Appendix D. Security Clearances
The purpose of a security clearance is to ensure that an individual is suitable and can be trusted to access classified or protectively marked materials. Although the term 'security clearance' is often used in the commercial world outside the sphere of government-related work, it only refers to background checks that any employer might choose to execute.
The term is used here to describe government-sponsored clearances that are issued to staff with a need to access classified material to do their job. Although the procedures vary between states and international organizations (such as NATO), the underlying principles are the same:
Regardless of the level of clearance, protectively marked material should only be available to personnel with a 'need to know'. This principle is extremely important. Just having a developed vetting (DV) clearance in the UK does not automatically grant you access to anything marked TOP SECRET, only to that which you are deemed by the appropriate security controller to need to see.
The level of clearance issued should be appropriate to a person's position and need. This rule is both for practical and economic reasons; there is no point in clearing your entire department to security check (SC) level if the most sensitive document to ever cross their desks is only marked RESTRICTED. As security clearances are expensive to conduct, this would bring unnecessary expense to the sponsoring department or company.
Security clearances ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
