Letter
From the Chair
Greetings,
We hope that you are looking forward to our upcoming FISSEA Conference
as much as we are. I hope you realize that your Conference Program Chair,
Conference Chair, the Executive Board, key NIST personnel (without whom
we would be lost) and other volunteers have been working together for
many months to ensure that this year's annual conference will not only
meet, but exceed our standards for excellence. Of course, we need you
to attend and participate fully to receive the benefits of our combined
efforts.
"Awareness,
Training and Education - The Driving Force behind Information Security"
is the theme for our March 9-11, 2004 annual conference. This year it
will be held at the Inn and Conference Center at the University of Maryland.
I promise you the following five things about our conference this year:
(1) the presentations will be interesting, relevant and informative
(2) the meals will be delicious, plentiful and free,
(3) the participants will have similar challenges and are great for
networking
(4) there is not a better training opportunity for the intended audience
at this price, and
(5) this event will just not be all that we want it to be without your
attendance.
The
business meeting will be shorter this year so that we can focus more
of our time on the outstanding presentations. However, we will still
take time to introduce you to the FISSEA leadership team. We will also
have our annual election to fill vacancies on the Board and give you
a sense of our accomplishments during the year and our plans for accomplishing
even more next year. Although the Board members are all volunteers elected
by the participants at the annual conference, we are always seeking
greater assistance and support from the members throughout the year.
You do not have to be a member of the Board to share your ideas and
volunteer to assist the Board in doing the myriad of tasks required
to keep FISSEA on course in fulfilling its mission effectively.
We need people on the Board
who have their management's support to be FISSEA's arms, legs and all
the various parts of any functioning body to operate successfully. I
want to encourage you to seriously think about serving on the Board,
but I also want to tell you in advance that this is a job that requires
you to donate time regularly, even during your workday at times, to
be a satisfactory board member. For example, I started preparing this
article at home on a Sunday evening and I am completing the task during
my lunch hour. It is not unusual to receive, review, process and forward
email to handle FISSEA's business even when I am on vacation or at home
evenings or during the weekend. In my opinion, the time a board member
gives to FISSEA and his/her level of commitment to its mission will
determine his/her effectiveness as a member of the board. I have found
serving on the FISSEA Board rewarding, challenging and a blessing in
many ways. We need you if you are willing and able to serve.
Barbara Cuffie
FISSEA Executive Board Chair
Go to top of page
FISSEA Executive Board
2003-2004
Barbara Cuffie,
CISSP, Executive Board Chair,*
barbara.cuffie@ssa.gov
Mark Wilson, CISSP,
NIST Liaison, Assistant Bd Chair,**
mark.wilson@nist.gov
Lewis Baskerville,
CISM,**
lewis.baskerville@sba.gov
LTC Curt Carver,
Jr., Conference Program Director,**
curtis.carver@usma.edu
Chrisan Herrod,
Conference Director,**
herrodc@ndu.edu
Tanetta Isler,**
tanetta_n._isler@hud.gov
Dara Murray, CISSP,*
dmurray@psc.gov
Louis Numkin, CISM,
Newsletter Editor,**
lmn@nrc.gov
COL Daniel Ragsdale,*
dd9182@usma.edu
Donna Robinson-Staton,*
donna_robinson-staton@hud.gov
Robert Solomon,
CISSP,*
robert.f.solomon@nasa.gov
Mary Ann Strawn,*
mast@loc.gov
Marvella Towns,**
mltowns@nsa.gov
NIST Executive Assistant
to the Board:
Peggy Himes,
peggy.himes@nist.gov
*
Term ends March 2004
** Term ends March 2005
|
Go to top of page
FISSEA Editor's Column
By Louis
M Numkin, CISM, USNRC
Hello FISSEA,
We are really looking forward
to seeing you at the Conference!
