380 likes | 386 Views
This program offers diverse education, training, and awareness products to different audiences in the defense sector. Evaluation and feedback are used to improve the effectiveness of the products. Various resources and courses are available, including instructor-led training, blended delivery solutions, and web-based training.
E N D
Education, Training & AwarenessProducts & Resources George Bieber Defense-wide IA Program (DIAP) (703) 602-9980 george.bieber@osd.mil
Audiences • One size DOES NOT fit all • Diverse functions, experience and backgrounds • Tailor message to audience for effectiveness • Executives/Senior managers • IT/IA workforce • Traditional security personnel • General workforce • Admin staff • Mission staff • Other • Scientists & technicians • Other specialty • International • Multi-lingual Diverse Experience • Advanced • Intermediate • Entry Diverse Backgrounds • Managers to clerks • Scientists to truck drivers • Specialists to generalists • Technicians to humanists
Evaluation • Identify what you want to know • Are training & awareness products being used; and by whom • Is the focus of products correct • What additional topics need to be addressed • Is on the job behavior being changed as intended • Is content of training relevant to the job (level 1 evaluation) • Is content of training being learned (level 2 evaluation) • Is content of training being used on the job (level 3 evaluation) • Is delivery media appropriate • Identify measures & metrics to answer the questions • Evaluation forms (for level 1 evaluation) • Tests (for level 2 evaluation) • Data collection surveys(for level 3 evaluation) • Develop appropriate instruments to collect measurement data • Test them to ensure they perform as intended • Collect, organize and analyze data • Generate findings • Act on findings
Training & Awareness Products • Education Opportunities • Other Resources
Army Reserve Readiness Training Center (ARRTC) - 1 Ft McCoy, Wisconsin: http://arrtc.mccoy.army.mil Open to federal employees, contact RIM@arrtc-exch.mccoy.army.mil or call 608-388-7307 or 1-800-982-3585, x 7307 • Security Manager Course • DITSCAP (DOD Information Technology Security Certification and Accreditation Process) • Systems Administrator/Network Manager Security Course (2 weeks) • Computer Network Defense Course (2 weeks)
Army Reserve Readiness Training Center (ARRTC) - 2 • Systems Administrator/Network Manager Security Course (2 weeks) • Policies, Laws and Ethics • JAG/MI Briefing (Current Threats) • Windows NT 4.0/2000 Security • Solaris, Unix Security • Computer Network Defense Course (2 weeks) • Understanding C2 Attack Technologies • Web Security & Encryption • Communications Security • Cisco Router Security • Intrusion Detection Systems • Deploying Firewalls • C2 Attack Technologies • Intranet / Extranet / Web • Footprinting & Enumeration • Forensic Examination & Preserving Evidence • Countermeasures • Advanced Communication Security • Advanced Cisco Router Security • Intrusion Detection Systems • Sidewinder Firewalls • “Latest & Greatest”
Instructor-Led Training Mobil Training Teams Computer- Based Training INFOSEC CD Library Blended Delivery Solution Web-Based Training Awareness Webinar & Assessment Navy SPAWAR: InTec Training www.intecph.navy.mil • Microsoft Certified Technical Education Center • Training to obtain leading IT Industry Certifications Kevin Williams Commercial (808) 474-0712 DSN (315) 474-4479 kwilliams@intecph.navy.mil
IATAC Courses -1 • Introduction to Information Assurance (IA) (0.5 day) • IA terminology, concepts, and technologies • Introduction to Risk Management (0.5 day) • Role of risk assessment in the risk management process • Introduction to Computer Forensics (1 day) • Defines forensic sciences and computer forensics • Reviews state of computer forensic science w/in law enforcement • Addresses international implications • Offers techniques for performing forensic examination of computer media • Introduction to Penetration Testing (1.5 days) • Role penetration testing in analyzing overall security posture. • Addresses what penetration testing is and is not, • Identifies its benefits and limitations
IATAC Courses - 2 • Introduction to the Law of Cyberspace (1 day) • Substantive law (what is prohibited) • Procedural law (what legal processes must be complied with in investigating and prosecuting cybercrime, cyber espionage, or information war) • International and domestic law (legal complexities involved in trans-border investigations) • Intro to Public Key Infrastructure (0.5 day) • Cryptography & security • Policy • Applications • Trends • IATAC brings the course w/ SME instructor to your location. • Conducts training for groups rather than for individuals. • Contact information: • email at iatac@dtic.mil. • 703/289-5454/5467
