| News
and Views Federal Information Systems Security Educators' Association |
|
|||||
|
Issue Three
of FISSEA Year 2003-2004
|
November 2003 | |||||
|
Letter From the ChairGreetings
FISSEA Members, We are continually updating our FISSEA website at http://csrc.nist.gov/fissea to keep you informed about the conference and other initiatives underway. I can assure you that the Conference Program Director and Chair, Curt Carver and Chrisan Herrod respectively, are working closely with the executive Board to make this our best conference ever. I am asking you to support FISSEA by participating in the Conference while you benefit from the excellent speakers, panelists, information sharing and networking opportunities that will be provided. We have moved the conference to the beautiful Inn and Conference Center at the University of Maryland University College in Adelphi, Maryland. All the lunches and breaks are included, and the food is always scrumptious. The time has arrived for you to begin thinking about who you would like to nominate as the FISSEA Educator of the Year. Please visit our website for the details on submitting nominations. Only FISSEA members can nominate someone, but the person nominated does not have to be a FISSEA member although we encourage you to invite persons that you think could benefit from being a member to join. We recently sponsored our first workshop on September 25th on Developing Role-Based Training for Systems Administrators and Managers. Our own Louis Numkin was able to host the event at the Nuclear Regulatory Commission and Jeff Dektor, Susan Hansche, and Patricia Harris from the State Department were responsible for developing and conducting the training. The good news is that based on our review of the evaluations from the participants, the workshop was definitely a success. We have already begun the preliminary planning for our next workshop and are using the feedback we received to make it even better. Visit our website often to stay abreast of details for all upcoming events. In fact, I encourage you to add us to your list of favorites and see how you can get your agency to link to our website from its Intranet as well. The Executive Board meets monthly, and we communicate with each other almost daily to always look for ways to ensure that FISSEA is beneficial to you, our members. We are always interested in hearing from you, and we welcome all volunteers who can help us. If you have suggestions, remember that they can only benefit us if you share them. Barbara Cuffie, CISSP
FISSEA Editor's Column
|
||||||
|
Register
for the 17th Annual FISSEA Conference
March 9-11, 2004 UMUC in Adelphi, MD http://csrc.nist.gov/fissea |
Reaching out to Awareness Training
By Dara
G. Murray, HHS
Director, IT Security Staff
IT Service Center, Office of the Secretary
One question that computer security awareness trainers always grapple with is training methodology. How do "we" reach out to those in the regional offices and make the computer security awareness training effective and meaningful? Is live training more effective then utilizing computer based instruction tool (CBT's)? Is accountability an issue? These are the kinds of questions that always come into play as trainers and what we focused on in our awareness campaign at the Program Support Center, (PSC), Health and Human Services.
Two years ago, the PSC's computer security program was very much decentralized, much in the same way that other large government agencies have run their programs for a long time. Although PSC is one of the smaller operating divisions within the agency, it is broken apart into smaller sections known as "Services". Each of the Services ran their own security program and were responsible for training individuals about computer security awareness. However, PSC did not have a top-level computer security expert providing guidance and in most cases with the exception of two of the sections, computer security training was not conducted at all. Our statistics showed that out of 2000 PSC employees, only about 300 were trained. Once the program became implemented, PSC established an "outreach" program in which we brought computer security to the employee versus trying to bring the employees to computer security. For six solid weeks, PSC took computer security "on the road" and conducted morning and afternoon sessions within the Washington, D.C. metropolitan area and regional offices. We had a great time meeting people, employees including our contractors seemed to be very enthusiastic about the program, and it gave employees a time to ask questions. We felt really great about what we accomplished, however, the metrics were not as great as we would have liked. Although we made an excellent improvement to push our totals up to 63% of employees who attended the training, it was not the numbers we had wished for. Then we heard about a group that was headed up by Patti Black, Department of Treasury, that produced a great awareness tool that was sponsored by the Committee on National Security Systems, Education, Training and Awareness Working Group; Defense Information Systems Agency (DISA), and Federal Information Systems Security Educators' Association (FISSEA). We couldn't wait for the March 2001 FISSEA conference for it to be finally released.