Providing
the newsletter is a labor of love for those of us who contribute. And,
since our publishing date is so close to Valentine's Day, I wanted to
share the love. So, during the conference, we will invite you to contribute
your thoughts for the next issue of our publication. Each attendee will
wear a second hat as a "cub reporter." Being a nonprofit organization,
it is important that you come prepared. In other words, bring your official
reporter pen/pad/pencil/paper/PDA/laptop. Wear your hat creatively as
we are looking for the flavor of the conference - what you liked or
disliked (perish the thought) and anything which was really worthy of
note. You are encouraged to be colorful. During a speaker where you
need not take notes, just jot down a stanza or two of poetry or a paragraph
of pros which covers something on your mind or that you've seen/discussed.
This is not meant to be a critique sheet and attribution will be optional.
If you author a masterpiece, just give it to me during the conference
and we'll try to include them in the subsequent issue of FISSEA News
and Views. "You have you mission, Mr. Phelps."
Also, during the conference,
your Editor goes undercover, wearing the disguise of "Cruise Director."
Food plays a role in any successful gathering and our conference is
no different. The UofMD University College has no "mystery meat."
But, they do have an excellent variety of delicious flavors which we
will get to enjoy. We are also planning our traditional evening out
around an Italian theme. The area near our venue has a historic and
tasty restaurant where we will gather for supper. Car pools will be
established at the conference for those without transportation. So,
when you come to the conference, come hungry for info, food and fun!
It is hard to believe that
another year has flown by. Why it was just yesterday when we gathered
in Silver Spring for Awareness, Training, and Education. And, now, here
we are again. Ready for another wonderful opportunity to meet peers,
share experiences, and hear from leaders in our field of endeavor. Wow...
I can hardly wait!
Permit me to close by thanking
each of you again for your readership and participation. Your submissions
and comments have been appreciated and hopefully, you have found our
recently revised newsletter format to your liking.
Have a virus free day,
Louis
Go to top of page
March
Conference Update
Submitted by Curt Carver, US Military Academy
The FISSEA Conference is right around the corner and the agenda is set!
Here are a couple of abstracts (one from each day) to peak your interest.
This is just the tip of the iceberg as FISSEA has more speakers and
presentations than ever before. You can see the agenda at
http://www.frontiernet.net/~carverc/FISSEA2004/
The Federal Information Security Management Act Reinforcing the Requirements for Security Awareness Training
The Federal Information Security Management Act (FISMA) places significant requirements on Federal agencies for the protection of enterprise information and information systems-including requirements for security awareness training. The National Institute of Standards and Technology (NIST) is leading the development of key information system security standards and guidelines as part of its FISMA Implementation Project. This high priority project includes the development of security categorization standards (FIPS Publication 199), guidelines for the specification and selection of security controls for information systems (NIST Special Publication 800-53), and guidelines for the security certification and accreditation of information systems (NIST Special Publication 800-37). This session will cover the key provisions of the FISMA legislation, the publications developed by NIST in support of this legislation, and the security controls associated with security awareness training.
Pros & Cons of Contracting For Awareness & Training Work: Government Perspectives
Federal
requirements for departments and agencies to conduct awareness and training
as parts of their information security programs are long-standing. It
is no great mystery regarding what has to be done. However, awareness
and training remain near the top of the list of problem areas reported
by OMB to Congress each year. One problem facing federal organizations
is the effective contracting for of some or all aspects of an information
security awareness and training program. These aspects can include designing
the program, developing material, implementing the program, and maintaining
the material.
A number of questions must be asked to help an organization determine
if awareness and training work will be accomplished in-house or contracted
out, including:
1. Do we have the in-house resources to do the job? This includes people
with the right skills and enough people to do the work.
2. Is it more cost-effective to develop the material in-house versus
outsourcing?
3. Is there a funding mechanism in place (budget)?
4. Do we have a person on staff that can serve as the contracting officer's
technical rep (COTR) and effectively monitor contractor activity?
5. Does (or will) the organization have the necessary resources (e.g.,
funding and staff with the necessary expertise) to maintain the material,
if it is developed by a contractor?
6. Does the course content sensitivity preclude use of a contractor?
7. Does outsourcing allow for critical awareness and/or training delivery
schedules to be met?
