education, training & awareness products & resources george bieber defense-wide ia program...
Post on 19-Dec-2015
216 views
TRANSCRIPT
Education, Training & Education, Training & AwarenessAwareness
Products & ResourcesProducts & Resources
George BieberDefense-wide IA Program (DIAP)
(703) [email protected]
AudiencesOne size DOES NOT fit all
Diverse functions, experience and backgrounds
Tailor message to audience for effectivenessExecutives/Senior managersIT/IA workforce Traditional security personnelGeneral workforce
Admin staffMission staffOther
Scientists & techniciansOther specialty
International
Multi-lingual
Managers to clerks Scientists to truck drivers Specialists to generalists Technicians to humanists
DiverseBackgrounds
Diverse Experience
Advanced Intermediate Entry
EvaluationIdentify what you want to know
Are training & awareness products being used; and by whomIs the focus of products correctWhat additional topics need to be addressedIs on the job behavior being changed as intended
Is content of training relevant to the job (level 1 evaluation)Is content of training being learned (level 2 evaluation)Is content of training being used on the job (level 3 evaluation)
Is delivery media appropriateIdentify measures & metrics to answer the questions
Evaluation forms (for level 1 evaluation)Tests (for level 2 evaluation)Data collection surveys (for level 3 evaluation)
Develop appropriate instruments to collect measurement dataTest them to ensure they perform as intended
Collect, organize and analyze dataGenerate findingsAct on findings
Army Reserve Readiness Training Center (ARRTC) - 1
Ft McCoy, Wisconsin: http://arrtc.mccoy.army.mil
Open to federal employees, contact
[email protected] or call608-388-7307 or 1-800-982-3585, x 7307
Security Manager Course
DITSCAP (DOD Information Technology Security Certification and Accreditation Process)
Systems Administrator/Network Manager Security Course (2 weeks)
Computer Network Defense Course (2 weeks)
Army Reserve Readiness Training Center (ARRTC) - 2
Systems Administrator/Network Manager Security Course (2 weeks) Policies, Laws and Ethics JAG/MI Briefing (Current Threats) Windows NT 4.0/2000 Security Solaris, Unix Security
Computer Network Defense Course (2 weeks)
Understanding C2 Attack Technologies Web Security & Encryption Communications Security Cisco Router Security Intrusion Detection Systems Deploying Firewalls
C2 Attack Technologies Intranet / Extranet / Web Footprinting & Enumeration Forensic Examination & Preserving Evidence Countermeasures
Advanced Communication Security Advanced Cisco Router Security Intrusion Detection Systems Sidewinder Firewalls “Latest & Greatest”
Instructor-Led TrainingMobil Training Teams
Web-Based TrainingAwareness Webinar & Assessment
Computer- Based Training INFOSEC CD Library
Navy SPAWAR: InTec Trainingwww.intecph.navy.mil
Kevin WilliamsCommercial (808) 474-0712DSN (315) [email protected]
Microsoft Certified Technical Education CenterTraining to obtain leading IT Industry Certifications
IATAC Courses -1
Introduction to Information Assurance (IA) (0.5 day) IA terminology, concepts, and technologies
Introduction to Risk Management (0.5 day)Role of risk assessment in the risk management process
Introduction to Computer Forensics (1 day) Defines forensic sciences and computer forensics Reviews state of computer forensic science w/in law enforcement Addresses international implications Offers techniques for performing forensic examination of computer media
Introduction to Penetration Testing (1.5 days)Role penetration testing in analyzing overall security posture. Addresses what penetration testing is and is not, Identifies its benefits and limitations
IATAC Courses - 2Introduction to the Law of Cyberspace (1 day)
Substantive law (what is prohibited) Procedural law (what legal processes must be complied with in investigating and prosecuting cybercrime, cyber espionage, or information war) International and domestic law (legal complexities involved in trans-border investigations)
Intro to Public Key Infrastructure (0.5 day)Cryptography & securityPolicyApplicationsTrends
IATAC brings the course w/ SME instructor to your location. Conducts training for groups rather than for individuals.
Contact information:email at [email protected]. 703/289-5454/5467
Biometrics Short Course
Audience: OSD, Service personnel, contractors implementing DoD biometrics
POC: Cinnamon El-Mulla (703) 418-6360
Registration: Go to www.Icsee.cemr.wvu.edu/biometrics for instructions
Provides basic understanding that supports technical decision-making Operation and system-level design of biometric systemsTest results and protocolsStandardsInteroperabilityRelated socio-legal issues
Three (3) WVU credits for successful completion (passing grade on 3 exams) ($109 fee)
Equivalent to one of the required courses for WVU’s IA/Biometrics Graduate Certificate program. The Certificate program is the core of a Masters program
Taught by West Virginia University faculty
Biometrics Overview Course1 day symposium, $1518 March 2004National Defense University, Marshall Hall, Washington, DCwww.biometrics.dod.mil/Education Audience:
Senior military and civilian personnel involved in biometrics and Information Assurance activities.
Contractors, academics, and students are welcome.Presentations by the
Department of the Navy, Chief Information Officer; the Director, Defense Manpower Data Center; West Virginia University Biometric Knowledge Center; and the Federal Bureau of Investigation.
Exhibits will include biometrics technologies and initiatives currently in use within the Department of Defense.
Points of contact:Ms. Sara Sussan, 703.418.6346, E-mail: [email protected]; Ms. Cinnamon El-Mulla, 703.418.6360, E-mail: [email protected]
Biometrics Overview for Mission-oriented Decision Makers
DoD IA Scholarship Program (IASP): Overview
Award scholarships to individuals (through institutions)
Recruitment: Targets students who currently are not DoD or government employees and who are enrolled in/applying to NSA designated IA Centers of Academic Excellence (CAEs)
Scholarships are for Bachelor (Jr., Sr. years), Masters, Ph.D. degrees
Retention: Targets DoD personnel Scholarships for MS and Ph.D programs NDU/IRMC and a designated IA CAE for a graduate degree (GS-13 and
above, military 0-5 and above) NPS for MS/Ph.D. (civilian GS 9 to 13 or higher; Mil 01-06, usually 03) AFIT for MS (civilian and military applicants, any grade)
Award grants to institutions
http://www.defenselink.mil/nii/iasp
Program Manager: Christine Nickell: 410-854-6206; [email protected]
Disciplines & Benefits
Computer Systems Analysis Information Security Electrical Engineering Electronic Engineering Mathematics Biometrics
And more…
Computer Science Computer Engineering Software Engineering Computer Programming Computer Support Data Base Administration
Full Tuition and fees Books Stipends:
Undergraduates ($10K) Graduates ($15K)
Internships (during breaks)
Recruitment Scholarships
Retention Scholarships Full Tuition and fees Required Books
Components responsible for TDY/PCS cost, salary & backfills
IA Centers of Academic Excellence Auburn U Carnegie Mellon Capital College East Stroudsburg U Florida State George Mason U Idaho State Iowa State James Madison U Drexel University University of Maryland
(Baltimore County) University of North
Carolina, Charlotte U of Mass at Amherst U of Virginia
46 Public / Private Non-DoD Institutions
4 DoD Institutions Naval Postgraduate School United States Military Academy, West Point Information Resources Management College
(IRMC)/National Defense University (NDU) Air Force Institute of Technology
West Virginia U Georgia Tech Syracuse U Purdue U Portland State Stanford UC Davis University of Illinois University of Idaho University of Tulsa Mississippi State U Norwich U Texas A&M Johns Hopkins U of Dallas
George Washington U (DC) Walsh College Indiana University of Pennsylvania New Mexico Tech (NM) New Jersey Institute of Tech North Carolina State U (NC) Northeastern University (MA) Polytechnic University (NY) Pennsylvania State U U of Pennsylvania State University of New York at
Buffalo (NY) State University of New York at
Stoneybrook (NY) Stevens Institute of Tech Towson University (MD) University of Maryland, University
College (MD) University of Nebraska at Omaha (NE) University of Texas at San Antonio
(TX)
NDU/IRMC: Certificate Courses for Information
System Security Professionals
Information Resources Management College
Four coursesAssuring the Information Infrastructure Managing Information Security in a Networked Environment Global Enterprise Networking and TelecommunicationsDeveloping Enterprise Security Strategies, Guidelines & Policies
GS/GM 13-15/Military 05-06 (may waiver one grade)
Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates
Multiple formats, each course:1 week resident12 week web-based distributed learning
No cost to DOD employees; Federal civilian/industry: $950/class;
Based on NSTISSI (now CNSS) 4011 standard for information system security professionals
http://www.ndu.edu/irmc202-685-6300 DSN 325
NDU/IRMC: Certification Courses for Information
System Security ProfessionalsFour courses
Assuring the Information Infrastructure Managing Information Security in a Networked Environment Global Enterprise Networking and TelecommunicationsDeveloping Enterprise Security Strategies, Guidelines & Policies
GS/GM 13-15/Military 05-06 (may waiver one grade)
Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates
Multiple formats, each course:1 week resident12 week web-based distributed learning