Biometrics Short Course Taught by West Virginia University faculty • Audience: OSD, Service personnel, contractors implementing DoD biometrics • POC: Cinnamon El-Mulla (703) 418-6360 • Registration: Go to www.Icsee.cemr.wvu.edu/biometrics for instructions • Provides basic understanding that supports technical decision-making • Operation and system-level design of biometric systems • Test results and protocols • Standards • Interoperability • Related socio-legal issues • Three (3) WVU credits for successful completion (passing grade on 3 exams) ($109 fee) • Equivalent to one of the required courses for WVU’s IA/Biometrics Graduate Certificate program. The Certificate program is the core of a Masters program
Biometrics Overview Course Biometrics Overview for Mission-oriented Decision Makers • 1 day symposium, $15 • 18 March 2004 • National Defense University, Marshall Hall, Washington, DC • www.biometrics.dod.mil/Education • Audience: • Senior military and civilian personnel involved in biometrics and Information Assurance activities. • Contractors, academics, and students are welcome. • Presentations by the • Department of the Navy, Chief Information Officer; • the Director, Defense Manpower Data Center; • West Virginia University Biometric Knowledge Center; and the • Federal Bureau of Investigation. • Exhibits will include biometrics technologies and initiatives currently in use within the Department of Defense. • Points of contact: • Ms. Sara Sussan, 703.418.6346, E-mail: ssussan@iss-md.com; • Ms. Cinnamon El-Mulla, 703.418.6360, E-mail: celmulla@iss-md.com
Training & Awareness Products • Education Opportunities • Other Resources
DoD IA Scholarship Program (IASP): Overview http://www.defenselink.mil/nii/iasp • Award scholarships to individuals (through institutions) • Recruitment: Targets students who currently are not DoD or government employees and who are enrolled in/applying to NSA designated IA Centers of Academic Excellence (CAEs) • Scholarships are for Bachelor (Jr., Sr. years), Masters, Ph.D. degrees • Retention: Targets DoD personnel • Scholarships for MS and Ph.D programs • NDU/IRMC and a designated IA CAE for a graduate degree (GS-13 and above, military 0-5 and above) • NPS for MS/Ph.D. (civilian GS 9 to 13 or higher; Mil 01-06, usually 03) • AFIT for MS (civilian and military applicants, any grade) • Award grants to institutions Program Manager: Christine Nickell: 410-854-6206; c.nicke2@radium.ncsc.mil
Computer Systems Analysis Information Security Electrical Engineering Electronic Engineering Mathematics Biometrics And more… Computer Science Computer Engineering Software Engineering Computer Programming Computer Support Data Base Administration Disciplines & Benefits Retention Scholarships • Full Tuition and fees • Required Books Components responsible for TDY/PCS cost, salary & backfills Recruitment Scholarships • Full Tuition and fees • Books • Stipends: • Undergraduates ($10K) • Graduates ($15K) • Internships (during breaks)
Auburn U Carnegie Mellon Capital College East Stroudsburg U Florida State George Mason U Idaho State Iowa State James Madison U Drexel University University of Maryland (Baltimore County) University of NorthCarolina, Charlotte U of Mass at Amherst U of Virginia IA Centers of Academic Excellence 46 Public / Private Non-DoD Institutions • George Washington U (DC) • Walsh College • Indiana University of Pennsylvania • New Mexico Tech (NM) • New Jersey Institute of Tech • North Carolina State U (NC) • Northeastern University (MA) • Polytechnic University (NY) • Pennsylvania State U • U of Pennsylvania • State University of New York at Buffalo (NY) • State University of New York at Stoneybrook (NY) • Stevens Institute of Tech • Towson University (MD) • University of Maryland, University College (MD) • University of Nebraska at Omaha (NE) • University of Texas at San Antonio (TX) • West Virginia U • Georgia Tech • Syracuse U • Purdue U • Portland State • Stanford • UC Davis • University of Illinois • University of Idaho • University of Tulsa • Mississippi State U • Norwich U • Texas A&M • Johns Hopkins • U of Dallas 4 DoD Institutions • Naval Postgraduate School • United States Military Academy, West Point • Information Resources Management College (IRMC)/National Defense University (NDU) • Air Force Institute of Technology
NDU/IRMC: Certificate Courses for Information System Security Professionals http://www.ndu.edu/irmc 202-685-6300 DSN 325 • Four courses • Assuring the Information Infrastructure • Managing Information Security in a Networked Environment • Global Enterprise Networking and Telecommunications • Developing Enterprise Security Strategies, Guidelines & Policies • GS/GM 13-15/Military 05-06 (may waiver one grade) • Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates • Multiple formats, each course: • 1 week resident • 12 week web-based distributed learning • No cost to DOD employees; Federal civilian/industry: $950/class; • Based on NSTISSI (now CNSS) 4011 standard for information system security professionals Information Resources Management College
