher BriefingIf you have any comments or questions, please feel free tocontact your FSO/AFSO at any time.

Our security program places emphasis on security educationand awareness to ensure the proper safeguarding andhandling of classified, Government restricted and proprietaryinformation, as well as promoting the understanding of thefoundation to our national security architecture and Federalpersonnel security program. Our Company advocates threatawareness, operations security (OPSEC), and advises thatall employees observe reporting requirements as a criticalelement to the security program. Our goal is to eliminate theprobability of inadvertent unauthorized disclosure in andoutside of the workplace.

Scott W. CrowellCorporate Facility Security Officer

NOTE: Cleared employees are required to be re-briefed everyyear (NISPOM 3-107).


Security Department

Scott W. CrowellCorporate Facility Security Officer (FSO)

Insider Threat Program Senior Official (ITPSO)

(540) [email protected]

Defense SecurityService (DSS)Randy Stacey (571) 220-8035

Defense HotlineThe Pentagon(800) 424-9098


Heather M. MolinaroAssistant Facility Security Officer (AFSO)

(540) [email protected]

http://www.dodhotline.dodig.mil/Hotline/hotlinecomplaint.html

mailto:[email protected]

mailto:[email protected]

http://www.dodhotline.dodig.mil/Hotline/hotlinecomplaint.html

Annual Security Refresher Quiz


Please click on the link below to begin the quiz.

Annual Security Refresher QuizThe purpose of this quiz is to reinforce your personal responsibilities and liabilities under the United States Espionage and Sabotage Acts and to reaffirm key security policies and procedures.

Annual Department of Defense (DoD) Security Refresher Training · Annual Security Refresher...

Documents

Transcript of Annual Department of Defense (DoD) Security Refresher Training · Annual Security Refresher...