NCMS - PowerPoint PPT Presentation

1 / 57
About This Presentation
Title:

NCMS

Description:

... information, contact the ISP Lead Mentor Team by e-mail ISP_Mentor_at_hotmail.com ... w/paper NISPOM, 5 questions w/electronic search of The Annotated NISPOM in PDF) ... – PowerPoint PPT presentation

Number of Views:383
Avg rating:3.0/5.0
Slides: 58
Provided by: window63
Category:
Tags: ncms | hotmail | search

less

Transcript and Presenter's Notes

Title: NCMS


1
NCMS the Industrial Security Professional (ISP)
Certification Preparation
  • William L. Uttenweiler, ISP
  • Lead Mentor, ISP Exam Prep Program
  • Florida Space Coast Chapter, Cape Canaveral AFS,
    FL

2
Three Topics
  • What is NCMS why should you belong?
  • What is the Industrial Security Professional
    certification program why you should be one?
  • How can you best prepare for the ISP exam?

3
  • Question
  • What is NCMS why should you belong?

4
Organization
  • Society of Information Security Professionals
  • Founded in 1964
  • Headquartered in Wayne, PA
  • 37 chapters in USA 1 virtual chapter
  • 4,000 members

5
Official Scope 1
  • Develop promote education training of members
    in the application of requirements of industrial
    security in support of the security of the United
    States and its allies as described in the
    National Industrial Security Program (NISP).
  • Classified information (mostly DOD, DOE, CIA
    NRC but 23 other agencies included)

6
Official Scope 2
  • Develop and promote education and training of
    members in the application of classification
    management principles, practices, procedures,
    techniques in protecting government designated
    unclassified information intellectual property
    in all forms.
  • Government FOUO
  • Company Proprietary/Competition Sensitive, etc.
  • Operations Security (OPSEC)

7
How NCMS Meets Scope 1 2
  • Web site, especially the Members Only section
  • Annual National Training Seminar
  • CM Bulletin
  • Chapter level activities and communications

8
NCMS Web Site www.classmgmt.com
  • New news you can use
  • Resource library
  • Counterintelligence information security
    education/awareness training tools, security
    briefings
  • Government reports (NISPOM, Industrial Security
    Letters, Executive Orders, Presidential Decision
    Directives, PERSEREC Reports)
  • Classification management, physical security,
    COMSEC, OPSEC, information security, information
    assurance
  • Protecting FOUO, sensitive-but-unclassified
    information, proprietary information
  • Homeland Security, Emergency Preparedness
  • JPAS, e-QIP
  • International security, NATO, Export Control
  • Facility Security Officer Training
  • And much, much more

9
NCMS Web Site www.classmgmt.com
  • Membership Assistance Publication Series (MAPS)
    tied to sections of NISPOM
  • Self-Inspection guide for collateral facilities
  • Administrative inquiry checklist
  • Handbook on DD 254 preparation (subcontracting)
  • Sample resolution for exclusion of certain
    directors or officers
  • Briefing The Foreign Intelligence Threat
  • Sample annual security refreshers
  • Instructions for changing safe lock
    combinations
  • Where to get clips for false/drop ceilings in
    closed areas
  • Writing a master systems security plan for
    classified AIS
  • And much, much more

10
Annual National Training Seminar
  • 46th was held June 2010 in Reno NV included
  • General and break-out sessions on topics like
  • Security Awareness Training for SAPs Collateral
    Programs
  • The A to Z on How to Get a Clearance
  • DD Forms 254 for SAPs Collateral Programs
  • Preempting Personnel Clearance Issues
  • Mitigating Foreign Ownership, Control Influence
    (FOCI)
  • Prime Contractor Responsibilities
  • International Program Security Review
    Requirements
  • Setting Up a Corporate Import/Export Program
  • Summaries of sessions published in CM Bulletin
    when available, slides posted on-line
  • Proctored ISP certification exam

11
47th Annual National Training Seminar
12
CM Bulletin
  • Bi-monthly NCMS newsletter
  • Official means of communication between
    leadership members
  • Articles by members on topics of interest, for
    example
  • Results of polygraph survey
  • Perils of the Internet
  • How to build a better security team
  • Verbal attestations
  • US port deal highlights foreign investments
  • Data spills cleanup prevention
  • Effective speaking tips

13
Chapter level activities communications
  • Chapter-sponsored seminars
  • Chapter meetings with speakers
  • E-mail from chapter chair with news, updates,
    etc.
  • Association with government audit/ inspection
    personnel in a professional, non-adversarial
    environment
  • Networking you are never alone

14
Official Scope 3
  • Advance the professionalism of Members through a
    formal certification program recognized by
    government industry.
  • Industrial Security Professional (ISP)
    certification
  • http//www.ncms-isp.org/
  • More in a moment

15
Official Scope 4
  • Advance its purpose by representation
    participation on U.S. government professional
    security councils, committees, boards forums
    through formal comment, proposal, petition,
    coordination.
  • Memorandum of Understanding (MOU) Group
  • NISP Policy Advisory Committee (NISPPAC)
  • Close rapport with ISOO, DSS, etc.