NDU/IRMC: Certification Courses for Information System Security Professionals http://www.ndu.edu/irmc 202-685-6300 DSN 325 • Four courses • Assuring the Information Infrastructure • Managing Information Security in a Networked Environment • Global Enterprise Networking and Telecommunications • Developing Enterprise Security Strategies, Guidelines & Policies • GS/GM 13-15/Military 05-06 (may waiver one grade) • Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates • Multiple formats, each course: • 1 week resident • 12 week web-based distributed learning • No cost to DOD employees; Federal civilian/industry: $950/class; • Based on NSTISSI (now CNSS) 4011 standard for information system security professionals
NDU/IRMC: CIO Certificate Program http://www.ndu.edu/irmc 202-685-6300 DSN 325 • Addresses Federal CIO competencies • Acquisition • Policy • Information Management Strategic Planning • Performance & Results Based Mgmt • Process Improvement • Capital Planning & Investment • Leadership • Technology Assessment • E-Government and E-Business • Security & Assurance • Architectures & Infrastructures • GS/GM 13-15/Military 05-06 (may waiver one grade) • Alternatives: • Eight one week resident courses or • Eight 12-week web-based distributed learning courses, or combination OR • Fourteen week Advanced Management Program (offered 2x/year) Open to DOD military & civilians Federal civilians and industry
Norwich University On Line Graduate Education NSA designated Center of Academic Excellence in IA Education http://www3.norwich.edu/msia • Masters of Science in Information Assurance (MSIA) • $624/credit hour; $25,000 for 36 hour MSIA • <2 years • Focus on policies, procedures, and structure of an enterprise-wide information assurance program • Case studies approach http://www.infosec.jmu.edu James Madison University (JMU) • Masters of Science in INFOSEC Computer Science • $612/credit hour • Asynchronous: anytime, any location
Training & Awareness Products • Education Opportunities • Other Resources
Products Under Development/Planned • IA for Program Managers (DAU) • SCADA Security • IA for IGs
OASD CIP and DISA Available at http://iase.disa.mil Provides basic awareness level information - CIP 101 Contents CIP Overview What is CIP Why is it important Critical infrastructures CIP Organization National DOD Relationships DOD responsibility for CIP DOD Infrastructure Sectors DOD CIP Life-Cycle Critical Infrastructure Protection (CIP-101) WBT
Privacy Protection in the Information Age http://www.don.cio.navy.mil • Department of the Navy CIO CD-ROM • Federal Reserve Bank video: Its Your Identity: Protect It • Resources • Public Privacy Laws and Legal Guidance • Public Laws • Executive Guidance • Federal Reports • Reading List • Web-sites • Brochures • Templates
Resource to help inform the DoD and other members of the Government about Critical Infrastructure Protection, CIP-related documents, and educational programs Topics OSD CIP (Mission, Contacts, Strategy, Terrorism Timeline 88-01) Training CIP Team Studies (Federal, Training Gap Analysis, Other) Practices References (Executive Orders/Directives, Federal Regulations, Publications, Slide Shows, Glossary) Critical Infrastructure Protection Training Resources
Hackers - PBS http://www.pbs.org • Public Broadcasting Service (PBS); FRONTLINE series $20.00 (60 min) • http://www.pbs.org • Search on “Science and Technology” • Who are hackers • Risks of the Internet’s vulnerabilities • Who’s responsible for security • How to be vigilant • Interviews with hackers and security experts • Also at the site: • Video transcript • Transcript of live chat that followed original broadcast • Clips from the video
Cyber War! - PBS http://www.pbs.org • Public Broadcasting Service (PBS); FRONTLINE series $30.00 (60 min) • Search on “cyber war!” • Also at the site: • Interviews • Frequently asked questions • Vulnerabilities • power grid • SCADA systems • software • Video transcript • Video clips
Bad Characters - NRO Will be disseminated in DoD by DISA • Internet works both ways; illustrated by 3 vignettes • Web sites can be set up to: • Collect information • Track activities • Take over your computer • Web sites can be customized, altered/mirrored to: • Send/release malicious code • Messages to misinform/deceive • Types of information that can be collected • Cache • Names, addresses, phone numbers • Credit card numbers • Bank account numbers • Steps you can take to increase your security
Awareness 2001 - IOSS Interagency OPSEC Support Staff (IOSS) • http://www.ioss.gov • Awareness 2001: A Security, Counterintelligence and OPSEC Update • Burning Issues(USGov)(14 min) • Intersection of classified and unclassified environments • Web Content Vulnerabilities (25 min) • Briefing by Joint Web Risk Assessment Cell (JWRAC) • Advice on how to protect information posted to the internet • Applicable to all organizations • D*I*C*E 2001 (38 min) • In the Public Domain (10 min)
