SECURITY EDUCATION AND AWARENESS
MULTINATIONAL INDUSTRIAL SECURITY WORKING GROUP
25 September 1990 MISWG DOCUMENT Number 9
SECURITY EDUCATION AND AWARENESS
The attached guidance for security education and awareness programmes may be incorporated into Document Number 5, "Programme/Project Security Instruction" as SECTION VI. It is explanatory in nature. Individual plans should be tailored to fit the specific requirements of each Programme/Project. Some Programmes/Projects may not require elaborate security education and awareness plans because of their size or duration. Others, however, may require more extensive programme efforts than those described hereunder.
SECURITY EDUCATION AND AWARENESS
Persons who require access to classified Programme/Project documents/material will be informed of their responsibilities and of the procedures for the safeguarding of such documents/material.
Contractors engaged in classified work in connection with the Programme/Project will develop a security education and awareness programme to ensure that their personnel are thoroughly familiar with their individual security responsibilities regarding classified Programme/Project information and material. Using national security procedures and regulations as a baseline, security education and awareness programmes will be tailored to satisfy specific aspects of the Programme/Project.
A. GENERAL PRINCIPLES
Contractors shall remind all personnel who require access to classified information of their continuing responsibilities for safeguarding Programme/Project information, to include:
1. The pertinent national laws and regulations that apply to the protection of classified information and the penalties or other consequences for their violation.
2. Indoctrination on the hostile intelligence threat, collection techniques and methods, and defensive measures employed to counter the threat.
3. The need to report promptly all security violations, unauthorized disclosures, or possible compromises for classified Programme/Project information or material to the contractors security officer.
4. Those security requirements that specifically pertain to the employees work assignment and content of this Programme/Project security instruction.
B. SECURITY BRIEFING
Before permitting personnel to have access to Programme/ Project classified information periodically during the course of the Programme/Project, persons will be briefed, if necessary, on the applicable elements in the security briefing outline, which is included herein as an Annex 1. Personnel may be asked to sign a certificate acknowledging that they have received and understand the briefing and will comply with all the requirements as they have been explained.
C. SECURITY AWARENESS
The security awareness of personnel performing classified work under the Programme/Project may be assessed by the NSAs/DSAs during security inspections. Security awareness should also be made a matter of interest during self-inspections conducted by the contractor's security staff.
D. TRAVEL SECURITY BRIEFINGS
When persons travel to countries where a special security risk may exist (to be listed for each Programme/Project), security briefings may be required before such travel. These briefings will include a discussion of the intelligence threat, tactics used by collectors, and protective measures and precautions the traveler can employ to minimize his/her susceptibility to exploitation. The traveler will also be reminded to report all suspicious contacts to the proper security authorities promptly upon completion of the travel.
E. SECURITY DEBRIEFING
Security debriefings may be given to personnel when they no longer require access to Programme/Project classified information. The debriefing will consist of a reminder of their continuing responsibility to protect Programme/Project classified information and the penalties for failure to do so. Debriefing certificates may be used to record the debriefings as necessary.
Annex 1 to Document Number 9
PROGRAMME/PROJECT SECURITY BRIEFING
1. STUDY OF THREATS
National security threats and concerns, such as:
c. Subversion; and
d. Personnel vulnerabilities.
2. SECURITY - GENERAL
a. Basic concepts;
b. General responsibilities concerning protective security; and
c. Coordination between individuals having security responsibilities and those having information, personnel management, financial management, and logistics responsibilities.
3. PROTECTIVE SECURITY
a. Definition of security and its areas of activity - physical security, personnel security, and information security.
b. Physical Security
(1) Security of facilities;
(2) Protection against unauthorized entry;
(a) Guards and rounds (preparation and maintenance briefings, post orders, timetables, tasks, strength, communications);
(b) Intruder detection systems (types of systems, maintenance, vulnerabilities, integration, security force);
(c) Barriers (nets, ditches, fences, etc.); and
(d) Lighting (perimeter, internal).
(3) Establishing security areas;
(4) Access and exit control (pass system, passwords and countersigns, check points, electronic devices, etc.);
(5) Storage conditions (strongbox, steel safe, secure doors and windows, locks, combination locks, key control, etc.);
(6) Cleaning and maintenance operations;
(7) Emergency plans, emergency destruction plan; and
(8) Visitor control procedures.
c. Personnel Security
(1) Personnel security clearances;
(2) Importance of maintaining discretion, loyalty, credibility;
(3) Security violations and possible consequences;
(4) Detection of and appropriate measures to be taken against individuals having an adverse effect on security;
(5) Laws governing security and the national sanctions for their violation; and
(6) Security in travel, both national and international.
d. Security of Classified Information
(1) Principles of information security;
(2) Need-to-know and personnel security clearance verification;
(3) Document administration:
(a) Security classification;
(b) Accounting and registry;
(c) Transmission, both nationally and internationally;
(d) Work, study and production places;
(e) Distribution and dissemination;
(h) Inventories; and
(i) Downgrading and declassification.
(4) ADP Security; and
(5) Communications security.
4. SECURITY INSPECTIONS
5. SECURITY ORGANIZATION
a. Programme/Project security organization;
b. Sponsoring Department/Agency security organization; and
c. National security organization.
6. THE SECURITY OFFICER
NOTE: The duration of this briefing is variable according to the audience and to the extent to which one wishes to develop each point.