Protecting Assets in the NISP Flashcards
Which of the following are foreign collection methods?
Requests for Information
Suspicious network activity
Seeking employment
Foreign visits
Match corresponding activities with foreign collection methods
Unsolicited and direct requests often submitted via email–> Requests for Information
Application to degree programs associated with cleared facilities or programs–>Academic Solicitation
Involves establishing emotional relationship with the target–>Elicitation and recruitment
May use joint ventures or research partnerships–>Academic solicitation
Exchange employees or foreign business associates–>Exchange employees or foreign business associates
Experts may receive all-expenses-paid invitations to lecture–>Conferences, conventions, and trade shows
Match potential countermeasures with foreign collection methods
Conduct audits at least weekly–>suspicious network activities
Use mock-ups instead of actual equipment–>conferences, conventions, and trade shows
Brief hosts and escorts on approved procedures–>foreign visits
Share the minimum amount of information appropriate to the scope of the venture–>solicitation and seeking employment
You decide you need three specific types of information for the training session that you are planning. Match the info that you need with source from which you can obtain information:
Trends related to what is targeted and methods used–>DCSA CI Directorate
Threat assessment for your current contract–>Government Contracting Activity
Identify the current national security concerns that may affect your facility–>FBI
Determine the types of crimes that are being committed at facilities close to your company–>State or local law enforcement
Countermeasures and threat reporting
You learn from a security bulletin that a foreign country is using university students applying for low level jobs to gain entry into companies in you industry. Who do you alert–>HR
Foreign entities stepped up attempts to purchase export-controlled tech, including tech your facility develops. Who do you alert–>Business Development
You learn of a threat from a business competitor to steal blueprints and schematics. Who do you alert?–> Engineers and/or R&D
Increase in cyber-attacks against companies in your industry Who do you alert?–>Information Technology
The purpose of CI is to ________
Respond to foreign intelligence entity threats
Detect foreign intelligence entity threats
Prevent foreign intelligence entity threats
CI117_V2_1.1_003
Personnel from this group are targeted because of their access to the company’s supply chain
??? Manufacturing, R&D or Purchasing?
CI117_2.2_014:
NISPOM requires all contractors to do all of teh following for CI training except what?
Use DCSA resources, train employees upon initial access to classified, or follow NISPOM training requirements WHICH ONE
CI117_3.3_028
Risk management process
CI117_1.3_009
Strategies for the implementation of countermeasures
CI117_2.2_014: