160 likes | 342 Views
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire. Agenda. What is it? Why Governance What is available Courses Available Certification How (unique requirements) DACUM Process Questions. Just In Time Training. What you need…when you need it. .
E N D
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire
Agenda • What is it? • Why • Governance • What is available • Courses Available • Certification • How (unique requirements) • DACUM Process • Questions
Just In Time Training What you need…when you need it.
Governance • Computer Security Act of 1987/Public Law 100-235 • Mandatory periodic training of personnel who manage, use, or operate Federal computer systems • Committee on National Security Systems (CNSS) Issuances • NSTISSD 500(ISS INFOSEC ATE), 501(National Training Program for ISSPs), 4011 (Training Standard for INFOSEC Profs) , 4012 (National Training Standard for DAAs), 4013 (Std for Std for SysAdmins), 4014 (Std for ISSO) and 4015 (Std for Certifiers)
Governance (continued) • Information Assurance, DoD Dir 8500.1 • DoD shall train for the defense of computer network defense • All personnel authorized access to DoD information systems shall be trained in accordance to DoD and Component policies and requirements and certified to perform IA responsibilities • Develop and promulgate IA Policy related to training • Develop and Provide IA training and awareness products • NSA shall develop, implement ad oversee an IA education, training and awareness program for users and administrators of DoD cryptologic SCI systems
Governance (continued) • DoD Directive 8500.1 (continued) • DoD Components shall ensure that IA awareness, training, education and professionalization for personnel developing, using, operating, administering, maintaining, and retiring DoD information systems • Supplanted DoD Directive 5200.28 • NSA - Train DoD Components in evaluation techniques • JCS – Educate & train at NDU Establish training and awareness program for all DoD civilians, military and contractor personnel accessing information systems • Training and awareness program shall be established
Governance (continued) • OMB Circular A-130 • Information resources management means the planning, budgeting, organizing, directing, training, and administrative control associated with government information resources. • Provide training and guidance as appropriate to all agency officials and employees and contractors regarding their Federal records management responsibilities
Governance (continued) • OMB Circular A-130 • The agency knows a substantial portion of users have ready access to the necessary information technology and training to use electronic information dissemination products • Develop and conduct training programs for Federal personnel on information resources management including end-user computing • Establish personnel security policies and develop training programs for Federal personnel associated with the design, operation, or maintenance of information systems • Privacy Act Training • Agencies must plan for incorporating policies and procedures regarding regarding computer security, records management, protection of privacy, and other safeguards into the training of every employee and contractor.
Courses • Operational Information Assurance Curriculum • (U) INTRO TO COMPUTER SECURITY (web based) • (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web based) • (U) OPERATIONAL INFORMATION ASSURANCE - PART II (ILT - offered monthly) • (U) COMPUTER SECURITY FOR SUPERVISORS (web based) • (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND ACCREDITATION PROCESS (NISCAP) (ILT – offered quarterly)
Courses (Continued) • Malicious Code (Under Development)
Required Training • Introduction to Computer Security • Computer Security for Managers • Operational Security
Training Plan • Awareness Initiatives • Presentations • Posters and Trinkets • Training Initiatives • Courses/Curriculum
What is available? • Colleges and Universities • Commercial Institutions • Department of Defense • Federal Institutions
How – Unique Requirements • Develop a Curriculum (DACUM) Process • Phase I • Participants • Job Description or Focus Statement • Tasks, Knowledge and Skills • Phase II • Units of Instructions • Course Content
DoD Directive 8570 (DRAFT) • Information Assurance Training, Certification and Work Management (Draft) • Train and certify IA Workforce
Questions ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?