information assurance education and the is curriculum l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Assurance Education and the IS Curriculum PowerPoint Presentation
Download Presentation
Information Assurance Education and the IS Curriculum

Loading in 2 Seconds...

play fullscreen
1 / 28

Information Assurance Education and the IS Curriculum - PowerPoint PPT Presentation


  • 248 Views
  • Uploaded on

Information Assurance Education and the IS Curriculum. By Kevin Lee Elder Dennis Strouble Dave Bouvin Air Force Institute of Technology Wright-Patterson AFB, Ohio.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Assurance Education and the IS Curriculum' - yoko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information assurance education and the is curriculum

Information Assurance Education and the IS Curriculum

By

Kevin Lee Elder

Dennis Strouble

Dave Bouvin

Air Force Institute of Technology

Wright-Patterson AFB, Ohio

Information Assurance Education and the IS Curriculum

slide2

The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the US Government.

Information Assurance Education and the IS Curriculum

outline for today
Outline for Today
  • Introduction
  • Background of Information Assurance
  • NSA Centers of Excellence in Information Assurance Education
  • IRM Program Description
  • Information Assurance Track
  • Conclusion

Information Assurance Education and the IS Curriculum

introduction
Introduction
  • Air Force Institute of Technology
  • Graduate School of Engineering and Management
  • Information Resource Management Degree
  • Information Assurance Track
  • NSA Certification

Information Assurance Education and the IS Curriculum

information assurance
Information Assurance

The National Security Agency’s (NSA) Information Security Assessment Model (IAM) identifies 18 baseline categories that should be included as components of the Information Assurance (IA) posture of any organization

Information Assurance Education and the IS Curriculum

baseline for ia
Baseline for IA
  • IA Documentation
  • IA Roles and Responsibilities
  • Identification & Authentication
  • Account Management
  • Session controls
  • External Connectivity
  • Telecommunications
  • Auditing
  • Virus Protection

Hurd, 2001

Information Assurance Education and the IS Curriculum

baseline for ia cont
Baseline for IA cont.
  • Contingency Planning
  • Maintenance
  • Configuration Management
  • Back-Ups
  • Labeling
  • Media Sanitization/Disposal
  • Physical Environment
  • Personnel Security
  • Training and Awareness

Hurd, 2001

Information Assurance Education and the IS Curriculum

information assurance model
Information Assurance Model
  • McCumber model is used to appropriately organize the 18 baseline categories for analysis and to address possible threats to automated systems.
  • Dimensions
    • Information States
    • Security Services
    • Security Countermeasures
  • Maconachy et al. expanded the model to include
    • Idea of current information intensive environment
    • Time as a fourth dimension

Hurd, 2001

Information Assurance Education and the IS Curriculum

information assurance model9
Information Assurance Model

Maconachy et al, 2001

Information Assurance Education and the IS Curriculum

model and mapping
Model and Mapping

Information Assurance Education and the IS Curriculum

model and mapping cont
Model and Mapping cont.

Information Assurance Education and the IS Curriculum

standards
Standards
  • National Security Telecommunications and Information Systems Security Committee (NSTICC) has been designated, by the President, as the Committee on National Security Systems (CNSS)
  • Standing Committee of the Critical Infrastructure Protection Board, chaired by the Department of Defense

Information Assurance Education and the IS Curriculum

standards13
Standards
  • National Security Telecommunications and Information Systems Security Committee (NSTICC)
    • 4011 National Training Standard for Information Systems Security (INFOSEC) Professionals
    • 4012 National Training Standard for Designated Approving Authority (DAA)
    • 4013 National Training Standard for System Administration in Information Systems Security
    • 4014 National Training Standard for Information Systems Security Officers (ISSO)
    • 4015 National Training Standard for Systems Certifiers
    • 4016 National Training Standard for Risk Analyst (In Development)

Information Assurance Education and the IS Curriculum

nietp
NIETP
  • National Information Assurance Education and Training Program (NIETP)9800 Savage RoadFort Meade, MD 20755-6744ATTN: I02E, Suite 6744
  • Phone: 410-854-6206
  • Fax: 410-854-7043
  • http://niatec.info/nsacoe.htm

Information Assurance Education and the IS Curriculum

nsa centers
NSA Centers

60 centers nationally

Primarily Computer Science Faculty

(45 out of 60)

Only 15 out of 60 primarily utilize faculty from outside of Computer Science in Information oriented programs.

Information Assurance Education and the IS Curriculum

nsa centers cont
NSA Centers cont.

Only 22 of the 60 centers offer the NSA 4012 certification.

Furthermore, only 8 of those 22 centers offer the 4012 certification with a curriculum taught from an Information program.

Additionally, almost all of those eight centers build the 4012 off of the 4011 certification.

