Tuesday, November 26, 2013

Which has the heaviest weight, professional certification or a college degree?

I’ve been asked the question several times and the answer I usual provide is: “it depends.”

Many job announcements in the industrial security / security specialist / facility security officer (FSO) career field list the duties to be performed, and then jumps into qualifications. The job descriptions center on working within a security program designed to protect classified information at a department of defense or other department or agency and their supporting contractor location. The qualifications usually require a minimum of a predetermined number of years’ performing security tasks and a four year degree. Most of the time the four year degree can be substituted for demonstrated experience. Rarely if ever is demonstrated job performance able to be substituted.

So, in this scenario, I would answer that the certification weighs heavier than the college degree.

As an example, let’s look at an applicant for a new FSO position. She is a veteran who had received an honorable discharge after four years of service. While on active duty, she was awarded a security clearance and performed duties requiring her to protect classified information. Additionally, she wrote local policy to protect classified information and received glowing comments of her successful security program during Inspector General audits. These comments were translated to positive bullets in on the spot awards and performance evaluations.

Once discharged, she accepted a job with a cleared defense contractor. For the next three years she supported and learned from an experienced FSO while managing personnel security tasks, assisting in the SCIF, and running the information security program. These challenges gave her the confidence to register for and take the Industrial Security Professional Certification exam. She also applied for a new facility security officer position opening at another cleared contractor facility across town. Though in night school, she hasn’t yet earned her degree. However, her military and contractor experience and ISP Certification credentials make her a competitive candidate for the job.  


The value of skilled job performance paired with ISP Certification demonstrates the ability to develop and implement security practices to protect classified information. Hiring managers are looking for candidates who are ready to go to work. These candidates must be able to show they are ready to do the job asked of them. 

There are a variety of certifications that help demonstrate the skills: FSO Certification, Security Fundamentals Professional Certification, Certified Protection Professional, ISP Certification and more. Always sharpen your skills and continuously prepare yourself for the next move. Sometimes that dream assignment becomes available. Your skill combined with timing and opportunity can make it a reality.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, November 20, 2013

Try these ISP Certification Questions


With proper preparation, you can pass this test. If you are serious about advancing in your field, get ISP certified. Some are reluctant to take the test, but they just need the confidence earned through practice. Here's a way to get 440 practice questions.

First, to meet minimum test requirements an applicant should have five years experience working in the NISPOM environment. If that’s you, then you are a technical expert and know the business of protecting classified information.

Second, study this book to practice, practice, and practice. It can help you prepare for the test.

Using practice tests to augment your ISP exam preparation will help. This book is the only one featuring four complete test length practice exams available for the ISP Certification.

It teaches insightful study tips designed to show you how to: form study groups, network, seek out opportunities, learn your way around the NISPOM and includes four exam length practice tests. According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

Again, this is the most important resource offering the largest volume and most comprehensive study questions available.


Try these questions to see how you do:




1. During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.

a. GCA

b. Contractor

c. CSA

d. State Department

e. DGR

2. Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:

a. Tamper resistant enclosure

b. Fastened to a structure

c. Protected by tamper alarm

d. Activated retinal scan

e. None of the above



3. Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.

a. Eradicating

b. Removing

c. Examining

d. Releasing

e. Exposing



4. TOP SECRET control officials shall be designated to _____________ TOP SECRET information.

a. Transmit, maintain access and accountability records for, and receive

b. Create, classify, brief, document

c. Receive, create, classify, disseminate

d. Request, assign, account, disseminate

e. Receive, transmit, classify, document






Scroll down for answers:






1.      During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.
a.            GCA
b.            Contractor (NISPOM 10-507)
c.             CSA
d.            State Department
e.             DGR
2.      Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:
a.            Tamper resistant enclosure
b.            Fastened to a structure
c.             Protected by tamper alarm (NISPOM 5-313f)
d.            Activated retinal scan
e.             None of the above
  
3.      Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.
a.            Eradicating
b.            Removing (NISPOM 8-301b)
c.             Examining
d.            Releasing
e.             Exposing

4.      TOP SECRET control officials shall be designated to _____________ TOP SECRET information.
a.            Transmit, maintain access and accountability records for, and receive (NISPOM 5-201a)
b.            Create, classify, brief, document
c.             Receive, create, classify, disseminate
d.            Request, assign, account, disseminate

e.             Receive, transmit, classify, document

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Saturday, November 9, 2013

The Industrial Security Letter

Have you ever found yourself trying to quickly find Defense Security Service (DSS) interpretation of NISPOM guidance? Mining this information has been difficult, but no longer. DSS has just added a tool to their website that covers industrial security letters. This tool takes the guesswork out of how many ISLs exists, NISPOM reference, ISL subject, status and a hyperlink to the actual ISL. Now you can easily pull up the table crosswalk your copy of the NISPOM to the applicable ISL. Here's the link:  http://www.dss.mil/isp/fac_clear/download_nispom.html

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Authorized Derivative Classifiers-Identify Yourselves

NISPOM Derivative Classification Training
While some cleared defense contractors perform non-technical services, other cleared contractors conduct derivative classification in the performance of their contracts. Derivative classification in general terms includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products.

Here's the important part, no training; no work. Properly executed National Industrial Security Program Operating Manual (NISPOM) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities.

The NISPOM outlines requirements for derivative classification training. Where the original classification authority receives training on the classification decisions annually, NISPOM requires derivative classification training once every two years. According to the NISPOM, derivative classifiers train... in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years.  According to the Defense Security Services (DSS), contractors must train their cleared employees by December 31, 2013. Those without this training are not authorized to perform the tasks.

One such training task ensures that the authorized employees apply proper markings to their products. Not only are classification markings required, but so is the documentation of who is actually performing the derivative classification. According to NISPOM paragraph 4-102d, cleared employees who are authorized to make derivative classification decisions are responsible for identifying themselves on the documents where they make those decisions. Identification instills discipline, control and accountability of derivative classification decisions. 
Remember, only authorized cleared employees are assigned as derivative classifiers and they must be identified as such.

Proper identification occurs when authorized derivative classifiers apply their names and titles on the derived items. However, contractors can substitute using their names with some type of personal identifier that translates to an authorized name and position. The use of the personal identifier is usually allowed unless the government customer states otherwise. Trained and authorized derivative classifiers and facility security officers and staff can determine what government customer's requirements by reviewing the statement of work, DD Form 254, or other security and contracts requirements for further instruction. When in doubt, they can seek clarification and raise the question of personal identifier application through program channels.

When the alternative identifier is used, the organization should develop a designator that aligns with a person’s name and position. If the government customer or anyone authorized to view the classified information has any questions, the creator can be identified from the list. The contractor should maintain this list for at least the as long as the cleared employee is with the business organization.

The contractor should consult the NISPOM for all training requirements and put a plan in place to develop and deliver the derivative classification training. After conducting the training, the contractor should document the event and include the training topic and the by name attendance list. The DSS will inspect training compliance during their inspection cycle.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".