No cost to DOD employees; Federal civilian/industry: $950/class;
Based on NSTISSI (now CNSS) 4011 standard for information system security professionals
http://www.ndu.edu/irmc202-685-6300 DSN 325
NDU/IRMC: CIO Certificate Program
http://www.ndu.edu/irmc202-685-6300 DSN 325
Addresses Federal CIO competenciesAcquisitionPolicy Information Management Strategic PlanningPerformance & Results Based MgmtProcess ImprovementCapital Planning & InvestmentLeadershipTechnology AssessmentE-Government and E-BusinessSecurity & AssuranceArchitectures & Infrastructures
GS/GM 13-15/Military 05-06 (may waiver one grade)Alternatives:
Eight one week resident courses or Eight 12-week web-based distributed learning courses, or combination ORFourteen week Advanced Management Program (offered 2x/year)
Open to DOD military & civilians
Federal civilians and industry
Norwich UniversityMasters of Science in Information Assurance (MSIA)$624/credit hour; $25,000 for 36 hour MSIA <2 yearsFocus on policies, procedures, and structure of an enterprise-wide information assurance program Case studies approach
http://www3.norwich.edu/msia
On Line Graduate EducationNSA designated Center of Academic Excellence in IA Education
James Madison University (JMU) http://www.infosec.jmu.edu
Masters of Science in INFOSEC Computer Science$612/credit hourAsynchronous: anytime, any location
Critical Infrastructure Protection (CIP-101) WBT
OASD CIP and DISA Available at http://iase.disa.mil
Provides basic awareness level information - CIP 101 Contents
CIP Overview What is CIP Why is it important Critical infrastructures
CIP Organization National DOD Relationships
DOD responsibility for CIP DOD Infrastructure Sectors
DOD CIP Life-Cycle
Department of the Navy CIO CD-ROMFederal Reserve Bank video: Its Your Identity: Protect ItResources
Public Privacy Laws and Legal GuidancePublic LawsExecutive GuidanceFederal ReportsReading List
Web-sitesBrochuresTemplates
http://www.don.cio.navy.mil
Privacy Protection in the Information Age
Critical Infrastructure Protection Training Resources
Resource to help inform the DoD and other members of the Government about Critical Infrastructure Protection, CIP-related documents, and educational programs
Topics OSD CIP (Mission, Contacts, Strategy, Terrorism Timeline 88-01) Training CIP Team Studies (Federal, Training Gap Analysis,
Other) Practices References (Executive Orders/Directives,
Federal Regulations, Publications, Slide Shows, Glossary)
Public Broadcasting Service (PBS); FRONTLINE series $20.00 (60 min) http://www.pbs.org
Search on “Science and Technology”
Who are hackers Risks of the Internet’s vulnerabilities Who’s responsible for security How to be vigilant Interviews with hackers and security experts
Also at the site:Video transcriptTranscript of live chat that followed original broadcastClips from the video
Hackers - PBS http://www.pbs.org
Cyber War! - PBS
Public Broadcasting Service (PBS); FRONTLINE series $30.00 (60 min) Search on “cyber war!” Also at the site:
InterviewsFrequently asked questionsVulnerabilities
power grid SCADA systems software
Video transcriptVideo clips
http://www.pbs.org
Internet works both ways; illustrated by 3 vignettes
Web sites can be set up to:Collect informationTrack activitiesTake over your computer
Web sites can be customized, altered/mirrored to:Send/release malicious codeMessages to misinform/deceive
Types of information that can be collectedCacheNames, addresses, phone numbersCredit card numbersBank account numbers
Steps you can take to increase your security
Bad Characters - NRO Will be disseminated in DoD by DISA
Awareness 2001 - IOSS
Awareness 2001: A Security, Counterintelligence and OPSEC UpdateBurning Issues (USGov)(14 min)
Intersection of classified and unclassified environmentsWeb Content Vulnerabilities (25 min)
Briefing by Joint Web Risk Assessment Cell (JWRAC) Advice on how to protect information posted to the internet Applicable to all organizations
D*I*C*E 2001 (38 min)In the Public Domain (10 min)
Interagency OPSEC Support Staff (IOSS)http://www.ioss.gov
Betrayal - NCIX
Betrayal: Protecting Industry Trade Secrets (17 min)Insider threatHighlights the Avery Dennison/Four Pillars case, a joint effort
by US Industry and the US Government to successfully combat economic espionage.
