Title: NCMS
1NCMS the Industrial Security Professional (ISP)
Certification Preparation
- William L. Uttenweiler, ISP
- Lead Mentor, ISP Exam Prep Program
- Florida Space Coast Chapter, Cape Canaveral AFS,
FL
2Three Topics
- What is NCMS why should you belong?
- What is the Industrial Security Professional
certification program why you should be one? - How can you best prepare for the ISP exam?
3- Question
- What is NCMS why should you belong?
4Organization
- Society of Information Security Professionals
- Founded in 1964
- Headquartered in Wayne, PA
- 37 chapters in USA 1 virtual chapter
- 4,000 members
5Official Scope 1
- Develop promote education training of members
in the application of requirements of industrial
security in support of the security of the United
States and its allies as described in the
National Industrial Security Program (NISP). - Classified information (mostly DOD, DOE, CIA
NRC but 23 other agencies included)
6Official Scope 2
- Develop and promote education and training of
members in the application of classification
management principles, practices, procedures,
techniques in protecting government designated
unclassified information intellectual property
in all forms. - Government FOUO
- Company Proprietary/Competition Sensitive, etc.
- Operations Security (OPSEC)
7How NCMS Meets Scope 1 2
- Web site, especially the Members Only section
- Annual National Training Seminar
- CM Bulletin
- Chapter level activities and communications
8NCMS Web Site www.classmgmt.com
- New news you can use
- Resource library
- Counterintelligence information security
education/awareness training tools, security
briefings - Government reports (NISPOM, Industrial Security
Letters, Executive Orders, Presidential Decision
Directives, PERSEREC Reports) - Classification management, physical security,
COMSEC, OPSEC, information security, information
assurance - Protecting FOUO, sensitive-but-unclassified
information, proprietary information - Homeland Security, Emergency Preparedness
- JPAS, e-QIP
- International security, NATO, Export Control
- Facility Security Officer Training
- And much, much more
9NCMS Web Site www.classmgmt.com
- Membership Assistance Publication Series (MAPS)
tied to sections of NISPOM - Self-Inspection guide for collateral facilities
- Administrative inquiry checklist
- Handbook on DD 254 preparation (subcontracting)
- Sample resolution for exclusion of certain
directors or officers - Briefing The Foreign Intelligence Threat
- Sample annual security refreshers
- Instructions for changing safe lock
combinations - Where to get clips for false/drop ceilings in
closed areas - Writing a master systems security plan for
classified AIS - And much, much more
10Annual National Training Seminar
- 46th was held June 2010 in Reno NV included
- General and break-out sessions on topics like
- Security Awareness Training for SAPs Collateral
Programs - The A to Z on How to Get a Clearance
- DD Forms 254 for SAPs Collateral Programs
- Preempting Personnel Clearance Issues
- Mitigating Foreign Ownership, Control Influence
(FOCI) - Prime Contractor Responsibilities
- International Program Security Review
Requirements - Setting Up a Corporate Import/Export Program
- Summaries of sessions published in CM Bulletin
when available, slides posted on-line - Proctored ISP certification exam
1147th Annual National Training Seminar
12CM Bulletin
- Bi-monthly NCMS newsletter
- Official means of communication between
leadership members - Articles by members on topics of interest, for
example - Results of polygraph survey
- Perils of the Internet
- How to build a better security team
- Verbal attestations
- US port deal highlights foreign investments
- Data spills cleanup prevention
- Effective speaking tips
13Chapter level activities communications
- Chapter-sponsored seminars
- Chapter meetings with speakers
- E-mail from chapter chair with news, updates,
etc. - Association with government audit/ inspection
personnel in a professional, non-adversarial
environment - Networking you are never alone
14Official Scope 3
- Advance the professionalism of Members through a
formal certification program recognized by
government industry. - Industrial Security Professional (ISP)
certification - http//www.ncms-isp.org/
- More in a moment
15Official Scope 4
- Advance its purpose by representation
participation on U.S. government professional
security councils, committees, boards forums
through formal comment, proposal, petition,
coordination. - Memorandum of Understanding (MOU) Group
- NISP Policy Advisory Committee (NISPPAC)
- Close rapport with ISOO, DSS, etc.
