1 / 21

Information Assurance Workforce (IAWF)

Information Assurance Workforce (IAWF). Presented by: James Perkins Director, IT Workforce and Training. Learning Objectives. Recognize the IAWF references Learn the identification, tracking, and management of the IA Workforce Apply procedures for training resources. 2. Agenda.

dionne
Download Presentation

Information Assurance Workforce (IAWF)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Assurance Workforce (IAWF) Presented by: James Perkins Director, IT Workforce and Training IA Workforce

  2. Learning Objectives • Recognize the IAWF references • Learn the identification, tracking, and management of the IA Workforce • Apply procedures for training resources IA Workforce 2

  3. Agenda • IAWF References/Background • Identify IAWF • Manage IAWF • Tracking IAWF • IAWF Development • Certification Process • Training Resources • Points of Contact • Questions IA Workforce 3

  4. IAWF References/Background • References: • DoD 8570.01-M • SECNAV M-5239.2 • BUMED INST 5239.xx • NAVMED Policy Memo 09-020 • DoD and DON have established standard procedures for some processes, such as: • Applying for and receiving IA baseline certification training • Applying for and receiving an exam voucher • Registering for an exam

  5. Identify IAWF • IA Technical: • Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform. • Must also be trained and certified on the OS or CE they are required to maintain • Some examples of jobs that hold privileged access or require personnel to perform IA functions include: • Help Desk Customer Supervisor – Level II or III • Help Desk Service Technician – Level I - III • Data Manager – Level III • System Administrator – Level II (NE) or III (Enclave) • System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)

  6. Identify IAWF • IA Technical (IAT): • Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform. • Must also be trained and certified on the OS or CE they are required to maintain • Some examples of jobs that hold privileged access or require personnel to perform IA functions include (IAT Certification Flow Chart: https://www.cool.navy.mil/ia_documents/ia_iat_flow.htm): • Help Desk Customer Supervisor – IAT Level II or III • Help Desk Service Technician – IAT Level I – II • Data Manager – IAT Level III • System Administrator – IAT Level II (NE) or III (Enclave) • System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)

  7. Identify IAWF • IA Manager (IAM): • Responsible for ensuring the information system (IS) is operated, used, maintained, and disposed of in accordance with security policies and Practices • IAM Certification flow chart: • https://www.cool.navy.mil/ia_documents/ia_iam_flow.htm • IAM Level III: • BUMED Enclave (CDR Richard Makarski- Director, BUMED M62) • IAM Level II: • Fulfilling duties at the network level, reports to IAM III • IAM Level I: • Fulfilling duties at the computing level, reports to the IAM II

  8. Identify IA IAWF

  9. Manage IAWF • IAMs must have: • IAM Appointment Letter (Example: SECNAV M-5239.2, Appendix C) • DoD Workforce IA Special Code: Information Security (INFOSEC) • DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic • IA Certification • Identified as INFOSEC on AMD • Civilians: Identified as INFOSEC in DCPDS • Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2) • Contractors: Identified as INFOSEC in CVS • IATs must have: • Privileged Access Agreement (Example: DoD 8570.01-M, Appendix 4) • DoD Workforce IA Special Code: Information Security (INFOSEC) • DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic • Identified as INFOSEC on AMD • Civilians: Identified as INFOSEC in DCPDS • Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2) • Contractors: Identified as INFOSEC in CVS • IA Certification • OS Certification

  10. Track IAWF • TWMS: • Navy Medicine Policy Memorandum 09-020, 17 December 2009, “Information Assurance (IA) Workforce Identification, Tracking, Monitoring, and Reporting” • Tracking/Management Responsibility: • Command IAM • BUMED M65 • TWMS issues: • Personnel are registered in the database but are NOT identified as IAWF • IAMs do not have appropriate permissions to update personnel as IAWF • Personnel are being denied exam vouchers because they are not properly identified as IAWF in the database

  11. Track IAWF According to TWMS: 481 members comprise the Navy Medicine IAWF* * (as of 31 December 2010)

  12. Track IAWF • Problems identified in TWMS • Personnel are registered in the database but are NOT identified as IAWF • IAMs do not have appropriate permissions to update personnel as IAWF • Personnel are being denied exam vouchers because they are not properly identified as IAWF in the database • Recommendations • Site IAMs need to continue to pursue proper permissions for the TMWS database • IAMs should check to ensure IAWF members are not only registered in the database but also properly identified as IAWF • Personnel should check their own records to ensure that they are registered as IAWF

  13. IAWF Development • Holistic workforce development solution based on training (classroom and on-the-job), certification, maintenance, continuing education, etc.

