1 Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM 1 Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM Security Awareness & Refresher Briefing
1Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM 1Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Security Awareness & Refresher Briefing
2Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Bowhead is a cleared company in the National Industrial Security Program (NISP)
• Employees are bound by Department of Defense (DoD) rules and regulations to properly protect and control all classified material in their possession per the National Industrial Security Program Operating Manual (NISPOM) and as appropriate, other Cognizant Security Agency directives.
• You must familiarize yourself with specific contract provisions on ‘how’ protection and control measures apply to each program you support.
Overview
3Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• The NISPOM requires that you be provided:
– with an Initial Security Briefing prior to being permitted access to classified
information,
– and that you be provided with an Annual Security Refresher Briefing.
• The NISPOM also states that personnel granted clearances are
required to sign a Classified Information Nondisclosure
Agreement (Standard Form 312)
– which further outlines responsibilities for the protection and safeguarding of
classified information.
– This is essentially an agreement between the individual and the U.S.
Government (discussed later in this briefing).
• Additionally, government site security managers may require
other security briefings specific to the needs of the onsite
government client.
Security Breifings
4Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• This briefing reviews some of the obligations you have when
holding a security clearance, as well as other pertinent
information.
• The items covered are:
– An Overview of the Security Classification System
– SF 312 (Classified Information Nondisclosure Agreement)
– Personnel Security Clearance notes
– Reporting Obligations
– A Threat Awareness & Defensive Security Briefing
Briefing Outline
5Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• U.S. industry develops and produces the majority of our nation’s
defense technology – much of which is classified – and thus
plays a significant role in creating and protecting the information
that is vital to our nation’s security. The National Industrial
Security Program (NISP) was established by Executive Order
12829 to ensure that cleared U.S. defense industry safeguards
the classified information in their possession while performing
work on contracts, programs, bids, or research and development
efforts.
• The Defense Security Service (DSS) administers the NISP on
behalf of the Department of Defense and 23 other federal
agencies within the Executive Branch. There are approximately
12,000 contractor facilities that are cleared for access to
classified information.
Introduction
6Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• To have access to U.S. classified information and participate in the NISP,
a facility – a designated operating entity in private industry or at a
college/university – must have a bona fide procurement requirement.
Once this requirement has been established, a facility is eligible for a
Facility Security Clearance (FCL). A Facility Security Clearance is an
administrative determination that a facility is eligible to access classified
information at the same or lower classification category as the clearance
being granted.
• The Facility Security Clearance may be granted at the Top Secret, Secret
or Confidential level.
• In order to obtain the clearance, the contractor must execute a Defense
Security Agreement which is a legally binding document that sets forth
the responsibilities of both parties and obligates the contractor to abide
by the security requirements of the National Industrial Security Program
Operating Manual (NISPOM).
Introduction (continued)
7Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Bowhead maintains a facility clearance (FCL).
Just as you are required to sign an agreement with the U.S.
Government, as a defense contractor, the company has signed a
Security Agreement with the U.S. Government.
• Your security responsibilities are real:
– They are magnified as a result of your employment in a vital
defense industry. It is essential that you realize the importance
of this.
– Unauthorized disclosure or failure to properly safeguard
classified information is punishable under the Espionage Laws
and Federal Criminal Statutes.
– Your responsibilities affect the security of our government and
the technological advancement of our nation.
Clearance Information
8Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Bowhead processes three different types of investigations:
– Collateral: Confidential, Secret and Top Secret clearance
– SCI: Caveat sometimes attached to Top Secret clearances, to
allow access to Sensitive Compartmented Information (SCI);
processed through the government
– Public Trust: Employees may have a need to work on a project
that is Controlled Unclassified Information, and may be
processed for a background investigation that does not result in
clearance, but gives access to CUI material for work in a Position
of Trust.
» FAA
» VA
» DHS
Clearance Information
9Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• As outlined by the new Executive Order 12958,
classified information is official government
information that has been determined to require
protection in the interest of national security.
• All classified information (with only one exception)
is under sole ownership of the U.S. Government,
and employees possess no right, interest, title, or
claim to such information.