16
The MOU Group
  • MOU Group
  • Membership includes NCMS 5 other groups
  • NISP Policy Advisory Committee
  • By invitation but usually includes NCMS members
  • Both represent industrys voice to top-level
    government security policy makers

17
Information Flowing Up
  • Example High Security Lock Legislation
  • Pushed by Sen. Jim Bunning (R-KY) in FY 2002
    Defense Authorization Bill
  • Would have accelerated requirement X0-8/9 locks
    (replacement kits cost 1,200 each cabinets cost
    1,570 - 5,679 each)
  • Industry surveyed costs (231 million) and
    concluded they were not justified by risk
  • Bunnings district includes headquarters of
    MAS-Hamilton, the only manufacturer of compliant
    locks

18
Information Flowing Up
  • Example personnel security investigation backlog
  • Explained the costs in unaccomplished work while
    PSIs languish uncompleted
  • DSS agreed to allowing facilities to each
    prioritize a small number of if cases and to
    accelerate their completion
  • Early notification of DSS plans and requests for
    future PSI needs

19
Special Relationships
  • Special relationships with ISOO, DSS, etc.
  • High level staff frequently with Board of
    Directors on issues of mutual interest
  • High level staff regular present at NCMS National
    Training Center
  • Permanent host for presentation of DSSs James S.
    Cogswell Award for outstanding industrial
    security programs

20
Evaluating the Value of Memberships
  • DSS James S. Cogswell Award for Outstanding
    Industrial Security Program
  • 2006 NCMS members for 13 of the 28 selected
    firms
  • 2007 NCMS members for 20 of the 30 selected
    firms
  • An NCMS member was one of the firms
    representatives at the awards ceremony.

21
Management Support Is Critical
  • Security professionals need enthusiastic support
    from their management
  • More than signing the occasional policy or giving
    the intro at annual company refresher
  • Reimbursement for dues and expenses
  • Permission to attend functions and work on NCMS
    business (both for training and good PR within
    the DOD contractor community)
  • Demonstrates to other employees that security is
    important to the company

22
  • Question
  • What is NCMS why should you belong?
  • Answer
  • NCMS is the Society of Information Security
    Professionals. If you belong to NCMS, you your
    company are never hanging out there alone. You
    have access to local national level resources
    experts when a question or a problem occurs.

23
Question What is the Industrial Security
Professional certification program why should
you be one?
24
ISP Certification
  • The security certification universe in 2003
  • Some of existing ones were too broad
  • Certified Protection Professional (CPP)
  • Others were narrowly focused but on other
    disciplines
  • Physical Security Professional (PSP)
  • Certified Fraud Examiner (CFE)
  • Certified Information Systems Security
    Professional (CISSP)
  • Global Information Assurance Certificate (GIAC)
  • Certified in Homeland Security (CHS)

25
ISP Certification
  • Security certification universe in 2003
  • None focused on the National Industrial Security
    Program (NISP) or the NISPOM
  • None included areas like Counterintelligence (CI)
    and Communications Security/TEMPEST
  • NCMS grassroots wanted a certification would
    closely match what a Facility Security Officer
    (FSO) and his/her staff actually do

26
Industrial Security Professional
  • Industrial Security Professional (ISP)
    certification
  • For individuals involved in classified government
    contracts
  • Introduced in 2004
  • Aimed at journeyman level professionals
  • 300 currently certified world-wide

27
ISP Certification
  • ISP Certification requirements
  • 5 years experience (can be part-time if gt10 of
    duties)
  • Pass a proctored exam
  • 110 questions (100 core plus 5 each on 2
    electives chosen from 4 available
    counterintelligence, COMSEC/TEMPEST, intellectual
    property, OPSEC)
  • 2 hours long open book
  • Recommended by supervisor or NCMS National
    Director
  • Subscribe to high ethical standards

28
ISP Certification
  • Recertification required every 3 years
  • Shows continued professional development
  • Demonstrates that person has kept current on both
    threats and defenses
  • Can be accomplished by
  • Training/seminar attendance
  • Leadership in security activities
  • Authoring articles/classes on security topics
  • Etc.

