Education Training Awareness Products Resources George Bieber Defensewide

Education, Training & Awareness Products & Resources • • George Bieber Defense-wide IA Program (DIAP) (703) 602 -9980 george. bieber@osd. mil

Audiences u. One size DOES NOT fit all u. Diverse functions, experience and backgrounds u. Tailor message to audience for effectiveness u. Executives/Senior managers u. IT/IA workforce Diverse u. Traditional security personnel Experience u. General workforce u Advanced u. Admin staff u Intermediate u. Mission staff u Entry u. Other Diverse u. Scientists & technicians Backgrounds u. Other specialty u Managers to clerks u. International u. Multi-lingual Scientists to truck drivers u Specialists to generalists u Technicians to humanists u

Evaluation u. Identify what you want to know u. Are training & awareness products being used; and by whom u. Is the focus of products correct u. What additional topics need to be addressed u. Is on the job behavior being changed as intended u. Is content of training relevant to the job (level 1 evaluation) u. Is content of training being learned (level 2 evaluation) u. Is content of training being used on the job (level 3 evaluation) u. Is delivery media appropriate u. Identify measures & metrics to answer the questions u. Evaluation forms (for level 1 evaluation) u. Tests (for level 2 evaluation) u. Data collection surveys (for level 3 evaluation) u. Develop appropriate instruments to collect measurement data u. Test them to ensure they perform as intended u. Collect, organize and analyze data u. Generate findings u. Act on findings

u. Training & Awareness Products u. Education u. Other Opportunities Resources

Army Reserve Readiness Training Center (ARRTC) - 1 Ft Mc. Coy, Wisconsin: http: //arrtc. mccoy. army. mil Open to federal employees, contact RIM@arrtc-exch. mccoy. army. mil or call 608 -388 -7307 or 1 -800 -982 -3585, x 7307 u. Security Manager Course u. DITSCAP (DOD Information Technology Security Certification and Accreditation Process) u. Systems weeks) Administrator/Network Manager Security Course (2

Army Reserve Readiness Training Center (ARRTC) - 2 u. Systems Administrator/Network Manager Security Course (2 weeks) u Policies, Laws and Ethics u. Understanding u JAG/MI Briefing (Current Threats) u Web Security & Encryption u Windows NT 4. 0/2000 Security u Communications Security u Solaris, Unix Security u Cisco Router Security u Intrusion Detection Systems u Deploying Firewalls u. Computer u. C 2 Attack Technologies Network Defense Course (2 weeks) Attack Technologies u. Advanced Communication Security u Intranet / Extranet / Web u Advanced Cisco Router Security u Footprinting & Enumeration u Intrusion Detection Systems u Forensic Examination & Preserving Evidence u Sidewinder Firewalls u “Latest & Greatest” u Countermeasures

Navy SPAWAR: In. Tec Training www. intecph. navy. mil u. Microsoft Certified Technical Education Center u. Training to obtain leading IT Industry Certifications Instructor-Led Training Mobil Training Teams Computer- Based Training INFOSEC CD Library Web-Based Training Awareness Webinar & Assessment Kevin Williams Commercial (808) 474 -0712 DSN (315) 474 -4479 kwilliams@intecph. navy. mil

IATAC Courses -1 u u Introduction to Information Assurance (IA) (0. 5 day) u IA terminology, concepts, and technologies Introduction to Risk Management (0. 5 day) u. Role of risk assessment in the risk management process u Introduction to Computer Forensics (1 day) u Defines forensic sciences and computer forensics u Reviews state of computer forensic science w/in law enforcement u Addresses international implications u Offers techniques for performing forensic examination of computer media u Introduction to Penetration Testing (1. 5 days) u. Role penetration testing in analyzing overall security posture. u Addresses what penetration testing is and is not, u Identifies its benefits and limitations