Overview of Security Classification System
10Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Classified National Security Information (“classified information”): information that
has been determined pursuant to Executive Order 12958 to require protection against
unauthorized disclosure and is marked to indicate its classified status when in
documentary form.
• A major change was the automatic 10 year declassification unless exemption
category is applicable; then 25 years for formerly classified information.
• Information is classified when it is determined that its unauthorized disclosure
can reasonably be expected to cause damage to national security. Such
information is assigned a classification of TOP SECRET, SECRET, or
CONFIDENTIAL and is appropriately marked.
• Unauthorized disclosure means disclosure to someone NOT authorized by the
government to have access to classified information. Unauthorized disclosure is
punishable as detailed in the Extracts of the Espionage and Sabotage Acts.
Introduction to Classified Information
11Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Three levels have been established based on the criticality of the
information or material to national interests:
1. TOP SECRET: Information or material whose unauthorized
disclosure could be expected to cause exceptionally grave
damage to the national security.
2. SECRET: Information or material whose unauthorized
disclosure could be expected to cause serious damage to
the national security.
3. CONFIDENTIAL: Information or material whose
unauthorized disclosure could be expected to cause
damage to the national security.
Classified Information (continued)
12Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Information or material that requires protection against
unauthorized disclosure in the interest of national security
shall be classified with one of the four designations:
– Unclassified
– Confidential
– Secret
– Top Secret
– Top Secret
Security Classifications
13Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Unauthorized disclosure may be expected to cause
“damage” to national security
• EXAMPLE: Release of information that might cause foreign
government to hesitate confiding in the United States
Confidential
14Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Unauthorized disclosure may be expected to cause
“serious damage” to national security
• EXAMPLES:
– Disruption of foreign relations significantly affecting
national security
– Significant impairment of programs or policy directly
related to the national security
– Revelation of significant military plans or intelligence
operations
Secret
15Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Unauthorized disclosure may be expected to cause
“exceptionally grave” damage to national security
• EXAMPLES:
– Obstruction of programs directly related to national
security
– Revelation of significant military plans or intelligence
operations
– Compromise of significant scientific or technological
developments relating to national security
Top Secret
16Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Classified documents are boldly marked with
the highest classification on the top and bottom
of each page.
• Individual Paragraphs have markings: (U), (C),
(S), (TS).
• Use the Program Security Classification Guide
for help when marking classified for your
contract. This guide will instruct you on what
types of information should be classified at
which levels.
• If you believe information is over-classified,
contact the FSO/SSO for guidance.
Identifying Classified Information
17Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Always attach a COVER Sheet when material is out of the safe
Examples of Classified Cover Sheets
18Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Classified information exists in many forms. It may be a
piece of hardware, a photograph, a film, recording tapes,
notes, a drawing, a document or spoken words.
• Material is classified by the originator.
• It comes to industry via security classification guides.
• The degree of safeguarding required depends on the
information's classification category.
Classified Information
19Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Detailed instructions will be provided to you by the
client/site security officer before you access classified
information.
• You will be advised about identifying, handling and
safeguarding classified information.
• Always ask questions when in doubt.
Procedures for Handling Classified Information
20Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• One of the most fundamental requirements
of the NISP is the proper safeguarding and
storage of classified information. It is
essential that classified information be at
all times properly safeguarded or stored
in accordance with the requirements of
the NISPOM.
• “Safeguarding” means measures and
controls that are prescribed to protect
classified information.
Safeguarding Classified Information
21Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• The method of destruction of
classified information depends
on the level of classification of
the information and what type of
material it is.
• Check with your local security
office before destroying
classified material to ensure
proper procedures are being
followed.
Destruction of Data
22Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Determining access to classified material - When an individual is granted a
security clearance, it means that an individual is eligible to have access to
classified information on a “need-to-know” basis. Access is granted only when
the following two conditions are met:
1. The recipient has a valid and current eligibility at least as high as the
information to be released. Contact your FSO if in doubt about a
person’s clearance status.
