News
and Views Federal Information Systems Security Educators' Association |
|
||
Issue One
of FISSEA Year 2004-2005
|
April 2004 | ||
|
|||
Letter From the ChairDear FISSEA, In this, my first column where I will write to you as your Chairperson and not the News and Views Editor, it is with humility that I move from page two to page one. One of my proudest moments was when I was nominated for and received the Educator or the Year Award - a title which I am truly honored to wear. Having been active in FISSEA for around 13 years and on the Exec Board for half that time I have served under several excellent Board Chairs. When first I ran for the Board, it was on the plank that I would like to revitalize the newsletter. For the next two years, with Phil Sibert at the helm, FISSEA moved forward. Upon his departure, Pauline Bowen took the Chair for a year and we were fortunate enough to have Barbara Cuffie willing to pickup the orb and continue our progress as an organization for the subsequent three years. With this as my FISSEA experience, I hope that I will be able to demonstrate how much I care by following in Phil, Pauline, Barbara, and all our prior Chairperson's footsteps. Since my immediate predecessor is Barbara, let me state for the record that she does not have big feet.... but her footsteps are gigantic. My respect for her began many years ago and it has never wavered. I am thankful that FISSEA will still have Barbara on our leadership team during this Board year. It is also important for me to acknowledge the strong support which FISSEA receives from NIST. Our independent organization could not meet its goals without people like Assistant Chair Mark Wilson, Special Staffer Peggy Himes (who will assume the title of Newsletter Editor), Web Page Guru Patrick O'Reilly and NIST's conference support staff: Patrice Boulanger, and Teresa Vicente. These folks are the power behind the FISSEA throne and they deserve a lot of the credit for our continued success. Our Executive Board is multi-faceted with wonderfully experienced individuals. We are lucky to have several voluntary contributors. Our Conference Program Chair will remain Curt Carver of the West Point Carvers (demonstrating dedication, his wife accompanied him to the conference so that they could be together while celebrating their 20th Wedding Anniversary). Also hailing from West Point is Will Suchan, whose leadership was shown in keeping our alternate conference track on schedule. NSA has permitted us to use the talents of Marvella Towns (who worked on our conference poster/trinket contest). Also we still have the services of HUD's Tanetta Isler. Our conference's third day leader was Lew "Who Let The Dogs Out" Baskerville, and SBA has permitted him to return to the Board. Mary Ann Strawn from the Library of Congress will continue to work on our shared experience and speakers' bureau. And, now we'll get to test the newbies who represent our three supporting cultures: contractor Gretchen Ann Morris (a long time supporter hailing from NASA in Ohio), academia's Thomas Foss (from the University of North Carolina) and Jeffrey Seeman (a new Fed from the NSA). Departees who deserve our adulation include Dan Ragsdale, from West Point, and Chrisan Herrod, from NDU. Dan gave an engaging lunchtime presentation during the conference and Chrisan performed as overall conference chair. We will miss them both. We will also miss NASA's Bob Solomon's dry sense of humor as he retired shortly before the conference and we bid farewell to HUD's Donna Robinson-Staton, as well as Dara Murray from HHS (who worked with Marvella on the contest). With all of the ever-increasing computer security job responsibilities as well as voluntary support given to the Exec Board, all the aforegoing named individuals deserve praise. Outgoing Chair Barbara's favorite phrase was "Committed to FISSEA." Each of this year's Board will have their work cut out for them during the current term. Our organization thrives on individual ideas and collective support. As in the past, we have a great deal of experience on our Board, but we cannot do the job alone. We ask several things of our members:
Thanks
for your continuing support of FISSEA,
FISSEA 2004 Annual Conference Cub Reporter SubmissionsAs Editor, Louis Numkin, asked attendees at the annual FISSEA conference to submit articles as Cub Reporters. Please enjoy the submissions. "This was my first time at the FISSEA Conference and even a short time into the first day, it was great to see how much is being done in the area over here in the U.S. I work for the Ministry of Defence in the UK and work closely with the DOJ and DoD but thought it would be useful to give delegates an opportunity to find out what we are doing in this area on the other side of the pond. The MOD has been at the forefront of Information Technology within the UK and the issue of Information Assurance that this includes for decades. As part of this, it was decided to create a separate division with the task of dealing with the issue of security, training, education, and awareness. My job was to design a program to make sure that all 320,000 staff within MOD acted securely and safely in relation to our Information Systems. The result of this nine-month study was the formulation and implementation of the SAFE (Security Awareness for Everyone) project and I thought it would be helpful to explain how this will help MOD secure its systems. TRAINING:
EDUCATION: We have also begun looking at indirect education mediums. This has been achieved through a quarterly magazine, induction booklets and an all singing, dancing new website on our website which includes games and competitions to draw in those groups of staff that would normally avoid security. AWARENESS: Clearly,
along the way, we have had bumps as well as benefits and we have so
far managed to ride these successfully. However, we remain vigilant
and I believe that FISSEA's work and indeed influence, is something
we will continue to work alongside for many years to come. See you next
year." ************************** "Being
away from the Conference the past couple of years, it is good to see
and hear that the need for training, education, and awareness is growing.