IATAC Courses - 2 u. Introduction to the Law of Cyberspace (1 day) u Substantive law (what is prohibited) u Procedural law (what legal processes must be complied with in investigating and prosecuting cybercrime, cyber espionage, or information war) u International and domestic law (legal complexities involved in trans-border investigations) u. Intro to Public Key Infrastructure (0. 5 day) u. Cryptography & security u. Policy u. Applications u. Trends u. IATAC brings the course w/ SME instructor to your location. u. Conducts training for groups rather than for individuals. u. Contact information: uemail at iatac@dtic. mil. u 703/289 -5454/5467

Biometrics Short Course Taught by West Virginia University faculty u. Audience: u. POC: OSD, Service personnel, contractors implementing Do. D biometrics Cinnamon El-Mulla (703) 418 -6360 u. Registration: Go to www. icsee. cemr. wvu. edu/biometrics for instructions u. Provides basic understanding that supports technical decision-making u. Operation and system-level design of biometric systems u. Test results and protocols u. Standards u. Interoperability u. Related socio-legal issues u. Three (3) WVU credits for successful completion (passing grade on 3 exams) ($109 fee) u. Equivalent to one of the required courses for WVU’s IA/Biometrics Graduate Certificate program. The Certificate program is the core of a Masters program

Biometrics Overview Course Biometrics Overview for Mission-oriented day symposium, $15 Decision Makers u 18 March 2004 u. National Defense University, Marshall Hall, Washington, DC uwww. biometrics. dod. mil/Education u Audience: u. Senior military and civilian personnel involved in biometrics and Information Assurance activities. u. Contractors, academics, and students are welcome. u. Presentations by the u. Department of the Navy, Chief Information Officer; uthe Director, Defense Manpower Data Center; u. West Virginia University Biometric Knowledge Center; and the u. Federal Bureau of Investigation. u. Exhibits will include biometrics technologies and initiatives currently in use within the Department of Defense. u 1 u. Points of contact: u. Ms. Sara Sussan, 703. 418. 6346, E-mail: ssussan@iss-md. com; u. Ms. Cinnamon El-Mulla, 703. 418. 6360, E-mail: celmulla@iss-md. com

u. Training & Awareness Products u. Education u. Other Opportunities Resources

Do. D IA Scholarship Program (IASP): Overview http: //www. defenselink. mil/nii/iasp u u Award scholarships to individuals (through institutions) u Recruitment: Targets students who currently are not Do. D or government employees and who are enrolled in/applying to NSA designated IA Centers of Academic Excellence (CAEs) u Scholarships are for Bachelor (Jr. , Sr. years), Masters, Ph. D. degrees u Retention: Targets Do. D personnel u Scholarships for MS and Ph. D programs u NDU/IRMC and a designated IA CAE for a graduate degree (GS-13 and above, military 0 -5 and above) u NPS for MS/Ph. D. (civilian GS 9 to 13 or higher; Mil 01 -06, usually 03) u AFIT for MS (civilian and military applicants, any grade) Award grants to institutions Program Manager: Christine Nickell: 410 -854 -6206; c. nicke 2@radium. ncsc. mil

Disciplines & Benefits u u u Recruitment Scholarships u u Retention Scholarships Computer Science Computer Engineering Software Engineering Computer Programming Computer Support Data Base Administration Full Tuition and fees Books Stipends: u. Undergraduates ($10 K) u. Graduates ($15 K) Internships (during breaks) u u Full Tuition and fees Required Books Components responsible for TDY/PCS cost, salary & backfills u u u Computer Systems Analysis Information Security Electrical Engineering Electronic Engineering Mathematics Biometrics u And more…

