information assurance awareness, training and education
TRANSCRIPT
![Page 1: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/1.jpg)
Information Assurance Information Assurance
Awareness, Training and EducationAwareness, Training and Education
![Page 2: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/2.jpg)
2
PresentedPresented
to to
University of PhoenixUniversity of Phoenix By: Francine C. HammondBy: Francine C. Hammond
04/19/2304/19/23
![Page 3: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/3.jpg)
Agenda Agenda
and and
BackgroundBackground
![Page 4: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/4.jpg)
4
IA Background
Why IA?
IA Mission and Strategied
IA Capabilities
IA Strategies
Summary
Summary
![Page 5: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/5.jpg)
5
In response to the terrorist attack against the Pentagon on September 11, 2001, the Department of Defense established the Pentagon Force Protection Agency (PFPA).
The new agency absorbed the Pentagon’s police force, formerly known as the Defense Protective Service (DPS) and its role of providing basic law enforcement and security for the Pentagon and DOD interests in the National Capitol Region (NCR).
PFPA expanded that mission to provide force protection against the full spectrum of potential threats through robust prevention, preparedness, detection, and response measures.
BackgroundBackground
![Page 6: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/6.jpg)
6
Mr. Bush Supports
Information Security
Mr. Bush Supports
Information Security
![Page 7: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/7.jpg)
7
Why Information Assurance?
Publicity of attacks on information systems is increasing and Identity Thieves Prosper in Information Age.
Identity thieves assume the identities of other individuals and use these identities to obtain credit cards, loans and other things of value.
The old methods used to obtain information still apply: stealing credit card statements, bank checks, and other personal information from mailboxes.
However, the openness of the Internet has given identity thieves access to a wealth of personal information stored in the databases of online data brokers, who collect and sell personal information.
A secure information system provides three properties
![Page 8: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/8.jpg)
8Integrity
Ava
ilabi
lity C
onfidentialityInformation Assurance
Awareness, Training , and Education
![Page 9: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/9.jpg)
9
CIA
Confidentiality ensures that people who don't have the appropriate clearance, access level and "need to know" do not access the information.
Integrity ensures that information cannot be modified or destroyed.
Availability means that information services are there when you need them.
![Page 10: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/10.jpg)
10
What would happen if someone changed your data?
![Page 11: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/11.jpg)
11
Waht wuold hppaen if someone chagned your adat?
![Page 12: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/12.jpg)
12
Wtah wuold henapp if sooneme chagend yrou adat?
![Page 13: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/13.jpg)
13
Is Your Organization Secure?Is Your Organization Secure?Is Your Organization Secure?Is Your Organization Secure?
![Page 14: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/14.jpg)
14
Implement IA Program…
![Page 15: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/15.jpg)
15
IA MissionIA Mission and and
StrategiesStrategies
![Page 16: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/16.jpg)
16
Strengthen risk mitigation policies by
successfully implementing sound Information Assurance and Information Technology practices to…
Protect the integrity, confidentiality, and availability of IT systems, ensuring that all personnel who use the IT systems are trained to understand their responsibilities, both individual position requirements and those concerning the security of systems.
MissionMissionMissionMission
![Page 17: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/17.jpg)
Risk
Management
Strategies
![Page 18: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/18.jpg)
18
Manage and mitigate the risks of threats and vulnerabilities by implementing the following controls:
Policies and Regulations;
Certification and Accreditation (C&A);
Computer Incident Response Team (CIRT); and
IA Awareness Program.
Risk Management StrategiesRisk Management Strategies
![Page 19: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/19.jpg)
19
Policies and
Regulations
![Page 20: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/20.jpg)
20
Implement policies, standards and procedures which are consistent with statutory, Federal, and DOD policies and procedures for securing information systems and networks that include the following controls:
Assign responsibility for security;
Maintain a security plan for all systems and major applications;
Provide for the review of security controls; and
Require authorization before processing.
![Page 21: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/21.jpg)
Certification and
Accreditation
![Page 22: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/22.jpg)
22
Implement the DOD established standard process to identify, implement, and validate IA controls for:
Authorizing the operation of DOD information systems and;
Managing IA posture across DOD information systems consistent with the Federal Information Security Management Act (FISMA).
![Page 23: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/23.jpg)
Computer
Incident
Response
Team
![Page 24: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/24.jpg)
24
CIRT security analysts provide support in:
Day-to-day intrusion detection operations
Remote vulnerability detection
On-line system survey
Information protection support
Tool design and integration
Technical support
![Page 25: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/25.jpg)
IA
Awareness Program
![Page 26: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/26.jpg)
26
“Literacy, Awareness, Training and Education
Because there is no patch for ignorance”
National Information Assurance Training and
Education Center
![Page 27: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/27.jpg)
27
Implement the IA Awareness Program by focusing on the following learning components:
Awarenesso Focus attention on security
Trainingo Produce relevant and needed security skills and competency
Educationo Integrate all (security skills and competencies) into a common body of knowledge,
adding a multidisciplinary study of concepts, issues, and principles
Professional Developmento Imply a guarantee as meeting a standard by applying evaluation or measurement criteria
![Page 28: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/28.jpg)
28
IA Awareness Program Objectives
Enhance understanding of IA issues among all system users;
Encourage meaningful behavioral change;
Provide coherent accessible technical training;
Deliver flexible content for different audience groups; and…
Keep training current and relative.