  14. Certification Process Start Take DIAP-Sponsored Pre-Test for Appropriate 8570.1 Exam Review Self-Study Reference Guide with Training Coordinator NeedPlan? No Yes Take Basic IA Knowledge Assessment Yes Pass? Pass? No No Yes Work with Manager to Select Self-Study Courses and Document Plan Take/Review Basic/Conceptual IA Training Courses Based on Self-Study Guide Take Certification Training* (or use Self-Study Methods) via NAVMED Voucher Request Exam Voucher Through NETWARCOM Process per Business Rules Report Success to Navy Medical 8570.1 Coordinator Who Logs Results in Appropriate Tool Register and Take Exam via Proctored/Approved Site for 8570.1 Testing Yes Pass? End No Identify Knowledge Shortfalls with Training Coordinator or via Exam Feedback Engage in Additional Preparation (Courses or Study) Components/processes under NAVMISSA control. Processes and procedures defined by Navy policy and guidance. Decision points

  15. Certification Process • Efforts moving forward: • Personnel who have received CISSP vouchers are required to test within 90 days of completing training • Personnel will need to be contacted for exam results information • Updates will need to be made in the TWMS database to reflect new certification information • Personnel receiving Security+ certifications after Jan 2011 will be required to register their certification with CompTIA and must complete CPE credits to maintain their certifications • Personnel who obtained the Security+ certification prior to Jan 2011 will also have requirements for keeping their certifications active • More information regarding maintaining certification and requirements is coming soon

  16. Resources • Navy Credentialing Opportunities On-Line (COOL) • https://www.cool.navy.mil • Defense Information Systems Agency • http://www/disa.mil • IAWF Certification Resources Home Page • https://www.portal.navy.mil/netwarcom/ia/default.aspx • Navy SKILLPORT training page • https://navyiacertprep.skillport.com

  17. Resources • COOL (Credentialing Opportunities On-Line) explains how Navy service members can meet civilian certification and license requirements related to their ratings, jobs, designators, and occupations. • Use COOL to: • Get background information about civilian licensure and certification. • Identify licenses and certifications relevant to Navy ratings, jobs, designators, and occupations. • Learn how to fill gaps between Navy training and experience and civilian credentialing requirements. • Learn about resources available to Navy service members that can help them gain civilian job credentials.

  18. Resources Training Voucher Program: • Command is responsible for travel costs and time, but in most cases the vendors will have training available at regional locations • Regional courses will be scheduled if sufficient staff are available • No staff should be attending certification training for certifications that do not match their role and/or experience level • For example: No IAT I personnel should attempt CISSP unless highly-experienced (5 or more years is requirement) • Those using Navy Medicine funds must agree to follow through with certification and will be tracked for results • DON’s exam voucher program, administered by NETWARCOM, will provide certification test vouchers on-demand (72 hour turn-around) for all personnel who are properly identified in the TWMS database as IAWF • Staff must pass NETWARCOM-specified exam pre-tests with an 80% score to receive a voucher per NETWARCOM’s policy

  19. Resources Training Voucher Program (continued): • Training Program currently offers training and certification opportunities in two categories: • Security+ • Available for all IAWF personnel who fall into IAT Levels I and II or IAM Level I • Training and testing is held on site by NAVMED selected vendor • CISSP • Available for all IAWF personnel who fall into IAT Level III and IAM Level II or III • Personnel are required to locate a public training and testing session near their home site • Other certification opportunities are available through NETWARCOM or other vendors but are not covered by NAVMED funds • Personnel are free to pursue other certifications that meet DoD 8570.1-M compliance standards with personal funds, site provided funding, or other funding methods

  20. Contact Information • Mr. James Perkins, Director IM/IT Workforce and Training (M65) • James.Perkins@med.navy.mil or 202-762-3157 • Mr. Christopher Taylor, Program Analyst • Christopher.Taylor@med.navy.mil or 202-762-0926 • Ms. Natalie Salisbury, IM/IT Workforce Support • Natalie.Salisbury@med.navy.mil or 202-762-3818 • Ms. Rasheedah Sharp, IM/IT Workforce Support • Rasheedah.Sharp@med.navy.mil or 202-762-3616 Leading NAVMED through PortfolioManagement.

  21. Questions Leading NAVMED through PortfolioManagement. 21

More Related