8. Will the contractor simply develop material and turn it over to the
organization for implementation, or will the contractor develop and
implement? Exactly which of the aspects of the awareness and training
program will the contractor accomplish?
The
Panelists will consider these questions as they describe their experiences,
their successes, and their setbacks. They will provide a set of lessons
learned that will make others' related jobs easier.
Information
Assurance Education OR Training:
Blurring Boundries
The
Centers of Academic Excellence in Information Assurance Education (CAEIAE)
program is an outreach program designed and operated by the National
Security Agency (NSA) in the spirit of Presidential Decision Directive
63 (PDD 63), National Policy on Critical Infrastructure Protection,
May 1998. Education (demonstrate understanding and apply knowledge)
and training (apply knowledge) are often seen as degrees of depth and
breadth, with the former being the deepest and widest. The current CAEIAE
program does a great job of providing undergraduates the information
(topics) and knowledge they need to become effective IA professionals,
however, the program needs to evolve into one that effectively integrates
training objectives-skill, ability, and proficiency-with learning objectives-conceptual
understanding, active learning, and contextualized application. This
paper will propose an evolutionary strategy for effectively integrating
the current CAEIAE Training Standards' criteria into pedagogically viable
and student-focused learning objectives and experiences.
Go to top of page
"Cyber
Security Professionalization in VA:
A Model for Government
Submitted by Michael Arant, VA
As
FISSEA-types, don't we often view cyber security through a different
lens from the one our more technical peers use? We tend to see security
and its thorny problems as human issues. Where others see solutions
as technical, we see them as organizational or even individual. In short,
we recognize that security is all about people. People who care about
the improved services secure computers enable. People who are alert
to threats to computers and can counter them. People who are trained,
empowered, motivated, and authorized to implement effective security
controls.
In Department of Veterans Affairs (VA) cyber security is a profession.
This year VA's community of cyber security has undergone training and
testing in cyber security. We call those who have successfully undergone
the training and testing "Cyber Security Practitioners" or CSPs. The
group includes facility Information Security Officers, VA's cyber security
program office staff, and other folks who have interest.
It
has not always been this way. Until recently, cyber security was just
one extra duty and a job few had an interest in. The one thing many
cyber security staff aspired to was to get into a job with a future,
support, recognition, and out of security. Sound familiar?
The
result? Huge turnover in cyber security staff. Awful Congressional "Report
Cards." Denial of service to veterans while Internet worms ran
rampant. An Office of the Inspector General report designating the VA
as having a "material weakness" in cyber security. In a triumph
of understatement, these are undesirable circumstances. Just ask my
boss!
The
Office of Cyber and Information Security (OCIS) within VA's Office of
Information and Technology has changed the VA's approach to cyber security.
Among other things, OCIS has implemented VA Secretary Principi's direction
that a "rigorous process" be put in place to certify that
people responsible for cyber security are knowledgeable and able to
secure VA's information assets. What a notion! We should expect folks
to actually demonstrate they know what they're about! And because VA
wants to attract and retain motivated people, OCIS has implemented the
certification program as part of an overall CSP Professionalization
initiative.
The
initiative also provides on-line training 24/7 and classroom training
at VA InfoSec Conferences and at VA Information Technology Conferences
(VAITC). All the training resources required are centrally funded and
managed. All told, OCIS provides sixty VA contact hours of cyber security
certification-related training per year. To date, over 400 VA staff
have successfully taken the training and passed the CSP Certification
exam. By the way, you should know that the Body of Knowledge (BOK) we
use is not industry off-the-shelf, although we tapped into those sources
when appropriate. The BOK is government- and VA-specific. As a VA product,
it's freely available; we can even send you a copy.
In
addition, the initiative provides a framework for a true career for
those interested in security, complete with standard Position Descriptions
and potential for professional advancement. The next steps in the program
will be credentials issued by OCIS authorizing facility CSPs to act
"locally in the interest of VA-wide security." After that,
we take on a program of incentives so that we can retain the security
"brain trust" we've cultivated and attract other good people.