The Computer Security Awareness (CBT) available CD is web-based, very graphical, and hits on the basics of overall awareness. The PSC management loved the concepts, but like other Federal agencies, wanted to have that "agency-specific" focus. Therefore, with the assistance of contractor resources (SAIC and Carnie International) and some "dinero", we made it agency-specific. The return on investment has been tremendous; and we have been able to make the tool available not only to PSC, but to other organizations within HHS. The feedback from employees is excellent. They loved the graphics and really enjoyed the ability to be interactive. Our numbers have gone up quite a bit as well---the PSC management liked the fact that our FISMA report showed 93% this year versus the 68% the year before. Next year we will strive for 100%! (It's nice to dream isn't it?) In addition, with the assistance from Human Resources, we can "reach out" to all new employees when they come on board. Therefore, computer security is right there "up in front" along with their payroll and social security forms they must sign. As I mentioned earlier, the face to face intervention was great, but the facts show, for the PSC's awareness program computers have again outrun the human!
Watch for my next article where I will talk about methods on how to deal with employees who just don't seem to want to make the time for awareness training? (shame, shame).
(To obtain a copy of the CD, "Federal Information Systems Security Awareness," Version 2.0 February 2002 contact DISA, http://iase.disa.mil/ETA or email DODIAETA@ncr.disa.mil)
FISSEA
Conference
March 9-11, 2004
A Question and Answer
Session with the 2004 FISSEA Program Chair
Our very own FISSEA field reporters, Ernie Smudlap and Lily Mae Squashposum
sat down with the 2004 FISSEA Program Chair recently for a brief update
on the conference
FISSEA Field Reporter
Lily Mae:Hey Curt! How is the conference planning coming along?
Curt: It is absolutely awesome although my security administrator
thinks I am the victim of a denial of service attack from all the submissions.
We really did have a tremendous response from the FISSEA community and
this year's conference is shaping up to be better than ever. We have
an initial draft of the schedule and the executive committee is working
hard to refine it now. We should have author notification of acceptance
out by Thanksgiving and then start the process of building the conference
proceedings, resurveying the conference location, and all those other
sorts of fun things.
FISSEA Field Reporter
Ernie Smudlap: Can you leak who is going to be keynote speakers?
Curt: Sure. First day keynote speakers are Jane Norris from
State Department and Lance Spitzner from Sun Systems. The second day
features Ray Semko (NSA's Diceman). The final day has Dan Ragsdale from
West Point and Bill Nugent from Mitre. It is an great group of keynote
speakers to address security awareness, training, and education.
FISSEA Field Reporter
Lily Mae: How many submissions did you receive?
Curt: Not quite sure how many we received. We have forty-three
presentations on the schedule right now and given the significantly
improved conference facilities that we have, we will be running a number
of alternate presentations so that conference attendees can pick and
choose what sessions they attend.
FISSEA Field Reporter
Ernie Smudlap: You mentioned themes. What common threads of presentations
are you seeing in the proposals?
Curt: We have a couple of themes emerging from the conference
that folks can decide to attend. There is great interest in certification
and we have a number of panels discuss certification and its role from
different perspectives. We have a couple of sessions that are specifically
geared to the new person in information awareness and training and how
to get started. Education-related sessions continue to grow as colleges
figure out they have to deliver a graduate to the workplace who understands
how information security works. Innovative ways to conduct training
have always been popular sessions at the conference and we received
a strong slate of proposals to address this topic. Finally, we have
some proposals on newly available resources to support security training
and awareness that should appeal to the conference attendees. There
seems to be a little of everything for the conference attendee in the
rapidly evolving field of computer security awareness, training and
education.
FISSEA Field Reporter
Lily Mae: Tell us a little something about the conference facilities?
Curt: We are having the conference at the Inn and Conference
Center at the University of Maryland. Several members of the executive
committee and I visited the site recently and we were very impressed.
