NCMS & the Industrial Security Professional (ISP) Certification Preparation - PowerPoint PPT Presentation

1 / 54
About This Presentation

NCMS & the Industrial Security Professional (ISP) Certification Preparation


... (CPP) Others were narrowly focused but on other disciplines Physical Security Professional (PSP) Certified Fraud Examiner (CFE) ... – PowerPoint PPT presentation

Number of Views:189
Avg rating:3.0/5.0
Slides: 55
Provided by: ncmsispO


Transcript and Presenter's Notes

Title: NCMS & the Industrial Security Professional (ISP) Certification Preparation

NCMS the Industrial Security Professional (ISP)
Certification Preparation
  • William L. Uttenweiler, ISP
  • Lead Mentor, ISP Exam Prep Program
  • Florida Space Coast Chapter, Cape Canaveral AFS,

Three Topics
  • What is NCMS why should you belong?
  • What is the Industrial Security Professional
    certification program why you should be one?
  • How can you best prepare for the ISP exam?

  • Question
  • What is NCMS why should you belong?

  • Society of Information Security Professionals
  • Founded in 1964
  • Headquartered in Wayne, PA
  • 24 chapters in USA, 1 in Europe, 1 virtual
  • 2,600 members

Official Scope 1
  • Develop promote education training of members
    in the application of requirements of industrial
    security in support of the security of the United
    States and its allies as described in the
    National Industrial Security Program (NISP).
  • Classified information (mostly DOD, DOE, CIA
    NRC but 23 other agencies included)

Official Scope 2
  • Develop and promote education and training of
    members in the application of classification
    management principles, practices, procedures,
    techniques in protecting government designated
    unclassified information intellectual property
    in all forms.
  • Government FOUO
  • Company Proprietary/Competition Sensitive, etc.
  • Operations Security (OPSEC)

How NCMS Meets Scope 1 2
  • Web site, especially the Members Only section
  • Annual National Training Seminar
  • CM Bulletin
  • Chapter level activities and communications

NCMS Web Site
  • New news you can use
  • Resource library
  • Counterintelligence information security
    education/awareness training tools, security
  • Government reports (NISPOM, Industrial Security
    Letters, Executive Orders, Presidential Decision
    Directives, PERSEREC Reports)
  • Classification management, physical security,
    COMSEC, OPSEC, information security, information
  • Protecting FOUO, sensitive-but-unclassified
    information, proprietary information
  • Homeland Security, Emergency Preparedness
  • JPAS, e-QIP
  • International security, NATO, Export Control
  • Facility Security Officer Training
  • And much, much more

NCMS Web Site
  • Membership Assistance Publication Series (MAPS)
    tied to sections of NISPOM
  • Self-Inspection guide for collateral facilities
  • Administrative inquiry checklist
  • Handbook on DD 254 preparation (subcontracting)
  • Sample resolution for exclusion of certain
    directors or officers
  • Briefing The Foreign Intelligence Threat
  • Sample annual security refreshers
  • Instructions for changing safe lock
  • Where to get clips for false/drop ceilings in
    closed areas
  • Writing a master systems security plan for
    classified AIS
  • And much, much more

Annual National Training Seminar
  • 43rd was held June 2007 in Reno NV included
  • General and break-out sessions on topics like
  • DISCO JPAS behind the scenes basic/advanced
    JPAS e-QIP training
  • Threat integration in your security program
  • Security clearance adjudication
  • SCI overview special access program training
  • FOCI, export control, proxy agreements, special
    security agreements
  • Classified AIS security issues
  • OPSEC They Really Didnt Do That, Did They?
  • Ray Semko Unleashed
  • Summaries of sessions published in CM Bulletin
    when available, slides posted on-line
  • Facility Security Officer Program Management
    course offered by DSS Academy
  • Proctored ISP certification exam

45th Annual National Training Seminar
CM Bulletin
  • Bi-monthly NCMS newsletter
  • Official means of communication between
    leadership members
  • Articles by members on topics of interest, for
  • Results of polygraph survey
  • Perils of the Internet
  • How to build a better security team
  • Verbal attestations
  • US port deal highlights foreign investments
  • Data spills cleanup prevention
  • Effective speaking tips

