Education, Training & Education, Training & AwarenessAwareness

Products & ResourcesProducts & Resources

George BieberDefense-wide IA Program (DIAP)

(703) 602-9980george.bieber@osd.mil

AudiencesOne size DOES NOT fit all

Diverse functions, experience and backgrounds

Tailor message to audience for effectivenessExecutives/Senior managersIT/IA workforce Traditional security personnelGeneral workforce

Admin staffMission staffOther

Scientists & techniciansOther specialty

International

Multi-lingual

Managers to clerks Scientists to truck drivers Specialists to generalists Technicians to humanists

DiverseBackgrounds

Diverse Experience

Advanced Intermediate Entry

EvaluationIdentify what you want to know

Are training & awareness products being used; and by whomIs the focus of products correctWhat additional topics need to be addressedIs on the job behavior being changed as intended

Is content of training relevant to the job (level 1 evaluation)Is content of training being learned (level 2 evaluation)Is content of training being used on the job (level 3 evaluation)

Is delivery media appropriateIdentify measures & metrics to answer the questions

Evaluation forms (for level 1 evaluation)Tests (for level 2 evaluation)Data collection surveys (for level 3 evaluation)

Develop appropriate instruments to collect measurement dataTest them to ensure they perform as intended

Collect, organize and analyze dataGenerate findingsAct on findings

Training & Awareness Products

Education Opportunities

Other Resources

Army Reserve Readiness Training Center (ARRTC) - 1

Ft McCoy, Wisconsin: http://arrtc.mccoy.army.mil

Open to federal employees, contact

RIM@arrtc-exch.mccoy.army.mil or call608-388-7307 or 1-800-982-3585, x 7307

Security Manager Course

DITSCAP (DOD Information Technology Security Certification and Accreditation Process)

Systems Administrator/Network Manager Security Course (2 weeks)

Computer Network Defense Course (2 weeks)

Army Reserve Readiness Training Center (ARRTC) - 2

Systems Administrator/Network Manager Security Course (2 weeks) Policies, Laws and Ethics JAG/MI Briefing (Current Threats) Windows NT 4.0/2000 Security Solaris, Unix Security

Computer Network Defense Course (2 weeks)

Understanding C2 Attack Technologies Web Security & Encryption Communications Security Cisco Router Security Intrusion Detection Systems Deploying Firewalls

C2 Attack Technologies Intranet / Extranet / Web Footprinting & Enumeration Forensic Examination & Preserving Evidence Countermeasures

Advanced Communication Security Advanced Cisco Router Security Intrusion Detection Systems Sidewinder Firewalls “Latest & Greatest”

Instructor-Led TrainingMobil Training Teams

Web-Based TrainingAwareness Webinar & Assessment

Computer- Based Training INFOSEC CD Library

Navy SPAWAR: InTec Trainingwww.intecph.navy.mil

Kevin WilliamsCommercial (808) 474-0712DSN (315) 474-4479kwilliams@intecph.navy.mil

Microsoft Certified Technical Education CenterTraining to obtain leading IT Industry Certifications

IATAC Courses -1

Introduction to Information Assurance (IA) (0.5 day) IA terminology, concepts, and technologies

Introduction to Risk Management (0.5 day)Role of risk assessment in the risk management process

Introduction to Computer Forensics (1 day) Defines forensic sciences and computer forensics Reviews state of computer forensic science w/in law enforcement Addresses international implications Offers techniques for performing forensic examination of computer media

Introduction to Penetration Testing (1.5 days)Role penetration testing in analyzing overall security posture. Addresses what penetration testing is and is not, Identifies its benefits and limitations

IATAC Courses - 2Introduction to the Law of Cyberspace (1 day)

Substantive law (what is prohibited) Procedural law (what legal processes must be complied with in investigating and prosecuting cybercrime, cyber espionage, or information war) International and domestic law (legal complexities involved in trans-border investigations)

Intro to Public Key Infrastructure (0.5 day)Cryptography & securityPolicyApplicationsTrends

IATAC brings the course w/ SME instructor to your location. Conducts training for groups rather than for individuals.

Contact information:email at iatac@dtic.mil. 703/289-5454/5467

Biometrics Short Course

Audience: OSD, Service personnel, contractors implementing DoD biometrics

POC: Cinnamon El-Mulla (703) 418-6360

Registration: Go to www.Icsee.cemr.wvu.edu/biometrics for instructions

Provides basic understanding that supports technical decision-making Operation and system-level design of biometric systemsTest results and protocolsStandardsInteroperabilityRelated socio-legal issues

 

Three (3) WVU credits for successful completion (passing grade on 3 exams) ($109 fee)

Equivalent to one of the required courses for WVU’s IA/Biometrics Graduate Certificate program. The Certificate program is the core of a Masters program

Taught by West Virginia University faculty

Biometrics Overview Course1 day symposium, $1518 March 2004National Defense University, Marshall Hall, Washington, DCwww.biometrics.dod.mil/Education Audience:

Senior military and civilian personnel involved in biometrics and Information Assurance activities.