The presentation facilities are state of the art. The space available
for vendors and exhibitors is greatly improved over previous years and
really provide an opportunity for folks to showcase their products.
The food was actually pretty decent as well. I didn't get to stay at
the hotel but it is a Marriott and I don't think we are going to have
any problems with the exception that we might run out of rooms. I would
go ahead and reserve a room at the hotel and for the conference. If
the number of submissions and inquiries from vendors are any indication,
getting an early reservation would be a good idea.
FISSEA Field Reporter
Ernie Smudlap:Last question. Where can I find out more about the 2004
FISSEA conference?
Curt: Check out the FISSEA website for late breaking news
on the conference at (http://csrc.nist.gov/fissea).
As soon as I finish the selection process for presentations, I will
get a schedule posted on the website. You can already register and get
a hotel room. Thanks for coming by Ernie and Lily Mae and see you at
the conference!
NASA Certification Program
By Robert Solomon, NASA
NASA has launched an Agency-wide program to certify all system administrators according to a consistent standard. The program was started about May 1, 2003, and has provision for up to 3000 participants. The program is being managed by the NASA Information Technology Security Awareness and Training Center at Glenn Research Center in Cleveland, OH. Project Manager is Robert Solomon.
The program utilizes skills assessment tools provided by Brainbench, Inc., located in Chantilly, VA. Their services met the criteria established by NASA headquarters. Those criteria were:
- It must be an independent, third party assessment
- It must measure both operating system knowledge and security knowledge
- It must be consistent for system administrators regardless of operating system
- It must be cost effective
The program was tested using a pilot approach to evaluate the value of the tests and whether they appropriately met NASA's needs. After the pilot program, feedback from the 44 pilot candidates was used to craft the final program.
The program requires each participant to pass an operating system test and a Network and Internet Security Test. Primary Certifications are offered in UNIX, Linux, Windows 2000 Desktop, Windows 200 Server, Windows NT4 Desktop, Windows NT4 Server, Open VMS, and Cisco Networking. A Mac OS X certification was implemented in August. All participants must pass the same Network and Internet Security test.
Candidates are given three opportunities to pass each of their two tests. If they are not successful in three attempts, they must show evidence that they have taken steps to correct knowledge gaps before they are given additional attempts to meet the requirements. The program is an assessment program only and does not provide training.
This allows the use of any training method to provide for preparation or remediation. Both Brainbench and NASA provide test outlines and topic lists for all of the tests that are required. One of the features of the Brainbench assessments that is useful to the candidates is that they get immediate results for the tests which identifies their strengths and weaknesses whether they pass or not. This identifies knowledge gaps for remediation or skills advancement.
Each successful candidate receives a certificate recognizing their certification. The certification is valid for three years. The certification is recorded at the NASA IT Security Awareness and Training Center and is reported to each participant's IT Security Manager as well as NASA Headquarters.
After the candidate achieves their Primary Certification, they are promoted to a Personal Development track which gives them access to over 400 skills assessments offered by Brainbench. They may achieve up to 17 Secondary Certifications by passing additional operating system tests.
Security Practices Repository
For several years, the NIST Computer Security Division has maintained a website - the Federal Agency Security Practices (FASP) - as a repository for security practices donated by federal agencies. (The URL is http://csrc.nist.gov/fasp) Now, NIST is seeking material from non-federal sources. A new website - http://csrc.nist.gov/pcig/ppsp.html - will house information security policies and practices that are offered by non-federal organizations. If you are a private sector FISSEA member or affiliated with an academic institution, NIST welcomes your contributions. (If you are a federal employee, NIST also continues to welcome policies and practices for the FASP site.) See the respective sites for procedures for submitting practices.
For additional information on either site, contact Marianne Swanson at (301) 975-3293 or marianne.swanson@nist.gov.
SELL
THEM, DON'T TELL THEM
Selling Your Concepts to Classes
By Jim Litchko, Litchko and Associates, Inc.