Chapter level activities communications
  • Chapter-sponsored seminars
  • Chapter meetings with speakers
  • E-mail from chapter chair with news, updates,
  • Association with government audit/ inspection
    personnel in a professional, non-adversarial
  • Networking you are never alone

Official Scope 3
  • Advance the professionalism of Members through a
    formal certification program recognized by
    government industry.
  • Industrial Security Professional (ISP)
  • http//
  • More in a moment

Official Scope 4
  • Advance its purpose by representation
    participation on U.S. government professional
    security councils, committees, boards forums
    through formal comment, proposal, petition,
  • Memorandum of Understanding (MOU) Group
  • NISP Policy Advisory Committee (NISPPAC)
  • Close rapport with ISOO, DSS, etc.

The MOU Group
  • MOU Group
  • Membership includes NCMS 5 other groups
  • NISP Policy Advisory Committee
  • By invitation but usually includes NCMS members
  • Both represent industrys voice to top-level
    government security policy makers

Information Flowing Up
  • Example High Security Lock Legislation
  • Pushed by Sen Jim Bunning (R-KY) in FY 2002
    Defense Authorization Bill
  • Would have accelerated requirement X0-8/9 locks
    (replacement kits cost 1,200 each cabinets cost
    1,570 - 5,679 each)
  • Industry surveyed costs (231 million) and
    concluded they were not justified by risk
  • Bunnings district includes headquarters of
    MAS-Hamilton, the only manufacturer of compliant

Information Flowing Up
  • Example personnel security investigation backlog
  • Explained the costs in unaccomplished work while
    PSIs languish uncompleted
  • DSS agreed to allowing facilities to each
    prioritize a small number of if cases and to
    accelerate their completion
  • Early notification of DSS plans and requests for
    future PSI needs

Special Relationships
  • Special relationships with ISOO, DSS, etc.
  • High level staff frequently with Board of
    Directors on issues of mutual interest
  • High level staff regular present at NCMS National
    Training Center
  • Permanent host for presentation of DSSs James S.
    Cogswell Award for outstanding industrial
    security programs

Evaluating the Value of Memberships
  • DSS James S. Cogswell Award for Outstanding
    Industrial Security Program
  • 2006 NCMS members for 13 of the 28 selected
  • 2007 NCMS members for 20 of the 30 selected
  • An NCMS member was one of the firms
    representatives at the awards ceremony.

Management Support Is Critical
  • Security professionals need enthusiastic support
    from their management
  • More than signing the occasional policy or giving
    the intro at annual company refresher
  • Reimbursement for dues and expenses
  • Permission to attend functions and work on NCMS
    business (both for training and good PR within
    the DOD contractor community)
  • Demonstrates to other employees that security is
    important to the company

  • Question
  • What is NCMS why should you belong?
  • Answer
  • NCMS is the Society of Information Security
    Professionals. If you belong to NCMS, you your
    company are never hanging out there alone. You
    have access to local national level resources
    experts when a question or a problem occurs.

Question What is the Industrial Security
Professional certification program why should
you be one?
ISP Certification
  • The security certification universe in 2003
  • Some of existing ones were too broad
  • Certified Protection Professional (CPP)
  • Others were narrowly focused but on other
  • Physical Security Professional (PSP)
  • Certified Fraud Examiner (CFE)
  • Certified Information Systems Security
    Professional (CISSP)
  • Global Information Assurance Certificate (GIAC)
  • Certified in Homeland Security (CHS)

ISP Certification
  • Security certification universe in 2003
  • None focused on the National Industrial Security
    Program (NISP) or the NISPOM
  • None included areas like Counterintelligence (CI)
    and Communications Security/TEMPEST
  • NCMS grassroots wanted a certification would
    closely match what a Facility Security Officer
    (FSO) and his/her staff actually do

Industrial Security Professional
  • Industrial Security Professional (ISP)
  • For individuals involved in classified government
  • Introduced in 2004
  • Aimed at journeyman level professionals
  • 190 currently certified world-wide

ISP Certification
  • ISP Certification requirements
  • 5 years experience (can be part-time if gt10 of
  • Pass a proctored exam
  • 110 questions (100 core plus 5 each on 2
    electives chosen from 4 available
    counterintelligence, COMSEC/TEMPEST, intellectual
    property, OPSEC)
  • 2 hours long open book
  • Recommended by supervisor or NCMS National
  • Subscribe to high ethical standards

ISP Certification
  • Recertification required every 3 years
  • Shows continued professional development
  • Demonstrates that person has kept current on both
    threats and defenses
  • Can be accomplished by
  • Training/seminar attendance
  • Leadership in security activities
  • Authoring articles/classes on security topics
  • Etc.