IA Centers of Academic Excellence 46 Public / Private Non-Do. D Institutions u u u u Auburn U Carnegie Mellon Capital College East Stroudsburg U Florida State George Mason U Idaho State Iowa State James Madison U Drexel University of Maryland (Baltimore County) University of North Carolina, Charlotte U of Mass at Amherst U of Virginia 4 Do. D Institutions u u u u u West Virginia U Georgia Tech Syracuse U Purdue U Portland State Stanford UC Davis University of Illinois University of Idaho University of Tulsa Mississippi State U Norwich U Texas A&M Johns Hopkins U of Dallas Naval Postgraduate School United States Military Academy, West Point Information Resources Management College (IRMC)/National Defense University (NDU) Air Force Institute of Technology u u u u u George Washington U (DC) Walsh College Indiana University of Pennsylvania New Mexico Tech (NM) New Jersey Institute of Tech North Carolina State U (NC) Northeastern University (MA) Polytechnic University (NY) Pennsylvania State U U of Pennsylvania State University of New York at Buffalo (NY) State University of New York at Stoneybrook (NY) Stevens Institute of Tech Towson University (MD) University of Maryland, University College (MD) University of Nebraska at Omaha (NE) University of Texas at San Antonio (TX)

NDU/IRMC: Certificate Courses for Information System Security Professionals http: //www. ndu. edu/irmc courses 202 -685 -6300 DSN 325 u. Assuring the Information Infrastructure u. Managing Information Security in a Networked Environment u. Global Enterprise Networking and Telecommunications u. Developing Enterprise Security Strategies, Guidelines & Policies u. Four u. GS/GM 13 -15/Military 05 -06 (may waiver one grade) u. Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates u. Multiple formats, each course: u 1 week resident u 12 week web-based distributed learning u. No cost to DOD employees; Federal civilian/industry: $950/class; u. Based on NSTISSI (now CNSS) 4011 standard for information system security professionals Information Resources Management College

NDU/IRMC: Certification Courses for Information System Security Professionals http: //www. ndu. edu/irmc 202 -685 -6300 DSN 325 u. Four courses u. Assuring the Information Infrastructure u. Managing Information Security in a Networked Environment u. Global Enterprise Networking and Telecommunications u. Developing Enterprise Security Strategies, Guidelines & Policies u. GS/GM 13 -15/Military 05 -06 (may waiver one grade) u. Allows for 9 hours (up to 15 w/CIO certificate) for cooperative master’s and doctorates u. Multiple formats, each course: u 1 week resident u 12 week web-based distributed learning u. No cost to DOD employees; Federal civilian/industry: $950/class; u. Based on NSTISSI (now CNSS) 4011 standard for information system security professionals

NDU/IRMC: CIO Certificate Program http: //www. ndu. edu/irmc Federal CIO competencies 202 -685 -6300 DSN 325 u. Acquisition u. Policy u. Information Management Strategic Planning u. Performance & Results Based Mgmt u. Process Improvement Open to u. Capital Planning & Investment u. Leadership DOD military & civilians u. Technology Assessment Federal civilians u. E-Government and E-Business and industry u. Security & Assurance u. Architectures & Infrastructures u. GS/GM 13 -15/Military 05 -06 (may waiver one grade) u. Alternatives: u. Eight one week resident courses or u. Eight 12 -week web-based distributed learning courses, or combination OR u. Fourteen week Advanced Management Program (offered 2 x/year) u. Addresses

On Line Graduate Education NSA designated Center of Academic Excellence in IA Education Norwich University http: //www 3. norwich. edu/msia u. Masters of Science in Information Assurance (MSIA) u$624/credit hour; $25, 000 for 36 hour MSIA u<2 years u. Focus on policies, procedures, and structure of an enterprise-wide information assurance program u. Case studies approach James Madison University (JMU) u. Masters http: //www. infosec. jmu. edu of Science in INFOSEC Computer Science u$612/credit hour u. Asynchronous: anytime, any location

u. Training & Awareness Products u. Education u. Other Opportunities Resources

Products Under Development/Planned u. IA for Program Managers (DAU) u. SCADA u. IA Security for IGs

Critical Infrastructure Protection (CIP-101) WBT u u OASD CIP and DISA Available at http: //iase. disa. mil Provides basic awareness level information - CIP 101 Contents u CIP Overview u What is CIP u Why is it important u Critical infrastructures u CIP Organization u National u DOD u Relationships u DOD responsibility for CIP u DOD Infrastructure Sectors u DOD CIP Life-Cycle

