1 Department of Commerce Office of Security Initial Information Security Briefing
2 Security Clearance A security clearance is a determination of trust, which makes you eligible for access to classified information. A security clearance is not permanent; it expires when you leave your position.
3 Requirements for holding a security clearance Attend a briefing designed to teach you proper procedures for handling and protecting classified information. Refresher briefing every year. Sign a Non-Disclosure Agreement (SF-312).
4 SF-312 Non-Disclosure Agreement Is A legally binding agreement between US Government and you. It is a life long agreement. An understanding of damage that could occur from unauthorized disclosure. An agreement to a pre-publication review An understanding that Classified information is US GOVERNMENT PROPERTY
5 SF-312 and Penalties Should you improperly disclose classified: Under E.O , Performance Plan: Performance Appraisal/Awards affected Reprimand/Suspension (Without Pay) Loss of monetary gains made from improper disclosure Loss of security clearance Termination of employment Criminal prosecution (prison/fines)
6 What is National Security Information Official information which relates to the national defense or foreign relations of the United States, which has been deemed requiring protection from unauthorized disclosure.
7 National Security Information There are three levels of classification used to describe national security information. Unauthorized disclosure of this information could cause damage to our nation s security. CONFIDENTIAL- Damage SECRET-Serious Damage TOP SECRET- Exceptionally Grave Damage
8 The Threat Why must we protect classified information? Economic espionage is on the rise Intelligence needs are economic as well as military Present/former adversaries and our allies are conducting intelligence activities against us.
9 Countries don t have friends, they have interests degaulle
10 The Threat cont... Don t forget the insider! Counterintelligence is your responsibility. Report suspicious activities to the Office of Security immediately.
11 Classification of Information How does information become classified? Original Classification: An initial determination that information, in the interests of national security, needs protection. Derivative Classification: incorporating, paraphrasing, restating, or generating in new form, information that is already classified.
12 National Security Information Classified information must fall under one of the following categories: Military plans, weapons systems or operations Foreign government information Intelligence activities, sources or methods to include cryptology
13 National Security Information cont... Foreign relations or activities of the U.S. Scientific, technological, or economic matters relating to national security Programs for safeguarding nuclear materials or facilities Vulnerabilities or capabilities of systems, installations, projects, or plans
14 Reasons to NOT classify information To conceal violation of law, inefficiency, or administrative error To prevent embarrassment to a person, organization, or agency To restrain competition To prevent or delay the release of information that does not require protection in the interests of national security.
15 Declassification Documents are marked for automatic declassification within ten years unless: The document is exempt from automatic declassification at 10 years under E.O Additional reviews at 10 and 5 year intervals. All classified documents are declassified at 25 years (with a few exceptions). No document series at Commerce are exempt.
16 Marking Documents Title and/or subject should be marked Paragraphs and sub-paragraphs must be marked Illustrations and pictures also Overall classification is determined by the highest portion marking Mark classification of the material on top/bottom of every page.
17 Marking cont... The bottom of the cover or title page of the document should have the following: Classified by: Jack Smith, Director, OSY Reason for Classification: 1.5 (d) E.O Declassify on: 1 June 2007 or x1-8 (exempt)
18 Derivative Classification When incorporating classified information, be sure to: Observe and respect original markings. Carry forward all classification markings. Carry forward declassification instructions (using the most stringent) List all sources
19 Derivative Marking If derivatively classifying a document, the bottom right corner of the should have: Derived by: Joe Burns, DOC, OSY Derived from: CIA Terrorism Report, 3/01 Declassify on: 3/1/11 (or x1-8)
20 Derivative Marking cont... When derivatively classifying a document using multiple sources, either list each source or list multiple sources and maintain a list of the sources on file copy. Always use the most stringent declassification date. If source is marked OADR, list Source marked OADR and list date of document.
21 Accountability of Classified Required for Secret and Top Secret CD481 (will be switched to a computer database) Identify who, what, when, where, how. Annual inventory is required! Use cover sheets and classified receipts!
22 Storage of Material Sensitive, FOUO, Privacy Act, proprietary information must be stored under one level of lock (desk, drawer, file cabinet). Classified information must be stored in a GSA approved security container (safe). Note that each safe should have a SF700, SF702 and open/closed sign.
