Course #650-12-FXVA-3

Cyber Security - the Building Block of IT

Dates: Aug-21-2012 - Aug-24-2012


AFCEA Headquarters (Map)
4400 Fair Lakes Court
Fairfax, VA 22033

Hours: 8:30am-4:30pm

Early Bird Rates In Effect through 07/21/2012!

$1,500 $1,400 Government AFCEA Member
$1,600 $1,500 Government Non Member
$1,900 $1,800 Non-Government AFCEA Member
               Non-Government Non Member

This course qualifies for Continuing Education Units.
Note: Formerly titled,"Information Assurance, Roadmap to Excellence."

Course Description:

This course provides a practical overview of Information Assurance(IA). Information about the DoD IA policy and implementing instruction is presented including the DoD Information Assurance Certification and Accreditation Process (DIACAP) along with information about the Defense-wide Information Assurance Program (DIAP), DoD Instruction 8500.2 (Information Assurance Implementation) and the DoD IA Strategic Plan. The defense-in-depth strategy and four technology focus areas are described as well as selected elements of underlying core security technologies. Although primarily oriented toward the DoD audience, the strategies, methodologies, and technical security countermeasures presented in this course are equally applicable to any Federal Government agency endeavoring to enhance the agency's overall security posture. A range of IA related topics such as identification and authentication, network intrusion detection, and vulnerability scanning are covered.  Other topics covered include access control, symmetric and asymmetric cryptography; Public Key Infrastructure; malicious code such as viruses, worms, and Trojan Horses; firewalls, and security control verification.  Laws and guidance; the National Information Assurance Acquisition Policy, and Certification and Accreditation are covered in their supporting roles.


This course is provided to develop an understanding of the Defense-in-Depth strategy and the Information Assurance Technical Framework as they support Information Assurance in network-centric operations. The course includes an overview of Federal laws and guidance that provide the foundation for specific directives and instructions for implementing IA. Although some hacking methodology is discussed, attendees will focus primarily on computer network defense (CND) methods to enhance their ability to serve as an IA professional within their own organization.


This course is designed for entry to mid-level security engineers, practitioners, and managers involved in implementing Information Assurance programs.  The material is designed to assist personnel familiar with networks, communication systems and computer and security programs to supplement their current knowledge.  Attendees will learn the details of Information Assurance and will develop a broad understanding of how to build effective information assurance programs within their organizations. Technical content is generally limited to basic discussions of security fundamentals without delving into detailed mathematical explanations of security engineering principles.




  • What is Information Assurance?
    • What's It Really All About?
    • Critical Infrastructure Protection
    • Today's Climate
    • Today's Challenges
    • Motivation for Hacking
    • Hacker Profile

 Laws and Guidance

  • National Security Decision Directive 145 (NSDD-145)
  • National Telecommunications and Information Systems Security Policy 2 (NTISSP No. 2)
  • Computer Security Act of 1987
  • National Security Directive 42 (NSD-42)
  • Executive Order 13231
  • Computer Fraud and Abuse Act of 1986
  • Office of Management and Budget (OMB) Circular No. A-130, Appendix III
  • Federal Information Security Management Act (FISMA)

 National Information Assurance Acquisition Policy

  • NSTISSP 11, Revised July 2003
    • Policy
    • Responsibilities
    • Exemptions and Waivers
    • Deferred Compliance Authorization (DCA)
  • National Information Assurance Partnership (NIAP)
  • Common Criteria Evaluation and Validation Scheme (CCEVS)

DoD Directive 8500.1—Information Assurance

  • Purpose
  • Policy
    • Mission Assurance Categories (MACs)
    • IT Position Categories
  • Responsibilities

 DoD Instruction 8500.2—Information Assurance Implementation

  • Purpose
  • Responsibilities
  • Information Assurance Program Implementation
  • DoD Information Assurance Management Structure
  • The Defense Information Assurance Program
  • Nine Baseline Information Assurance Levels
    • Information Assurance Controls
    • Elements of an Information Assurance Control Number

 DoD Directive 8570.1—Information Assurance Workforce

  • Purpose
  • Work Force Training Requirements and Policy
    • IAT
    • IAM
    • CND
    • IASEA
  • Responsibilities

DoD Information Assurance Strategic Plan

  • Vision
  • Goals
  • Objectives

Defense-wide Information Assurance Program (DIAP)

  • Vision
  • Goal
  • Mission
  • The Global Information Grid (GIG)
  • Defense-in-Depth Methodology and Strategy

