Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE.

Published byMatthew Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE."— Presentation transcript:

1 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE 8570.1 LYNN MCNULTY (ISC)2 DIRECTOR OF GOVERNMENT AFFAIRS February 28, 2006

2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 2 PURPOSE DISCUSS THE DEPARTMENT OF DEFENSE INFORMATION ASSURANCE WORKFORCE PROGRAM DISCUSS THE ROLE THAT PROFESSIONAL CERTIFICATIONS—SUCH AS “CISSP” AND “SSCP” WILL PLAY REVIEW IMPLEMENTATION ISSUES FROM (ISC)2 PERSPECTIVE

3 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 3 CURRENT STATUS OF THE IT SEC WORKFORCE SIGNIFICANT INCREASE IN NUMBERS RECOGNIZED IN GOV’T 2210 JOB SERIES SENIOR LEVEL POSITIONS PLACED WITHIN AGENCIES AS TO BE EFFECTIVE MANY CERTIFICATIONS AVAILABLE

4 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 4 DOD BACKGROUND DOD HAS A LONG STANDING PROGRAM TO IMPROVE THE SECURITY OF THEIR INFORMATION SYSTEMS RECOGNIZED THAT THE SOLUTION TO PROBLEM IS NOT JUST A TECHNICAL ISSUE IN 1998 DOD MANDATED CERTIFICATION OF SYS ADMINS IN 2000 DOD ESTABLISHED A POLICY OF CREATING AND SUSTAINING A POOL OF IA PROFESSIONALS 2004 DOD DIRECTIVE 8570.1, “IA TRAINING, CERTIFICATION AND WORKFORCE MANAGEMENT SIGNED

5 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 5 ATTRIBUTION MUCH OF THE MATERIAL IN THE FOLLOWING CHARTS HAS BEEN EXTRACTED FROM PUBLIC BRIEFINGS GIVEN BY GEORGE BIEBER AND STEVEN BUSCH OF THE DEFENSE-WIDE INFORMATION ASSURANCEPROGRAM (DIAP).

6 DoDD 8570. IA Training, Certification and Workforce Management

7 7 Goal #5 – Strategic Execution Policy DoDD 8570.1 signed 8570.1M is in SD-106 coordination Components proactively working to meet Workforce Management (WFM) requirements of both Resource Alignment WFM/Training is decentralized, DoD needs additional visibility into Component budget & plans to train, certify and manage their IA WFM Promulgation of the Manual will require an implementation resource assessment / strategy IA Scholarship Program (IASP) fully funded Program Execution The Manual will provide definitive guidance for DoD-wide IA workforce standards, metrics, and reporting requirements to support diagnostics Enterprise level IA WFM diagnostic capabilities currently are very limited Create an IA Empowered Workforce

8 8 People  Identification and Alignment of People and Positions – Cannot yet fully identify and characterize IA-related people and positions, nor fully validate that the right people are in the right positions.  Workforce Development – Achieving strong results with general IA awareness training, specialized IA training, and IA certification. MetricResult % of positions for which training and certification requirements are defined 0% MetricResult % personnel receiving annual IA awareness training88% % of IA personnel receiving specialized IA training82% % of IA personnel holding specialized IA certifications59%

9 9 IA/CND Leadership Emphasis Subject: Support to Information Assurance and Computer Network Defense Assessments, Priorities, and Initiatives Our highest priorities are: …full commitment to comply with a soon-to-be-published DoDD 8570 “IA Training, Certification and Workforce Management J.O. Ellis Admiral, US Navy Commander, US Strategic Command John P. Stenbit Assistant Secretary of Defense Networks and Information Integration Memorandum, Office of the Secretary of Defense 7 April 2003

10 10 Challenges……  Resourcing…who’s going to pay for this?  Retention of trained/certified personnel  Training of Contractors that are a part of IA Workforce  Exactly “who” is the IA Workforce?  Is it logical to require certifications for everyone?  Manpower/Personnel involvement  Grandfathering existing personnel?  Foreign Nationals?  Sate Department Treaties and Agreements  Unions Navy