AND
2. The recipient requires access in order to perform tasks essential to the
fulfillment of a classified Government contract or program. This is
called “need-to-know.” Contact the recipient’s supervisor if in doubt
about a person’s “need-to-know.”
• Note: It is the responsibility of the possessor of classified information to
ensure that the prospective recipient meets BOTH of these conditions.
Sharing of Classified Information
23Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Need-to-know confirmation for both internal employees and
visitors should come from a security department advisor or
representative.
• If there is doubt as to whether or not a person has a need-to-
know, you should check with the proper authority prior to
release of any classified information.
• Establishment of need-to-know is essential.
• It is far better to delay release to an authorized person than
to disclose classified information to one who is
unauthorized.
Need-to-Know
24Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Warrants a degree of protection and administrative control
that meets the criteria for exemption from the public
• CUI information includes, but is not limited to:
– Medical, Personal, Financial, Investigatory, Visa,
and Law Enforcement Records
– CUI designations can include Sensitive but Unclassified (SBU), For
Official Use Only (FOUO), Law Enforcement Sensitive (LES), DoD
Unclassified Controlled Nuclear Information (DoD UCNI), and Limited
Distribution (LD), as well as other designations developed by other
executive branches.
– If released, could result in harm or unfair treatment
to any individual or group, or could have a negative
impact upon foreign policy
Controlled Unclassified Information (CUI)
25Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
CUI information should be transmitted through means that
limit the potential for unauthorized public disclosure
Secure FAX, Phone, or other encrypted means is preferable
Custodian of CUI data needs to make this determination
During off-duty hours, CUI information must be secured
within a locked office, or in a locked container
Check with your local security office for specific information.
CUI Handling Procedures
26Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• The SF312 is essentially a lifetime contract between you and the U.S. Government
in which you agree to protect U.S. classified information from unauthorized
disclosure.
• The agreement may limit you from freely discussing your work with colleagues,
relatives, and others.
• Violation of the agreement can result in a wide array of legal action against you,
ranging from civil suits to a succession of more severe penalties. Penalties for
breaking the nondisclosure contract may include loss of clearance, fines and
criminal prosecution under several statutes.
• The original signed copy of the SF312 is forwarded to DSS for their records, while
a copy is maintained in the individual’s security file by the company.
• Failure to sign the agreement will result in revocation of your clearance.
SF-312(Classified Information Nondisclosure Agreement)
27Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Top Secret clearances are good for
5 years, at which time a PR is required.
• Secret and Confidential clearances are
good for 10 years, at which time a
PR is required.
• The PR requires that a new SF86 be
completed; however, no new
fingerprint card is necessary.
Personnel Security ClearancesPeriodic Reinvestigation (PR)
28Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
An approved “Visit Request” must precede classified visits made to Bowhead
by non-employees.
If you receive or are expecting a visitor with the expectation of discussing
classified information, contact Security to verify the visitor’s security
clearance. Similarly, a “Visit Request” must precede visits made to
Government agencies, or facilities of other companies that involve the
disclosure of classified information.
Make sure to notify the Security Office within a reasonable time, preferably
72 hours, if possible, so that the request gets completed and submitted prior
to departure.
EMPLOYEES CANNOT HAND CARRY THEIR OWN VISIT REQUEST
Visit Requests
29Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Reporting
Requirements
30Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
YOU are responsible
for reporting certain information toSecurity. This includes information aboutyourself and other cleared individuals.Items you must report are…
Report Changes in Status
31Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Personal Life Changes
– e.g. Name Change, Marital Status Change,
Citizenship Change, Cohabitation Change
• Any close and continuing Foreign Contacts
• Suspicious Contacts
• Foreign Travel
• If you are separating employment or if you are going on an
extended leave of absence
• And any changes to questions that were filled out on the SF86
(ex. Financial, Mental health, criminal, civil/legal actions, etc.)
You Must Report…
32Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Adverse Information concerning yourself or a co-worker. Examples are:
– Financial … this includes garnishments, lawsuits, bankruptcies, unexplained affluence and excessive indebtedness.
