Maryann Dennehy DISA/GO434, (703) 882-1716 [email protected] March 2004 DoD IA Education,...
-
date post
18-Dec-2015 -
Category
Documents
-
view
218 -
download
1
Transcript of Maryann Dennehy DISA/GO434, (703) 882-1716 [email protected] March 2004 DoD IA Education,...
Maryann Dennehy
DISA/GO434, (703) 882-1716
March 2004
DoD IA Education, Training, DoD IA Education, Training, Awareness Products Awareness Products
Mission
Authorities
Approach
Categories of Products
New Products
Under Development
Videos
Order Products Online, POCs
Agenda
MISSION
Provide standardized DoD-level IA products for Combatant Commands / Services/Agencies to integrate into their IA Education, Training & Awareness (ETA) programs
Develop products to support the DoD-wide IA career field or professional / certification programs
Assist other DoD components in developing and / or conducting IA training activities
Support DoD and Federal IA ETA outreach programs (HSPD-7)
DoD ETA Mission
AUTHORITIES
Authorities
DOD Instruction 8500.01 Information Assurance -Require the Director, DISA to develop and provide IA training and awareness products.
DOD Instruction 8500.02 Information Assurance Implementation -The Director, DISA shall develop and provide IA training and awareness products, and a distributive training capability to support product delivery.
CJCSI 6510.01C (1 May 01, Enclosure B, Pg. B-12)-The Director, DISA will develop an IA and INFOSEC education, training, and awareness program, guidelines, computer-based training and distributive courses and products for use by other DOD components in coordination with other DOD components as required, and assist other DOD components in developing and/or conducting IA and INFOSEC training activities
IA/IT/HR/IPT (February 2000, implemented by DEPSECDEF Memo, 14 Jul 00)-DISA shall develop baseline IA training courses to meet the IA training requirements stipulated in the IPT certification documents.
Derivation of Requirements
Requirements Gathered From
ASD (NII), Director, IA, DIAP IA ETA Forums, Working Groups Service HQs IA Program Offices Operators DoD CERT Other DISA entities (e.g., PKI) Feedback from Training Organizations Service schools Service & agency training organizations DISA/FSO trainers
Priorities established in coordination with ASD(NI2), Director IA, DIAP DISA FSO
Prioritization considerations Certification requirements Magnitude of need Availability of funding Availability of content Availability of external funding
Factors bearing on prioritization Command decision Rapid transition to new technology impacting existing media products Emergence of new IA policies/concepts
Prioritization of Requirements
APPROACH
DOD-centric with focus on commonality across organizational lines
Collaborate with other Federal agencies using their dollars to create products that support their unique training programs
Approach
CATEGORIESOF
PRODUCTS
Personnel CertificationUsed by some Combatant Commands/Services/Agencies for various levels of certification for SAs, IAOs, IAMs, etc.
ProfessionalizationIntended for use by IA professionals,
(SA, IAO, IAM) to build professional competence
Support to WarfighterPresent basic concepts to the Warfighter, and to aid the Warfighter in becoming more technically sound
Categories of Products
DoD Information Assurance Awareness
1999 CINDY 1999 CINDY Silver Award; Silver Award; Three New Three New Media Invision Media Invision Gold AwardsGold Awards
Personnel Certification
Information Assurance Policy & Technology (IAP&T) (formerly OISS)
Windows NT Security
UNIX Security
CyberProtect
Designated Approving Authority (DAA)
DITSCAP
SSAA Preparation Guide
Certifiers Fundamentals
Web Security
Database Security
System Admin Incident Prep & Response – UNIX
System Admin Incident Prep & Response – Win NT
System DefenderMapped 100% to Mapped 100% to NSTISSI 4015NSTISSI 4015
Professionalization
Information Operations Fundamentals
Defense in Depth
Information Age Technology
Computer Network Defense
Public Key Infrastructure
IA for Auditors & Evaluators
Active Defense – An Executive’s Guide to IA
Introduction to CIRT Management
Support to the Warfighter
Currently available for ordering via IASE at http://iase.disa.mil/eta
Web-deliverable
ADA Section 508 Compliant
Available at no cost
Cleared for “Open Release” by DoD
All Products
NEWPRODUCTS
Teaches a methodology of proactive defense through practice using scenarios
Defines training gaps
Web-based only
Easy to update
Tracks students via web server/LMS
Compatible with ADA 508 requirements.
Audience includes SAs, IAOs, IAMs, Net Admins with Level 2 experience.