23 Combinations Security container combinations are classified at the level of information in the safe. Should always be memorized; never write them down. Don t share with anyone who does not need to know it.
24 Combinations cont... Change your combination when: the security container is found open and unattended someone who has the combination leaves if you feel the combination has been compromised when the security container is taken out of service
25 Control and Access You are responsible for protecting and controlling classified information. You must limit access to authorized persons by verifying: Identification Clearance Need to know
26 LEAKS Most leaks result from: Casual conversations Don t discuss classified outside the office! Open Sources Publication does not infer declassification!
27 Transmission: Telephone/Fax Always use a STU III phone or fax Standard and cell phones are not secure Is there a secure phone in your office? If not, where is the nearest one?
28 Transmission: Double Wrapping Must be done to prepare for hand carry, courier, or US Postal Affords 2 layers of protection Protects against damage. Use opaque envelopes Don t forget a receipt Inner wrapping: full address. Return address Classification markings top/bottom and front/back Information and receipt placed inside
29 Transmission cont... Outer Wrapping: Full address of receiver Full return address NO CLASSIFICATION MARKINGS Recommend that you put If undeliverable, return to sender
30 Transmission cont... To send Top Secret: call the Office of Security. Secret and Confidential Hand-carry Approved courier US Postal Service Hand Carry: No overnight stay without proper storage No aircraft overseas Courier: check authorization US Postal: Secret: Registered Confidential: Certified, Express or First class
31 Computer Security Do not process classified unless: You have contacted an Office of Security Representative Your computer has a removable hard drive Is in a stand-alone configuration (no modem/network unless accredited)
32 Reproduction Various ways to reproduce classified information: Paper (photocopier) Electronically Other means (video and/or cassettes) Use approved equipment for that purpose Account for your copies!
33 Reproduction cont... Approved photocopiers: Are in controlled environments Do not have memories Are sanitized after classified copies are made Are serviced by cleared personnel or service personnel are monitored while repairs are made Contact the Office of Security if your copier jams while working with classified
34 DESTRUCTION Classified material destruction Approved methods: Burning (at an approved facility) Shredding (using an approved cross cut shredder) Use small classified waste burn bags Other types (FOUO, Privacy Act, SBU, etc.): SBU should be shredded using cross cut shredder. At a minimum tear up other types.
35 Overseas Travel Contact the Office of Security for a briefing before you go. Do not bring classified Limit sensitive information Notify U.S. Embassy of your visit
36 Reporting Requirements All employees must report contact with a foreign national who: Requests classified information Wants more information than they need to know Acts suspiciously Report incidents to your security officer immediately.
37 End of Day Security Checks All security containers windows/doors desk tops for classified Complete the SF 701 Activity Security Checklist. The office manager is responsible for the implementation of the SF 701
38 Your Security Officer The Office of Security is there to help you! Report to an Office of Security Rep: Security violations Loss or compromise of classified information Security incidents or problems
39 When You Depart Commerce If you are leaving the Department you must: Turn all classified material over to your classified control point Contact your Security Officer for a debriefing Turn in your ID, keys, and access cards
