dod infosec education, training , awareness & infosec 310 windows nt security for sas (5 days)...

0.-

0 0 z n 0 cn m c)

Form SF298 Citation Data

Report Date("DD MON YYYY") 00041998

Report TypeN/A

Dates Covered (from... to)("DD MON YYYY")

Title and Subtitle DOD INFOSEC Education, Training, Awareness & Products (ETA&P)

Contract or Grant Number

Program Element Number

Authors Project Number

Task Number

Work Unit Number

Performing Organization Name(s) and Address(es) DISA

Performing Organization Number(s)

Sponsoring/Monitoring Agency Name(s) and Address(es) Monitoring Agency Acronym

Monitoring Agency Report Number(s)

Distribution/Availability Statement Approved for public release, distribution unlimited

Supplementary Notes

Abstract

Subject Terms

Document Classification unclassified

Classification of SF298 unclassified

Classification of Abstract unclassified

Limitation of Abstract unlimited

Number of Pages 56

REPORT DOCUMENTATION PAGEForm Approved

OMB No. 074-0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503

1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE

4/21/983. REPORT TYPE AND DATES COVERED

Briefing4. TITLE AND SUBTITLE

DoD INFOSEC Education, Training, Awareness & Products(ETA&P)

5. FUNDING NUMBERS

6. AUTHOR(S)

Joan M. Pohyl,

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER

IATACInformation Assurance Technology AnalysisCenter3190 Fairview Park DriveFalls Church VA 220429. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING

AGENCY REPORT NUMBER

Defense Technical Information CenterDTIC-IA8725 John J. Kingman Rd, Suite 944Ft. Belvoir, VA 2206011. SUPPLEMENTARY NOTES

12a. DISTRIBUTION / AVAILABILITY STATEMENT

A

12b. DISTRIBUTION CODE

13. ABSTRACT (Maximum 200 Words)

This DISA briefing outlines the full set of DoD INFOSEC education, training, awareness andproducts available to the field. It documents DISA location in the informationinfrastructure, the DoD missions and functions, the customers, approach, and key workinggroups and forums. It also identifies the training facility, and the course that areoffered by area and by job function. It also describes the current training products andother educational opportunities and schools.

14. SUBJECT TERMS

INFOSEC training15. NUMBER OF PAGES

16. PRICE CODE

17. SECURITY CLASSIFICATION OF REPORT

Unclassified

18. SECURITY CLASSIFICATION OF THIS PAGE

UNCLASSIFIED

19. SECURITY CLASSIFICATION OF ABSTRACT

UNCLASSIFIED

20. LIMITATION OF ABSTRACT

None

rLI DOD Mission & Functions

Vital link in securirw theinformation intrastructure

l Support ASD/C31

0 Facilitate development of standardized DOD-wideINFOSEC training

0 Develop products for use in a comprehensive DODINFOSEC awareness program

Promote training & awareness products for useDOD-wide

Promote development of curriculum to support an.INFOSEC career field/professional program

Influence national-level INFOSEC education,training and awareness

u 0 u n 0 1 s 3 v)

c) s cn 0 3 CD 1 cn

Champion products

Resource

4

Promote

Produce

Leverage INFOSEC ETAP forums

(DII)

Federal/National (NII)

International (GII)

Rely on existing ETAP infrastructure

Classified Communityl Security Policy Forum

l Training and Professional Development Committee (TPDC)

l INFOSEC Working Group (ISSWG) (IPMO chairs)l NSTISSC

l INFOSEC Education, Training and Awareness Issue Group

l MISSI Life Cycle Logistics Working Group

Unclassified Communityl NIST Computer Security Program Managers Forum

l Federal Information Systems Security Educators Association(FISSEA)

l Association of Computing Machinery (ACM)(via NPS)l National Colloquium for INFOSEC Education

l Army C2 Protect Training Working Group

0 ETAPWG Charter under ASlD/C3l Information Assurance Group (IAG)

DOD IA ETAPWG: OverviewEducation, Training, Awareness andProfessionalization Working Group

