AFCEA Home   AFCEA
Defense Foundation Europe Homeland Security Industry Intelligence SIGNAL Magazine    


         Member Login
Search
 
 
Member ID Password
Forgot: Password | Member ID             CAC/TWIC/PIV/FiXs Logon
   JOIN AFCEA NOW!
Join today to connect with the premier network of thought leaders in the global security community.

Member Benefits:
   Are You Already a Member?
  Click here to log in!

Shortcuts

Course Catalog
Cycle for STEM
Robert Howell Scholarship Fund
Course FAQ
Scholarship Winners
Donate
AFCEA Chapter News
Education Newsletter



Course #650-12-FXVA-3

Cyber Security - the Building Block of IT

Dates: Aug-21-2012 - Aug-24-2012

Location/Hours:

AFCEA Headquarters (Map)
4400 Fair Lakes Court
Fairfax, VA 22033

Hours: 8:30am-4:30pm

Fees:
$1,900 Non-Government Rate
$1,900 Non-Government AFCEA Member Rate
$1,600 Government Rate
$1,500 Government AFCEA Member Rate

This course qualifies for Continuing Education Units.
Note: Formerly titled,"Information Assurance, Roadmap to Excellence."

Course Description:

This course provides a practical overview of Information Assurance(IA). Information about the DoD IA policy and implementing instruction is presented including the DoD Information Assurance Certification and Accreditation Process (DIACAP) along with information about the Defense-wide Information Assurance Program (DIAP), DoD Instruction 8500.2 (Information Assurance Implementation) and the DoD IA Strategic Plan. The defense-in-depth strategy and four technology focus areas are described as well as selected elements of underlying core security technologies. Although primarily oriented toward the DoD audience, the strategies, methodologies, and technical security countermeasures presented in this course are equally applicable to any Federal Government agency endeavoring to enhance the agency's overall security posture. A range of IA related topics such as identification and authentication, network intrusion detection, and vulnerability scanning are covered.  Other topics covered include access control, symmetric and asymmetric cryptography; Public Key Infrastructure; malicious code such as viruses, worms, and Trojan Horses; firewalls, and security control verification.  Laws and guidance; the National Information Assurance Acquisition Policy, and Certification and Accreditation are covered in their supporting roles.

OBJECTIVE

This course is provided to develop an understanding of the Defense-in-Depth strategy and the Information Assurance Technical Framework as they support Information Assurance in network-centric operations. The course includes an overview of Federal laws and guidance that provide the foundation for specific directives and instructions for implementing IA. Although some hacking methodology is discussed, attendees will focus primarily on computer network defense (CND) methods to enhance their ability to serve as an IA professional within their own organization.

WHO SHOULD ATTEND

This course is designed for entry to mid-level security engineers, practitioners, and managers involved in implementing Information Assurance programs.  The material is designed to assist personnel familiar with networks, communication systems and computer and security programs to supplement their current knowledge.  Attendees will learn the details of Information Assurance and will develop a broad understanding of how to build effective information assurance programs within their organizations. Technical content is generally limited to basic discussions of security fundamentals without delving into detailed mathematical explanations of security engineering principles.

 

COURSE OUTLINE

Introduction

  • What is Information Assurance?
    • What's It Really All About?
    • Critical Infrastructure Protection
    • Today's Climate
    • Today's Challenges
    • Motivation for Hacking
    • Hacker Profile

 Laws and Guidance

  • National Security Decision Directive 145 (NSDD-145)
  • National Telecommunications and Information Systems Security Policy 2 (NTISSP No. 2)
  • Computer Security Act of 1987
  • National Security Directive 42 (NSD-42)
  • Executive Order 13231
  • Computer Fraud and Abuse Act of 1986
  • Office of Management and Budget (OMB) Circular No. A-130, Appendix III
  • Federal Information Security Management Act (FISMA)

 National Information Assurance Acquisition Policy

  • NSTISSP 11, Revised July 2003
    • Policy
    • Responsibilities
    • Exemptions and Waivers
    • Deferred Compliance Authorization (DCA)
  • National Information Assurance Partnership (NIAP)
  • Common Criteria Evaluation and Validation Scheme (CCEVS)

DoD Directive 8500.1—Information Assurance

  • Purpose
  • Policy
    • Mission Assurance Categories (MACs)
    • IT Position Categories
  • Responsibilities

 DoD Instruction 8500.2—Information Assurance Implementation

  • Purpose
  • Responsibilities
  • Information Assurance Program Implementation
  • DoD Information Assurance Management Structure
  • The Defense Information Assurance Program
  • Nine Baseline Information Assurance Levels
    • Information Assurance Controls
    • Elements of an Information Assurance Control Number

 DoD Directive 8570.1—Information Assurance Workforce

  • Purpose
  • Work Force Training Requirements and Policy
    • IAT
    • IAM
    • CND
    • IASEA
  • Responsibilities

DoD Information Assurance Strategic Plan

  • Vision
  • Goals
  • Objectives

Defense-wide Information Assurance Program (DIAP)

  • Vision
  • Goal
  • Mission
  • The Global Information Grid (GIG)
  • Defense-in-Depth Methodology and Strategy

Information Assurance Technical Framework (IATF)

  • What is the IATF?
    • Organization
    • Objectives
    • Framework Areas
  • Overview
    • Nature of Cyber Threats
    • Defense-in-Depth
    • Information System Security Engineering (ISSE) Process
  • Technical Security Countermeasures
    • Adversaries with Malicious Intent
    • Careless or Poorly Trained Employees with Nonmalicious Intent
    • Adversary Motivations
    • Primary Security Services
    • Access Control
    • Robustness Strategy  