16The MOU Group
- MOU Group
- Membership includes NCMS 5 other groups
- NISP Policy Advisory Committee
- By invitation but usually includes NCMS members
- Both represent industrys voice to top-level
government security policy makers
17Information Flowing Up
- Example High Security Lock Legislation
- Pushed by Sen. Jim Bunning (R-KY) in FY 2002
Defense Authorization Bill - Would have accelerated requirement X0-8/9 locks
(replacement kits cost 1,200 each cabinets cost
1,570 - 5,679 each) - Industry surveyed costs (231 million) and
concluded they were not justified by risk - Bunnings district includes headquarters of
MAS-Hamilton, the only manufacturer of compliant
locks
18Information Flowing Up
- Example personnel security investigation backlog
- Explained the costs in unaccomplished work while
PSIs languish uncompleted - DSS agreed to allowing facilities to each
prioritize a small number of if cases and to
accelerate their completion - Early notification of DSS plans and requests for
future PSI needs
19Special Relationships
- Special relationships with ISOO, DSS, etc.
- High level staff frequently with Board of
Directors on issues of mutual interest - High level staff regular present at NCMS National
Training Center - Permanent host for presentation of DSSs James S.
Cogswell Award for outstanding industrial
security programs
20Evaluating the Value of Memberships
- DSS James S. Cogswell Award for Outstanding
Industrial Security Program - 2006 NCMS members for 13 of the 28 selected
firms - 2007 NCMS members for 20 of the 30 selected
firms - An NCMS member was one of the firms
representatives at the awards ceremony.
21Management Support Is Critical
- Security professionals need enthusiastic support
from their management - More than signing the occasional policy or giving
the intro at annual company refresher - Reimbursement for dues and expenses
- Permission to attend functions and work on NCMS
business (both for training and good PR within
the DOD contractor community) - Demonstrates to other employees that security is
important to the company
22- Question
- What is NCMS why should you belong?
- Answer
- NCMS is the Society of Information Security
Professionals. If you belong to NCMS, you your
company are never hanging out there alone. You
have access to local national level resources
experts when a question or a problem occurs.
23 Question What is the Industrial Security
Professional certification program why should
you be one?
24ISP Certification
- The security certification universe in 2003
- Some of existing ones were too broad
- Certified Protection Professional (CPP)
- Others were narrowly focused but on other
disciplines - Physical Security Professional (PSP)
- Certified Fraud Examiner (CFE)
- Certified Information Systems Security
Professional (CISSP) - Global Information Assurance Certificate (GIAC)
- Certified in Homeland Security (CHS)
25ISP Certification
- Security certification universe in 2003
- None focused on the National Industrial Security
Program (NISP) or the NISPOM - None included areas like Counterintelligence (CI)
and Communications Security/TEMPEST - NCMS grassroots wanted a certification would
closely match what a Facility Security Officer
(FSO) and his/her staff actually do
26Industrial Security Professional
- Industrial Security Professional (ISP)
certification - For individuals involved in classified government
contracts - Introduced in 2004
- Aimed at journeyman level professionals
- 300 currently certified world-wide
27ISP Certification
- ISP Certification requirements
- 5 years experience (can be part-time if gt10 of
duties) - Pass a proctored exam
- 110 questions (100 core plus 5 each on 2
electives chosen from 4 available
counterintelligence, COMSEC/TEMPEST, intellectual
property, OPSEC) - 2 hours long open book
- Recommended by supervisor or NCMS National
Director - Subscribe to high ethical standards
28ISP Certification
- Recertification required every 3 years
- Shows continued professional development
- Demonstrates that person has kept current on both
threats and defenses - Can be accomplished by
- Training/seminar attendance
- Leadership in security activities
- Authoring articles/classes on security topics
- Etc.