40 Finally. Who is responsible for security at NOAA and the Department of Commerce? YOU ARE! Have a secure day!
Department of Homeland Security Management Directives System MD Number: 11043 Issue Date: 09/17/2004 SENSITIVE COMPARTMENTED INFORMATION PROGRAM MANAGEMENT I. Purpose This directive establishes Department
1 Purpose The DOE M 470.4-4A, Information Security Manual states, All information security programs, practices, and procedures developed within DOE must be consistent with and incorporate the requirements
NATO SECURITY BRIEFING FOREWORD This sample security briefing contains the minimum elements of information that must be provided to individuals upon initial indoctrination for access to NATO classified
Introduction Derivative Classification Training The purpose of this job aid is to provide reference information for the responsibilities and procedures associated with derivative classification. This job
Center for Development of Security Excellence Learn. Perform. Protect. www.cdse.edu DEFENSE SECURITY SERVICE U N I T E D S TAT E S O F A M E R I C A Center for Development of Security Excellence (CDSE)
Consultant Annual DoD Security Refresher 1 About This Course This course should be taken by Consultants Only in this PDF format All others should take this course online LMPeople > LMCareers > Learning
Army Regulation 380 5 Security Department of the Army Information Security Program Headquarters Department of the Army Washington, DC 29 September 2000 UNCLASSIFIED SUMMARY of CHANGE AR 380 5 Department
Department of Defense (DoD) INITIAL TRAINING GUIDE Lockheed Martin Security Table of Contents Congratulations 2 Introduction 3 Reporting Requirements 4 Procedures and Duties 5 Safeguarding 6 Reproduction
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
Safeguarding Classified and Sensitive But Unclassified Information Reference Booklet for State, Local, Tribal and Private Sector Programs Updated May 2005 Office of Security Department of Homeland Security
Handling information based on the protective marking OFFICIAL INFORMATION MARKING Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective
5 FAM 480 CLASSIFYING AND DECLASSIFYING NATIONAL SECURITY INFORMATION EXECUTIVE ORDER 13526 5 FAM 481 GENERAL (CT:IM-162; 05-29-2015) (Office of Origin: A/GIS/IPS) 5 FAM 481.1 POLICY AND PURPOSE a. This
Directive: LPR 1620.1C Effective Date: June 20, 2014 Expiration Date: May 31, 2019 Langley Research Center Information Security Program Management Procedures and Guidelines National Aeronautics and Space
FedRAMP Package Access Request Form For Review of FedRAMP Security Package INSTRUCTIONS: 1. Please complete this form, then print and sign. 2. Distribute to your Government Supervisor for review and signature.
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking
Self-Inspection Handbook for NISP Contractors TABLE OF CONTENTS The Contractor Security Review Requirement... 2 The Self-Inspection Handbook for NISP Contractors... 2 The Elements of Inspection... 2 Self-Inspection
PROCESSING CLASSIFIED INFORMATION ON PORTABLE COMPUTERS IN THE DEPARTMENT OF JUSTICE U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 05-32 July 2005 PROCESSING CLASSIFIED
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table
The following Practice Test presents samples of the type, difficulty, and format of questions found on the SFPC assessment. At the end of the Practice Test, a table is provided outlining the topics and
Department of Defense MANUAL NUMBER 5200.45 April 2, 2013 USD(I) SUBJECT: Instructions for Developing Security Classification Guides References: See Enclosure 1 1. PURPOSE. This Manual reissues DoD 5200.1-H
Department of Defense MANUAL NUMBER 5200.01, Volume 3 February 24, 2012 Incorporating Change 2, March 19, 2013 USD(I) SUBJECT: DoD Information Security Program: Protection of Classified Information References:
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
Instruction sheet on the Handling of Protectively Marked Information Classified VS-NUR FÜR DEN DIENSTGEBRAUCH (RESTRICTED) (short title: VS-NfD-Merkblatt; Instructions on the Handling of RESTRICTED information)
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
Responsible University Official: Vice President for Research Responsible Office: Office for Export Controls Compliance Origination Date: May 1, 2014 EXPORT CONTROLS COMPLIANCE Policy Statement Northwestern
Information Security: Roles, Responsibilities, and Data Classification Technology Services 1/4/2013 Roles, Responsibilities, and Data Classification The purpose of this session is to: Establish that all
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
U.S. Department of Housing and Urban Development Office of Public and Indian Housing SPECIAL ATTENTION OF: NOTICE PIH-2014-10 Directors of HUD Regional and Field Offices of Public Housing; Issued: April
BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
Commanding Officer and Executive Officer Information and Personnel Security Reference Handbook Assistant for Information and Personnel Security (N09N2) Office of the Chief of Naval Operations Governing
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
Annual DoD Security Refresher Training Welcome to your annual security refresher training. The purpose of this briefing is to remind you of your personal responsibilities and liabilities under United States
U:\0REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR0-AMNT.xml DIVISION N CYBERSECURITY ACT OF 0 SEC.. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 0.
Security standards and procedures for handling NATO information may be different than US information. This briefing explains the basic security standards and procedures for safeguarding NATO information.