In fact, opportunity to attend CISSP-preparation training and to sit
the exam is already one of our incentives.
Most
important, improved training and skills bolster cyber security and that
in turn enhances the trust our customers, America's veterans and other
beneficiaries, have in VA computers and the services those computers
help VA provide.
VA's
OCIS is proud of this initiative, seeing it as a model for other government
agencies' cyber security programs. We've already encountered, confronted,
and conquered many of the issues many of you might meet in your journeys
toward corporate professionalization programs. We're also glad to tell
you more. If you are interested, just call me or drop me an e-mail.
Ask me about our training program in general and make sure I tell you
about VA InfoSec. While we're at it, there are lots of other things
we're doing in cyber security in VA that we'd like to talk to you about.
Michael
S. Arant, CISSP (Team Leader Training / Cyber Security Liaison)
Office of Cyber and Information Security (005S5)
Building 203A, Room 2
VA Medical Center
510 Butler Avenue
Martinsburg, WV 25401
Voice: 304-262-7326
Mobile 202-271-4230
michael.arant@mail.va.gov
Go to top of page
FISSEA
Executive Board
Vacancies
Submitted By
Peggy Himes, NIST
The
FISSEA Executive Board consists of a total of 11 members. Nominations
may be made prior to the conference and from the floor of the conference.
A FISSEA member who wishes to serve on the Executive Board may nominate
him/herself. Please give careful consideration to the time and commitment
involved before making the decision to run. The Executive Board meets
monthly in Gaithersburg, Maryland. Board members should attend the monthly
meetings as well as the 3-day annual conference. You should have your
management's approval prior to accepting FISSEA Board responsibilities.
The
board members listed below are serving the second year of their two-year
term. It is not necessary to nominate them.
- Lewis Baskerville, Small
Business Administration
- LTC Curt Carver, Jr.,
United States Military Academy
- Tanetta Isler, Dept of
Housing & Urban Development
- Louis Numkin, Nuclear
Regulatory Commission
- Marvella Towns, National
Security Agency
- Mark Wilson, National
Institute of Standards and Technology
The term for the following board members expires in March 2004. If they
want to serve another term, they will have to be nominated and elected
by the membership at the annual business meeting in March.
- Dara Murray, Health and
Human Services
- Col Daniel Ragsdale, U.S.
Military Academy
- Donna Robinson-Staton,
Dept. of Housing & Urban Development
- Mary Ann Strawn, Library
of Congress
Barbara
Cuffie, Social Security Administration, will continue to serve on the
Board as Past Chair allowing for one additional Board slot. Robert Solomon
retired from NASA and will not continue his level of support for FISSEA
on the Board.
E-mail
the name of the nominee, employing organization, position or title,
phone number, email address to Peggy Himes, peggy.himes@nist.gov.
Also,
provide a Qualification Statement: (You must have the permission
of the nominee to submit his/her name. What has the nominee done to
warrant this nomination?)
Finally,
provide the name of the person making this nomination with an E-mail
address and/or Phone Number.
Go to top of page
TRAINIA
This column's
name is a contraction of the words "Training" and "Trivia."
It includes information on upcoming conferences, book reviews, and even
humor. The purpose is to provide readers with places to go and things
to use in pursuing and/or providing Computer Security awareness, training,
and education. However, FISSEA does not warrant nor determine the value
of any inclusions. Readers are encouraged to do their own checking before
utilizing any of this data. If readers have items to submit to this
column, please forward them to the Editor at lmn@nrc.gov
********************
From the Sunday, 18JAN2004
Washington Post Comics Section:
SHOE by Chris Cassatt and Gary Brookins
{Skylar is a youngster who is talking with his Uncle Cosmo}
Skylar: "Uncle Cosmo? Did you always want to be a writer?"
Cosmo: "You bet, Skyler. for as long as I can remember... at six
I wrote my first poem... at seven, I wrote a short story... at eight,
I started a novel... and at eight-fifteen, I got writers' block."