Contractors, academics, and students are welcome.Presentations by the

Department of the Navy, Chief Information Officer; the Director, Defense Manpower Data Center; West Virginia University Biometric Knowledge Center; and the Federal Bureau of Investigation.

Exhibits will include biometrics technologies and initiatives currently in use within the Department of Defense.

Points of contact:Ms. Sara Sussan, 703.418.6346, E-mail: ssussan@iss-md.com; Ms. Cinnamon El-Mulla, 703.418.6360, E-mail: celmulla@iss-md.com

Biometrics Overview for Mission-oriented Decision Makers

Training & Awareness Products

Education Opportunities

Other Resources

DoD IA Scholarship Program (IASP): Overview

Award scholarships to individuals (through institutions)

Recruitment: Targets students who currently are not DoD or government employees and who are enrolled in/applying to NSA designated IA Centers of Academic Excellence (CAEs)

Scholarships are for Bachelor (Jr., Sr. years), Masters, Ph.D. degrees

Retention: Targets DoD personnel Scholarships for MS and Ph.D programs NDU/IRMC and a designated IA CAE for a graduate degree (GS-13 and

above, military 0-5 and above) NPS for MS/Ph.D. (civilian GS 9 to 13 or higher; Mil 01-06, usually 03) AFIT for MS (civilian and military applicants, any grade)

Award grants to institutions

http://www.defenselink.mil/nii/iasp

Program Manager: Christine Nickell: 410-854-6206; c.nicke2@radium.ncsc.mil

Disciplines & Benefits

Computer Systems Analysis Information Security Electrical Engineering Electronic Engineering Mathematics Biometrics

And more…

Computer Science Computer Engineering Software Engineering Computer Programming Computer Support Data Base Administration

Full Tuition and fees Books Stipends:

Undergraduates ($10K) Graduates ($15K)

Internships (during breaks)

Recruitment Scholarships

Retention Scholarships Full Tuition and fees Required Books

Components responsible for TDY/PCS cost, salary & backfills

IA Centers of Academic Excellence Auburn U Carnegie Mellon Capital College East Stroudsburg U Florida State George Mason U Idaho State Iowa State James Madison U Drexel University University of Maryland

(Baltimore County) University of North

Carolina, Charlotte U of Mass at Amherst U of Virginia

46 Public / Private Non-DoD Institutions

4 DoD Institutions Naval Postgraduate School United States Military Academy, West Point Information Resources Management College

(IRMC)/National Defense University (NDU) Air Force Institute of Technology

West Virginia U Georgia Tech Syracuse U Purdue U Portland State Stanford UC Davis University of Illinois University of Idaho University of Tulsa Mississippi State U Norwich U Texas A&M Johns Hopkins U of Dallas

George Washington U (DC) Walsh College Indiana University of Pennsylvania New Mexico Tech (NM) New Jersey Institute of Tech North Carolina State U (NC) Northeastern University (MA) Polytechnic University (NY) Pennsylvania State U U of Pennsylvania State University of New York at

Buffalo (NY) State University of New York at

Stoneybrook (NY) Stevens Institute of Tech Towson University (MD) University of Maryland, University

College (MD) University of Nebraska at Omaha (NE) University of Texas at San Antonio

(TX)

NDU/IRMC: Certificate Courses for Information

System Security Professionals

Information Resources Management College

Four coursesAssuring the Information Infrastructure Managing Information Security in a Networked Environment Global Enterprise Networking and TelecommunicationsDeveloping Enterprise Security Strategies, Guidelines & Policies

GS/GM 13-15/Military 05-06 (may waiver one grade)

Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates

Multiple formats, each course:1 week resident12 week web-based distributed learning

No cost to DOD employees; Federal civilian/industry: $950/class;

Based on NSTISSI (now CNSS) 4011 standard for information system security professionals

http://www.ndu.edu/irmc202-685-6300 DSN 325

NDU/IRMC: Certification Courses for Information

System Security ProfessionalsFour courses

Assuring the Information Infrastructure Managing Information Security in a Networked Environment Global Enterprise Networking and TelecommunicationsDeveloping Enterprise Security Strategies, Guidelines & Policies

GS/GM 13-15/Military 05-06 (may waiver one grade)

Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates

Multiple formats, each course:1 week resident12 week web-based distributed learning

No cost to DOD employees; Federal civilian/industry: $950/class;

Based on NSTISSI (now CNSS) 4011 standard for information system security professionals

http://www.ndu.edu/irmc202-685-6300 DSN 325

NDU/IRMC: CIO Certificate Program

http://www.ndu.edu/irmc202-685-6300 DSN 325

Addresses Federal CIO competenciesAcquisitionPolicy Information Management Strategic PlanningPerformance & Results Based MgmtProcess ImprovementCapital Planning & InvestmentLeadershipTechnology AssessmentE-Government and E-BusinessSecurity & AssuranceArchitectures & Infrastructures

GS/GM 13-15/Military 05-06 (may waiver one grade)Alternatives:

Eight one week resident courses or Eight 12-week web-based distributed learning courses, or combination ORFourteen week Advanced Management Program (offered 2x/year)

Open to DOD military & civilians

Federal civilians and industry

Norwich UniversityMasters of Science in Information Assurance (MSIA)$624/credit hour; $25,000 for 36 hour MSIA <2 yearsFocus on policies, procedures, and structure of an enterprise-wide information assurance program Case studies approach

http://www3.norwich.edu/msia

On Line Graduate EducationNSA designated Center of Academic Excellence in IA Education

James Madison University (JMU) http://www.infosec.jmu.edu

Masters of Science in INFOSEC Computer Science$612/credit hourAsynchronous: anytime, any location

Training & Awareness Products

Education Opportunities

Other Resources

IA for Program Managers (DAU)

SCADA Security

IA for IGs

Products Under Development/Planned

Critical Infrastructure Protection (CIP-101) WBT

OASD CIP and DISA Available at http://iase.disa.mil

Provides basic awareness level information - CIP 101 Contents

CIP Overview What is CIP Why is it important Critical infrastructures

CIP Organization National DOD Relationships

DOD responsibility for CIP DOD Infrastructure Sectors

DOD CIP Life-Cycle

Department of the Navy CIO CD-ROMFederal Reserve Bank video: Its Your Identity: Protect ItResources

Public Privacy Laws and Legal GuidancePublic LawsExecutive GuidanceFederal ReportsReading List

Web-sitesBrochuresTemplates

http://www.don.cio.navy.mil

Privacy Protection in the Information Age

Critical Infrastructure Protection Training Resources

Resource to help inform the DoD and other members of the Government about Critical Infrastructure Protection, CIP-related documents, and educational programs

Topics OSD CIP (Mission, Contacts, Strategy, Terrorism Timeline 88-01) Training CIP Team Studies (Federal, Training Gap Analysis,

Other) Practices References (Executive Orders/Directives,

Federal Regulations, Publications, Slide Shows, Glossary)

Public Broadcasting Service (PBS); FRONTLINE series $20.00 (60 min) http://www.pbs.org

Search on “Science and Technology”

Who are hackers Risks of the Internet’s vulnerabilities Who’s responsible for security How to be vigilant Interviews with hackers and security experts

Also at the site:Video transcriptTranscript of live chat that followed original broadcastClips from the video

Hackers - PBS http://www.pbs.org

Cyber War! - PBS

Public Broadcasting Service (PBS); FRONTLINE series $30.00 (60 min) Search on “cyber war!” Also at the site:

InterviewsFrequently asked questionsVulnerabilities

power grid SCADA systems software

Video transcriptVideo clips

http://www.pbs.org

Internet works both ways; illustrated by 3 vignettes

Web sites can be set up to:Collect informationTrack activitiesTake over your computer

Web sites can be customized, altered/mirrored to:Send/release malicious codeMessages to misinform/deceive

Types of information that can be collectedCacheNames, addresses, phone numbersCredit card numbersBank account numbers

Steps you can take to increase your security

Bad Characters - NRO Will be disseminated in DoD by DISA

Awareness 2001 - IOSS

Awareness 2001: A Security, Counterintelligence and OPSEC UpdateBurning Issues (USGov)(14 min)

Intersection of classified and unclassified environmentsWeb Content Vulnerabilities (25 min)

Briefing by Joint Web Risk Assessment Cell (JWRAC) Advice on how to protect information posted to the internet Applicable to all organizations

D*I*C*E 2001 (38 min)In the Public Domain (10 min)

Interagency OPSEC Support Staff (IOSS)http://www.ioss.gov

Betrayal - NCIX

Betrayal: Protecting Industry Trade Secrets (17 min)Insider threatHighlights the Avery Dennison/Four Pillars case, a joint effort

by US Industry and the US Government to successfully combat economic espionage.