11 11 Draft Manual 8570.1M: Key Requirements  Defines IA categories (technical, management), levels w/in categories (I, II, III), and functions w/in levels.  Identifies specific vendor neutral commercial certifications as the DoD baseline for each level  Requires IA certifications used by DoD to be accredited under the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 17024, General requirements for bodies operating certification of persons (April 2003)  Allows for “equivalent” certifications if they are:  Approved by OSD  Accredited to ISO/IEC 17024 by an authorized body (e.g., ANSI)  Requires 80 hours continuing education over two-years -- or the # of hours specified by IA certification provider to maintain certified status…whichever is more  Establishes DoD IA Certification Review Board under the DoD CIO/NII  Requires a privileged user agreement outlining responsibilities, legal and policy limitations of their authority

12 12 Implementation Schedule (Notional) FY05FY06FY07FY08FY09 Upgrade Databases Identify Personnel; Develop & Apply Skill Codes Program, Planning, Budgeting & Execution (PPBE) Certify Personnel 10,00 0 30,50 0 32,00 0 33,50 0 POM 08 ? DoDD 8570.1 DoD 8570.1M IOCFOC

13 13 APPLIES TO: - CIVILIANS - MILITARY - CONTRACTORS - FOREIGN NATIONALS (CIVILIAN, MILITARY & CONTRACTORS) APPLIES TO PERSONNEL PERFORMING IA FUNCTIONS: - REGARDLESS OF JOB SERIES OR OCCUPATIONAL SPECIALITY - WHETHER FULL TIME OR “OTHER DUTY AS ASSIGNED” 8570.1 POLICY OVERVIEW

14 14 The Year Ahead-1  Use of appropriated funds to pay for commercial certifications (tests) for uniformed personnel.  Navy proposing congressional language to amend Chapter 101 of title 10, United States Code  Role of DoD schools, CNSS standards, and certificates  Source of training for certifications  DoD/Component level policy, processes and procedures of a comprehensive certification/professional program  Satisfy continuous education requirement  Rigor and content of commercial certifications  ISO 17024 accreditation  Performance-based element to testing (vice multiple choice)  Continuing learning or re-test requirement  Incorporate DoD IA best practices (STIGS, Guidelines, Benchmarks)  Military databases to meet 8570 requirements  Services to transition to DIMHRS:  IOC Spring 06  FOC Fall 07  DIMHRS incorporating 8570 requirements

15 15 The Year Ahead-2  Publish language in DFARS for contractors to meet requirements  Develop internal DoD IA certification review process  Document DoD IA skills standards  Define a common language of IA-related work & worker requirements  Enable:  Consistent description of the scope of individual certifications  Mapping of certifications against job functions  A common basis for accreditation  Pursue initiatives with enterprise-wide potential to  Reduce cost of training/testing (e.g., DANTES)  Enhance training outcomes  Support establishment of “Black Demon-like” IA combat training exercises; Bulwark Defender (March 06)  Engage stakeholders – OPS, HR, RM – at COCOMs/Services/Agencies  Facilitate 8570 implementation at the grass roots level

16 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 16 (ISC) 2 ’S PARTICIPATION IN THE DOD PROGRAM WE HAVE PARTICIPATED IN THE CERTIFICATION WORKING GROUP HOSTED BY THE INSTITUTE FOR DEFENSE ANALYSIS WE HAVE PROVIDED ALL REQUESTED DOCUMENTATION ABOUT THE CISSP AND SSCP CREDENTIALS WE HAVE OBTAINED ACCREDITATION UNDER ISO 17024—A DOD REQUIREMENT WE ARE DEVELOPING AN IMPLEMENTATION PLAN TO VIGOROUSLY PARTICIPATE IN THIS PROGRAM.