Information Assurance Technical Framework (IATF)

  • What is the IATF?
    • Organization
    • Objectives
    • Framework Areas
  • Overview
    • Nature of Cyber Threats
    • Defense-in-Depth
    • Information System Security Engineering (ISSE) Process
  • Technical Security Countermeasures
    • Adversaries with Malicious Intent
    • Careless or Poorly Trained Employees with Nonmalicious Intent
    • Adversary Motivations
    • Primary Security Services
    • Access Control
    • Robustness Strategy  

Framework Areas

  • Defend the Computing Environment
    • Malicious Code
    • Intrusion and Penetration Detection
  • Defend the Enclave Boundary
    • Firewalls
    • Virtual Private Networks (VPNs)
    • Covert Channels
  • Defend the Network and Infrastructure
  • Supporting Infrastructure
    • Key Management Infrastructure/Public Key Infrastructure (KMI/PKI)
    • Detect and Respond  

Security Control Verification

  • NIST Self-Assessment Questionnaire
  • Plans of Action and Milestones (POA&Ms)
    • OMB Guidance Memorandums
  • Network Security Testing
    • Types of Testing
    • Testing Technique Comparison
    • Penetration Testing

 Certification and Accreditation (C&A)

  • Why Do We Need C&A?
  • C&A in the System Development Life Cycle (SDLC)
  • Roles and Responsibilites of Key Participants
  • Identifying Security Accreditation Boundaries
  • Establishing Information System Boundaries
  • Common Security Controls
  • Security Accreditation Decisions
  • Documentation
    • Security Accreditation Package
  • Continuous Monitoring
  • The NIST Process
    • SP 800-37
    • SP 800-30
    • SP 800-53

DoD Information Assurance Certification and Accreditation Process (DIACAP)

  • Key Differences Between DIACAP and NIST C&A Process
  • Phase Naming
    • Initiate and Plan C&A
    • Implement and Validate Assigned IA Controls
    • Make Certification Determination & Accreditation Decision
    • Maintain Authority to Operate and Conduct Reviews
    • Decomission
  • Plan of Action & Milestones (POA&M)
  • DIACAP Knowledge Service
Summary and Wrap-Up

Course Coordinator and Lecturers

Joel B. Junker, CISSP, ISSEP is currently the Vice President of DSD Laboratories’ Security Systems Division. Joel is a certified CISSP and ISSEP practitioner by the ISC².  He has a Master of Science Degree in Electrical Engineering from the Air Force Institute of Technology with concentration in Electronic Device Technology and Very Large Scale Integrated circuit design. He has a Masters Degree from the University of Nebraska in Business Administration, and a Bachelor of Science Degree in Electrical Engineering from the University of Florida. Joel is a retired USAF Lt Col with over 24 years of service in Command, Control, Communications and Computer systems. He conducted Space Communications Technology research and development of millimeter-wave technologies at Rome Laboratory, Rome NY. He has developed a variety of space qualified antenna technology components for USAF Spacecraft and Aircraft. He has over 25 years of experience in various aspects of Information Technology (IT) and has over 12 years of classroom teaching experience. He has authored several IT-related graduate and undergraduate coursewares for Omaha’s College of St Mary, Troy State University in Montgomery, Air Command & Staff College, Department of the Air Force and the Department of Interior.   

James E. Wingate, CISSP, ISSEP, CISM is currently Vice President for West Virginia Operations for Backbone Security, an IT security company that provides network security products and services to both government and commercial clients. He is a retired Air Force Lieutenant Colonel with more than 22 years experience with communications and computer systems. During his military career, he worked in a variety of assignments involving the development, testing, fielding, and sustainment of numerous C2ISR systems. He is a member of AFCEA, AFA, FISSEA, ISACA, and MOAA. In addition to being a Certified Information Systems Security Professional (CISSP), Information System Security Engineering Professional (ISSEP), and a Certified Information Security Manager (CISM), he is also certified in the NSA Information System Security Assessment Methodology (IAM). He was a contributor to the development of the INFOSEC Assurance Capability Maturity Model (IA-CMM) version 3.0. He holds a Bachelors degree in Computer Science and a Masters degree in Computer Engineering. An adjunct faculty member of Fairmont State University(FSU), he has taught many computer security courses and was a key contributor in the development of the FSU computer security program.


Directions to AFCEA Headquarters     Restaurants Near AFCEA      AFCEA Travel Info