29ISP Certification
- Accreditation
- Only recently provided for the ASIS-sponsored
CPP ISP isnt far behind - However, can be a valuable assurance in the case
of a new program like the ISP - NCMS is working with the American National
Standards Institute (ANSI) to get formal
accreditation for the ISP
30ISP Certification
- Accreditation process has driven the requirement
to have on-line test takers proctored - Proctors insure that the candidate is the person
who takes the exam - Chapter Chairs help locate current ISPs to serve
as proctors - For those not near an ISP, NCMS Headquarters will
approve qualified proctors (including Government
Industrial Security Representatives, College/
University teachers, etc.)
31ISP On-Line http//www.ncms-isp.or
g/
- Separate ISP web site to consolidate resources
- Certification Booklet
- Application Form
- ISP Code of Ethics
- Test References Sources
- Frequently Asked Questions
- List of Current ISPs
- ISP Exam Preparation Program
32ISP Certification Why Certify?
- The ISP program provides a high-level baseline
for the knowledge required of an Industrial
Security FSO with at least five years of
experience - It certifies that the holder of the ISP has the
requisite knowledge of the NISPOM and other
related directives used by the average FSO on a
daily basis - It demonstrates on the part of the ISP a degree
of professionalism and willingness to go the
extra yard to develop professionally
33ISP Certification Why Certify?
- It demonstrates self-confidence willingness to
take a risk (of flunking the certification exam
in this case) - It demonstrates that the ISP has the academic and
intellectual skills to not only perform as an FSO
but also to develop further as a security
professional - It puts a company that has ISP's on their staff
in a stronger position for contract bids and
re-bids in the area of security and - It provides a FSO with an ISP added credibility
when dealing with DSS representatives
34A couple of testimonials
- Crystal Chambers, ISP, CENTRA Technology Inc.,
Arlington, VA. Having ISP after my name MEANS
something! When I applied for a new position, not
only did my new boss know what it meant, he was
impressed! I have an ability now to confidently
use, refer to and quote the NISPOM! This class
made me open up the book and LOOK at chapters I
hadnt needed previously, like Chapter 8. Did I
mention I got a perfect score on that
section?    - Leonard Moss Jr., ISP, CHS-V, AAI Corporation,
Hunt Valley, MD. In October 2006 I moved
cross-country for a promotion to the Director of
Corporate Security at AAI Corporation. It's a
great opportunity and it's the promotion I had
been seeking. You will be happy to know that
when I applied for this position one of the
things the job called for was "ISP preferred. I
thought that was great and worth sharing. It
shows the value of our credential.
35Recent Trend Analysis Shows Growth
36- Question
- What is the Industrial Security Professional
certification program why should you be one? - Answer
- The only professional certification aimed at
staff working to protect classified information.
It pays dividends both in knowledge reputation.
37Next Question How can you best prepare for
the ISP exam?
38ISP Exam Preparation
- Barrier to testing The Fear Factor
- Overcoming The Fear Factor through preparation
39The Fear Factor
- Applicants are apprehensive about taking the exam
- Im not good enough (or experienced enough)
- Ive been out of school for a long time, I dont
test well I might fail. - Im too busy (workload, personal problems, etc.)
- If I fail, Ill look bad in the eyes of
supervisors, coworkers colleagues. - If I fail, Ill be out several hundred dollars.
(Some companies dont fund the exam until
employee passes.)