Privacy Protection in the Information Age http: //www. don. cio. navy. mil u. Department of the Navy CIO CD-ROM u. Federal Reserve Bank video: Its Your Identity: Protect It u. Resources u. Public Privacy Laws and Legal Guidance u. Public Laws u. Executive Guidance u. Federal Reports u. Reading List u. Web-sites u. Brochures u. Templates

Critical Infrastructure Protection Training Resources u u Resource to help inform the Do. D and other members of the Government about Critical Infrastructure Protection, CIP-related documents, and educational programs Topics u u u OSD CIP (Mission, Contacts, Strategy, Terrorism Timeline 88 -01) Training CIP Team Studies (Federal, Training Gap Analysis, Other) Practices References (Executive Orders/Directives, Federal Regulations, Publications, Slide Shows, Glossary)

Hackers - PBS http: //www. pbs. org u u u u Public Broadcasting Service (PBS); FRONTLINE series $20. 00 (60 min) http: //www. pbs. org u. Search on “Science and Technology” Who are hackers Risks of the Internet’s vulnerabilities Who’s responsible for security How to be vigilant Interviews with hackers and security experts Also at the site: u. Video transcript u. Transcript of live chat that followed original broadcast u. Clips from the video

Cyber War! - PBS http: //www. pbs. org u u u Public Broadcasting Service (PBS); FRONTLINE series $30. 00 (60 min) Search on “cyber war!” Also at the site: u. Interviews u. Frequently asked questions u. Vulnerabilities u power grid u SCADA systems u software u. Video transcript u. Video clips

Bad Characters - NRO Will be disseminated in Do. D by DISA u Internet works both ways; illustrated by 3 vignettes 1. Web sites can be set up to: 1. Collect information 2. Track activities 3. Take over your computer 2. Web sites can be customized, altered/mirrored to: 1. Send/release malicious code 2. Messages to misinform/deceive 3. Types of information that can be collected 1. Cache 2. Names, addresses, phone numbers 3. Credit card numbers 4. Bank account numbers 4. Steps you can take to increase your security

Awareness 2001 - IOSS Interagency OPSEC Support Staff (IOSS) http: //www. ioss. gov u Awareness 2001: A Security, Counterintelligence and OPSEC Update u. Burning Issues (USGov)(14 min) u Intersection u. Web of classified and unclassified environments Content Vulnerabilities (25 min) u Briefing by Joint Web Risk Assessment Cell (JWRAC) u Advice on how to protect information posted to the internet u Applicable to all organizations u. D*I*C*E 2001 (38 min) u. In the Public Domain (10 min)

Betrayal - NCIX The National Counterintelligence Executive (NCIX) http: //www. ncix. gov 1. Betrayal: Protecting Industry Trade Secrets (17 min) 1. Insider threat 2. Highlights the Avery Dennison/Four Pillars case, a joint effort by US Industry and the US Government to successfully combat economic espionage. 3. Distributed by Filmcomm Inc. , 641 North Avenue, Glendale Heights, IL 60139, phone 800 -944 -9134. 4. $13. 85 per copy, (includes shipping and handling)

Resources: IA Publications http: //iac. dtic. mil/iatac u Information Assurance Technology Center (IATAC) u. IA tools reports u. Critical reviews and technology assessment reports u. State-of-the-art reports u. IA Newsletter u Published by DTIC/IA Technical Analysis Center (IATAC) u 703 -289 -5454 or iatac@dtic. mil or http: //iac. dtic. mil/iatac u. Information u Published Assurance Digest (distribution limited to Do. D) by DTIC/IATAC for the Joint Staff u Request u Fax to Joint Staff (J 6) @ 703 -614 -7814 u E-mail to iatac@dtic. mil u Articles extracted from magazines & newsletters (IA “early bird”) u Integrated Conference/Meeting Event Calendar u To add event E-mail iatac@dtic. mil

