INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE.

Slides:



Advertisements
Similar presentations
June 4, 2003 Sustainable Rangelands Roundtable. June 4, 2003 A Strategic Course for the Future Sustainable Rangelands Roundtable June 4, 2003.
Advertisements

Roadmap for Sourcing Decision Review Board (DRB)
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
DoD Information Assurance Certification
HR Manager – HR Business Partners Role Description
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Security and Personnel
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Federation of Chiropractic Licensing Boards 77th Annual Congress Orlando, Florida Accreditation 101 & Panel Discussion Saturday May 3, :00 – 10:00.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 Program Performance and Evaluation: Policymaker Expectations 2009 International Education Programs Service Technical Assistance Workshop Eleanor Briscoe.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality evaluation and improvement for Internal Audit
Software Quality Matters Ronan Fitzpatrick School of Computing Dublin Institute of Technology.
CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.
IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.
Eurasian Corporate Governance Roundtable
1 FDIC Corporate University Aligning Learning With Corporate Objectives March 2006.
Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.
Competency Models Impact on Talent Management
W. Hord Tipton, CISSP- ISSEP, CAP, CISA (ISC)² Executive Director.
Strategic Planning for EEO & HR Offices Dinah Cohen CAP Director Derek Shields CAP Program Manager EEOC Executive Leadership Conference – May 3-5, 2011.
Strategic Plan. April thru November 2011 Strategic Planning Cmmte/Staff Emerging Issues Document Trustee/Staff Meeting Community Listening Campaign SPC/Staff.
1 WARFIGHTER SUPPORT ENHANCEMENT STEWARDSHIP EXCELLENCE WORKFORCE DEVELOPMENT WARFIGHTER-FOCUSED, GLOBALLY RESPONSIVE, FISCALLY RESPONSIBLE SUPPLY CHAIN.
PEM-PAL - 2nd Internal auditors’ Community of Practice Workshop
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
CompTIA Advanced Security Practitioner (CASP) IT Professionals prepared to safeguard organizations worldwide.
“Putting the pieces together – as a community” December, 2014.
Association for the Improvement of Minorities-IRS Career Assistance Mentoring Program – CAMP 2011 C.A.M.P. ORIENTATION March 25, 2011.
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Staffing and Training.
Mr. Frank J. Anderson, Jr. President, Defense Acquisition University Acquisition Education Challenges and the Human Capital Strategic Plan.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 Earned Value Management (EVM) Center ‘Moving Forward’ Presented by Mr. David Kester Director, Program Integration Division April 25, 2007.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Chapter 4 of the Executive Guide manual
CISSP Thomas Moore. Thomas Moore, Ph.D., EMBA BCSA BCSP LCNAD CISM CISSP LMNOP (Licensed Microsoft Network Operations Professional) B.S. No, really, in.
© MCR, LLC MCR Proprietary - Distribution Limited Earned Value Management Application, Guidance, and Education Neil F. Albert President/CEO MCR, LLC
Strategies for Success in the IRS March 22, 2010 Soft-Con Enterprises Incorporated.
Information Security: A Growth Career Lynn McNulty, CISSP Director of Government Affairs (ISC) 2 September 27, 2007.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
0 Office of Performance Assessments and Root Cause Analyses (PARCA) PARCA EVM Update Presenter: Phone:
DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.
Staffing and training. Objectives To understand approaches to the development of strategies and policies for staffing of a Regulatory Authority including.
Presentation to the Portfolio Committee on the Social Security Agency February 2005.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
PERKINS IV AND THE WORKFORCE INNOVATION AND OPPORTUNITY ACT (WIOA): INTERSECTIONS AND OPPORTUNITIES.
KSU’s Quality Enhancement Plan.  Current Core Requirement 2.12  The institution has developed an acceptable Quality Enhancement Plan (QEP) that (1)
 Local commanders understand impact of IA on mission accomplishment  Standard allies and coalition partners can emulate  IA for other workforces (acquisition,
CAREER PATHWAYS THE NEW WAY OF DOING BUSINESS. Agenda for our Discussion Today we’ll discuss: Career Pathways Systems and Programs Where we’ve been and.
1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.
GEO Implementation Mechanisms Giovanni Rum, GEO Secretariat GEO Work Programme Symposium Geneva, 2-4 May 2016.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Jerry E. Trapnell, PhD, CPA Executive Vice President and Chief Accreditation Officer AACSB International A BRIEFING ON AACSB INTERNATIONAL ACCREDITATION.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment, Safety, and Occupational Health Opportunities in DoD Business Transformation May 4, 2006.
June 23, 2016 Organizational Overview. 2 Automation Federation Background A fragmented community of automation professional associations and societies.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
Global Travel Professional ® (GTP) Certification Matt Konetschni, Director Education © 2016 GBTA. All rights reserved. GBTA Academy.
DoD Information Assurance Certification
Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.
Perkins 101 Review Carl D. Perkins Career and Technical Education Improvement Act of 2006 Purpose and Expectations Act aims to increase the quality of.
Presentation to the Portfolio Committee on the Social Security Agency
© 2016, 2017 Change Healthcare Solutions, LLC. All Rights Reserved.
Accreditation Update Regional Municipality of Durham March 15, 2018.
Quality management standards
Overview of Services’ COOL Programs 2-August-2017
Size, Scope, and Quality Definition Perkins V Town Hall Meeting
Presentation transcript:

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE LYNN MCNULTY (ISC)2 DIRECTOR OF GOVERNMENT AFFAIRS February 28, 2006

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 2 PURPOSE DISCUSS THE DEPARTMENT OF DEFENSE INFORMATION ASSURANCE WORKFORCE PROGRAM DISCUSS THE ROLE THAT PROFESSIONAL CERTIFICATIONS—SUCH AS “CISSP” AND “SSCP” WILL PLAY REVIEW IMPLEMENTATION ISSUES FROM (ISC)2 PERSPECTIVE

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 3 CURRENT STATUS OF THE IT SEC WORKFORCE SIGNIFICANT INCREASE IN NUMBERS RECOGNIZED IN GOV’T 2210 JOB SERIES SENIOR LEVEL POSITIONS PLACED WITHIN AGENCIES AS TO BE EFFECTIVE MANY CERTIFICATIONS AVAILABLE

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 4 DOD BACKGROUND DOD HAS A LONG STANDING PROGRAM TO IMPROVE THE SECURITY OF THEIR INFORMATION SYSTEMS RECOGNIZED THAT THE SOLUTION TO PROBLEM IS NOT JUST A TECHNICAL ISSUE IN 1998 DOD MANDATED CERTIFICATION OF SYS ADMINS IN 2000 DOD ESTABLISHED A POLICY OF CREATING AND SUSTAINING A POOL OF IA PROFESSIONALS 2004 DOD DIRECTIVE , “IA TRAINING, CERTIFICATION AND WORKFORCE MANAGEMENT SIGNED

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 5 ATTRIBUTION MUCH OF THE MATERIAL IN THE FOLLOWING CHARTS HAS BEEN EXTRACTED FROM PUBLIC BRIEFINGS GIVEN BY GEORGE BIEBER AND STEVEN BUSCH OF THE DEFENSE-WIDE INFORMATION ASSURANCEPROGRAM (DIAP).

DoDD IA Training, Certification and Workforce Management

7 Goal #5 – Strategic Execution Policy DoDD signed M is in SD-106 coordination Components proactively working to meet Workforce Management (WFM) requirements of both Resource Alignment WFM/Training is decentralized, DoD needs additional visibility into Component budget & plans to train, certify and manage their IA WFM Promulgation of the Manual will require an implementation resource assessment / strategy IA Scholarship Program (IASP) fully funded Program Execution The Manual will provide definitive guidance for DoD-wide IA workforce standards, metrics, and reporting requirements to support diagnostics Enterprise level IA WFM diagnostic capabilities currently are very limited Create an IA Empowered Workforce

8 People  Identification and Alignment of People and Positions – Cannot yet fully identify and characterize IA-related people and positions, nor fully validate that the right people are in the right positions.  Workforce Development – Achieving strong results with general IA awareness training, specialized IA training, and IA certification. MetricResult % of positions for which training and certification requirements are defined 0% MetricResult % personnel receiving annual IA awareness training88% % of IA personnel receiving specialized IA training82% % of IA personnel holding specialized IA certifications59%

9 IA/CND Leadership Emphasis Subject: Support to Information Assurance and Computer Network Defense Assessments, Priorities, and Initiatives Our highest priorities are: …full commitment to comply with a soon-to-be-published DoDD 8570 “IA Training, Certification and Workforce Management J.O. Ellis Admiral, US Navy Commander, US Strategic Command John P. Stenbit Assistant Secretary of Defense Networks and Information Integration Memorandum, Office of the Secretary of Defense 7 April 2003

10 Challenges……  Resourcing…who’s going to pay for this?  Retention of trained/certified personnel  Training of Contractors that are a part of IA Workforce  Exactly “who” is the IA Workforce?  Is it logical to require certifications for everyone?  Manpower/Personnel involvement  Grandfathering existing personnel?  Foreign Nationals?  Sate Department Treaties and Agreements  Unions Navy

11 Draft Manual M: Key Requirements  Defines IA categories (technical, management), levels w/in categories (I, II, III), and functions w/in levels.  Identifies specific vendor neutral commercial certifications as the DoD baseline for each level  Requires IA certifications used by DoD to be accredited under the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 17024, General requirements for bodies operating certification of persons (April 2003)  Allows for “equivalent” certifications if they are:  Approved by OSD  Accredited to ISO/IEC by an authorized body (e.g., ANSI)  Requires 80 hours continuing education over two-years -- or the # of hours specified by IA certification provider to maintain certified status…whichever is more  Establishes DoD IA Certification Review Board under the DoD CIO/NII  Requires a privileged user agreement outlining responsibilities, legal and policy limitations of their authority

12 Implementation Schedule (Notional) FY05FY06FY07FY08FY09 Upgrade Databases Identify Personnel; Develop & Apply Skill Codes Program, Planning, Budgeting & Execution (PPBE) Certify Personnel 10, , , ,50 0 POM 08 ? DoDD DoD M IOCFOC

