just in time training (jitt): how not to jump from the frying pan into the fire
TRANSCRIPT
Just In Time Training Just In Time Training (JITT): How Not to (JITT): How Not to
Jump from the Frying Jump from the Frying Pan into the FirePan into the Fire
AgendaAgenda
What is it?What is it? Why Why
Governance Governance What is availableWhat is available
Courses AvailableCourses Available CertificationCertification
How (unique requirements)How (unique requirements) DACUM ProcessDACUM Process
QuestionsQuestions
Just In Time TrainingJust In Time Training
What you need…when you need What you need…when you need it. it.
GovernanceGovernance Computer Security Act of 1987/Public Law 100-Computer Security Act of 1987/Public Law 100-
235235 Mandatory periodic training of personnel who Mandatory periodic training of personnel who
manage, use, or operate Federal computer systemsmanage, use, or operate Federal computer systems Committee on National Security Systems (CNSS) Committee on National Security Systems (CNSS)
Issuances Issuances NSTISSD 500(ISS INFOSEC ATE), 501(National NSTISSD 500(ISS INFOSEC ATE), 501(National
Training Program for ISSPs), 4011 (Training Standard Training Program for ISSPs), 4011 (Training Standard for INFOSEC Profs) , 4012 (National Training Standard for INFOSEC Profs) , 4012 (National Training Standard for DAAs), 4013 (Std for Std for SysAdmins), 4014 for DAAs), 4013 (Std for Std for SysAdmins), 4014 (Std for ISSO) and 4015 (Std for Certifiers)(Std for ISSO) and 4015 (Std for Certifiers)
Governance Governance (continued)(continued)
Information Assurance, DoD Dir 8500.1Information Assurance, DoD Dir 8500.1 DoD shall train for the defense of computer network DoD shall train for the defense of computer network
defense defense All personnel authorized access to DoD information All personnel authorized access to DoD information
systems shall be trained in accordance to DoD and systems shall be trained in accordance to DoD and Component policies and requirements and certified to Component policies and requirements and certified to perform IA responsibilitiesperform IA responsibilities
Develop and promulgate IA Policy related to trainingDevelop and promulgate IA Policy related to training Develop and Provide IA training and awareness productsDevelop and Provide IA training and awareness products NSA shall develop, implement ad oversee an IA NSA shall develop, implement ad oversee an IA
education, training and awareness program for users education, training and awareness program for users and administrators of DoD cryptologic SCI systemsand administrators of DoD cryptologic SCI systems
Governance Governance (continued)(continued)
DoD Directive 8500.1 DoD Directive 8500.1 (continued)(continued)
DoD Components shall ensure that IA awareness, DoD Components shall ensure that IA awareness, training, education and professionalization for training, education and professionalization for personnel developing, using, operating, administering, personnel developing, using, operating, administering, maintaining, and retiring DoD information systems maintaining, and retiring DoD information systems
SupplantedSupplanted DoD Directive 5200.28 DoD Directive 5200.28 NSA - Train DoD Components in evaluation techniquesNSA - Train DoD Components in evaluation techniques JCS – Educate & train at NDUJCS – Educate & train at NDU
Establish training and awareness program for Establish training and awareness program for all DoD all DoD
civilians, military and contractor personnel accessing civilians, military and contractor personnel accessing information systemsinformation systems Training and awareness program shall be establishedTraining and awareness program shall be established
Governance Governance (continued)(continued)
OMB Circular A-130OMB Circular A-130 Information resources management means Information resources management means
the planning, budgeting, organizing, the planning, budgeting, organizing, directing, training, and administrative control directing, training, and administrative control associated with government information associated with government information resources.resources.
Provide training and guidance as appropriate Provide training and guidance as appropriate to all agency officials and employees and to all agency officials and employees and contractors regarding their Federal records contractors regarding their Federal records management responsibilitiesmanagement responsibilities
Governance Governance (continued)(continued)
OMB Circular A-130OMB Circular A-130 The agency knows a substantial portion of users have ready The agency knows a substantial portion of users have ready
access to the necessary information technology and training access to the necessary information technology and training to use electronic information dissemination productsto use electronic information dissemination products
Develop and conduct training programs for Federal personnel Develop and conduct training programs for Federal personnel on information resources management including end-user on information resources management including end-user computingcomputing
Establish personnel security policies and develop training Establish personnel security policies and develop training programs for Federal personnel associated with the design, programs for Federal personnel associated with the design, operation, or maintenance of information systems operation, or maintenance of information systems
Privacy Act TrainingPrivacy Act Training Agencies must plan for incorporating policies and procedures Agencies must plan for incorporating policies and procedures
regarding regarding computer security, records management, regarding regarding computer security, records management, protection of privacy, and other safeguards into the training protection of privacy, and other safeguards into the training of every employee and contractor.of every employee and contractor.
CoursesCourses Operational Information Assurance CurriculumOperational Information Assurance Curriculum
(U) INTRO TO COMPUTER SECURITY (web based)(U) INTRO TO COMPUTER SECURITY (web based) (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web
based) based) (U) OPERATIONAL INFORMATION ASSURANCE - PART II (U) OPERATIONAL INFORMATION ASSURANCE - PART II
(ILT - offered monthly)(ILT - offered monthly) (U) COMPUTER SECURITY FOR SUPERVISORS (web based)(U) COMPUTER SECURITY FOR SUPERVISORS (web based) (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND
ACCREDITATION PROCESS (NISCAP) (ILT – offered ACCREDITATION PROCESS (NISCAP) (ILT – offered quarterly)quarterly)
Courses Courses (Continued)(Continued)
Malicious Code Malicious Code (Under Development)(Under Development)
Required TrainingRequired Training
Introduction to Computer SecurityIntroduction to Computer Security Computer Security for ManagersComputer Security for Managers Operational Security Operational Security
Training PlanTraining Plan
Awareness InitiativesAwareness Initiatives PresentationsPresentations Posters and TrinketsPosters and Trinkets
Training InitiativesTraining Initiatives Courses/CurriculumCourses/Curriculum
What is available?What is available?
Colleges and UniversitiesColleges and Universities Commercial InstitutionsCommercial Institutions Department of DefenseDepartment of Defense Federal InstitutionsFederal Institutions
How – Unique How – Unique RequirementsRequirements
Develop a Curriculum (DACUM) Develop a Curriculum (DACUM) ProcessProcess Phase IPhase I
ParticipantsParticipants Job Description or Focus StatementJob Description or Focus Statement Tasks, Knowledge and SkillsTasks, Knowledge and Skills
Phase IIPhase II Units of InstructionsUnits of Instructions Course ContentCourse Content
DoD Directive 8570 DoD Directive 8570 (DRAFT)(DRAFT)
Information Assurance Training, Information Assurance Training, Certification and Work Certification and Work Management (Draft)Management (Draft) Train and certify IA WorkforceTrain and certify IA Workforce
QuestionsQuestions
??
?? ?
??
? ?
?
?
? ??
???