40Overcoming the Fear Factor
- The two keys are networking preparation
- Networking
- Im not good enough dispelled by contact with
colleagues (difference between test takers in
Reno NV in 2004 Seattle WA in 2005) - Preparation
- Knowledge provides self-confidence
- Some nervousness always remains for any high
stakes test, but the adrenalin helps
41- Main methods of preparation
- Self-study
- ISP Examination Preparation Program
- Company or NCMS Chapter Based Study Groups
- ISPCERT.COM
42Self-Study http//www.ncms-isp.org/StudyRefer
ences.html
- Self-study was the only study method available
before 2006 - All of the source documents for the ISP exam are
unclassified and widely on-line - Anxiety was high because candidates didnt know
if their preparation was adequate - Now the ISP Exam Prep Program workbook can be
used for self-study
43ISP Exam Preparation Program
- Arose during 2005 ramp-up
- Candidates met telephonically to discuss hard
chapters (Chap 8 on AIS, Chap 10 on
international) - Expanded formalized at 41st Annual National
Training Seminar in Seattle WA - Sponsored by Education Training Committee
(Chair Joseph Jessop)
44ISP Exam Preparation Program
- Prep Program purpose
- Develop better security professionals conducting
comprehensive training on fundamentals like the
NISPOM, ISLs, OPSEC, CI, etc. - Assist those who do not have local ISPs to be
their mentors - Encourage unsure candidates that they can
complete appropriate preparation for the exam - Cooperate Graduate
45ISP Exam Preparation Program
- Overview
- Students will obtain materials study in advance
of the telecons - Telecons with mentors other candidates to
answer questions, help pace the preparation, etc. - About 1 hour long each
- Once a week
- All but electives occur 3x weekly so candidates
can pick the most convenient one
46ISP Exam Preparation Program
- Materials
- Electronic copies of key references
- Workbook to help candidates review of NISPOM
other materials (cost 50.00 for NCMS members,
100.00 for non-members) - The Annotated NISPOM, a great tool for all
security professionals, is available at
http//www.ncms-isp.org/NISPOM_200602_with_ISLs.pd
f - Will be updated when new NISPOM is released
47ISP Exam Preparation Program
- Mentors
- All are current ISPs
- 3-person Mentor teams will provide a variety of
experiences/viewpoints - Timeline
- Current Round in the program started in
February 2011, 180 participants - Timed so that candidates finish in time to test
before the Annual NCMS National Training Seminar
and summer vacations - To sign up or get more information, contact the
ISP Lead Mentor Team by e-mail ISP_Mentor_at_hotmail.
com
48ISP Exam Preparation Program
- Lesson strategy
- Call 1A - get started, go over "Test Tips"
article for information/techniques/tips, evaluate
class size, etc. - Call 1B - look up practice (5 questions w/paper
NISPOM, 5 questions w/electronic search of The
Annotated NISPOM in PDF) - Lesson 2 - 10 - cover about 10 of the NISPOM
in each session - Lesson 11 - last minute questions, wrap-up
49ISP Exam Preparation Program
- Lesson Strategy (continued)
- Four optional calls 1 for each of the four
electives - COMSEC/TEMPEST
- Counterintelligence
- Intellectual Property
- Operations Security
- Special Access Programs (a fifth will be offered
once elective is approved)
50Company or NCMS Chapter Based Study Groups
- Newest Development (Companies)
- SAIC
- Study group in National Capital Region
- Offered exam during last 2 security officer
conferences - Honeywell Global Security Solutions
- Goal of having all qualified security compliance
staff certified by end of FY 2012 - Raytheon Corporation
- Over a dozen in 2010 study group in Tucson AZ area
51Company or NCMS Chapter Based Study Groups
- Newest Development (NCMS Chapters)
- Mid-South Chapter (Huntsville, AL area)
- Lunchtime group sessions with a local ISP as the
Mentor - 7 tested in December 2011 all 7 passed
52ISPCERT.COM
- Creation of Jeffrey W. Bennett, ISP, Madison AL
former Secretary of NCMS Mid-South Chapter - The Complete Guide for Industrial Security
Professional (ISP) Exam Preparation - Practice test with 400 multiple choice questions
(with answer sheets answer key) - Practical tips for candidates
- Cost is 55.00
53Final Comments on ISP Exam
- Available on-line 24/7
- Available on paper at 2011 NCMS Annual National
Training Seminar in New Orleans LA this June - Exam isnt easy but you will pass if you
- Prepare in advance
- Pay attention to test discipline (110 answers in
120 minutes)
54- Question
- How can you best prepare for the ISP exam?
- Answer
- There are several methods, from independent
study to use of prepared workbooks to taking the
ISP Exam Prep Program. Choose the one you believe
will work best for you.
55Final Notes Security Awareness Posters
- http//www.ncms-channelislands.org/posters.html
56Contact Information
- William L Uttenweiler, ISP
- William.L.Uttenweiler_at_aero.org
- Work Phone 321-853-0803
- Cell Phone 321-506-7427
- FAX 310-563-2959
57Any More Questions?