Distributed by Filmcomm Inc., 641 North Avenue, Glendale Heights, IL 60139, phone 800-944-9134.
$13.85 per copy, (includes shipping and handling)
The National Counterintelligence Executive (NCIX)http://www.ncix.gov
Resources: IA Publications
Information Assurance Technology Center (IATAC)IA tools reportsCritical reviews and technology assessment reportsState-of-the-art reportsIA Newsletter
Published by DTIC/IA Technical Analysis Center (IATAC) 703-289-5454 or [email protected] or http://iac.dtic.mil/iatac
Information Assurance Digest (distribution limited to DoD) Published by DTIC/IATAC for the Joint Staff Request
Fax to Joint Staff (J6) @ 703-614-7814 E-mail to [email protected]
Articles extracted from magazines & newsletters (IA “early bird”) Integrated Conference/Meeting Event Calendar
To add event E-mail [email protected]
http://iac.dtic.mil/iatac
Resources: IA Publications Tech Trend Notes (Preview of Tomorrow’s InformationTechnologies)
Published by NSA: 301-688-0842, or [email protected]
Computer Forensics Communication Published quarterly by Defense Computer Forensics Lab http://www.dcfl.gov (look under “quarterly bulletins)
The Internet as an Investigative Tool National White Collar Crime Center (NW3C) www.nw3c.org Basic Internet Tools
News and Views Published by Federal Information System Security Educators’
Association (FISSEA) E-mail [email protected] for membership and newsletter
IA awareness, training and education Upcoming conferences, seminars
Commercial CBTs
SkillSoft (formerly SmartForce):http://www.skillsoft.com
NETg: http://www.netg.com
Netg is partner of new government golearn.gov training site
Resources: Information Assurance Support Environment (IASE)
Information Desk: Operational 7:30 a.m. - 4:30 p.m. M-F, EST
E-mail: [email protected] Phone: (703) 681-IASE
DSN 761Notices on What’s New AreaIA Daily NewsQuestion of the WeekChat Room Bulletin Board SystemMail List Subscriptions
http://iase.disa.mil
Resources: Security Guides - DISADISA: Security Technical Implementation Guides (STIGS) (http://iase.disa.mil/techguid/stigs.html)
Database STIG Logical Partition STIGMVS STIG Network Infrastructure STIGNovell Netware STIGWindows 2000
NSA: Guidelines (http://www.nsa.gov)Guide to Securing Microsoft Windows NT Networks & ApplicationWindows 2000 Security Recommendation Guides (SRGCisco Router Guides E-mail and Executable Content Guides
CIS -- Center for Internet Security (http://www.cisecurity.org)Security Benchmarks; Best Global PracticesBest
Practices
Windows NT STIGTandem STIGUnisys STIGUNIX STIGWeb Application STIG
ResourcesNational Cyber Security Alliance: Stay Safe Online
http://www.staysafeonline.info/Corporate and government members, sponsors Educate home/small business computer users in basic computer security practices,Personal computer security self-testBeginner's guides on various security topicsOne-hour online course on security fundamentals
CyberCrimehttp://www.cybercrime.govMaintained by DOJ, Computer Crime and Intellectual Property Section (CCIPS), Criminal DivisionWays computers can be used to commit crimesHow and to whom to report computer crimesWhat to do if you are the victim of computer crime.Links to cases, laws, legal issues, and policy issues surrounding hacking,
intellectual property infringements, and other online offenses
ResourcesHoax Busters
http://hoaxbusters.ciac.org DOE Computer Incident Advisory Capability (CIAC)Clearinghouse of information about various types of Internet hoaxes
Fake viruses and other malicious code Chain lettersUrban myths Sympathy letters and other cons
How to recognize hoaxes and what to do about them.
Center for Education and Research in Information Assurance and Security (CERIAS)
http://www.cerias.purdue.edu/ Free security seminar on diverse security topics (Weds afternoons)Access via live internet stream. Computer security resources for K-12 teachers
background informationlesson planslinks to other web resources
ResourcesComputer and Information Ethics on WWW
http://www.ethics.ubc.ca/resources/computer/University of British Columbia's Centre for Applied Ethics Lists web sites, electronic & print publications on ethical issues in computing. Courses in computer ethics Provides links to online syllabi to classes Links to relevant organizations.
Security Statistics http://www.securitystats.com/Statistics on computer security incidents Information on
Security spending, Known vulnerabilities, Numbers of reported security breaches Economic impact of incidentsArrests and convictions,
Accuracy of reported statistics not guaranteed; but sources are provided