dod infosec education, training , awareness & infosec 310 windows nt security for sas (5 days)...

Click here to load reader

Post on 05-May-2018

216 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 0.-

    0 0 z n 0 cn m c)

  • Form SF298 Citation Data

    Report Date("DD MON YYYY") 00041998

    Report TypeN/A

    Dates Covered (from... to)("DD MON YYYY")

    Title and Subtitle DOD INFOSEC Education, Training, Awareness & Products (ETA&P)

    Contract or Grant Number

    Program Element Number

    Authors Project Number

    Task Number

    Work Unit Number

    Performing Organization Name(s) and Address(es) DISA

    Performing Organization Number(s)

    Sponsoring/Monitoring Agency Name(s) and Address(es) Monitoring Agency Acronym

    Monitoring Agency Report Number(s)

    Distribution/Availability Statement Approved for public release, distribution unlimited

    Supplementary Notes

    Abstract

    Subject Terms

    Document Classification unclassified

    Classification of SF298 unclassified

    Classification of Abstract unclassified

    Limitation of Abstract unlimited

    Number of Pages 56

  • REPORT DOCUMENTATION PAGEForm Approved

    OMB No. 074-0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503

    1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE

    4/21/983. REPORT TYPE AND DATES COVERED

    Briefing4. TITLE AND SUBTITLE

    DoD INFOSEC Education, Training, Awareness & Products(ETA&P)

    5. FUNDING NUMBERS

    6. AUTHOR(S)

    Joan M. Pohyl,

    7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER

    IATACInformation Assurance Technology AnalysisCenter3190 Fairview Park DriveFalls Church VA 220429. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING

    AGENCY REPORT NUMBER

    Defense Technical Information CenterDTIC-IA8725 John J. Kingman Rd, Suite 944Ft. Belvoir, VA 2206011. SUPPLEMENTARY NOTES

    12a. DISTRIBUTION / AVAILABILITY STATEMENT

    A

    12b. DISTRIBUTION CODE

    13. ABSTRACT (Maximum 200 Words)

    This DISA briefing outlines the full set of DoD INFOSEC education, training, awareness andproducts available to the field. It documents DISA location in the informationinfrastructure, the DoD missions and functions, the customers, approach, and key workinggroups and forums. It also identifies the training facility, and the course that areoffered by area and by job function. It also describes the current training products andother educational opportunities and schools.

    14. SUBJECT TERMS

    INFOSEC training15. NUMBER OF PAGES

    16. PRICE CODE

    17. SECURITY CLASSIFICATION OF REPORT

    Unclassified

    18. SECURITY CLASSIFICATION OF THIS PAGE

    UNCLASSIFIED

    19. SECURITY CLASSIFICATION OF ABSTRACT

    UNCLASSIFIED

    20. LIMITATION OF ABSTRACT

    None

  • rLI DOD Mission & Functions

    Vital link in securirw theinformation intrastructure

    l Support ASD/C31

    0 Facilitate development of standardized DOD-wideINFOSEC training

    0 Develop products for use in a comprehensive DODINFOSEC awareness program

    Promote training & awareness products for useDOD-wide

    Promote development of curriculum to support an.INFOSEC career field/professional program

    Influence national-level INFOSEC education,training and awareness

  • u 0 u n 0 1 s 3 v)

    c) s cn 0 3 CD 1 cn

  • Champion products

    Resource

    4

    Promote

    Produce

    Leverage INFOSEC ETAP forums

    (DII)

    Federal/National (NII)

    International (GII)

    Rely on existing ETAP infrastructure

  • Classified Communityl Security Policy Forum

    l Training and Professional Development Committee (TPDC)

    l INFOSEC Working Group (ISSWG) (IPMO chairs)l NSTISSC

    l INFOSEC Education, Training and Awareness Issue Group

    l MISSI Life Cycle Logistics Working Group

    Unclassified Communityl NIST Computer Security Program Managers Forum

    l Federal Information Systems Security Educators Association(FISSEA)

    l Association of Computing Machinery (ACM)(via NPS)l National Colloquium for INFOSEC Education

    l Army C2 Protect Training Working Group

  • 0 ETAPWG Charter under ASlD/C3l Information Assurance Group (IAG)

    DOD IA ETAPWG: OverviewEducation, Training, Awareness andProfessionalization Working Group