29
ISP Certification
  • Accreditation
  • Only recently provided for the ASIS-sponsored
    CPP ISP isnt far behind
  • However, can be a valuable assurance in the case
    of a new program like the ISP
  • NCMS is working with the American National
    Standards Institute (ANSI) to get formal
    accreditation for the ISP

30
ISP Certification
  • Accreditation process has driven the requirement
    to have on-line test takers proctored
  • Proctors insure that the candidate is the person
    who takes the exam
  • Chapter Chairs help locate current ISPs to serve
    as proctors
  • For those not near an ISP, NCMS Headquarters will
    approve qualified proctors (including Government
    Industrial Security Representatives, College/
    University teachers, etc.)

31
ISP On-Line http//www.ncms-isp.or
g/
  • Separate ISP web site to consolidate resources
  • Certification Booklet
  • Application Form
  • ISP Code of Ethics
  • Test References Sources
  • Frequently Asked Questions
  • List of Current ISPs
  • ISP Exam Preparation Program

32
ISP Certification Why Certify?
  • The ISP program provides a high-level baseline
    for the knowledge required of an Industrial
    Security FSO with at least five years of
    experience
  • It certifies that the holder of the ISP has the
    requisite knowledge of the NISPOM and other
    related directives used by the average FSO on a
    daily basis
  • It demonstrates on the part of the ISP a degree
    of professionalism and willingness to go the
    extra yard to develop professionally

33
ISP Certification Why Certify?
  • It demonstrates self-confidence willingness to
    take a risk (of flunking the certification exam
    in this case)
  • It demonstrates that the ISP has the academic and
    intellectual skills to not only perform as an FSO
    but also to develop further as a security
    professional
  • It puts a company that has ISP's on their staff
    in a stronger position for contract bids and
    re-bids in the area of security and
  • It provides a FSO with an ISP added credibility
    when dealing with DSS representatives

34
A couple of testimonials
  • Crystal Chambers, ISP, CENTRA Technology Inc.,
    Arlington, VA.  Having ISP after my name MEANS
    something! When I applied for a new position, not
    only did my new boss know what it meant, he was
    impressed!  I have an ability now to confidently
    use, refer to and quote the NISPOM! This class
    made me open up the book and LOOK at chapters I
    hadnt needed previously, like Chapter 8. Did I
    mention I got a perfect score on that
    section?    
  • Leonard Moss Jr., ISP, CHS-V, AAI Corporation,
    Hunt Valley, MD.  In October 2006 I moved
    cross-country for a promotion to the Director of
    Corporate Security at AAI Corporation.  It's a
    great opportunity and it's the promotion I had
    been seeking.  You will be happy to know that
    when I applied for this position one of the
    things the job called for was "ISP preferred. I
    thought that was great and worth sharing. It
    shows the value of our credential.

35
Recent Trend Analysis Shows Growth
36
  • Question
  • What is the Industrial Security Professional
    certification program why should you be one?
  • Answer
  • The only professional certification aimed at
    staff working to protect classified information.
    It pays dividends both in knowledge reputation.

37
Next Question How can you best prepare for
the ISP exam?
38
ISP Exam Preparation
  • Barrier to testing The Fear Factor
  • Overcoming The Fear Factor through preparation

39
The Fear Factor
  • Applicants are apprehensive about taking the exam
  • Im not good enough (or experienced enough)
  • Ive been out of school for a long time, I dont
    test well I might fail.
  • Im too busy (workload, personal problems, etc.)
  • If I fail, Ill look bad in the eyes of
    supervisors, coworkers colleagues.
  • If I fail, Ill be out several hundred dollars.
    (Some companies dont fund the exam until
    employee passes.)

40
Overcoming the Fear Factor
  • The two keys are networking preparation
  • Networking
  • Im not good enough dispelled by contact with
    colleagues (difference between test takers in
    Reno NV in 2004 Seattle WA in 2005)
  • Preparation
  • Knowledge provides self-confidence
  • Some nervousness always remains for any high
    stakes test, but the adrenalin helps

41
  • Main methods of preparation
  • Self-study
  • ISP Examination Preparation Program
  • Company or NCMS Chapter Based Study Groups
  • ISPCERT.COM

42
Self-Study http//www.ncms-isp.org/StudyRefer
ences.html
  • Self-study was the only study method available
    before 2006
  • All of the source documents for the ISP exam are
    unclassified and widely on-line
  • Anxiety was high because candidates didnt know
    if their preparation was adequate
  • Now the ISP Exam Prep Program workbook can be
    used for self-study