ISP Certification
  • Accreditation
  • Only recently provided for the ASIS-sponsored
    CPP ISP isnt far behind
  • However, can be a valuable assurance in the case
    of a new program like the ISP
  • NCMS is working with the American National
    Standards Institute (ANSI) to get formal
    accreditation for the ISP

ISP Certification
  • Accreditation process has driven the requirement
    to have on-line test takers proctored
  • Proctors insure that the candidate is the person
    who takes the exam
  • Chapter Chairs help locate current ISPs to serve
    as proctors
  • For those not near an ISP, NCMS Headquarters will
    approve qualified proctors (including Government
    Industrial Security Representatives, College/
    University teachers, etc.)

ISP On-Line http//www.ncms-isp.or
  • Separate ISP web site to consolidate resources
  • Certification Booklet
  • Application Form
  • ISP Code of Ethics
  • Test References Sources
  • Frequently Asked Questions
  • List of Current ISPs
  • ISP Exam Preparation Program

ISP Certification Why Certify?
  • The ISP program provides a high-level baseline
    for the knowledge required of an Industrial
    Security FSO with at least five years of
  • It certifies that the holder of the ISP has the
    requisite knowledge of the NISPOM and other
    related directives used by the average FSO on a
    daily basis
  • It demonstrates on the part of the ISP a degree
    of professionalism and willingness to go the
    extra yard to develop professionally

ISP Certification Why Certify?
  • It demonstrates self-confidence willingness to
    take a risk (of flunking the certification exam
    in this case)
  • It demonstrates that the ISP has the academic and
    intellectual skills to not only perform as an FSO
    but also to develop further as a security
  • It puts a company that has ISP's on their staff
    in a stronger position for contract bids and
    re-bids in the area of security and
  • It provides a FSO with an ISP added credibility
    when dealing with DSS representatives

A couple of testimonials
  • Crystal Chambers, ISP, CENTRA Technology Inc.,
    Arlington, VA.  Having ISP after my name MEANS
    something! When I applied for a new position, not
    only did my new boss know what it meant, he was
    impressed!  I have an ability now to confidently
    use, refer to and quote the NISPOM! This class
    made me open up the book and LOOK at chapters I
    hadnt needed previously, like Chapter 8. Did I
    mention I got a perfect score on that
  • Leonard Moss Jr., ISP, CHS-V, AAI Corporation,
    Hunt Valley, MD.  In October 2006 I moved
    cross-country for a promotion to the Director of
    Corporate Security at AAI Corporation.  It's a
    great opportunity and it's the promotion I had
    been seeking.  You will be happy to know that
    when I applied for this position one of the
    things the job called for was "ISP preferred. I
    thought that was great and worth sharing. It
    shows the value of our credential.

  • Question
  • What is the Industrial Security Professional
    certification program why should you be one?
  • Answer
  • The only professional certification aimed at
    staff working to protect classified information.
    It pays dividends both in knowledge reputation.

Next Question How can you best prepare for
the ISP exam?
ISP Exam Preparation
  • Barrier to testing The Fear Factor
  • Overcoming The Fear Factor through preparation

The Fear Factor
  • Applicants are apprehensive about taking the exam
  • Im not good enough (or experienced enough)
  • Ive been out of school for a long time, I dont
    test well I might fail.
  • Im too busy (workload, personal problems, etc.)
  • If I fail, Ill look bad in the eyes of
    supervisors, coworkers colleagues.
  • If I fail, Ill be out several hundred dollars.
    (Some companies dont fund the exam until
    employee passes.)

Overcoming the Fear Factor
  • The two keys are networking preparation
  • Networking
  • Im not good enough dispelled by contact with
    colleagues (difference between test takers in
    Reno NV in 2004 Seattle WA in 2005)
  • Preparation
  • Knowledge provides self-confidence
  • Some nervousness always remains for any high
    stakes test, but the adrenalin helps

  • Main methods of preparation
  • Self-study
  • ISP Examination Preparation Program

Self-Study http//
  • Self-study was the only study method available
    before 2006
  • All of the source documents for the ISP exam are
    unclassified and widely on-line
  • Anxiety was high because candidates didnt know
    if their preparation was adequate
  • Now the ISP Exam Prep Program workbook can be
    used for self-study

ISP Exam Preparation Program
  • Arose during 2005 ramp-up
  • Candidates met telephonically to discuss hard
    chapters (Chap 8 on AIS, Chap 10 on
  • Expanded formalized at 41st Annual National
    Training Seminar in Seattle WA
  • Sponsored by ISP Committee (co-Chairs Barbara
    Taylor, ISP Priscilla Crawford, ISP)

ISP Exam Preparation Program
  • Prep Program purpose
  • Develop better security professionals conducting
    comprehensive training on fundamentals like the
    NISPOM, ISLs, OPSEC, CI, etc.
  • Assist those who do not have local ISPs to be
    their mentors
  • Encourage unsure candidates that they can
    complete appropriate preparation for the exam
  • Cooperate Graduate

ISP Exam Preparation Program
  • Overview
  • Students will obtain materials study in advance
    of the telecons
  • Telecons with mentors other candidates to
    answer questions, help pace the preparation, etc.
  • About 1 hour long each
  • Once a week
  • All but electives occur 3x weekly so Candidates
    can pick the most convenient one

ISP Exam Prep Program
  • Materials
  • Electronic copies of key references
  • Workbook to help candidates review of NISPOM
    other materials (cost 15)
  • The Annotated NISPOM, a great tool for all
    security professionals, is available at

ISP Exam Preparation Program
  • Mentors
  • All are current ISPs
  • 2-person Mentor teams will provide a variety of
  • Timeline
  • Next Round in the program started in July 2008
  • Timed so that Candidates finish in time to test
    before the Thanksgiving end-of-year holidays
  • To sign up or get more information, contact the
    ISP Lead Mentor Team by e-mail ISP_Mentor_at_hotmail.

ISP Exam Preparation Program
  • Lesson strategy
  • Call 1A - get started, go over "Test Tips"
    article for information/techniques/tips, evaluate
    class size, etc.
  • Call 1B - look up practice (5 questions w/paper
    NISPOM, 5 questions w/electronic search of The
    Annotated NISPOM in PDF)
  • Lesson 2 - 10 - cover about 10 of the NISPOM
    in each session
  • Lesson 11 - last minute questions, wrap-up

ISP Exam Preparation Program
  • Lesson Strategy (continued)
  • Four optional calls 1 for each of the four
  • Counterintelligence
  • Intellectual Property
  • Operations Security

  • Creation of Jeffrey W. Bennett, ISP,,
    Madison AL Secretary of NCMS Mid-South Chapter
  • The Complete Guide for Industrial Security
    Professional (ISP) Exam Preparation
  • Practice test with 400 multiple choice questions
    (with answer sheets)
  • Practical tips for candidates
  • Cost is 39.99

Final Comments on ISP Exam
  • Available on-line 24/7
  • Available on paper at 2009 NCMS Annual National
    Training Seminar in Anaheim CA next June
  • Exam isnt easy but you will pass if you
  • Pay attention to test discipline (110 answers in
    120 minutes)
  • Prepare in advance

  • Question
  • How can you best prepare for the ISP exam?
  • Answer
  • There are several methods, from independent
    study to use of prepared workbooks to taking the
    ISP Exam Prep Program. Choose the one you believe
    will work best for you.

Final Notes Security Awareness Posters
  • http//

Speaker Contact Information
  • William L Uttenweiler, ISP
  • Work Phone 321-853-0803
  • Cell Phone 321-506-7427
  • FAX 310-563-2959

Any More Questions?
Write a Comment
User Comments (0)