0 Address IAUNFOSEC ETA issues on behalf of ASDIC3I

l CINC, Service and Agency membership

l ETA providers

l ETA program managers

l Purpose is to:

l Identify gaps in instruction

l Recommend/develop solutions

l Determine champions for initiatives

l Eliminate duplication of effort

l Standardize what is being taught

_- - ---t wCOM- .- ----

4 STRATCXIM I I NSA L

INFOS C T acility (ITF)@ncr.disa.mil

0 Provides capability for delivering INFOSEC courseware in NCRl 2 computer classrooms (1 PC; IPC & UNIX)

l Validate content and pilot/evaluate courseware

l Supports non-IPMO developed coursesl Operational Computer Security (ND225)(NSA)0 INFOSEC Basics (ISSB)(formerly DODSI)l DII COE (DISA)l ARMS (DISA)

l Available to DOD and othersl User provides instructor; ITF provides support @ no cost0 Army requesting use as 2nd site for System Admin trainingl Navy using for training in NCR

l INFOSEC training to DISA/GOSC reservists on weekends

0 s s- CD I 0 T mm N 0 3

r) c 3

m II D

INFOS EC Post Graduate Education

l Joint IPMO/Navy/Navy Postgraduate School (NPS) initiative

l Goal: Infuse INFOSEC into appropriate curriculums at DOD degreegranting institution

l NPS is joint institution: CINCs, Services, Agencies

l NPS lead development w/lPMO

l Introduction to Computer Security (completed)

l Management of Security in Information Systems (current)

l Secure Systems (planned).

l Network Security (planned)

l NPS taking lead to transfer course materials to DOD and privatesector academic institutions

l ACM (Association for Computing Machinery)

l Other academic forums

INFOSEC Courseware/PM0 sponsored: no costflow cosf

Computer Based Training (Unclassified, DOS based 286)

l DOD CS 100: Introduction to Computer Systems Securityl Targets unclassified environment (DOD version of NSA IN-170)l 8 hours

Platiorm Instruction (ITF or MTT)

.

l INFOSEC 101: INFOSEC for End Users (1 day)l INFOSEC 300: INFOSEC for ISSMs & ISSOs (5 days)l INFOSEC 315: DITSCAP (2 days)l INFOSEC 310 Windows NT Security for SAs (5 days)

Training Materials (Po werpoint)

l INFOSEC 201: INFOSEC for Managers (web only)l INFOSEC 205: Malicious Logic (web only)

Available at no cost via WI/WV or from DISAIPMO upon request

l Develop DOD level modules; validate DOD-widel Front end for Service/Agency detailed training

l Awareness/literacy levell Overview of DITSCAP (.25 day)

l initial Effort Requiredl Long Term Benefits

l DITSCAP Task & Step Review (1.75 day)l Review DITSCAP process by phasel DITSCAP templates & boilerplatel Identify places to go for additional assistance

l Audience

. l Primary : ISSO, Mid-Managementl Secondary:

l Sr Management@Personnel w/ C&A as part of their job

l Deliveryl Platform (available @ ITF)l Train-the-Trainer (w/Services/agencies)l Convert to interactive multimedia CBT (3 QTR FY98)

INFOSEC CoursewareOn the Horizon

l IPMO: Designated Approving Authority (DAA)l Based on GSA and DODSI materialsl Updating course; adding practical exercisel Prepare classroom course (3rd QTR FY98)l Convert to CBT (4th QTR FY98)

l IPMO: Information Assurance for Auditors and Evaluators (w/ DODIG)l DODIG lead for military IGsl DODIG leading coordination to transition to Federal-wide IG audiencel Pilot held 3-4 March 98 @ ITFl Convert to CBT (3rd QTR FY98)

l Defense Acquisition University (DAU):lnformation ResourceManagement (IRM) 101

l INFOSEC inputs provided to DAU for web based coursel POC: Norline Depeiza (depeizn@acq.osd.mil)l Web site: http://1 92.239.92.37/lRMlOl project web/welcome.html- -

l IPMO rolel Develop DOD level modules; validate DOD-widel Front end for Service/Agency detailed training

l Audiencel Usersl Local Registration Authorities (LRAs)l Registration Authorities

l Initially in conjunction with Defense Travel Service (DTS)l Piggy-back on DTS training strategy

l Delivery mediuml Awareness Video: June 98l Platform course: July 98 (pilot)l Train the trainer programl Convert to interactive multimedia CBT (4 QTR FY98)

PKI

Training(Doing)

-----------------I

Literacy(Understanding)

Awareness(Recognition)

Windows NT Security for SystemAdministrators (INFOSEC 310)

l Drawn from Army and Navy Systems Administrator courses

l Army, 5th SIG CMD: 5 days

l Navy, CNET, Corry Station: 8 weeks (Multi-platform)

l DISA/IPMO course: Windows NT, 5 days

l Roles & responsibilities, policies & procedures (.5 days)

l Operating system security overvie