System Defender
Policy and technology overview in accordance with DOD guidance pertaining to the defense of information systems
Topics include:
Information Security Overview
System Modes and Evaluation Criteria
Workstation Security
Network Security
Identifying and Reporting Incidents
Protecting Information Systems
Managing Information Systems Security
Audience is IAOs, IAMs or SAs
IA Policy & Technology (IAP&T)
Contains guidance on completion of the SSAA Product is useful for preparation of an SSAA using the National Information
Assurance Certification and Accreditation Process (NIACAP), NSTISSI No. 1000
Provides overview of the DITSCAP Uses DITSCAP outline (DoD 8510.1M)
Audience is IAMs, IAOs, SAs, Auditors
SSAA Preparation Guide
Firewall and Router Basics
Introduction to the security aspects of firewalls and routers
Addresses the operation and maintenance of secure information systems and networks within a networked environment
Audience is SAs, network adminis and users working toward obtaining Level 1 SA certification
Topics include Internetworking Overview Firewall Fundamentals Router Fundamentals
UNDERDEVELOPMENT
Telework
Instructs users on current DoD policies and guidelines for utilizing the Telework program
Wireless Networking Security
Instructs users on current DoD policies and guidelines for utilizing wireless networks
Windows 2000 System Administrator
Security as it pertains to Windows 2000, both server and workstation
Shows various ways to secure Windows 2000 systems and addresses current vulnerabilities
Addresses Gold Standard
Audience includes SAs, IAOs, IAMs, and Network Administrators
Currently in Beta Review
Cyber OPS (Net Builder)
Net Builder (2 yrs) Players create networks using generic hardware, software, and connection tool suites within allocated resources
Net Defender Uses computer-generated attack sequences to test network defenses developed by exercise players
Net Assurer Explores the impact of available IA personnel (SAs, IAMs, IAOs, and DAAs) on the efficiency of system operation
Net Warrior Red Team – Blue Team exercise play defending or attacking previously created, defended, and staffed networks
Multi-year collaborative effort with USMA
Modular IA exercise as an academic classroom, technical training and information warfare exercise support tool
Each module increases depth and realism of exercise play, using a building block approach
Cyber Law
For government lawyers who need to understand legal and policy issues, both current and emerging, associated with IA and CIP/Homeland Security
Topics include:
Basic understanding of the Internet
Basic tenets of Information Assurance
Definition of Computer Crime
Discussion of First and Fourth Amendments
Presentation of statutory considerations to be applied during investigations
Discussion of four “Lanes in the Road” pertinent to CND
References for following evolving areas of the law in cyberspace
Audience: Combatant Commands/Components SJA; Regional JAGs; IA, IO, CIP and Intel specialists; SAs, IAOs, DAAs, Red Teams, CERTs, web developers
Videos
Compilation Series 1 Networks at Risk (NCS) (10 min) The Information Front Line (IC) (10 min) Bringing Down the House (IC) (11 min) Computer Security 101 (DOJ) (~10 min) Computer Security: The Executive Role (DOJ) (~10 min) Safe Data - Its Your Business (DOL) (18 min) Think Before You Respond (USGov) (3 min) Protect Your AIS (USGov) (6 vignettes) Protect Your AIS -The Sequel (USGov) (30 min) Doctor D Stroye (USGov) (7 min) The Scarlet V (USGov) (7 min)
IA Videos
Compilation Series 2 Ears Looking at You (USGov) (8 min) Just the Fax (USGov) (7:51 min) Bits and Pieces (USGov) (4:30 min) Magnificent Discretion (USGov) (5:02 min) Sherman on My Mind (USGov) Identity Theft – Protect Yourself (USN)
Understanding PKI
Solar Sunrise: Dawn of a New Threat* (NACIC, NIPC, FBI) (18 min)
Risky Business* (NACIC, FBI) (~20 min)
IA Videos
* Government only. All others contact http://www.nacic.gov.
ORDERINFORMATION
For product order form, product descriptions, and frequently asked questions/product notes:
Web: http://iase.disa.mil/infosecSign up for automatic e-mail notification of new products
E-mail: [email protected]
Ms. Emillie [email protected](703) 882-1709 COM / 381-1709 DSN
Ms. Maryann [email protected](703) 882-1716 COM / 381-1716 DSN
Order Products Online
Maryann Dennehy
DISA/GO434, (703) 882-1716
March 2004
DoD IA Education, Training, DoD IA Education, Training, Awareness Products Awareness Products