SECURITY ORIENTATION Administration and Resource Management Division Security Programs and Information Management Branch HQMC Security Manager: Kevin J White HQMC Assistant Security Manager: Orlando Roman
14 FAM 730 OFFICIAL MAIL AND CORRESPONDENCE (CT:LOG-202; 08-10-2015) (Office of Origin: A/LM/PMP/DPM) 14 FAM 731 TYPES OF MAIL ROOMS a. There are four types of mail rooms subject to the policies in chapter
Department of Defense MANUAL NUMBER 5200.01, Volume 4 February 24, 2012 USD(I) SUBJECT: DoD Information Security Program: Controlled Unclassified Information (CUI) References: See Enclosure 1 1. PURPOSE
Data Spills Short Introduction There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened. When data spills occur, they
Title: DPH Current Effective Date: September 22, 2003 Original Effective Date: April 14, 2003 Revision History: April 22, 2004 May 1, 2011 January, 2014 Purpose The purpose of the Division of Public Health
United States Department of Agriculture Office of Inspector General U.S. Department of Agriculture s Office of Homeland Security and Emergency Coordination - Classification Management Audit Report 61701-0001-32
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
ESA UNCLASSIFIED Releasable to the public ESA/REG/004 Paris, 18 January 2012 (Original: English) REGULATIONS OF THE EUROPEAN SPACE AGENCY Security Regulations The attached Security Regulations of the European
Middle Tennessee State University Office of Research Services Procedure No.: ORS 007: Export Control Date Approved: December 08, 2011 1. INTRODUCTION: It is the intent of Middle Tennessee State University
Pt. 1017 10 CFR Ch. X (1 1 11 Edition) jdjones on DSK8KYBLC1PROD with CFR Any person who willfully violates, attempts to violate, or conspires to violate any provision of the Act or any regulation or order
LAW ON CLASSIFIED INFORMATION CHAPTER ONE General provisions Article 1 The Law herein regulates the classification of information, conditions, criteria, measures and the activities to be taken in the process
Information security management guidelines Protectively marking and handling sensitive and security classified information Approved 21 June 2011 Version 1.0 Document details Security classification Unclassified
2010 of Canada Commissariat à l'information du Canada Table of Contents 1 INTRODUCTION... 2 1.1 PURPOSE... 2 1.2 ORGANIZATION OF THE MANUAL... 2 1.3 DEFINITION OF TERMS USED... 2 2 GOVERNANCE AND ACCOUNTABILITY...
12 FAM 530 STORING AND SAFEGUARDING CLASSIFIED MATERIAL (CT:DS-238; 06-25-2015) (Office of Origin: DS/SI/IS) NOTE: In September, 2013, DS provided new guidance that rescinded some information still existing
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. email@example.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
Instructions for Completing Required Documentation for Clinical Rotations Welcome to The Hospitals of Providence. An active Affiliation Agreement is required in order to complete any clinical rotations
NIST Special Publication 800-59 Guideline for Identifying an Information System as a National Security System William C. Barker I N F O R M A T I O N S E C U R I T Y Computer Security Division Information
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
ITAMS CIHR IRSC Canadian Institutes of Health Research Instituts de recherche en santé du Canada Personnel Security Screening Policy Table of contents 1. Effective Date...3 2. Application...3 3. Context...3
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,
GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3
Act of 20 March 1998 No. 10 relating to Protective Security Services (the Security Act) Chapter 1. General provisions Section 1. The purpose of the Act The purpose of this Act is to: a) take steps enabling
Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency
Headquarters, U.S. Marine Corps MCO P5510.18A PCN 10208490600 UNITED STATES MARINE CORPS INFORMATION AND PERSONNEL SECURITY PROGRAM MANUAL (SHORT TITLE: MARINE CORPS IPSP) DISTRIBUTION STATEMENT A: Approved
for the Physical Access Control System DHS/ALL 039 June 9, 2011 Contact Point David S. Coven Chief, Access Control Branch (202) 282-8742 Reviewing Official Mary Ellen Callahan Chief Privacy Officer (703)
REPUBLIC OF SOUTH AFRICA PROTECTION OF INFORMATION BILL (As introduced in the National Assembly (proposed section 7); explanatory summary of Bill published in Government Gazette No. 32999 of March ) (The
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information