Every time you teach, you are in fact selling concepts to your audience. When I was learning to teach, I was also selling the National Security Agency's Information Systems Security budget to the Pentagon and Congress, about half as hard as teaching the computer security class to my Johns Hopkins University graduate class. During this parallel learning of how to sell and teach, I noticed that the methods used in one effectively support achieving the goals of the other.
When I started teaching, I taught just like I was taught: lecture from behind the podium and lots of multiple question quizzes. Or as I call it "Talk and Test". I found this extremely boring, so I could only expect it was the same for the students. Result: No learning.
In the sales community, they have a similar selling style call "Show-up and throw-up". This is where you have a standard marketing presentation on your products and services and you give it to all of your potential clients. This method is equally as boring for you as it is for the clients. Result: No sale.
So how does one correct this? In sales we tailor the pitch to the customer. So in teaching you tailor each of your presentations to your students. There are three ways to do this: know them, relate to them, and engage them.
Know your students. In sales, it is critical that you know your customer's role, motivation, and needs. In teaching, you need know the same about your students. You need to understand each student's job (accountant, manager, engineer, waitress, etc.), company and its business sector (financial, manufacturing, military, entertainment, etc.), and favorite pastime (dancing, surfing (water or web), singing, charity work, bowling, etc). These key pieces of information will allow you to relate to and engage your students.
Job gives you an idea of the student's thinking processes. Accountants and engineers are into the details and quantitative, and desire structure. Budgeters, sales people, and researchers are qualitative and creative, and desire little structure. Knowing that they are executive and managers tells you nothing. You need to know what they were before they were executives and managers. I know that generalities do not apply to everyone, but they do for the majority and this provides you with more information then when you started. Try it.
Company and business sector gives you the information that you need to relate your class examples to. If a class is from one or two business sectors, your examples need to relate to those sectors to make the material relate to the students' perspectives and needs. If the students are from multiple business sectors, you use ones that relate to various sectors and ask the students if they have examples from the other sectors. This is a very good way of building your examples for future presentations. Another good way is to ask that the students use business examples in the essay questions of your tests and in their term papers.
Favorite pastime tells you more about the individual's character and motivations. Also provides you with leverage for connecting with the students. When concepts for a common class pastime are similar to the concepts that you are presenting, you can start the discussion with telling a story about a situation in that pastime, ending with, "And that is the same as…."
How do you get this information about your students? You ask them. In the beginning of the first class you ask them to introduce themselves, by telling you what their job is, who do they work for, and what is their "favorite pastime activity"? Like many of you, I used to think that this kind of introduction was so the students could pick who they would like to work with on the class projects. True for them, but for you it is to gain the information necessary to relate and engage them. Take notes or have them start by writing the responses on a 3x5 card that you collect.
What if I am talking to a large group of people? Before the presentation, talk with various people in the audience, say 3 or 5 attendees. Ask them, "What is your job?", "What is the business sector?", and "Why are you interested in this topic?" Talk to attendees in the front, middle and back of the room. Now when you give your presentation, you can adjust your examples to the business sectors that are in your sampling. You can also use one of the attendees' comments and with the contributor's first name. For example: point to Tom and say, "Before this presentation, Tom asked me, 'How often should I backup my data?' This is a very good question, that I am sure that many of you are asking yourselves." In this example, notice that we physically connected by pointing, verbally identified that you are on first name basis with one of their peers, complemented them on having a good question, and related it to all of them. You can further the relationship by engaging them with the question, "Who has the answer?" and wait for their responses.