Resources: IA Publications u Tech Trend Notes (Preview of Tomorrow’s Information. Technologies) u Published by NSA: 301 -688 -0842, or ttnotes@tycho. ncsc. mil u Computer Forensics Communication u Published quarterly by Defense Computer Forensics Lab u http: //www. dcfl. gov (look under “quarterly bulletins) u The Internet as an Investigative Tool u National White Collar Crime Center (NW 3 C) www. nw 3 c. org u Basic Internet Tools u News and Views u Published by Federal Information System Security Educators’ Association (FISSEA) u E-mail fisseamembership@nist. gov for membership and newsletter u IA awareness, training and education u Upcoming conferences, seminars

Commercial CBTs Skill. Soft (formerly Smart. Force): http: //www. skillsoft. com u NETg: http: //www. netg. com u. Netg is partner of new government golearn. gov training site u

Government Online Learning Center http: //www. golearn. gov

Resources: Information Assurance Support Environment (IASE) http: //iase. disa. mil u. Information Desk: Operational 7: 30 a. m. - 4: 30 p. m. M-F, EST u E-mail: iase@ncr. disa. mil u Phone: (703) 681 -IASE DSN 761 u. Notices on What’s New Area u. IA Daily News u. Question of the Week u. Chat Room u. Bulletin Board System u. Mail List Subscriptions

Resources: Security Guides - DISA u. DISA: Security Technical Implementation Guides (STIGS) (http: //iase. disa. mil/techguid/stigs. html) u. Database STIG u. Windows NT STIG u. Logical Partition STIG u. Tandem STIG u. MVS STIG u. Unisys STIG u. Network Infrastructure STIG u. UNIX STIG u. Novell Netware STIG u. Web Application STIG u. Windows 2000 u. NSA: Guidelines (http: //www. nsa. gov) u. Guide to Securing Microsoft Windows NT Networks & Application u. Windows 2000 Security Recommendation Guides (SRG u. Cisco Router Guides u. E-mail and Executable Content Guides u. CIS -- Center for Internet Security (http: //www. cisecurity. org) u. Security Benchmarks; Best Global Practices Best Practices

Resources u. National Cyber Security Alliance: Stay Safe Online uhttp: //www. staysafeonline. info/ u. Corporate and government members, sponsors u. Educate home/small business computer users in basic computer security practices, u. Personal computer security self-test u. Beginner's guides on various security topics u. One-hour online course on security fundamentals u. Cyber. Crime uhttp: //www. cybercrime. gov u. Maintained by DOJ, Computer Crime and Intellectual Property Section (CCIPS), Criminal Division u. Ways computers can be used to commit crimes u. How and to whom to report computer crimes u. What to do if you are the victim of computer crime. u. Links to cases, laws, legal issues, and policy issues surrounding hacking, intellectual property infringements, and other online offenses

Resources u. Hoax Busters uhttp: //hoaxbusters. ciac. org u. DOE Computer Incident Advisory Capability (CIAC) u. Clearinghouse of information about various types of Internet hoaxes u. Fake viruses and other malicious code u. Chain letters u. Urban myths u. Sympathy letters and other cons u. How to recognize hoaxes and what to do about them. u. Center for Education and Research in Information Assurance and Security (CERIAS) uhttp: //www. cerias. purdue. edu/ u. Free security seminar on diverse security topics (Weds afternoons) u. Access via live internet stream. u. Computer security resources for K-12 teachers ubackground information ulesson plans ulinks to other web resources

Resources u. Computer and Information Ethics on WWW uhttp: //www. ethics. ubc. ca/resources/computer/ u. University of British Columbia's Centre for Applied Ethics u. Lists web sites, electronic & print publications on ethical issues in computing. u. Courses in computer ethics u. Provides links to online syllabi to classes u. Links to relevant organizations. u. Security Statistics uhttp: //www. securitystats. com/ u. Statistics on computer security incidents u. Information on u. Security spending, u. Known vulnerabilities, u. Numbers of reported security breaches u. Economic impact of incidents u. Arrests and convictions, u. Accuracy of reported statistics not guaranteed; but sources are provided