Distributed by Filmcomm Inc., 641 North Avenue, Glendale Heights, IL 60139, phone 800-944-9134.

$13.85 per copy, (includes shipping and handling)

The National Counterintelligence Executive (NCIX)http://www.ncix.gov

Resources: IA Publications

Information Assurance Technology Center (IATAC)IA tools reportsCritical reviews and technology assessment reportsState-of-the-art reportsIA Newsletter

Published by DTIC/IA Technical Analysis Center (IATAC) 703-289-5454 or iatac@dtic.mil or http://iac.dtic.mil/iatac

Information Assurance Digest (distribution limited to DoD) Published by DTIC/IATAC for the Joint Staff Request

Fax to Joint Staff (J6) @ 703-614-7814 E-mail to iatac@dtic.mil

Articles extracted from magazines & newsletters (IA “early bird”) Integrated Conference/Meeting Event Calendar

To add event E-mail iatac@dtic.mil

http://iac.dtic.mil/iatac

Resources: IA Publications Tech Trend Notes (Preview of Tomorrow’s InformationTechnologies)

Published by NSA: 301-688-0842, or ttnotes@tycho.ncsc.mil

Computer Forensics Communication Published quarterly by Defense Computer Forensics Lab http://www.dcfl.gov (look under “quarterly bulletins)

The Internet as an Investigative Tool National White Collar Crime Center (NW3C) www.nw3c.org Basic Internet Tools

News and Views Published by Federal Information System Security Educators’

Association (FISSEA) E-mail fisseamembership@nist.gov for membership and newsletter

IA awareness, training and education Upcoming conferences, seminars

Commercial CBTs

SkillSoft (formerly SmartForce):http://www.skillsoft.com

NETg: http://www.netg.com

Netg is partner of new government golearn.gov training site

Government Online Learning Center

http://www.golearn.gov

Resources: Information Assurance Support Environment (IASE)

Information Desk: Operational 7:30 a.m. - 4:30 p.m. M-F, EST

E-mail: iase@ncr.disa.mil Phone: (703) 681-IASE

DSN 761Notices on What’s New AreaIA Daily NewsQuestion of the WeekChat Room Bulletin Board SystemMail List Subscriptions

http://iase.disa.mil

Resources: Security Guides - DISADISA: Security Technical Implementation Guides (STIGS) (http://iase.disa.mil/techguid/stigs.html)

Database STIG Logical Partition STIGMVS STIG Network Infrastructure STIGNovell Netware STIGWindows 2000

NSA: Guidelines (http://www.nsa.gov)Guide to Securing Microsoft Windows NT Networks & ApplicationWindows 2000 Security Recommendation Guides (SRGCisco Router Guides E-mail and Executable Content Guides

CIS -- Center for Internet Security (http://www.cisecurity.org)Security Benchmarks; Best Global PracticesBest

Practices

Windows NT STIGTandem STIGUnisys STIGUNIX STIGWeb Application STIG

ResourcesNational Cyber Security Alliance: Stay Safe Online

http://www.staysafeonline.info/Corporate and government members, sponsors Educate home/small business computer users in basic computer security practices,Personal computer security self-testBeginner's guides on various security topicsOne-hour online course on security fundamentals

CyberCrimehttp://www.cybercrime.govMaintained by DOJ, Computer Crime and Intellectual Property Section (CCIPS), Criminal DivisionWays computers can be used to commit crimesHow and to whom to report computer crimesWhat to do if you are the victim of computer crime.Links to cases, laws, legal issues, and policy issues surrounding hacking,

intellectual property infringements, and other online offenses

ResourcesHoax Busters

http://hoaxbusters.ciac.org DOE Computer Incident Advisory Capability (CIAC)Clearinghouse of information about various types of Internet hoaxes

Fake viruses and other malicious code Chain lettersUrban myths Sympathy letters and other cons

How to recognize hoaxes and what to do about them.

Center for Education and Research in Information Assurance and Security (CERIAS)

http://www.cerias.purdue.edu/ Free security seminar on diverse security topics (Weds afternoons)Access via live internet stream. Computer security resources for K-12 teachers

background informationlesson planslinks to other web resources

ResourcesComputer and Information Ethics on WWW

http://www.ethics.ubc.ca/resources/computer/University of British Columbia's Centre for Applied Ethics Lists web sites, electronic & print publications on ethical issues in computing. Courses in computer ethics Provides links to online syllabi to classes Links to relevant organizations.

Security Statistics http://www.securitystats.com/Statistics on computer security incidents Information on

Security spending, Known vulnerabilities, Numbers of reported security breaches Economic impact of incidentsArrests and convictions,

Accuracy of reported statistics not guaranteed; but sources are provided