Information Assurance Education and the IS Curriculum

nsa 4012 certification
NSA 4012 Certification
  • Designated Approving Authority (DAA) as defined in NSTISSI no. 4012
  • Core areas defined for coverage in the certification
  • Mapped to Knowledge clusters in IRM IA sequence of 3 courses

Information Assurance Education and the IS Curriculum

infosec functions of daa
INFOSEC functions of DAA
  • Granting final approval to operate an IS or network in a specified security mode;
  • Reviewing the accreditation documentation to confirm that the residual risk is within acceptable limits;
  • verifying that each IS complies with the IS security requirements, as reported by the Information Systems Security Officer (ISSO);
  • ensuring the establishment, administration, and coordination of security for systems that agency, service, or command personnel or contractors operate;
  • ensuring that the Program Manager (PM) defines the system security requirements for acquisitions
  • assigning INFOSEC responsibilities to the individuals reporting directly to the DAA;
  • approving the classification level required for applications implemented in a network environment;
  • approving additional security services necessary to interconnect to external systems (e.g. encryption and non-repudiation);
  • reviewing the accreditation plan and sign the accreditation statement for the network and each IS;

Information Assurance Education and the IS Curriculum

infosec functions of daa cont
INFOSEC Functions of DAA cont.
  • defining the criticality and sensitivity levels of each IS;
  • reviewing the documentation to ensure each IS supports the security requirements as defined in the IS and network security programs;
  • allocating resources to achieve an acceptable level of security and to remedy security deficiencies;
  • establishing working groups, when necessary, to resolve issues regarding those systems requiring multiple or joint accreditation. This may require documentation of conditions or agreements in Memoranda of Agreement (MOA); and
  • ensuring that when classified or sensitive but unclassified information is exchanged between logically connected components, the content of this communication is protected from unauthorized observation by acceptable means, such as cryptography, and Protected Distribution Systems (PDS).

Information Assurance Education and the IS Curriculum

afit graduate irm
AFIT Graduate IRM
  • Graduate Eng. & Mgt. School
  • IRM Program
  • Built off of MSIS 2000 Model
  • Required Core Classes
  • Required Specialty Sequence
  • Required Thesis

Information Assurance Education and the IS Curriculum

core irm courses
CORE IRM Courses
  • ORSC 542 Managerial Behavior in Organizations
  • EMGT 530 Contract Management
  • IMGT 530 Conceptual Foundations of IRM
  • IMGT 580 Enterprise Information Architecture
  • IMGT 561 Database Management
  • IMGT 651 Systems Analysis and Design
  • IMGT 657 Data Communications
  • IMGT 690 Capstone Seminar in IRM.

Information Assurance Education and the IS Curriculum

ia track
IA Track

IMGT 684 Strategic Information Management

IMGT 688 Security and Ethics in the Information Age

IMGT 687 Managerial Aspects of Information Warfare.

Information Assurance Education and the IS Curriculum

electives
Electives
  • CSCE 525 Intro to Information Warfare
  • CSCE 625 Info Sys Security, Assurance and Analysis I
  • CSCE 725 Info Sys Security, Assurance and Analysis II
  • IMGT 570 E-Business
  • IMGT 680 Knowledge Management
  • SENG 530 Introduction to Space Operation
  • ORSC 638 Seminar in Contemporary Leadership
  • ORSC 647 Organizational Policy and Strategic Mgt.

Information Assurance Education and the IS Curriculum

graduate ia program computer science
Graduate IA Program(Computer Science)
  • Core
    • CSCE 544 Data Security
    • CSCE 625 Information Systems Security, Assurance and Analysis I
    • CSCE 654 Computer Networks
    • CSCE 689 Distributed Software Systems
    • CSCE 725 Information Systems Security, Assurance and Analysis II
  • Mathematics Requirement (4 quarter hours)
    • STAT 583 Probability and Statistics for Computer Science
    • Encouraged (Discrete Math, Finite Automata, Queuing Theory)

Information Assurance Education and the IS Curriculum

graduate ia program
Graduate IA Program
  • IA Depth (12 quarter hours)
    • CSCE 526 Secure Software Development (4)
    • CSCE 527 Cyber Forensics (4)
    • CSCE 528 Cyber Defense and Exploitation I (4)
    • CSCE 628 Cyber Defense and Exploitation II (2)
    • IMGT 684 Role of the Chief Information Officer (3)
    • IMGT 688 Security and Ethics in the Information Age (3)

Information Assurance Education and the IS Curriculum

irm knowledge clusters
IRM Knowledge Clusters

Information Assurance Education and the IS Curriculum

conclusion
Conclusion
  • This paper described the unique Masters program(s) at a Midwestern United States school that primarily serves a specific student body made up of Department of Defense employees.
  • With a program in place for many years in Information Assurance (IA) we have now created this new program with a decidedly IRM focus to IA.
  • It is the authors hope that other schools can use this information to review their own program(s) and incorporate the concepts presented here as appropriate.
  • While these concepts are somewhat unique to the DoD, we feel other schools could benefit from there inclusion into the curriculum.
  • The concept of Information Assurance is now popping up in many schools while it has been in the DoD for many more years.

Information Assurance Education and the IS Curriculum

questions
Questions
  • ??????

Information Assurance Education and the IS Curriculum