13 APPLIES TO: - CIVILIANS - MILITARY - CONTRACTORS - FOREIGN NATIONALS (CIVILIAN, MILITARY & CONTRACTORS) APPLIES TO PERSONNEL PERFORMING IA FUNCTIONS: - REGARDLESS OF JOB SERIES OR OCCUPATIONAL SPECIALITY - WHETHER FULL TIME OR “OTHER DUTY AS ASSIGNED” POLICY OVERVIEW

14 The Year Ahead-1  Use of appropriated funds to pay for commercial certifications (tests) for uniformed personnel.  Navy proposing congressional language to amend Chapter 101 of title 10, United States Code  Role of DoD schools, CNSS standards, and certificates  Source of training for certifications  DoD/Component level policy, processes and procedures of a comprehensive certification/professional program  Satisfy continuous education requirement  Rigor and content of commercial certifications  ISO accreditation  Performance-based element to testing (vice multiple choice)  Continuing learning or re-test requirement  Incorporate DoD IA best practices (STIGS, Guidelines, Benchmarks)  Military databases to meet 8570 requirements  Services to transition to DIMHRS:  IOC Spring 06  FOC Fall 07  DIMHRS incorporating 8570 requirements

15 The Year Ahead-2  Publish language in DFARS for contractors to meet requirements  Develop internal DoD IA certification review process  Document DoD IA skills standards  Define a common language of IA-related work & worker requirements  Enable:  Consistent description of the scope of individual certifications  Mapping of certifications against job functions  A common basis for accreditation  Pursue initiatives with enterprise-wide potential to  Reduce cost of training/testing (e.g., DANTES)  Enhance training outcomes  Support establishment of “Black Demon-like” IA combat training exercises; Bulwark Defender (March 06)  Engage stakeholders – OPS, HR, RM – at COCOMs/Services/Agencies  Facilitate 8570 implementation at the grass roots level

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 16 (ISC) 2 ’S PARTICIPATION IN THE DOD PROGRAM WE HAVE PARTICIPATED IN THE CERTIFICATION WORKING GROUP HOSTED BY THE INSTITUTE FOR DEFENSE ANALYSIS WE HAVE PROVIDED ALL REQUESTED DOCUMENTATION ABOUT THE CISSP AND SSCP CREDENTIALS WE HAVE OBTAINED ACCREDITATION UNDER ISO 17024—A DOD REQUIREMENT WE ARE DEVELOPING AN IMPLEMENTATION PLAN TO VIGOROUSLY PARTICIPATE IN THIS PROGRAM.

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 17 (ISC)² (ISC)² - About Us Established in 1989 Global Standard for Information Security – (ISC)² CBK ®, a compendium of industry “best practices” Non-profit consortium of industry leaders

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 18 (ISC)² - More About Us Dedicated to training, educating, qualifying, and certifying information security professionals worldwide Approximately 40,000 constituents in 110 countries

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 19 CISSP Tailored for experienced information security professionals Minimum four years cumulative experience in (ISC)² CBK ® domains Undergraduate degree required for one year experience abatement

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 20 CISSP continued Subscribe to (ISC)² Code of Ethics Endorsed by another CISSP or senior management Certification maintained through continuing education program Supplemental “Concentrations” available in several areas

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 21 SSCP Tailored for systems and network security administration professionals Minimum one year cumulative experience in (ISC)² CBK ® domains Subscribe to (ISC)² Code of Ethics Certification maintained through continuing education program

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 22 ISO ACCREDITATION (ISC)² CISSP Credential –1 st worldwide information security credential to achieve ISO/IEC –1 st IT organization to be accredited by ANSI for ISO/IEC 17024

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 23 ISO ACCREDITATION continued What does it mean for… –The information security profession Global recognition and acceptance of CISSP –Businesses and governments Discriminator for employers and businesses –(ISC)² CISSP credential holders International recognition

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 24 COMPARISON CISSP ® SSCP ® Professional Experience 4 Years1 Year Experience Waivers YesNo Examination 250 Questions125 Questions (ISC)² Code of Ethics Yes Endorsement Process YesNo Continuing Education Yes Concentrations YesNo

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 25 IMPLEMENTATION MARKETING TRAINING DEVELOPING RELATIONSHIPS PRICING

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 26 IMPLEMENTATION LEVERAGING PARTNERSHIPS ISO ACCREDITATION MAINTAINING CERT CURRENCY COMMITMENT TO DOD

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 27 CONCLUSIONS THIS IS A VERY AMBITIOUS PROGRAM WOULD LIKE TO RECOGNIZE GEORGE BIEBER AND HIS STAFF FOR THEIR HARD WORK IN GETTING THIS PROGRAM APPROVED THIS PROGRAM MAY SET THE MARK FOR THE REST OF THE GOVERNMENT MAY ALTER THE CERTIFICATION LANDSCAPE IN THE U.S. INTERESTED IN GAINING YOUR PERSPECTIVES ON (ISC)2 SHOULD MEET THIS CHALLENGE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.