This is Version 1.0 of the Customizable Security Guide. This Implementation Package consists of nine elements -- the overview below plus the following:
Purpose: The Employees' Guide to Security Responsibilities is a compendium of security awareness, threat awareness, technical vulnerability, and employee assistance information. It is intended to supplement conventional security awareness and threat awareness briefings by making more in-depth information more conveniently and immediately available as needed. This program was developed for the Defense Security Service Academy by the Defense Personnel Security Research Center (PERSEREC). The project manager was Richards J. Heuer, Jr.
This program is available at no cost to US Government organizations and defense contractors. The program is intended to be put on your local area network or organizational intranet where it is readily accessible by all personnel with access to a computer screen. Security professionals can use the Guide as a source of information for security briefings and a source of articles for newsletters.
Security education goals and how this program contributes to them are discussed in Goals for Security Education.
The Guide alone is a reference work where employees can look things up. Use is voluntary. By using the Automated Security Awareness Briefing System (A-SABS) to develop an automated briefing, you can make use of the Guide mandatory. A-SABS enables automation of security awareness training or update briefings on any topic covered by the Guide. See Automated Security Awareness Briefing System (A-SABS).
Target Audience: The target audience is all government and defense industry employees and military service personnel with a security clearance and access to a computer. The Guide is written in generic language that applies to any level of security clearance in both government and defense industry.
Customize to Meet Your Needs: Before putting this program on your network, you may wish to customize and enhance it to reflect the specific procedures, policies and needs of your organization. Some government security regulations are purposefully written in general terms to enable individual organizations to implement the regulations in ways that best suit their own circumstances and needs. Therefore, only you can tell your employees what all their security responsibilities are. The section Customizing to Fit Your Needs in this Implementation Package provides guidance and assistance for tailoring the program to your specific requirements and preferences.
Security Controls: This program has been reviewed by the Department of Defense and approved for public release. Any organization that adds information to this program is responsible for obtaining appropriate approval for public release of that information.
Promoting this Program: Employees will use this Guide only to the extent that they are aware of it and find it useful. We have done our best to make it interesting and informative. If adopted by your organization, it is up to you to ensure employee awareness of it. The section of the Implementation Package called Promoting Awareness and Use provides suggestions for promotional activities and samples of potential online advertising.
Monitoring Effectiveness: The effectiveness of this program will be measured by how often employees refer to it. How much they learn will be measured, in part, by how much time they spend using the program. The section on Monitoring Effectiveness discusses software that provides summary statistics about online usage. Such software can measure trends in usage of this program and the relative effectiveness of various promotional measures.
Updating: This program will be updated periodically. Individual topics will be updated incrementally. Updates will be downloadable from the Defense Security Service Academy public Internet site at www.dss.mil/training/SecurityAwareness.htm. You will need to check this site periodically.