Wait for their responses! This is very key concept because, the final thing that I learned from selling was, "The temptation to fill silence is deadly." When you put a deal on the table, stop talking and wait for the customer to respond. If it takes 27 minutes, wait! Why do you wait, because people have to process what was presented, the question and their answer before they can provide you with intelligent responses. Note the two words in the last sentence: "intelligent responses". Did you ever wonder why that student in the front row, who puts up his hand immediately after you ask the question always has the worst answers. It is because they did not take the time to process the information, question or response. Teaching is not a "who is first" activity, it is a great response event. Ask your question and wait for several hands to rise. I once asked a teacher how long do you wait and her response was, "Until it hurts." For a speaker, 15 seconds of silence is more then "hurts" it is "please put me out of my misery" pain. No matter how tempting it is to fill the void, "Wait!" Trust me, you asked the question and the hands will come.
27 minutes of waiting was not a joke it actually happened to me once. Result: I closed the deal.
Know them, relate to them, engage them, and wait for them. Sales concepts that can support many areas of your life, these suggestions should help you when teaching students. Remember: DON'T TELL THEM, SELL THEM.
NIST SP 800-50
In October, NIST announced the release of Special Publication 800-50, Building an Information Technology Security Awareness and Training Program. The publication provides detailed guidance on designing, developing, implementing, and maintaining an agency security awareness and training program. It can be found at http://csrc.nist.gov/publications/nistpubs/ .
The new document is a companion publication to NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model. The two publications are complementary: SP 800-50 works at a higher strategic level, discussing how to build an IT security awareness and training program, while SP 800-16 is at a lower tactical level, describing an approach to role-based IT security training.
Mark Wilson, CISSP
IT Specialist (Information Security)
Computer Security Division
NIST Information Technology Laboratory
(301) 975-3870
NIST SP 800-53
NIST has completed its first draft of Special Publication 800-53, Recommended Security Controls for Federal Information Systems. This draft guideline provides a recommended set of controls for low and moderate impact systems (based upon the security categorization definitions in FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems [in final pre-publication]). This guideline will stand as NIST interim guidance until 2005, which is the statutory deadline to publish minimum standards for all non-national security systems. It is our intention that by first publishing this as a guideline, agencies can gain practical experience with it and provide NIST with appropriate feedback.
The draft of 800-53 is available at http://csrc.nist.gov/publications/drafts.html. We invite your comments on this important new guideline by February 2, 2004. Comments may be sent to sec-cert@nist.gov . To learn more about the Information System Security Project and draft SP 800-53, go to the Information System Security Project home page on CSRC.
Calling all Artists, Web Designer Enthusiasts and Creative Individuals!
Do you have a computer security awareness web site, poster, or trinket that you or your agency would like to showcase? Marvella Towns, NSA and Dara Murray, HHS, will be hosting a contest at the 2004 FISSEA conference. See the rules and guidelines (MS Word format) in this issue.
Nominate the Next FISSEA Educator of the Year
On the second day of the annual FISSEA conference an individual is recognized as FISSEA Educator of the Year. This past year Patricia Black, of the Department of Treasury was chosen for her noteworthy accomplishments in information systems security awareness, training, and education. Now is the time to submit your nominations for the next Educator of the Year.
Nominees need not be members of FISSEA, but do need to be nominated by a member. Nominees may be involved in any aspect of information systems security awareness, training, or education, including, but not limited to, instructors, security program managers, and practitioners who further education and training programs for information systems security in the public, private sector, or federal community. An ad hoc committee appointed by the Executive Board Chair will judge nominees. Nominations are due by January 31, 2004.
Previous nomination letters are available on the FISSEA website, http://csrc.nist.gov/fissea in the Educator of the Year Award Recipient section. Justification guidance and judging information is also included on the website.
E-mail your nominations
to:
peggy.himes@nist.gov or call
301-975-2489.
FISSEA Survey
One of the goals of your Executive Board is to better serve you, the FISSEA membership. One way we can do this is to better understand what you value that we do now, and what you think we should do, or do better. Please complete the survey at the end of the newsletter and mail it to:
FISSEA Membership Survey
Attn: Steve Willett
NIST
100 Bureau Drive, Mail Stop 3220
Gaithersburg, MD 20899-3220
NOTE: If you completed a similar survey during the March 2003 FISSEA Conference, please do not complete the accompanying survey. We will compile the surveys we receive with those received at the last Conference.