Framework Areas

  • Defend the Computing Environment
    • Malicious Code
    • Intrusion and Penetration Detection
  • Defend the Enclave Boundary
    • Firewalls
    • Virtual Private Networks (VPNs)
    • Covert Channels
  • Defend the Network and Infrastructure
  • Supporting Infrastructure
    • Key Management Infrastructure/Public Key Infrastructure (KMI/PKI)
    • Detect and Respond  

Security Control Verification

  • NIST Self-Assessment Questionnaire
  • Plans of Action and Milestones (POA&Ms)
    • OMB Guidance Memorandums
  • Network Security Testing
    • Types of Testing
    • Testing Technique Comparison
    • Penetration Testing

 Certification and Accreditation (C&A)

  • Why Do We Need C&A?
  • C&A in the System Development Life Cycle (SDLC)
  • Roles and Responsibilites of Key Participants
  • Identifying Security Accreditation Boundaries
  • Establishing Information System Boundaries
  • Common Security Controls
  • Security Accreditation Decisions
  • Documentation
    • Security Accreditation Package
  • Continuous Monitoring
  • The NIST Process
    • SP 800-37
    • SP 800-30
    • SP 800-53

DoD Information Assurance Certification and Accreditation Process (DIACAP)

  • Key Differences Between DIACAP and NIST C&A Process
  • Phase Naming
    • Initiate and Plan C&A
    • Implement and Validate Assigned IA Controls
    • Make Certification Determination & Accreditation Decision
    • Maintain Authority to Operate and Conduct Reviews
    • Decomission
  • Plan of Action & Milestones (POA&M)
  • DIACAP Knowledge Service
Summary and Wrap-Up

Course Coordinator and Lecturers

Joel B. Junker, CISSP, ISSEP is currently the Vice President of DSD Laboratories’ Security Systems Division. Joel is a certified CISSP and ISSEP practitioner by the ISC².  He has a Master of Science Degree in Electrical Engineering from the Air Force Institute of Technology with concentration in Electronic Device Technology and Very Large Scale Integrated circuit design. He has a Masters Degree from the University of Nebraska in Business Administration, and a Bachelor of Science Degree in Electrical Engineering from the University of Florida. Joel is a retired USAF Lt Col with over 24 years of service in Command, Control, Communications and Computer systems. He conducted Space Communications Technology research and development of millimeter-wave technologies at Rome Laboratory, Rome NY. He has developed a variety of space qualified antenna technology components for USAF Spacecraft and Aircraft. He has over 25 years of experience in various aspects of Information Technology (IT) and has over 12 years of classroom teaching experience. He has authored several IT-related graduate and undergraduate coursewares for Omaha’s College of St Mary, Troy State University in Montgomery, Air Command & Staff College, Department of the Air Force and the Department of Interior.   

James E. Wingate, CISSP, ISSEP, CISM is currently Vice President for West Virginia Operations for Backbone Security, an IT security company that provides network security products and services to both government and commercial clients. He is a retired Air Force Lieutenant Colonel with more than 22 years experience with communications and computer systems. During his military career, he worked in a variety of assignments involving the development, testing, fielding, and sustainment of numerous C2ISR systems. He is a member of AFCEA, AFA, FISSEA, ISACA, and MOAA. In addition to being a Certified Information Systems Security Professional (CISSP), Information System Security Engineering Professional (ISSEP), and a Certified Information Security Manager (CISM), he is also certified in the NSA Information System Security Assessment Methodology (IAM). He was a contributor to the development of the INFOSEC Assurance Capability Maturity Model (IA-CMM) version 3.0. He holds a Bachelors degree in Computer Science and a Masters degree in Computer Engineering. An adjunct faculty member of Fairmont State University(FSU), he has taught many computer security courses and was a key contributor in the development of the FSU computer security program.

 

Directions to AFCEA Headquarters     Restaurants Near AFCEA      AFCEA Travel Info

 


SPECIAL NEEDS:

AFCEA complies with the Americans with Disabilities Act of 1990. Attendees with special needs should call (703) 631-6130 or email the PDC outlining requirements.

COURSE CANCELLATION POLICY:

AFCEA will confirm that a course session is a "go" no later than Aug-07-2012, 14 days prior to the start date of the course. Please see the PDC FAQ for additional course cancellation details.

STUDENT CANCELLATION POLICY:

Please see the PDC FAQ for registration cancellation instructions and other PDC policies.

PDC Home | Education Home | Payment Authorization


All Courses offered in Fairfax, VA unless indicated
TELEPHONE: 1-703-631-6137 or 6135 or 1-800-336-4583, ext. 6137 or 6135
FAX: 703-631-6172 | E-Mail: pdc@afcea.org



Connect with the AFCEA Educational Foundation


Like PDC on Facebook!
Like our Scholarship page on Facebook!
Follow us on Twitter
Join us on Linkedin
Shutterfly Photo Gallery
Event Presentations

 
About Us
Leadership
Mission Statement
Committees
Board of Directors
Strategic Plan


Courses
Course Listing & Registration
Course Catalog (PDF)
Instructors
Leadership Forum
FAQs


Preferred Providers
Cypherpath
Intelligence Academy
ITpreneurs
University of MD, Clark School
UMUC
SANS Institute


Chapters & Clubs
Education Summit
STEM Teaching Tools
Student Clubs
Awards for Chapters
Links to Chapter Programs


Scholarships and Awards
Scholarship General Info
STEM Scholarships
Scholarship Winners
Awards for Individuals
Awards for Chapters


Sponsors & Donors
Signature Sponsors
Leadership Society
Sponsorship Opportuniuties
Annual Fund Drive
Donor Recognition


Contact Us
Directions
Accommodations
Contact Us
AFCEA Educational Foundation
4400 Fair Lakes Court
Fairfax, VA 22033
(800) 336-4583
  © AFCEA International