For any of FISSEA's budding
columnists, please don't get "Cosmoitis." We look forward
to receiving your article(s) for our next issue which will come out
after the Annual Conference. Any questions, please contact our Newsletter
Editor.
********************
3-4MAR2004 The third
annual Mid-Atlantic Network Security Forum - Washington, DC - The Forum
is an intimate gathering of experienced network security professionals
from government, education and the Fortune 2000 who share technical
insights in a confidential environment. It is based on the Harvard Business
School teaching method of interactive discussions led by expert faculty.
Peer-to-peer briefings further enable participants to hear live accounts
of security challenges and deployments. The all-new curriculum for 2004
includes the topics of patch management, wireless security, application
IDS and firewalls, as well as perimeter security and managing a security
operation. Faculty will include Becky Bace, Marcus Ranum, Eric Cole,
Fred Avolio and Greg Shipley. Other sessions around the country:
19-20MAY2004 - Southeast Network Security Forum - Atlanta, GA
14-15JUL2004 - Midwest Network Security Forum - Chicago, IL
Sponsored by The Institute for Applied Network Security, 30 Rowes Wharf,
Suite 530, Boston, MA 02110, phone (617)399-8100, FAX (617)399-8101,
web page www.ianetsec.com
********************
9-11MAR2004 - 17th Annual
FISSEA Conference, "Awareness, Training, and Education - The
Driving Force Behind Information Security", will be held at The
Inn and Conference Center, University of Maryland University College
(UMUC), Adelphi, Maryland. Electronic registration available at www.nist.gov/conferences
until February 27th. For other questions contact Peggy Himes, NIST,
peggy.himes@nist.gov. Please
see the preliminary agenda under "2004 Conference" on your
FISSEA website, http://csrc.nist.gov/fissea.
Walk-in registration is accepted.
********************
22-24MAR2004 InfoSec
World Conference and Expo/2004 - Orlando, FL - The Rosen Centre Hotel
- Optional Workshops: March 20, 21, 24, 25 & 26-Vendor Expo:March
22&23. 80 in-depth sessions on timely topics, panel discussions,
demos, and
* A dynamic keynote address by William Boni, Vice President and CISO,
Motorola
* An uncensored interview with notorious hacker Kevin Mitnick, by G.
Mark Hardy, President of the National Security Corporation.
* Bonus Session: Security Certifications - Which Are Best for You?
For complete event information, go to: (by clicking this link, you will
be leaving NIST and the FISSEA website):
http://pull.xmr3.com/p/11908-35A8/54489727/clickto1_i.com-12-os04eb7_infosecworld.html
Sponsored by MIS Training Institute, 498 Concord St., Framingham, MA
01702-2357, Tel: (508) 879-7999, Fax: (508) 872-1153, E-mail: mis@misti.com
********************
23-25MAR2004 FOSE
will be held at the Washington, DC, Convention Center. Admission is
free for Government employees. Over 400 exhibitors, various pavilions
(including Wireless, DoD, and a Homeland Security Center), CIO Showcase
of Excellence, free seminars and Keynotes. More info at www.Fose.com
or phone 1(800)791-FOSE.
********************
Information Resources Management
College
National Defense University offering two new courses!!!!!
29MAR-02APR2004 (PRI
0403: in-resident)
07JUN-27AUG2004 (PRI 0404: distributed)
28JUN-02JUL2004 (PRI 0405: in-resident)
"Process Improvement
and Management, Process-Centered Organizational Transformation and Process
Change Programs - Strategies for Process Improvement Course" -
The course examines strategies, management processes and resources for
process improvement within and across federal agencies. An executive-level
perspective is provided on the tools, techniques, and technologies that
enable process-centric performance improvements in how federal agencies
achieve their missions. Also examines the management and information
resource issues of transforming industrial age organizations into information
age process-centric enterprises and broader process-centered partnerships,
coalitions, alliances, Quality Improvement Programs and strategies,
and leadership challenges of initiation, collaboration, design, implementation
and portfolio management of process-centric improvements within and
across agencies. It examines key issues of concern to the DoD's Business
Management Modernization Program initiative, the Federal Government's
Enterprise Architecture initiatives, the President's Management Agenda
on e-Government for example. Attendance by higher-level managers in
civilian grades GS/GM 13 to 15 and military grades 0-5 to 0-6 is particularly
encouraged.
