Maryann Dennehy

DISA/GO434, (703) 882-1716

DennehyM@ncr.disa.mil

March 2004

DoD IA Education, Training, DoD IA Education, Training, Awareness Products Awareness Products

Mission

Authorities

Approach

Categories of Products

New Products

Under Development

Videos

Order Products Online, POCs

Agenda

MISSION

Provide standardized DoD-level IA products for Combatant Commands / Services/Agencies to integrate into their IA Education, Training & Awareness (ETA) programs

Develop products to support the DoD-wide IA career field or professional / certification programs

Assist other DoD components in developing and / or conducting IA training activities

Support DoD and Federal IA ETA outreach programs (HSPD-7)

DoD ETA Mission

AUTHORITIES

Authorities

DOD Instruction 8500.01 Information Assurance -Require the Director, DISA to develop and provide IA training and awareness products.

DOD Instruction 8500.02 Information Assurance Implementation -The Director, DISA shall develop and provide IA training and awareness products, and a distributive training capability to support product delivery.

CJCSI 6510.01C (1 May 01, Enclosure B, Pg. B-12)-The Director, DISA will develop an IA and INFOSEC education, training, and awareness program, guidelines, computer-based training and distributive courses and products for use by other DOD components in coordination with other DOD components as required, and assist other DOD components in developing and/or conducting IA and INFOSEC training activities

IA/IT/HR/IPT (February 2000, implemented by DEPSECDEF Memo, 14 Jul 00)-DISA shall develop baseline IA training courses to meet the IA training requirements stipulated in the IPT certification documents.

Derivation of Requirements

Requirements Gathered From

ASD (NII), Director, IA, DIAP IA ETA Forums, Working Groups Service HQs IA Program Offices Operators DoD CERT Other DISA entities (e.g., PKI) Feedback from Training Organizations Service schools Service & agency training organizations DISA/FSO trainers

Priorities established in coordination with ASD(NI2), Director IA, DIAP DISA FSO

Prioritization considerations Certification requirements Magnitude of need Availability of funding Availability of content Availability of external funding

Factors bearing on prioritization Command decision Rapid transition to new technology impacting existing media products Emergence of new IA policies/concepts

Prioritization of Requirements

APPROACH

DOD-centric with focus on commonality across organizational lines

Collaborate with other Federal agencies using their dollars to create products that support their unique training programs

Approach

CATEGORIESOF

PRODUCTS

Personnel CertificationUsed by some Combatant Commands/Services/Agencies for various levels of certification for SAs, IAOs, IAMs, etc.

ProfessionalizationIntended for use by IA professionals,

(SA, IAO, IAM) to build professional competence

Support to WarfighterPresent basic concepts to the Warfighter, and to aid the Warfighter in becoming more technically sound

Categories of Products

DoD Information Assurance Awareness

1999 CINDY 1999 CINDY Silver Award; Silver Award; Three New Three New Media Invision Media Invision Gold AwardsGold Awards

Personnel Certification

Information Assurance Policy & Technology (IAP&T) (formerly OISS)

Windows NT Security

UNIX Security

CyberProtect

Designated Approving Authority (DAA)

DITSCAP

SSAA Preparation Guide

Certifiers Fundamentals

Web Security

Database Security

System Admin Incident Prep & Response – UNIX

System Admin Incident Prep & Response – Win NT

System DefenderMapped 100% to Mapped 100% to NSTISSI 4015NSTISSI 4015

Professionalization

Information Operations Fundamentals

Defense in Depth

Information Age Technology

Computer Network Defense

Public Key Infrastructure

IA for Auditors & Evaluators

Active Defense – An Executive’s Guide to IA

Introduction to CIRT Management

Support to the Warfighter

Currently available for ordering via IASE at http://iase.disa.mil/eta

Web-deliverable

ADA Section 508 Compliant

Available at no cost

Cleared for “Open Release” by DoD

All Products

NEWPRODUCTS

Teaches a methodology of proactive defense through practice using scenarios

Defines training gaps

Web-based only

Easy to update

Tracks students via web server/LMS

Compatible with ADA 508 requirements.

Audience includes SAs, IAOs, IAMs, Net Admins with Level 2 experience.