17 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 17 (ISC)² (ISC)² - About Us Established in 1989 Global Standard for Information Security – (ISC)² CBK ®, a compendium of industry “best practices” Non-profit consortium of industry leaders

18 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 18 (ISC)² - More About Us Dedicated to training, educating, qualifying, and certifying information security professionals worldwide Approximately 40,000 constituents in 110 countries

19 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 19 CISSP Tailored for experienced information security professionals Minimum four years cumulative experience in (ISC)² CBK ® domains Undergraduate degree required for one year experience abatement

20 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 20 CISSP continued Subscribe to (ISC)² Code of Ethics Endorsed by another CISSP or senior management Certification maintained through continuing education program Supplemental “Concentrations” available in several areas

21 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 21 SSCP Tailored for systems and network security administration professionals Minimum one year cumulative experience in (ISC)² CBK ® domains Subscribe to (ISC)² Code of Ethics Certification maintained through continuing education program

22 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 22 ISO 17024 ACCREDITATION (ISC)² CISSP Credential –1 st worldwide information security credential to achieve ISO/IEC 17024 –1 st IT organization to be accredited by ANSI for ISO/IEC 17024

23 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 23 ISO 17024 ACCREDITATION continued What does it mean for… –The information security profession Global recognition and acceptance of CISSP –Businesses and governments Discriminator for employers and businesses –(ISC)² CISSP credential holders International recognition

24 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 24 COMPARISON CISSP ® SSCP ® Professional Experience 4 Years1 Year Experience Waivers YesNo Examination 250 Questions125 Questions (ISC)² Code of Ethics Yes Endorsement Process YesNo Continuing Education Yes Concentrations YesNo

25 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 25 IMPLEMENTATION MARKETING TRAINING DEVELOPING RELATIONSHIPS PRICING

26 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 26 IMPLEMENTATION LEVERAGING PARTNERSHIPS ISO ACCREDITATION MAINTAINING CERT CURRENCY COMMITMENT TO DOD

27 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 27 CONCLUSIONS THIS IS A VERY AMBITIOUS PROGRAM WOULD LIKE TO RECOGNIZE GEORGE BIEBER AND HIS STAFF FOR THEIR HARD WORK IN GETTING THIS PROGRAM APPROVED THIS PROGRAM MAY SET THE MARK FOR THE REST OF THE GOVERNMENT MAY ALTER THE CERTIFICATION LANDSCAPE IN THE U.S. INTERESTED IN GAINING YOUR PERSPECTIVES ON (ISC)2 SHOULD MEET THIS CHALLENGE

Download ppt "INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. 1 PREPARING FOR IMPLEMENTATION: PROFESSIONAL CERTIFICATION UNDER DOD DIRECTIVE."

Similar presentations

June 4, 2003 Sustainable Rangelands Roundtable. June 4, 2003 A Strategic Course for the Future Sustainable Rangelands Roundtable June 4, 2003.

June 4, 2003 Sustainable Rangelands Roundtable. June 4, 2003 A Strategic Course for the Future Sustainable Rangelands Roundtable June 4, 2003.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
DoD Information Assurance Certification

DoD Information Assurance Certification
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Security and Personnel

Security and Personnel
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Federation of Chiropractic Licensing Boards 77th Annual Congress Orlando, Florida Accreditation 101 & Panel Discussion Saturday May 3, 2003 9:00 – 10:00.

Federation of Chiropractic Licensing Boards 77th Annual Congress Orlando, Florida Accreditation 101 & Panel Discussion Saturday May 3, :00 – 10:00.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 Program Performance and Evaluation: Policymaker Expectations 2009 International Education Programs Service Technical Assistance Workshop Eleanor Briscoe.

1 Program Performance and Evaluation: Policymaker Expectations 2009 International Education Programs Service Technical Assistance Workshop Eleanor Briscoe.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Software Quality Matters Ronan Fitzpatrick School of Computing Dublin Institute of Technology.

Software Quality Matters Ronan Fitzpatrick School of Computing Dublin Institute of Technology.
CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.

CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.
IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.

IA CERTIFICATION TRAINING AND CONTINUING EDUCATION OPPORTUNITIES IN THE LOCAL AREA PRESENTER: DEBORAH J. SINCLAIR, Ph.D. Standard Technology, Incorporated.
Eurasian Corporate Governance Roundtable

Eurasian Corporate Governance Roundtable
1 FDIC Corporate University Aligning Learning With Corporate Objectives March 2006.

1 FDIC Corporate University Aligning Learning With Corporate Objectives March 2006.

Similar presentations

Ads by Google