"Enterprise Architecture"
- Examines EA as a management tool to facilitate implementation of strategic
direction, explores the integration of EA with strategic and resource
planning, information assurance, and acquisition management. and introduces
the use of EA frameworks to improve the capability maturity level of
the EA to meet its intended purpose. Other topics include the role of
the CIO in EA management, the use of models and standards, implementation
issues, and an overview of enterprise information assurance/security
architecture. Strategies are also addressed for using EA to address
enterprise problems such as interoperability and information sharing
with the intent of improving enterprise performance of mission or business
operations - details on this course offering can be found at ndu.edu/irmc
28JUN-2JUL2004 - "Information
Operations and National Security (ION)" - Critically analyzes the
role that information and information technology play as strategic elements
of the information component of national power. The course examines
the current and emerging concepts affecting those charged with executing
national security strategy and those who shape the global environment
to meet national security objectives. Selected technical and management
topics are discussed, to include the nation's intelligence sharing initiatives,
interagency coordination, and the role of senior leaders in protecting
and exploiting the global information infrastructure. Recent legislation
and policy initiatives related to shaping the use of information as
an element of national power are also discussed. It is designed for
military grades O-5 to O-6 and civilian grades GS/GM 13-15 or equivalent.
The goal of the course is to enable students to evaluate, analyze, and
develop an understanding of the strategic implications of information
operations and the information component of national power relating
to the national security strategy of the United States.
National Defense University,
Information Resources Management College, Fort McNair, Washington, D.C.
To register, go to www.ndu.edu/irmc.
POC: LTC Craig Kaucher, 202-685-4734, kaucherc@ndu.edu..
********************
Computer Security Institute's
upcoming training classes. For more information, contact Computer Security
Institute, 600 Harrison Street, SanFrancisco, CA 94107, phone (415)947-6320,
or e-mail csi@cmp.com, online www.GoCSI.com/training
24-25FEB04
Facilitated Risk Analysis for Business and Security, Gaithersburg, MD,
Tom Peltier
26-27FEB04 CISM Prep-to-Pass Workshop, Gaithersburg,
MD, Tom Peltier and Justin Peltier - designed to provide CISM candidates
with areas to be tested in core competencies.
2-3MAR04 How to Be
an Effective Information Security Professional, Washington DC, John
O'Leary
4-5MAR04 Defense Against
Social Engineering, Washington DC, John O'Leary
25-26MAR04 Hands-on Wireless Security - Miami Beach,
FL - Instructor Justin Peltier.
14-16JUN04 NetSec2004 Building the Secure Enterprise
- Hyatt Regency Embarcadero in San Francisco, CA
********************
SANS Institute is demonstrating
its commitment to cooperative research and education. 2004 marked the
Grand Opening of the SANS Press Room at www.sans.org/press.
A wide array of easy to use resources put together to assist you in
covering Information Security for your upcoming articles. All of the
resources, press releases, sound bites, and other information in the
Press Room are there for you to use immediately without the need to
request prior permission.
Other resources available from the Press Room include:
- Information Security news items
- Announcements about new Information Security Resources/Products
- Invitations to media events
- Interviews with SANS faculty
- Downloadable photos and bios of SANS faculty
- Soundbites for writing articles (coming soon)
- Schedule of upcoming SANS conferences
********************
5-8APR2004 Storage
Networking World - JW Marriott Desert Ridge Resort in Phoenix, AZ -
IT executives and leaders of storage intensive user-organizations will
be presenting. To see the agenda or register, visit http://www.snwusa.com?s=reg
********************
ISACA upcoming events: EuroCACS
- 21-24 March 2004 - Zurich, Switzerland - contact Sandy Arens at 1(847)253-1545,
ext. 485, e-mail conference@isaca.org
, or check the web page http://www.isaca.org/eurocacs2004
. Considered a leading conference for IS audit, control, assurance and
security.