– Arrests … even if you are arrested and found “not guilty” this needs to be reported. In addition, any traffic violation with a fine over $300 should be reported.
– Psychological … mental or emotional counseling, or counseling for personality disorders (marital, family and grief counseling are excluded).
– Substance Abuse … this includes the use of illegal drugs and/or excessive use of alcohol.
You Must Report…
33Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• The NISPOM (1-302a) requires that
cleared contractor employees report
to their respective security
department, any adverse information
regarding other cleared employees.
• As a general rule, adverse
information is that which reflects
unfavorably on the trustworthiness or
reliability of the employee and
suggests that the person's ability to
safeguard classified information may
be impaired.
Reporting Requirements (continued)Adverse Information
34Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Employees are required to report any suspicious behavior or occurrences that
may occur at any time. This includes all contacts with known or suspected
intelligence officers from any country, or any contact that suggests you may be
the target of an attempted exploitation by a foreign intelligence service (NISPOM
1-302b). More specifically, employees must report to security any of the following
events:
– Any efforts, by any individual, regardless of nationality, to obtain illegal or
unauthorized access to classified or controlled unclassified information
(CUI).
– Any efforts, by any individual, regardless of nationality, to compromise a
cleared employee.
– Any contact by a cleared employee with a known or suspected intelligence
officer from any country.
– Any contact which suggests an employee may be the target of an attempted
exploitation by the intelligence services of another country.
– If there is any problem as to whether any specific situation is reportable,
questions should be directed to your Bowhead representative.
Reporting Requirements (continued) Suspicious Contacts
35Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• If you travel to another country, whether for business or pleasure,
if at all possible, you must report your travel to your Bowhead
representative prior to departure. Information regarding travel in a
foreign country will be provided to you. Foreign travel must be
reported; if not prior, then immediately after travel.
• Bowhead form, “Foreign Travel Reporting Form” should be
completed and returned to the Security Office at least 30 days
prior to foreign travel, whether personal or for business. Keep in
mind you may have additional contract specific requirements for
reporting and approvals prior to departure.
• Don’t forget this requirement includes Mexico and Canada…
anywhere NOT in the United States.
Reporting Requirements (continued)Foreign Travel
36Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Employees are required to report any loss, compromise or
suspected compromise of classified information, foreign or
domestic, to the appropriate security office (NISPOM 1-303).
Reporting provides employees with an opportunity to extricate
themselves from a compromising situation and enhances the
protection of national security information.
• Not reporting a known security compromise may in itself
constitute a major security violation, regardless of the severity of
the unreported incident.
• Violations may include acts such as misplacing, losing,
improperly storing, improperly transmitting, and leaving
classified material unattended.
Reporting Requirements (continued)Loss or Compromise
37Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Employees are required to report any
– act of sabotage or possible sabotage,
– espionage or attempted espionage,
– and any subversive or suspicious activity.
• Employees should also
report any
– attempts to solicit classified information,
– unauthorized persons on company property,
– unwillingness to work on classified information,
– and disclosure of classified information to an unauthorized person,
– along with any other condition that would qualify as a security violation
or which common sense would dictate as worth reporting.
Other Reporting Requirements
38Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Threat Awareness
39Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Any potential danger to a
system
– A person (insider/outsider)
– A thing (Internet access)
– An event (flood, lightning,
spilled coffee cup, etc.)
• Exploiting a weakness in a
system
– Intentional or unintentional
General Threats
40Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
The FBI reports that nearly 100 countries are currently running
economic espionage operations against companies in the USA.
Targets are shifting away from the classified military information sought
during the Cold War days toward basic research and development
processes.
Espionage targets also include technology and trade secrets of
U.S. high-tech companies. Our adversaries are desperate to get their
hands on everything from cost analyses, marketing plans, contract bids
and proprietary software to high-tech data itself.
Any information or process that leads to cutting-edge technology –
whether classified, proprietary or unclassified – is in high demand.
Some products are bought (or stolen) inside the US and then smuggled
overseas. Often the stolen technology is transmitted electronically.
Threat AwarenessForeign intelligence Threat
41Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Physical threats occur both inside and outside our places of work.
• Our world is getting more and more difficult to navigate. The “bad guy”
looks just like we do – you cannot tell by looking at someone what they
are thinking! We must remain vigilant in our efforts to thwart an unknown
enemy’s efforts.
• Overseas travel, foreign contact, and joint ventures increase our exposure
to the efforts of foreign intelligence collectors.
Workplace Violence: Violent acts (including physical assaults and
threats of assaults) directed toward persons at work or on duty.
• Workplace violence can ranges from offensive language to Homicide.
• Contributing Conditions: Bad Economy, Job Layoffs, Rigid Management,
Pressure for increased productivity, Mental Illness, Increased Stress,
“Toxic” work environment.
• Most workplace violence is the result of disagreements or personality
conflicts between co-workers. Have a plan for what you would do….
Physical Threats – Our World Today
42Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Actual threats - verbal, non-verbal, written
Irrational or radical beliefs and/or ideas
Unwarranted perception of unfairness
Displays of unwarranted anger
Self-image of being “irreplaceable”
Isolation - depression, suicide threats
Erratic job performance, inability to take criticism
History of drug or alcohol abuse
Obsession with weapons
Recent family, financial or other personal problems
Physical Threats – Warning Signs
43Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
You may be required to handle proprietary or other types of sensitive
information via email, electronic source, or hard copy. It is expected
that you take the utmost care in protecting this information - not
only to protect yourself and the Company, but also to protect our clients.
If you think no one would be interested in your work or your personal
information, think again! Anyone, AT ANY TIME can become a victim of
blackmail, coercion and/or identity theft – often in the blink of an eye.
BEFORE YOU SHARE INFORMATION:
• Ask WHY particular information is needed & how the information will be
protected.
• Be cautious of unknown email senders; it could be a phishing scam or
a virus. Don’t click on or install anything if you’re unsure.
• Utilize anti-virus software and a firewall, and make sure that is updated
regularly.
Protecting Company & Personal Information
44Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
An “insider” is anyone who has access to company proprietary information and / or
customer data, systems or other information; each of us is an insider.
Insiders can threaten the company’s success – often without realizing it – but not all
insider breaches are inadvertent or accidental.
Anyone with access can exploit any level of their permissions to steal, damage,
sabotage or manipulate company or customer data.
An example would be a trusted employee with access and need-to-know accessing
classified information for purposes of removing classified items unhindered and providing
such information to an unauthorized person(s).
Every individual must be diligent in recognizing and reporting insider
threat incidents.
Whether intentional or unintentional, inside actors can
harm the organization just as tangibly as an external threat
would – often with devastating results.
Insider Threats – You, Me, We
45Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Classical espionage cases still occur, but now we are seeing an increase in a
different kind of spying, an espionage based not just on the theft of classified
information, but on theft of high-technology information.
There are many ways in which an adversary can acquire information:
• Not all spies have been recruited. Some past or present employees of U.S.
companies, have stolen materials and then sold them to competitors, foreign
governments or other entities.
• A spy or mole can get a job at a targeted company and hope that their elicit
activities go undetected as they work to gather information.
• Another method is to blackmail or coerce vulnerable employees of a targeted U.S.
company or to recruit foreign nationals working with U.S. subsidiaries abroad.
• Equally as unscrupulous, and also patently illegal, is the outright bribing of
employees to steal plans, reports and other proprietary documents, or hiring so-
called consultants to spy on competitors, a practice that can include bugging
competitors' offices.
• Other methods include theft and smuggling of goods, theft of intellectual
property, tampering with companies' electronics, extortion, and so forth.