The people in the trenches seem to be getting noticed by senior management.
Case in point - State Department awarding their CISSP certified employees
pay bonuses. From the span of speakers at this year's conference it
shows that people care about protecting their computer systems while
at the same time keeping their work behind the scene of the daily user.
This conference may be small, but we have a big stick and the word is
spreading. If you have a SIPRNET account, take a look at the courses
and the skills map that the National Cryptologic School, NSAless, can
offer you. IAD.nsa.smil.mil and click on Services, lower left screen
IA/OPSE courses." UMUC's Remote-Access Labs: The Next Generation of Online LearningBy Don
Goff When the National Security Agency designated University of Maryland University College a Center of Academic Excellence in Information Assurance Education, we were already looking beyond that prestigious honor and far in to the future. We were envisioning the "next generation" of online delivery-establishing online computer laboratories that students can access from a distance. Now, with the very generous support from a number of vendors we have realized that dream. The first remote-access lab-the database laboratory-went online in the fall of 2001. The second-the network systems and security laboratory-became available to students in 2003, allowing them to develop and implement access lists, conduct configuration management, balance traffic loads, and perform other network security functions-all online. Previously, online "labs" were simulations or animations that didn't offer students the opportunity to truly experiment, to find out what works and what doesn't. In remote-access labs, students can access real, hands-on applications, and it doesn't even require a broadband connection. Educationally speaking, it's a quantum leap. Equally important is the fact that students have the opportunity to use the latest technologies from a variety of vendors, and here, UMUC has had the generous support of industry icons like Cisco Systems, Oracle, Microsoft, Computer Associates, and others, who have provided the university with free or deeply discounted, cutting-edge hardware and software systems that are the building blocks of industries like data communication, systems administration, network security, computer forensics, and more. Since the mid-1990s, UMUC has tweaked and perfected-and tweaked and perfected-its online delivery system. Last year alone, the university amassed a record of more than 110,000 online enrollments, and the university's IT program-the largest and most comprehensive in Maryland-is operated in accordance with National Security Telecommunications and Information Systems Security standards. UMUC also offers collaborative programs with the National Defense University, the General Services Administration, and the U.S. Army Signal Center to provide graduate IT courses for chief information officers and signal officers, respectively. Our remote access labs afford us the consummate win-win arrangement: Students have access to cutting-edge technology; the workforce benefits from graduates who already have hands-on experience with that cutting-edge technology; and vendors ensure that graduates enter the workforce as competent users of their products. FISSEA 2004 Security Awareness Contest ...and the WINNERS are:
This year FISSEA conducted its first Security Awareness Contest and announced the winners at this year's conference held at the University of Maryland University College, Adelphi, Maryland. Congratulations to all the winners for their innovative and out of the box means of presenting security concepts. The contest was designed to have organizations showcase their security awareness posters, trinkets and websites. Also, the contest affords FISSEA an opportunity to provide its members with knowledge of some of the best security awareness information within the community. The entries were judged on accuracy, originality, message and graphics by an independent panel of judges. The URL for the winning website, submitted by Captain Cheryl Seaman is http://irtsectraining.nih.gov/. This is the NIH on-line security awareness training and is available to the public. Diane Coleman submitted IRS Security Awareness Week Trinkets including notepads: "Preventing Intrusion-Awareness is Our Best Defense"; "Accentuate the Positive - Understand the WHY of Security"; two ink pens (3 sided) with security awareness messages on all sides. Some of the messages were: "Keep your Laptop Secure at ALL Times", "For a Password That is