ALL THAT INFORMATION, ALL THAT INSPIRATION, ALL THOSE CONTACTS, AND DOOR PRIZES TOO!!
By Mary Ann Strawn
The FISSEA Conference of '03 was an overwhelming success. I'm sure everyone who attended was pleased with the roster of presenters as well as the wide variety of information and inspiration. Adding even more sparkle to the package, there were door prizes!!
As a representative of the Library of Congress, I won the prize presented by CSI. And a grand prize indeed, a year's subscription to the CSI publication, FRONTLINE. Distributed quarterly, it is sharply written and smartly presented. In addition to the material developed by CSI, each issue features a Library of Congress article concerning computer security written by our staff to add a "local flavor.
Our publication was delivered electronically, but it is available in hardcopy as well. We have received favorable comments from throughout the Library about this computer security effort. What an unexpected, special bonus for attending the FISSEA conference!!!
TRAINIA
This column's name is a contraction of the words "Training" and "Trivia." It includes information on upcoming conferences, book reviews, and even humor. The purpose is to provide readers with places to go and things to use in pursuing and/or providing Computer Security awareness, training, and education. However, FISSEA does not warrant nor determine the value of any inclusions. Readers are encouraged to do their own checking before utilizing any of this data. If readers have items to submit to this column, please forward them to the Editor at lmn@nrc.gov
********************
MARCH 9-11, 2004 - 17th Annual FISSEA Conference, "Awareness, Training, and Education - The Driving Force Behind Information Security", will be held at The Inn and Conference Center, University of Maryland University College (UMUC), Adelphi, Maryland. Thank you for making your reservations now!
Reasons to attend: (1) Discover new ways to improve your security program, (2) Dual tracks, high quality relevant presentations, (3) All lunches/breaks are included in the $365 registration fee, (4) Gain awareness and training ideas, resources, contacts, (5) CISSP Conference participants earn CPEs, (6) Obtain practical solutions to training problems.
Contacts: Curtis Carver, Jr., Program Chair, United States Military Academy, carverc@acm.org. Chrisan Herrod, Conference Director, National Defense University, herrodc@ndu.edu. Liz Hood, Exhibitor Information, Federal Business Council, liz@fbcdb.com. Registration contact: Teresa Vicente, NIST, (301) 975-3883. For other questions contact Peggy Himes, NIST, peggy.himes@nist.gov. Please see complete details under "2004 Conference" on your FISSEA website, http://csrc.nist.gov/fissea.
********************
Dec 2-3, 2003 E-GOV's HOMELAND SECURITY CONFERENCE & EXHIBITION. Two Years of Progress: What's Better and What Needs Work? Free Exhibition: Dec2. Ronald Reagan Building, Washington, DC http://www.e-gov.com/events/2003/hls/ REGISTER TODAY! http://www.e-gov.com/events/2003/hls/register.asp Reference Priority Code HLSEM1
********************
| The
Forum on Information Warfare December 3-4, 2003, Washington, DC Optional Workshops December 2 & 5 http://www.misti.com E-Z Access IW03 |
InfoSec
World Conference and Expo/2004 March 22-24, 2004, Orlando, FL Optional Workshops March 20, 21, 25 & 26 http://www.misti.com/infosecworld |
Contact MIS Training Institute,
(508) 879-7999, mis@misti.com for information.
Use IW03/EB9 as your Registration Code.
********************
April 1- 7, 2004 SANS 04 - Orlando The conference is at the Dolphin, and that makes it the only security conference right on the Disney property. SANS 04 is an Information Security Mega Conference, offering over 700 hours of training, in more than 14 tracks and offers a GIAC certification.
SANS Security Awareness Program is available. It is about securing your IT resources - one user at a time. You can deliver Awareness training to your organization four ways, online training, via webcast with a SANS instructor so your people can ask questions, live training at your site via our Local Mentor Program or you can buy the GIAC Prep Teaching Kit and deliver the material yourself. Using real life stories to illustrate the do's and don'ts of basic security awareness with quiz questions integrated to reinforce key concepts. To purchase, or to receive more information: https://www.sans.org/awareness/ See their website for webcasts on important information security topics.