![Page 29: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/29.jpg)
29
IA Awareness Program Deliverables
Training Programso General Awareness Training
• Briefings, Distributed Security Tips, Newsletters
o Technical Training• System Administrators, Help Desk personnel, Directors
Training Materialso Handbooks, Reference Guides, Presentations
IA Intraweb/Intraneto ‘One-stop shop’ portal for awareness training
![Page 30: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/30.jpg)
30
IA Strategy
Program Category and Life Cycle StatusIdentify
Identify the Acquisition Category (Acquisition Category) of the program. Identify current acquisition life cycle phase and next milestone decision. Identify whether the system has been designated "Mission Critica" or "Mission Essentia" in accordance with DoD Instruction 5000.2. Include a graphic representation of the program's schedule.
Mission Assurance Category (MAC) and Confidentiality Level
Provide a high-level overview of the specific system being acquired. Provide a graphic (block diagram) that shows the major elements/subsystems that make up the system or service being acquired, and how they fit together. Describe the system's function, and summarize significant information exchange requirements (IER) and interfaces with other IT or systems, as well as primary databases supported. Describe, at a high level, the IA technical approach that will secure the system, including any protection to be provided by external systems or infrastructure. PMs should engage National Security Agency (NSA) early in the acquisition process for assistance in developing an IA approach, and obtaining information systems security engineering (ISSE) services, to include describing information protection needs, defining and designing system security to meet those needs, and assessing the effectiveness of system security.
Threat Assessment Describe the methodology used to determine threats to the system (such as the System Threat Assessment), and whether the IT was included in the overall weapon system assessment. In the case of an AIS application, describe whether there were specific threats unique to this system's IT resources due to mission or area of proposed operation. For MAIS programs, utilization of the "Information Operations Capstone Threat Capabilities Assessment" (DIA Doc # DI-1577-12-03) [1st Edition Aug 03] is required by DoD Instruction 5000.2.
Risk Assessment Describe the program's planned regimen of risk assessments, including a summary of how any completed risk assessments were conducted. For systems where software development abroad is a possible sourcing option, describe how risk was assessed.
Information Assurance Requirements
Describe the program's methodology used for addressing IA requirements early in the acquisition lifecycle. Specify whether any specific IA requirements are identified in the approved governing requirements documents (e.g. Capstone Requirements Document, Initial Capabilities Document, Capabilities Design Document, or Capabilities Production Document). Describe how IA requirements implementation costs (including costs associated with certification and accreditation activities) are included and visible in the overall program budget.
DoD Information Technology Security Certification and Accreditation Process
Provide the name, title, and organization of the Designated Approving Authority (DAA), Certification Authority (CA), and User Representative. If the program is pursuing an evolutionary acquisition approach (spiral or incremental development), describe how each increment will be subjected to the certification and accreditation process. Provide a timeline describing the target completion dates for each phase of certification and accreditation in accordance with DoD Instruction 5200.40. Normally, it is expected that DITSCAP Phase 1 will be completed prior to or soon after Milestone B; Phase 2 and 3 completing prior to Milestone C; and Authority to Operate (ATO) issued prior to operational test and evaluation. If the DITSCAP process has started, identify the latest phase completed, and whether an Authority to Operate (ATO) or Interim Authority to Operate (IATO) was issued. If the system being acquired will process, store or distribute Sensitive Compartmented Information (SCI), compliance with Director of Central Intelligence Directive (DCID) 6/3 "Protecting Sensitive Compartmented Information Within Information System" is required, and approach to compliance should be addressed.
Policy/Directives List the primary policy guidance employed by the program in preparing and executing the Acquisition IA Strategy, including the DoD 8500 series, and DoD Component, Major Command/Systems Command, or program-specific guidance, as applicable. The Information Assurance Support Environment web site provides an actively maintained list of relevant statutory, Federal/DoD regulatory, and DoD guidance that may be applicable
![Page 31: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/31.jpg)
Summary
![Page 32: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/32.jpg)
32
IA Mission Strengthen the risk mitigation policies and the PFPA defense-in-
depth by successfully implementing sound Information Assurance (IA) and Information Technology (IT) practices.
Risk Management Strategies Policies and Regulations Certification and Accreditation CIRT IA Awareness Program
![Page 33: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/33.jpg)
Q & A
![Page 34: Information Assurance Awareness, Training and Education](https://reader030.vdocument.in/reader030/viewer/2022032707/56649e195503460f94b05cbd/html5/thumbnails/34.jpg)
THANK YOU!Obrigado
Gracias
Danke
Merci
Domo Arrigato
Kat Ouen
Diloch
Salamat
Takk
Cheers
Nani
Toda
Mahalo
Do Jeh
M’goy
Thoinks Moite