Presentation is loading. Please wait.

Presentation is loading. Please wait.

Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.

Similar presentations


Presentation on theme: "Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire."— Presentation transcript:

1

2 Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire

3 Agenda What is it? What is it? Why Why Governance Governance What is available What is available Courses Available Courses Available Certification Certification How (unique requirements) How (unique requirements) DACUM Process DACUM Process Questions Questions

4 Just In Time Training What you need…when you need it.

5 Governance Computer Security Act of 1987/Public Law 100-235 Computer Security Act of 1987/Public Law 100-235 Mandatory periodic training of personnel who manage, use, or operate Federal computer systems Mandatory periodic training of personnel who manage, use, or operate Federal computer systems Committee on National Security Systems (CNSS) Issuances Committee on National Security Systems (CNSS) Issuances NSTISSD 500(ISS INFOSEC ATE), 501(National Training Program for ISSPs), 4011 (Training Standard for INFOSEC Profs), 4012 (National Training Standard for DAAs), 4013 (Std for Std for SysAdmins), 4014 (Std for ISSO) and 4015 (Std for Certifiers) NSTISSD 500(ISS INFOSEC ATE), 501(National Training Program for ISSPs), 4011 (Training Standard for INFOSEC Profs), 4012 (National Training Standard for DAAs), 4013 (Std for Std for SysAdmins), 4014 (Std for ISSO) and 4015 (Std for Certifiers)

6 Governance (continued) Information Assurance, DoD Dir 8500.1 Information Assurance, DoD Dir 8500.1 DoD shall train for the defense of computer network defense DoD shall train for the defense of computer network defense All personnel authorized access to DoD information systems shall be trained in accordance to DoD and Component policies and requirements and certified to perform IA responsibilities All personnel authorized access to DoD information systems shall be trained in accordance to DoD and Component policies and requirements and certified to perform IA responsibilities Develop and promulgate IA Policy related to training Develop and promulgate IA Policy related to training Develop and Provide IA training and awareness products Develop and Provide IA training and awareness products NSA shall develop, implement ad oversee an IA education, training and awareness program for users and administrators of DoD cryptologic SCI systems NSA shall develop, implement ad oversee an IA education, training and awareness program for users and administrators of DoD cryptologic SCI systems

7 Governance (continued) DoD Directive 8500.1 (continued) DoD Directive 8500.1 (continued) DoD Components shall ensure that IA awareness, training, education and professionalization for personnel developing, using, operating, administering, maintaining, and retiring DoD information systems DoD Components shall ensure that IA awareness, training, education and professionalization for personnel developing, using, operating, administering, maintaining, and retiring DoD information systems Supplanted DoD Directive 5200.28 Supplanted DoD Directive 5200.28 NSA - Train DoD Components in evaluation techniques NSA - Train DoD Components in evaluation techniques JCS – Educate & train at NDU JCS – Educate & train at NDU Establish training and awareness program for all DoD civilians, military and contractor personnel accessing civilians, military and contractor personnel accessing information systems information systems Training and awareness program shall be established Training and awareness program shall be established

8 Governance (continued) OMB Circular A-130 OMB Circular A-130 Information resources management means the planning, budgeting, organizing, directing, training, and administrative control associated with government information resources. Information resources management means the planning, budgeting, organizing, directing, training, and administrative control associated with government information resources. Provide training and guidance as appropriate to all agency officials and employees and contractors regarding their Federal records management responsibilities Provide training and guidance as appropriate to all agency officials and employees and contractors regarding their Federal records management responsibilities

9 Governance (continued) OMB Circular A-130 OMB Circular A-130 The agency knows a substantial portion of users have ready access to the necessary information technology and training to use electronic information dissemination products The agency knows a substantial portion of users have ready access to the necessary information technology and training to use electronic information dissemination products Develop and conduct training programs for Federal personnel on information resources management including end-user computing Develop and conduct training programs for Federal personnel on information resources management including end-user computing Establish personnel security policies and develop training programs for Federal personnel associated with the design, operation, or maintenance of information systems Establish personnel security policies and develop training programs for Federal personnel associated with the design, operation, or maintenance of information systems Privacy Act Training Privacy Act Training Agencies must plan for incorporating policies and procedures regarding regarding computer security, records management, protection of privacy, and other safeguards into the training of every employee and contractor. Agencies must plan for incorporating policies and procedures regarding regarding computer security, records management, protection of privacy, and other safeguards into the training of every employee and contractor.

10 Courses Operational Information Assurance Curriculum Operational Information Assurance Curriculum (U) INTRO TO COMPUTER SECURITY (web based) (U) INTRO TO COMPUTER SECURITY (web based) (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web based) (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web based) (U) OPERATIONAL INFORMATION ASSURANCE - PART II (ILT - offered monthly) (U) OPERATIONAL INFORMATION ASSURANCE - PART II (ILT - offered monthly) (U) COMPUTER SECURITY FOR SUPERVISORS (web based) (U) COMPUTER SECURITY FOR SUPERVISORS (web based) (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND ACCREDITATION PROCESS (NISCAP) (ILT – offered quarterly) (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND ACCREDITATION PROCESS (NISCAP) (ILT – offered quarterly)

11 Courses (Continued) Malicious Code (Under Development) Malicious Code (Under Development)

12 Required Training Introduction to Computer Security Introduction to Computer Security Computer Security for Managers Computer Security for Managers Operational Security Operational Security

13 Training Plan Awareness Initiatives Awareness Initiatives Presentations Presentations Posters and Trinkets Posters and Trinkets Training Initiatives Training Initiatives Courses/Curriculum Courses/Curriculum

14 What is available? Colleges and Universities Colleges and Universities Commercial Institutions Commercial Institutions Department of Defense Department of Defense Federal Institutions Federal Institutions

15 How – Unique Requirements Develop a Curriculum (DACUM) Process Develop a Curriculum (DACUM) Process Phase I Phase I Participants Participants Job Description or Focus Statement Job Description or Focus Statement Tasks, Knowledge and Skills Tasks, Knowledge and Skills Phase II Phase II Units of Instructions Units of Instructions Course Content Course Content

16 DoD Directive 8570 (DRAFT) Information Assurance Training, Certification and Work Management (Draft) Information Assurance Training, Certification and Work Management (Draft) Train and certify IA Workforce Train and certify IA Workforce

17 Questions ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?


Download ppt "Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire."

Similar presentations


Ads by Google