43
ISP Exam Preparation Program
  • Arose during 2005 ramp-up
  • Candidates met telephonically to discuss hard
    chapters (Chap 8 on AIS, Chap 10 on
    international)
  • Expanded formalized at 41st Annual National
    Training Seminar in Seattle WA
  • Sponsored by Education Training Committee
    (Chair Joseph Jessop)

44
ISP Exam Preparation Program
  • Prep Program purpose
  • Develop better security professionals conducting
    comprehensive training on fundamentals like the
    NISPOM, ISLs, OPSEC, CI, etc.
  • Assist those who do not have local ISPs to be
    their mentors
  • Encourage unsure candidates that they can
    complete appropriate preparation for the exam
  • Cooperate Graduate

45
ISP Exam Preparation Program
  • Overview
  • Students will obtain materials study in advance
    of the telecons
  • Telecons with mentors other candidates to
    answer questions, help pace the preparation, etc.
  • About 1 hour long each
  • Once a week
  • All but electives occur 3x weekly so candidates
    can pick the most convenient one

46
ISP Exam Preparation Program
  • Materials
  • Electronic copies of key references
  • Workbook to help candidates review of NISPOM
    other materials (cost 50.00 for NCMS members,
    100.00 for non-members)
  • The Annotated NISPOM, a great tool for all
    security professionals, is available at
    http//www.ncms-isp.org/NISPOM_200602_with_ISLs.pd
    f
  • Will be updated when new NISPOM is released

47
ISP Exam Preparation Program
  • Mentors
  • All are current ISPs
  • 3-person Mentor teams will provide a variety of
    experiences/viewpoints
  • Timeline
  • Current Round in the program started in
    February 2011, 180 participants
  • Timed so that candidates finish in time to test
    before the Annual NCMS National Training Seminar
    and summer vacations
  • To sign up or get more information, contact the
    ISP Lead Mentor Team by e-mail ISP_Mentor_at_hotmail.
    com

48
ISP Exam Preparation Program
  • Lesson strategy
  • Call 1A - get started, go over "Test Tips"
    article for information/techniques/tips, evaluate
    class size, etc.
  • Call 1B - look up practice (5 questions w/paper
    NISPOM, 5 questions w/electronic search of The
    Annotated NISPOM in PDF)
  • Lesson 2 - 10 - cover about 10 of the NISPOM
    in each session
  • Lesson 11 - last minute questions, wrap-up

49
ISP Exam Preparation Program
  • Lesson Strategy (continued)
  • Four optional calls 1 for each of the four
    electives
  • COMSEC/TEMPEST
  • Counterintelligence
  • Intellectual Property
  • Operations Security
  • Special Access Programs (a fifth will be offered
    once elective is approved)

50
Company or NCMS Chapter Based Study Groups
  • Newest Development (Companies)
  • SAIC
  • Study group in National Capital Region
  • Offered exam during last 2 security officer
    conferences
  • Honeywell Global Security Solutions
  • Goal of having all qualified security compliance
    staff certified by end of FY 2012
  • Raytheon Corporation
  • Over a dozen in 2010 study group in Tucson AZ area

51
Company or NCMS Chapter Based Study Groups
  • Newest Development (NCMS Chapters)
  • Mid-South Chapter (Huntsville, AL area)
  • Lunchtime group sessions with a local ISP as the
    Mentor
  • 7 tested in December 2011 all 7 passed

52
ISPCERT.COM
  • Creation of Jeffrey W. Bennett, ISP, Madison AL
    former Secretary of NCMS Mid-South Chapter
  • The Complete Guide for Industrial Security
    Professional (ISP) Exam Preparation
  • Practice test with 400 multiple choice questions
    (with answer sheets answer key)
  • Practical tips for candidates
  • Cost is 55.00

53
Final Comments on ISP Exam
  • Available on-line 24/7
  • Available on paper at 2011 NCMS Annual National
    Training Seminar in New Orleans LA this June
  • Exam isnt easy but you will pass if you
  • Prepare in advance
  • Pay attention to test discipline (110 answers in
    120 minutes)

54
  • Question
  • How can you best prepare for the ISP exam?
  • Answer
  • There are several methods, from independent
    study to use of prepared workbooks to taking the
    ISP Exam Prep Program. Choose the one you believe
    will work best for you.

55
Final Notes Security Awareness Posters
  • http//www.ncms-channelislands.org/posters.html

56
Contact Information
  • William L Uttenweiler, ISP
  • William.L.Uttenweiler_at_aero.org
  • Work Phone 321-853-0803
  • Cell Phone 321-506-7427
  • FAX 310-563-2959

57
Any More Questions?
Write a Comment
User Comments (0)
About PowerShow.com