North America CACS - 9-13 May 2004 - Chicago, Illinois, USA - contact
Sandy Arens at 1(847)253-1545, ext. 485, e-mail conference@isaca.org
, or check the web page http://www.isaca.org/nacacs2004
. This five-day event offers pre- and post-conference workshops, seven
educational tracks and a variety of technical sessions for users at
every level.
International Conference - 27-30 June 2004 - Cambridge, Massachusetts,
USA - contact Sandy Arens at 1(847)253-1545, ext. 485, e-mail conference@isaca.org
, or check the web page http://www.isaca.org/international2004
. Educational tracks focused on managerial and business issues of IT
audit, control and security, and a new track dedicated to discussing
leading industry issues.
The 2004 CISA and CISM Exam Dates:
Final registration deadline: 31 March 2004 Exams given worldwide on:
12 June 2004 For more exam specific information, go to web page www.isaca.org/examreg
********************
"Wireless Security Essentials"
by Russell Dean Vines, copyright 2002 was recently reviewed by Robert
M. Slade, who can be reached at: rslade@vcn.bc.ca,
slade@victoria.tc.ca, rslade@sun.soci.niu.edu.
Mr Slade's comments are positive in stating that "Although not perfect,
this book is an extremely useful guide to the security issues surrounding
the use of wireless devices. Of the various books reviewed on the topic
of wireless LANs and security, it is the best work seen to date...Part
one deals with the foundational aspects of the technology and Part two
covers security essentials."
********************
Karta offers a web-based
information security training product which addresses the FISMA reporting
requirement for specialized training for those with significant security
responsibilities, as well as agency-wide Security Awareness. The library
of 65+ courses covers four different tracks: Network Security, Data
Security, Security Policy and Guidelines, and Security Planning. Each
course is mapped to a variety of roles and created 18 different training
plans based on the roles and their corresponding responsibilities as
outlined in NIST SP 800-16. The IT Security Library is a web-based training
suite certified by the NSA/CNSS for mapping to NSTISSI standard No.
4013. Students are able to earn NSA/CNSS approved certifications for
completing 50 pre-mapped course hours. For those who currently hold
or plan to hold a CISSP or SSCP, CPE credit can be earned for every
completed course hour. For more information, please contact George Soltys,
at 703-309-3038 or gsoltys@karta.com.
********************
nCircle and CISCO are offering
free Vulnerability Assessment seminars, titled "Tackle Your Security
Flaws Before Someone Else Does" in many areas of the country. You receive
a free Gartner Report and White Paper when you register. For information,
call (888)464-2900 or write to nCircle, 101 Second Street, Suite 400,
San Francisco, CA 94105
********************
27-29JUL2004 Excellence
in Government Conference from Government Executive Magazine is accepting
proposal submissions for their DC Convention Center conference. Deadline
for submissions is 3MAR2004 and they must be submitted electronically.
This year's five tracks are:
* YOUniversity: Enhance your personal ability . . . and your professional
visibility.
* The Management Institute: These sessions provide the know-how to develop
skill and instinct.
* The Leadership Edge: Leadership "essentials" for today's (and tomorrow's)
federal manager.
* The Transformation Generation: "Change is good" but only if it means
real results for customers.
* The Rules and Tools of Results: Real world rules and first hand experience
tools shared by public sector "result-getters."
For more info check web page http://www.govexec.com/
********************
Address
Correction:
If you
are not receiving your newsletter by mail, please check with Peggy
Himes, peggy.himes@nist.gov.
Many have been returned as undeliverable. Hopefully, you'll see
this note on the website or by reading a copy of the newsletter
at the annual conference. You may desire to have it delivered
to your home for faster delivery.
|
Go
to top of page
|