Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should...
-
Upload
myrtle-mcdowell -
Category
Documents
-
view
227 -
download
1
Transcript of Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should...
![Page 1: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/1.jpg)
Florida Industrial Security Workgroup
Self-Inspections
• What are Self-Inspections• Why should Self-Inspections be conducted• When should Self-Inspections be conducted• What does the NISPOM say about Self-
Inspections• What are some tips for conducting Self-
Inspections• What are some Common Issues• What qualifies as an enhancement for Self-
Inspections
![Page 2: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/2.jpg)
What Are Self-Inspections?
![Page 3: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/3.jpg)
Self-inspections are security reviews of your program.
Self-inspections should be tailored to your program.
The Self-Inspection handbook was designed to be used as a job aid and to help in complying with this requirement. The handbook was also developed to help assist in developing a viable self-inspection program tailored to the classified needs of your company.
![Page 4: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/4.jpg)
Why Should Self-Inspections Be Conducted?
![Page 5: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/5.jpg)
To be in compliance with NISPOM requirements To assess your company’s security program Improve the overall quality of your program Help identify any issues/vulnerabilities you may
not otherwise be aware of To prepare for Audits Opportunity to talk to employees one on one if
possible
![Page 6: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/6.jpg)
When Should Self-Inspections be Conducted?
![Page 7: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/7.jpg)
Generally a formal self-inspections should be conducted mid way between security reviews/Audits
There is no rule on how often self-inspections should be conducted, however this should be a continuous process
Self-Inspections can be conducted as often as FSO feels necessary
![Page 8: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/8.jpg)
What Does the NISPOM Say About Self-Inspections?
NATIONAL INDUSTRIAL SECURITY PROGRAM
OPERATING MANUAL
February 2006 Incorporating Change 1 March 28, 2013
DoD 5220.22-M
![Page 9: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/9.jpg)
1-206b: Contractors shall review their security system on a continuing basis and shall also conduct a formal self-inspection at intervals consistent with risk management principles
Risk management principles –
The process should create value
It should be an integral part of the organizational process
It should factor into the overall decision making process
It must explicitly address uncertainty
It should be systematic and structured
It should be based on the best available information
It should be tailored to the project
It must take into account human factors
It should be transparent and all-inclusive
It should be dynamic and adaptable to change
It should be continuously monitored and improved upon as the project moves forward
![Page 10: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/10.jpg)
What are Some Tips for Conducting Self-Inspections?
![Page 11: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/11.jpg)
Make Notes on Inspection checklist Interview cleared and uncleared employees Be sure to include your AFSO and ISSO Ensure to verify all documentation Having all materials centrally located helps during
Audit time Conduct self-inspections as necessary, at a
minimum two per year. Get employees involved Be sure to address any vulnerabilities that were
found Share your review with your DSS Rep, if there were
any issues found work with your rep to find solutions before the audit
![Page 12: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/12.jpg)
What are the Most Common Issues?
![Page 13: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/13.jpg)
Company claims to have conducted multiple self-inspections but vulnerabilities are still found during Audit
ISSM has failed to conduct a comprehensive self-inspection of the accredited information systems
Local employees receive great security training but off-site employees rarely receive guidance
When interviewed for Audit it is clearly evident that employees are not provided with adequate training and education
Company does not keep DSS apprised of reportable information (i.e. company name change, KMP changes)
Not following updated NISP requirements
![Page 14: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/14.jpg)
What Qualifies As An Enhancement?
Yeah we got an enhancement!!
![Page 15: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/15.jpg)
Category 5: Self Inspection - Effective documented self inspections designed to provide an on-going, continuous evaluation of the security program and promptly sharing the self inspection results with DSS, which encourages open dialogue of identified issues and possible resolutions prior to the DSS scheduled inspection.
Provide DSS with a detailed report of their self-inspections to include identifying threats or vulnerabilities
Collaborate with DSS to correct any issues prior to annual assessment
Proof of on-going and continuous evaluation of security program through multiple self-reviews
Self-review conducted by a cleared contractor outside of the corporate structure, i.e. prime contractor assisting a sub or a consultant with an applicable need-to-know (DD 254)
Establish an internal corporate review program conducted by another facility within the organization/corporate structure in addition to the required self-review
![Page 16: Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d8e5503460f94a7786d/html5/thumbnails/16.jpg)
QUESTIONS????