National Defense University and IRMC. National Defense University

Similar documents
STATE OF NORTH CAROLINA

This is to certify that. Chris FitzGerald. has completed the course. Systems Security Engineering _eng 2/10/08

Information Systems Security Requirements for Federal GIS Initiatives

CENTRAL MICHIGAN UNIVERSITY MILITARY TRANSFER CREDIT Master of Science in Administration Program

INFORMATION ASSURANCE DIRECTORATE

ENROLL NOW. for classes! FIRST COME FIRST SERVED SEATING IS LIMITED program includes:

The Institute of Certified Accountants of Montenegro. RADUNOVIC VESNA, Certified auditor Member of the Board of Directors

Security and Privacy Governance Program Guidelines

STATE OF NORTH CAROLINA

Solutions Technology, Inc. (STI) Corporate Capability Brief

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

CITY OF MONTEBELLO SYSTEMS MANAGER

THE INSTITUTE OF CERTIFIED MANAGERS.

CYBERSECURITY: Scholarship and Job Opportunities

UTCS Scholarships for Service

Article II - Standards Section V - Continuing Education Requirements

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

General Information Technology Controls Follow-up Review

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE INTELLIGENCE COMMUNITY POLICY MEMORANDUM NUMBER

a PennState A leader in online learning since 1998 Programs in Enterprise Architecture ~ World Campus A world of possibilities. Online.

Building the Cybersecurity Workforce. November 2017

Cybersecurity: Federalism as Defense-in-Depth

SUBJECT: Training Policy-04 Defense Finance and Accounting Service Civilian Certifications, and Related Expenses

Building the IA Workforce

CPA Exam and Licensure Information and FAQs

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Information Systems and Tech (IST)

Network Technology: Microsoft. Undergraduate Certificate

Risk Management Framework for DoD Medical Devices

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

ACADEMIC AFFAIRS COUNCIL ******************************************************************************

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Audit Challenges and Best Practices in a Research University Environment

ISACA Chicago Chapter Scholarship Application

Cyber Security Program

ISACA Central Ohio Chapter Academic Scholarship 2018

Collaboration on Cybersecurity program between California University and Shippensburg University

This document/guide contains dated material; always check the ASMC website for the most recent information, policies, and other information.

Working with investment professionals

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Network Technology: Cisco. Undergraduate Certificate

New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3)

STATE OF NORTH CAROLINA

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Regulatory Compliance (Insurance)

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Management Information Systems (MIS)

How to Become a CMA (Certified Management Accountant) May 10, 2017

Illinois State University 2012 Alumni Survey Institution Report

Illinois State University 2014 Alumni Survey Institution Report

ROJECT ANAGEMENT PROGRAM AND COURSE GUIDE

Department of Defense INSTRUCTION

PROFESSIONAL MASTER S IN

2018 Government Professional Accounting Seminar

BECOMING A DANTES FULLY FUNDED DSST TEST CENTER

Service Management. What an Acquisition Practitioner Needs to Know. Karen Gomez Defense Information Systems Agency Mission Support Division

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Master of Science (MS) in Information Assurance and Cybersecurity with a specialization in. Digital Forensics

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

TEL2813/IS2820 Security Management

PARALEGAL CERTIFICATIONS. National Professional Standard for Paralegals

PARALEGAL CERTIFICATIONS. National Professional Standard for Paralegals

Appendix D P a g e

IMA and the CMA How They Can Help Your Career. Presented by: Honorable Kim R. Wallin, CMA, CFM, CPA John B. Pollara, CMA

IT-CNP, Inc. Capability Statement

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

The Scottish Credit and Qualifications Framework and Chartered Banker Institute

Statement of Organization, Functions, and Delegations of Authority: Office of the

The Information Technology Program (ITS) Contents What is Information Technology?... 2

3/2/2012. Background on FISMA-Reheuser. NIST guidelines-cantor. IT security-huelseman. Federal Information Security Management Act

Center for Audit Excellence Capability Statement

ISC2. Exam Questions CAP. ISC2 CAP Certified Authorization Professional. Version:Demo

Response to the Validation Panel for the DIT Foundation Programmes

Government Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer

GRADUATE PROGRAMS IN ENTERPRISE AND CLOUD COMPUTING

Number: USF System Emergency Management Responsible Office: Administrative Services

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

QUALITY IMPROVEMENT PLAN (QIP) FOR THE CONSTRUCTION MANAGEMENT DEGREE PROGRAM

ENGINEERING AND TECHNOLOGY MANAGEMENT

Department of the Army Acquisition Career Field Certification Policy and Procedures October 4, 2004

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Instructions for Completing a Key Leadership Position Joint Qualification Board Application

Health Information Technology - Supporting Joint Readiness

STUDENT AND ACADEMIC SERVICES

INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II

Updated with information about the new certificate programs THE KU MSIT HANDBOOK 1

Subject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento

Master of Science (MS) in Information Assurance and Cybersecurity with a specialization in. Health Care Security

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Electronic Signature Policy

POSITION DESCRIPTION

Department of Defense MANUAL

Department of Defense Fiscal Year (FY) 2015 IT President's Budget Request Defense Contract Audit Agency Overview

Shon Harris s Newly Updated CISSP Materials

Federal Acquisition Service Authorized Federal Supply Schedule Price List

FiXs - Federated and Secure Identity Management in Operation

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Transcription:

The Forgotten Information Assurance Professional - Educating the Senior IT Manager Robert C. Norris, Jr. Information Resources Management College National Defense University 1 Overview Intro to IRMC and NDU Indications of the Need for Senior IT Manager Education Federal CyberService Scholarship Programs Federal Laws and Regulations IRMC Approach to Information Security Suggested Improvements to University Programs 2 1

National Defense University and IRMC 3 National Defense University Senior University for Joint Professional Military Education under the sponsorship of the Chairman of the Joint Chiefs of Staff. Accredited to offer Masters degrees by Middle States Association Component Colleges: National War College Industrial College of the Armed Forces Information Resources Management College Joint Forces Staff College Specialty Centers and Institutes 4 2

Information Resources Management College A National Security Agency Center of Academic Excellence for Information Assurance Education Prepares leaders to direct the information component of national power by leveraging information and information technology for strategic advantage. Students are GS-12 to GS-15 and SES, and officers from Major (or Navy Lt Cmdr) to Colonel (or Navy Captain) 5 Information Resources Management College (cont d) Founded in 1988 Three departments: Information Acquisition, Information Strategies, and Information Operations and Technology Three Certificate Programs: Advanced Management Program Chief Information Officer Certificate Information Assurance Certificate Masters programs with Syracuse, Maryland and East Carolina 6 3

Indications of the Need for Senior IT Manager Education GAO-01-1132T (9/12/01) on Critical Infrastructure Protection Sept 96, reported serious weaknesses at 10 of the 15 largest Federal agencies In 1998 and 2000, an examination of 24 of the largest Federal agencies found significant information security weaknesses at all of them In 1997, GAO added information security as a high-risk issue 7 Indications of the Need for Senior IT Manager Education (cont d) Weaknesses continue in six major areas: Security Program Management Access Controls Software Development and Change Controls Segregation of Duties Operating System Controls Service Continuity 8 4

Indications of the Need for Senior IT Manager Education (cont d) GAO reported: In August that Commerce s systems were at risk In July that Interior s National Business Center, that processes $12 billion annually, had serious weaknesses In March, the DoD s Department-wide Information Assurance Program had not yet met its goals of integrating information assurance with mission readiness criteria, increased infosec awareness by department personnel, etc. 9 Indications of the Need for Senior IT Manager Education (cont d) Last February, the National Institutes of Standards and Technology held a one-day educational event titled, Pitching IT Security to Your Federal Manager. It offered to present an easy approach to selling and gaining support for IT security. The topics covered were requirements, customers, resources, timing and strategy. The target audience was government IT security managers and professionals 10 5

Indications of the Need for Senior IT Manager Education (cont d) A deputy CIO of a major Federal government agency stated that IT security was the primary goal of the agency CIO. When asked to identify three IT security issues, none were named. It was also disclosed that a major organizational system did not require users to logon and logoff. A major government electronics firm senior IT executive said that hacker intrusion was not part of the corporate disaster recovery plan. In fact, he said that his primary concern was hurricanes and airplanes. 11 Indications of the Need for Senior IT Manager Education (cont d) A May 2001 review of the 20 non-dod Centers of Academic Excellence in Information Assurance Education with MBA or MS in Management programs showed: None mentioned InfoSec in the MBA MIS core course description 5 mentioned InfoSec in their MIS electives course description 12 6

CyberService Scholarship Programs National Science Foundation Provides funding to colleges and universities to award scholarships in information assurance and computer security fields. Scholarship recipients will become part of the Federal Cyber Service of information technology specialists who ensure the protection of the U.S. Government's information infrastructure. Upon graduation after their twoyear scholarships, the recipients will be required to work for a federal agency for two years as their Federal Cyber Service commitment. 13 CyberService Scholarship Programs Department of Defense Information Security Scholarship Centers of Academic Excellence establish a scholarship program for students enrolled in their institutions to pursue undergraduate and graduate degrees, and graduate certificate programs in information assurance disciplines. Scholarships to pursue advanced degrees in information assurance disciplines will also be awarded to DoD civilian employees and military members. Recipients of scholarship aid, in exchange for financial assistance, are required by the statute to serve a period of obligated service in DoD as a civilian employee or a member of one of the armed forces. 14 7

Some Federal InfoSec Laws and Regulations Government Information Security Reform Act (government and contractor impact) The Clinger-Cohen Cohen Act OMB Circular A-130 Review Defense Information Technology Security Certification and Accreditation Process (DITSCAP) Designated Approving Authority - The official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. 15 IRMC Approach to Information Security Started with NSTISSI 4011 standard for Information Systems Security Professionals Developed 4 courses aimed at senior-level management Assuring the Information Infrastructure Critical Information Systems Technologies Managing Information Security in a Networked Environment Enterprise Security Policies, Guidelines, and Standards 16 8

IRMC Approach to Information Security (cont d) Developed residential and distance learning versions of courses Continuously refine courses based on student evaluations 17 Suggested Improvements to University Programs Understand the role and size of Federal, State, Local Government, and government contractor employment in the InfoSec universe Determine the InfoSec Management education requirements for senior management, senior IT management, mid- level IT management, and for hacker trackers. 18 9

Suggested Improvements to University Programs (cont d) Insure that MBA core MIS courses include appropriate InfoSec Management education Develop graduate level certificate programs for InfoSec Management for mid-level and senior- level IT managers Include InfoSec Management in executive-level seminars 19 Questions 20 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback