1 / 16

Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire

Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire. Agenda. What is it? Why Governance What is available Courses Available Certification How (unique requirements) DACUM Process Questions. Just In Time Training. What you need…when you need it. Governance.

paulh
Download Presentation

Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire

  2. Agenda • What is it? • Why • Governance • What is available • Courses Available • Certification • How (unique requirements) • DACUM Process • Questions

  3. Just In Time Training What you need…when you need it.

  4. Governance • Computer Security Act of 1987/Public Law 100-235 • Mandatory periodic training of personnel who manage, use, or operate Federal computer systems • Committee on National Security Systems (CNSS) Issuances • NSTISSD 500(ISS INFOSEC ATE), 501(National Training Program for ISSPs), 4011 (Training Standard for INFOSEC Profs) , 4012 (National Training Standard for DAAs), 4013 (Std for Std for SysAdmins), 4014 (Std for ISSO) and 4015 (Std for Certifiers)

  5. Governance (continued) • Information Assurance, DoD Dir 8500.1 • DoD shall train for the defense of computer network defense • All personnel authorized access to DoD information systems shall be trained in accordance to DoD and Component policies and requirements and certified to perform IA responsibilities • Develop and promulgate IA Policy related to training • Develop and Provide IA training and awareness products • NSA shall develop, implement ad oversee an IA education, training and awareness program for users and administrators of DoD cryptologic SCI systems

  6. Governance (continued) • DoD Directive 8500.1 (continued) • DoD Components shall ensure that IA awareness, training, education and professionalization for personnel developing, using, operating, administering, maintaining, and retiring DoD information systems • Supplanted DoD Directive 5200.28 • NSA - Train DoD Components in evaluation techniques • JCS – Educate & train at NDU Establish training and awareness program for all DoD civilians, military and contractor personnel accessing information systems • Training and awareness program shall be established

  7. Governance (continued) • OMB Circular A-130 • Information resources management means the planning, budgeting, organizing, directing, training, and administrative control associated with government information resources. • Provide training and guidance as appropriate to all agency officials and employees and contractors regarding their Federal records management responsibilities

  8. Governance (continued) • OMB Circular A-130 • The agency knows a substantial portion of users have ready access to the necessary information technology and training to use electronic information dissemination products • Develop and conduct training programs for Federal personnel on information resources management including end-user computing • Establish personnel security policies and develop training programs for Federal personnel associated with the design, operation, or maintenance of information systems • Privacy Act Training • Agencies must plan for incorporating policies and procedures regarding regarding computer security, records management, protection of privacy, and other safeguards into the training of every employee and contractor.

  9. Courses • Operational Information Assurance Curriculum • (U) INTRO TO COMPUTER SECURITY (web based) • (U) OPERATIONAL INFORMATION ASSURANCE PART1 (web based) • (U) OPERATIONAL INFORMATION ASSURANCE - PART II (ILT - offered monthly) • (U) COMPUTER SECURITY FOR SUPERVISORS (web based) • (U) NSA/CSS INFORMATION SYSTEMS CERTIFICATION AND ACCREDITATION PROCESS (NISCAP) (ILT – offered quarterly)

  10. Courses (Continued) • Malicious Code (Under Development)

  11. Required Training • Introduction to Computer Security • Computer Security for Managers • Operational Security

  12. Training Plan • Awareness Initiatives • Presentations • Posters and Trinkets • Training Initiatives • Courses/Curriculum

  13. What is available? • Colleges and Universities • Commercial Institutions • Department of Defense • Federal Institutions

  14. How – Unique Requirements • Develop a Curriculum (DACUM) Process • Phase I • Participants • Job Description or Focus Statement • Tasks, Knowledge and Skills • Phase II • Units of Instructions • Course Content

  15. DoD Directive 8570 (DRAFT) • Information Assurance Training, Certification and Work Management (Draft) • Train and certify IA Workforce

  16. Questions ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

More Related