    0 Address IAUNFOSEC ETA issues on behalf of ASDIC3I

    l CINC, Service and Agency membership

    l ETA providers

    l ETA program managers

    l Purpose is to:

    l Identify gaps in instruction

    l Recommend/develop solutions

    l Determine champions for initiatives

    l Eliminate duplication of effort

    l Standardize what is being taught

    _- - ---t wCOM- .- ----

    4 STRATCXIM I I NSA L

  • INFOS C T acility (ITF)@ncr.disa.mil

    0 Provides capability for delivering INFOSEC courseware in NCRl 2 computer classrooms (1 PC; IPC & UNIX)

    l Validate content and pilot/evaluate courseware

    l Supports non-IPMO developed coursesl Operational Computer Security (ND225)(NSA)0 INFOSEC Basics (ISSB)(formerly DODSI)l DII COE (DISA)l ARMS (DISA)

    l Available to DOD and othersl User provides instructor; ITF provides support @ no cost0 Army requesting use as 2nd site for System Admin trainingl Navy using for training in NCR

    l INFOSEC training to DISA/GOSC reservists on weekends

  • 0 s s- CD I 0 T mm N 0 3

    r) c 3

    m II D

  • INFOS EC Post Graduate Education

    l Joint IPMO/Navy/Navy Postgraduate School (NPS) initiative

    l Goal: Infuse INFOSEC into appropriate curriculums at DOD degreegranting institution

    l NPS is joint institution: CINCs, Services, Agencies

    l NPS lead development w/lPMO

    l Introduction to Computer Security (completed)

    l Management of Security in Information Systems (current)

    l Secure Systems (planned).

    l Network Security (planned)

    l NPS taking lead to transfer course materials to DOD and privatesector academic institutions

    l ACM (Association for Computing Machinery)

    l Other academic forums

  • INFOSEC Courseware/PM0 sponsored: no costflow cosf

    Computer Based Training (Unclassified, DOS based 286)

    l DOD CS 100: Introduction to Computer Systems Securityl Targets unclassified environment (DOD version of NSA IN-170)l 8 hours

    Platiorm Instruction (ITF or MTT)

    .

    l INFOSEC 101: INFOSEC for End Users (1 day)l INFOSEC 300: INFOSEC for ISSMs & ISSOs (5 days)l INFOSEC 315: DITSCAP (2 days)l INFOSEC 310 Windows NT Security for SAs (5 days)

    Training Materials (Po werpoint)

    l INFOSEC 201: INFOSEC for Managers (web only)l INFOSEC 205: Malicious Logic (web only)

    Available at no cost via WI/WV or from DISAIPMO upon request

  • l Develop DOD level modules; validate DOD-widel Front end for Service/Agency detailed training

    l Awareness/literacy levell Overview of DITSCAP (.25 day)

    l initial Effort Requiredl Long Term Benefits

    l DITSCAP Task & Step Review (1.75 day)l Review DITSCAP process by phasel DITSCAP templates & boilerplatel Identify places to go for additional assistance

    l Audience

    . l Primary : ISSO, Mid-Managementl Secondary:

    l Sr Management@Personnel w/ C&A as part of their job

    l Deliveryl Platform (available @ ITF)l Train-the-Trainer (w/Services/agencies)l Convert to interactive multimedia CBT (3 QTR FY98)

  • INFOSEC CoursewareOn the Horizon

    l IPMO: Designated Approving Authority (DAA)l Based on GSA and DODSI materialsl Updating course; adding practical exercisel Prepare classroom course (3rd QTR FY98)l Convert to CBT (4th QTR FY98)

    l IPMO: Information Assurance for Auditors and Evaluators (w/ DODIG)l DODIG lead for military IGsl DODIG leading coordination to transition to Federal-wide IG audiencel Pilot held 3-4 March 98 @ ITFl Convert to CBT (3rd QTR FY98)

    l Defense Acquisition University (DAU):lnformation ResourceManagement (IRM) 101

    l INFOSEC inputs provided to DAU for web based coursel POC: Norline Depeiza (depeizn@acq.osd.mil)l Web site: http://1 92.239.92.37/lRMlOl project web/welcome.html- -

  • l IPMO rolel Develop DOD level modules; validate DOD-widel Front end for Service/Agency detailed training

    l Audiencel Usersl Local Registration Authorities (LRAs)l Registration Authorities

    l Initially in conjunction with Defense Travel Service (DTS)l Piggy-back on DTS training strategy

    l Delivery mediuml Awareness Video: June 98l Platform course: July 98 (pilot)l Train the trainer programl Convert to interactive multimedia CBT (4 QTR FY98)

    PKI

    Training(Doing)

    -----------------I

    Literacy(Understanding)

    Awareness(Recognition)

  • Windows NT Security for SystemAdministrators (INFOSEC 310)

    l Drawn from Army and Navy Systems Administrator courses

    l Army, 5th SIG CMD: 5 days

    l Navy, CNET, Corry Station: 8 weeks (Multi-platform)

    l DISA/IPMO course: Windows NT, 5 days

    l Roles & responsibilities, policies & procedures (.5 days)

    l Operating system security overvie