Betrayal - NCIX The National Counterintelligence Executive (NCIX) • http://www.ncix.gov • Betrayal: Protecting Industry Trade Secrets(17 min) • Insider threat • Highlights the Avery Dennison/Four Pillars case, a joint effort by US Industry and the US Government to successfully combat economic espionage. • Distributed by Filmcomm Inc., 641 North Avenue, Glendale Heights, IL 60139, phone 800-944-9134. • $13.85 per copy, (includes shipping and handling)
Resources: IA Publications http://iac.dtic.mil/iatac • Information Assurance Technology Center (IATAC) • IA tools reports • Critical reviews and technology assessment reports • State-of-the-art reports • IA Newsletter • Published by DTIC/IA Technical Analysis Center (IATAC) • 703-289-5454 or iatac@dtic.mil or http://iac.dtic.mil/iatac • Information Assurance Digest (distribution limited to DoD) • Published by DTIC/IATAC for the Joint Staff • Request • Fax to Joint Staff (J6) @ 703-614-7814 • E-mail to iatac@dtic.mil • Articles extracted from magazines & newsletters (IA “early bird”) • Integrated Conference/Meeting Event Calendar • To add event E-mail iatac@dtic.mil
Resources: IA Publications • Tech Trend Notes (Preview of Tomorrow’s InformationTechnologies) • Published by NSA: 301-688-0842, or ttnotes@tycho.ncsc.mil • Computer Forensics Communication • Published quarterly by Defense Computer Forensics Lab • http://www.dcfl.gov (look under “quarterly bulletins) • The Internet as an Investigative Tool • National White Collar Crime Center (NW3C) www.nw3c.org • Basic Internet Tools • News and Views • Published by Federal Information System Security Educators’ Association (FISSEA) • E-mail fisseamembership@nist.gov for membership and newsletter • IA awareness, training and education • Upcoming conferences, seminars
Commercial CBTs • SkillSoft (formerly SmartForce):http://www.skillsoft.com • NETg: http://www.netg.com • Netg is partner of new government golearn.gov training site
Government Online Learning Center http://www.golearn.gov
Resources: Information Assurance Support Environment (IASE) http://iase.disa.mil • Information Desk: Operational 7:30 a.m. - 4:30 p.m. M-F, EST • E-mail: iase@ncr.disa.mil • Phone: (703) 681-IASE DSN 761 • Notices on What’s New Area • IA Daily News • Question of the Week • Chat Room • Bulletin Board System • Mail List Subscriptions
Resources: Security Guides - DISA • DISA: Security Technical Implementation Guides (STIGS) (http://iase.disa.mil/techguid/stigs.html) • Database STIG • Logical Partition STIG • MVS STIG • Network Infrastructure STIG • Novell Netware STIG • Windows 2000 • NSA: Guidelines (http://www.nsa.gov) • Guide to Securing Microsoft Windows NT Networks & Application • Windows 2000 Security Recommendation Guides (SRG • Cisco Router Guides • E-mail and Executable Content Guides • CIS -- Center for Internet Security (http://www.cisecurity.org) • Security Benchmarks; Best Global Practices • Windows NT STIG • Tandem STIG • Unisys STIG • UNIX STIG • Web Application STIG Best Practices
Resources • National Cyber Security Alliance: Stay Safe Online • http://www.staysafeonline.info/ • Corporate and government members, sponsors • Educate home/small business computer users in basic computer security practices, • Personal computer security self-test • Beginner's guides on various security topics • One-hour online course on security fundamentals • CyberCrime • http://www.cybercrime.gov • Maintained by DOJ, Computer Crime and Intellectual Property Section (CCIPS), Criminal Division • Ways computers can be used to commit crimes • How and to whom to report computer crimes • What to do if you are the victim of computer crime. • Links to cases, laws, legal issues, and policy issues surrounding hacking, intellectual property infringements, and other online offenses
Resources • Hoax Busters • http://hoaxbusters.ciac.org • DOE Computer Incident Advisory Capability (CIAC) • Clearinghouse of information about various types of Internet hoaxes • Fake viruses and other malicious code • Chain letters • Urban myths • Sympathy letters and other cons • How to recognize hoaxes and what to do about them. • Center for Education and Research in Information Assurance and Security (CERIAS) • http://www.cerias.purdue.edu/ • Free security seminar on diverse security topics (Weds afternoons) • Access via live internet stream. • Computer security resources for K-12 teachers • background information • lesson plans • links to other web resources
Resources • Computer and Information Ethics on WWW • http://www.ethics.ubc.ca/resources/computer/ • University of British Columbia's Centre for Applied Ethics • Lists web sites, electronic & print publications on ethical issues in computing. • Courses in computer ethics • Provides links to online syllabi to classes • Links to relevant organizations. • Security Statistics • http://www.securitystats.com/ • Statistics on computer security incidents • Information on • Security spending, • Known vulnerabilities, • Numbers of reported security breaches • Economic impact of incidents • Arrests and convictions, • Accuracy of reported statistics not guaranteed; but sources are provided