Insider Threat Awareness
46Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
The insider threat poses great danger to the company’s information and
people. Each of us must assist in detecting, identifying, and stopping espionage
activity by recognizing and reporting the following indicators of espionage:
Unnecessary after hours access
Attempts to circumvent security procedures
Unauthorized removal of classified material
Substance abuse
Unexplained affluence
Financial hardship
Unreported foreign national association(s)
Drastic changes in behavior, demeanor, or work habits
Inappropriate use of photocopy equipment, computer, or printer
Unusual, unreported or excessive foreign travel
Insider Threats – What To Watch For
47Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Insider Threats – Specific Actions
48Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Threat Awareness – External Threats
Following are some external threats that you need to be aware of:
Foreign Intelligence Services – identify people who have access to
sensitive information or cutting-edge technology and invest time to
pursue someone of interest, and/or show interest in their employment.
Report suspicious behavior and foreign national associations to
your Security Team.
Computer Attacks – occur on both classified and unclassified
networks. Information on the Internet is extremely vulnerable because
of its accessibility- use extreme caution when accessing, clicking, and
saving information.
Terrorists – threats come from international and domestic terrorists.
Suspicious individuals, vehicles, or activities in or around our facilities
must be reported immediately to the Security Team.
49Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Hackers and Crackers
Malicious Code
Viruses, Worms, Trojans, Time Bombs
Terrorism
Internet Access
Social Engineering
Insider Threat
Cyber Threats
50Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• A vulnerability is a weakness that can be exploited to develop an
attack against a system, network or individual computer.
• Examples:
▪ Users ▪ Out-of-date patches
▪ Software ▪ Unneeded services
▪ Improper storage ▪ Poor management
▪ Weak passwords
There is no such thing as
a completely secure system!
Vulnerabilities
51Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Comply with Bowhead guidelines for use of Internet and E-mail
No outside Instant Messaging applications (IM), cryptography, music or
software downloads unless approved by IT
Change your network log-on password regularly (as applicable)
– Make it easy to remember but hard to crack
– Try a “sentence” password – 1st letter of each word
[ For example: “I went down to 3rd street yesterday.” = iwdt3sy ]
Lock your workstation when you leave your desk
– CTRL+ALT+DELETE, then choose “Lock”
or
– “Windows” key + L
– For Mac users press CONTROL+SHIFT+EJECT (or with newer macs, press
power instead of eject.)
Ways to Protect the Network
52Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Environmental Concerns
– DO protect your work area; keep liquids away from
PC/keyboard
Software Accountability
– DON’T load unauthorized software
– DO report any unauthorized personnel loading software
on your workstation
– DON’T be afraid to question technicians if you don’t know
them
Network Access
– DO be aware of visitors to your site
Responsibilities of the User(DOs and DON’Ts)
53Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
Contingency Planning
– DO save your work to the network drive, not local drive.
– DO remember that you are ultimately accountable for
activities that occur under your user name
Anti Virus Program
– DO check your update file regularly
– DON’T bring files from other computers
Responsibilities of the User(DOs and DON’Ts continued)
54Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• Portable Electronic Devices (PEDs) and Removable Media include: Blackberry, cell phone, PDA, thumb/flash drive, CD/DVD, external hard drive, Bluetooth devices (Apple Watch, Fitbit, etc.)
• PEDs are prohibited in controlled spaces
• See site security officer for site-specific requirements and approved government issued hardware
PEDs and Removable Media Handling
55Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• You should know who your company security team is:
– Jennifer Reichelt, Facility Security Officer (FSO)
• 703-578-5579
– Heather Davis, Assistant FSO (AFSO)
• 540-709-2103
– Monika Rice, Assistant FSO (AFSO)
• 540-709-2104
• Any security related questions should be brought to the
security team at [email protected]
Know Your Security Team
56Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
• To report any of the instances previously cited, or other suspicious
acts, contact:
– Your immediate supervisor
– Your FSO
• In the event you cannot reach the above, you may contact the
HOTLINE…
DEFENSE HOTLINE
(800) 424-9098
The Pentagon
Washington, D.C. 20301-1900
DoD Hotline
57Proprietary Information – Do not distribute WWW.BOWHEADSUPPORT.COM
I confirm that I have read and understood the Bowhead
Awareness Briefing, as revised for 2016.
_______________________________________
Printed Name
_______________________________________
Signature
_______________________________________
Date
Please complete and return to:
Send upon completion.
Security Briefing Certificate