System Defender

Policy and technology overview in accordance with DOD guidance pertaining to the defense of information systems

Topics include:

Information Security Overview

System Modes and Evaluation Criteria

Workstation Security

Network Security

Identifying and Reporting Incidents

Protecting Information Systems

Managing Information Systems Security

Audience is IAOs, IAMs or SAs

IA Policy & Technology (IAP&T)

Contains guidance on completion of the SSAA Product is useful for preparation of an SSAA using the National Information

Assurance Certification and Accreditation Process (NIACAP), NSTISSI No. 1000

Provides overview of the DITSCAP Uses DITSCAP outline (DoD 8510.1M)

Audience is IAMs, IAOs, SAs, Auditors

SSAA Preparation Guide

Firewall and Router Basics

Introduction to the security aspects of firewalls and routers

Addresses the operation and maintenance of secure information systems and networks within a networked environment

Audience is SAs, network adminis and users working toward obtaining Level 1 SA certification

Topics include Internetworking Overview Firewall Fundamentals Router Fundamentals

UNDERDEVELOPMENT

Telework

Instructs users on current DoD policies and guidelines for utilizing the Telework program

Wireless Networking Security

Instructs users on current DoD policies and guidelines for utilizing wireless networks

Windows 2000 System Administrator

Security as it pertains to Windows 2000, both server and workstation

Shows various ways to secure Windows 2000 systems and addresses current vulnerabilities

Addresses Gold Standard

Audience includes SAs, IAOs, IAMs, and Network Administrators

Currently in Beta Review

Cyber OPS (Net Builder)

Net Builder (2 yrs) Players create networks using generic hardware, software, and connection tool suites within allocated resources

Net Defender Uses computer-generated attack sequences to test network defenses developed by exercise players

Net Assurer Explores the impact of available IA personnel (SAs, IAMs, IAOs, and DAAs) on the efficiency of system operation

Net Warrior Red Team – Blue Team exercise play defending or attacking previously created, defended, and staffed networks

Multi-year collaborative effort with USMA

Modular IA exercise as an academic classroom, technical training and information warfare exercise support tool

Each module increases depth and realism of exercise play, using a building block approach

Cyber Law

For government lawyers who need to understand legal and policy issues, both current and emerging, associated with IA and CIP/Homeland Security

Topics include:

Basic understanding of the Internet

Basic tenets of Information Assurance

Definition of Computer Crime

Discussion of First and Fourth Amendments

Presentation of statutory considerations to be applied during investigations

Discussion of four “Lanes in the Road” pertinent to CND

References for following evolving areas of the law in cyberspace

Audience: Combatant Commands/Components SJA; Regional JAGs; IA, IO, CIP and Intel specialists; SAs, IAOs, DAAs, Red Teams, CERTs, web developers

Videos

Compilation Series 1 Networks at Risk (NCS) (10 min) The Information Front Line (IC) (10 min) Bringing Down the House (IC) (11 min) Computer Security 101 (DOJ) (~10 min) Computer Security: The Executive Role (DOJ) (~10 min) Safe Data - Its Your Business (DOL) (18 min) Think Before You Respond (USGov) (3 min) Protect Your AIS (USGov) (6 vignettes) Protect Your AIS -The Sequel (USGov) (30 min) Doctor D Stroye (USGov) (7 min) The Scarlet V (USGov) (7 min)

IA Videos

Compilation Series 2 Ears Looking at You (USGov) (8 min) Just the Fax (USGov) (7:51 min) Bits and Pieces (USGov) (4:30 min) Magnificent Discretion (USGov) (5:02 min) Sherman on My Mind (USGov) Identity Theft – Protect Yourself (USN)

Understanding PKI

Solar Sunrise: Dawn of a New Threat* (NACIC, NIPC, FBI) (18 min)

Risky Business* (NACIC, FBI) (~20 min)

IA Videos

* Government only. All others contact http://www.nacic.gov.

ORDERINFORMATION

For product order form, product descriptions, and frequently asked questions/product notes:

Web: http://iase.disa.mil/infosecSign up for automatic e-mail notification of new products

E-mail: dodiaeta@ncr.disa.mil

Ms. Emillie QuanQuanE@ncr.disa.mil(703) 882-1709 COM / 381-1709 DSN

Ms. Maryann DennehyDennehyM@ncr.disa.mil(703) 882-1716 COM / 381-1716 DSN

Order Products Online

Maryann Dennehy

DISA/GO434, (703) 882-1716

DennehyM@ncr.disa.mil

March 2004

DoD IA Education, Training, DoD IA Education, Training, Awareness Products Awareness Products