********************
Computer Security Institute's upcoming local training classes (note, two are available on-line). For more information, contact CSI at 415-947-6320 or go online www.GoCSI.com/training
2-3Dec03 How to Perform
a Technical Network Vulnerability Assessment,
Gaithersburg, MD, Justin Peltier
4-5Dec03 Advanced Secure CISCO PIX Firewalls,
Gaithersburg, MD, Justin Peltier
8Dec03 How to Be an Effective Information Security Professional,
On-Line Training, JohnO'Leary
15Dec03 How to Develop Information Security Policies,
On-Line Training, Tom Peltier
24-25Feb04 Facilitated Risk Analysis for Business and Security,
Gaithersburg, MD, Tom Peltier
26-27Feb04 CISM Prep-to-Pass Workshop,
Gaithersburg, MD, Tom Peltier and Justin
Peltier
2-3Mar04 How to Be an Effective Information Security Professional,
Washington DC, John O'Leary
4-5Mar04 Defense Against Social Engineering,
Washington DC, John O'Leary
********************
June 8-10, 2004 Cryptographic Module Validation Program (CMVP) Conference 2004 in Rockville, Maryland. Complete details will be listed on http://csrc.nist.gov/cryptval/
********************
Army Reserve Readiness Training Center, Ft. McCoy WI, opens up Computer Security courses to ALL Federal Government System and Network Administrators beginning fiscal year 2004. Technically challenging, intermediate and advanced level, computer security courses initially designed for Department of Defense personnel, have been modified and opened up to all Federal Government System and Network Administrators. The decision to offer the courses to organizations outside the Department of Defense is part of a distributed defense strategy to protect our country's automated information systems from the growing threat of cyber terrorism. The System Administrator Network Manager Security Course (SA/NMSC). Those from DOD or Federal Agencies should contact MSG VanVliet, (678)-364-8256 for Course Dates for FY04 Course length 2 weeks.
********************
FALL COOP TRAINING CLASSES
This quick note is to draw your attention to the revised fall schedule
of certified COOP training classes, to be held in the DC area. Done
under license from DRI International, they have now taught students
from more than a dozen federal agencies, as well as state governments.
Spaces are limited. Don't wait to call. For more details, go to their
Web site at www.coop-consulting.com/what/certified.htm. To book the
classes, contact as follows: Vicki Alvord, COOP Consulting LLC, 12096
Kinsley Place, Reston, VA 20190 703.467.0574 phone, 703.467.8485 fax,
vicki@coop-consulting.com www.coop-consulting.com
********************
Finally, Earn Your Executive Ph.D./M.S. in InfoSec While You Work Full-Time. The University of Fairfax offers a graduate program for senior executives.
The University of Fairfax actually cares about addressing the shortage of (DOD) cleared information assurance/security (IA) professionals. Simultaneously it enables mid-career professionals to gain access to more senior IA positions. The University of Fairfax does this by providing it executive students with technical, research, business development and project management capabilities--professionals prepared to advance their IA careers. As a result, it offers employers a reliable source of IA professionals as well as a method for upgrading their employees. These executive students at the University of Fairfax embark on a sophisticated, but practical graduate curriculum. By utilizing projects at work, they complete a "project focused" graduate curriculum that helps them to rapidly gain access to more senior IA professional opportunities in the federal and private sectors. This graduate curriculum enables these IA professionals to learn how to "do the work" (IA analytical capabilities), "manage the work" (project management) and "sell" the work (business development/change management).For more information concerning the University of Fairfax, please call 703-534-3400. If you want to learn more about the University of Fairfax, please feel free to call Jo-Anne King at 703-534-3400 (jking@universitysoffairfax.net).or visit their web site at www.universityoffairfax.net.