Strong - Make it at least 8 characters long", Think Safe - Know Your Occupant Emergency Plan", "Security website url". Key chains that read "You Are the Key to Security". Button - "Clean-up Back-up Lock-up". Melissa Guenther submitted the winning poster campaign. (Note, you will be able to view the winning entries on the FISSEA website soon). If you did not participate this year, watch for the announcement later this year on the 2005 FISSEA Conference webpage. FISSEA Educator of the Year Awarded to Jeff Recor, Walsh CollegeSubmitted By Peggy Himes, NIST Each year the FISSEA recognizes an individual who has made significant contributions in education and training programs for information systems security. The FISSEA Educator of the Year for 2003 was awarded to Jeff Recor, Walsh College, on March 10, 2004 by last year's winner, Patricia Black, Department of Treasury. Brian Gawne's nomination said, "Jeff Recor is an outstanding educator whose impact reaches outside the boundaries of his educational institution. Jeff's passion for teaching and his philosophy of 'learning by doing' helped establish the Information Assurance Center at Walsh College. The main focus of the IAC is to act as a 'community outreach' program ." "Jeff Recor continues to dedicate himself to reaching beyond the confines of the classroom to develop security awareness and training." The complete nomination letter for Jeff Recor may be viewed on the FISSEA website. Jeff's competition was quite significant. To be nominated by one's peers is in itself, an honor. The other nominees were:
An impartial judging committee and not the FISSEA Executive Board made the final selection. Please see the FISSEA website for complete nomination information and think about submitting someone next year. TRAINIAThis column's name is a contraction of the words "Training" and "Trivia." It includes information on upcoming conferences, book reviews, and even humor. The purpose is to provide readers with places to go and things to use in pursuing and/or providing Computer Security awareness, training, and education. However, FISSEA does not warrant nor determine the value of any inclusions. Readers are encouraged to do their own checking before utilizing any of this data. If readers have items to submit to this column, please forward them to the Co-Editors at lmn@nrc.gov and/or peggy.himes@nist.gov *************************************************** On-line Tutorial for NIST
Special Publication 800-37 *************************************************** FYI, two CDs (and 3 and 4 coming soon) were offered to our conference attendees by Anton Ljutic, one of our Canadian attendees. He wrote that he "will certainly keep in touch. FISSEA is a great help to my work. We (CSE) already have a good working relation with NIST and you might be interested to know that DISA/IASE will distribute the Wireless LAN CD to US Gov departments." If you wish to contact Anton, his phone is 613-991-7966 or Email: anton.ljutic@cse-cst.gc.ca *************************************************** FISSEA's friend, Mich Kabay
has written to let us know that the new BSIA (Bachelor of Science in
Computer Security and Information Assurance) and minor in information
assurance programs, info may be found at: *************************************************** CPM has joined with IP3, to provide a program in Information Assurance and Information Security Leadership. Drawing on materials from the industry's leading vendors, NIST, the FBI and the NSA, they have tried to create a structured overview of a comprehensive model for Information Assurance. To register for your discounted seat, go to: http://www.ip3seminars.com/security/register.php and use code CPM464. For the complete program outline visit: http://www.ip3seminars.com/u/rcs34835.php *************************************************** VERIZON has a Learning Center
available on the web. Within it, we found " What is a firewall?
Should I protect my home network? What happens to personal information
traveling over the Internet?" Find out more on security in their
articles which can be found at: (by clicking this link, you will be
leaving the FISSEA website, along with leaving all NIST webservers.) *************************************************** Insider Training's Anniversary Training Sale. It only comes around once a year. For all our most popular classes listed in the PDF, we are offering: *20% OFF for any individual and *3 students for the price of 2 for 3 students enrolling in the same class and session. Registration and payment executed together. Call Insider Training at (866)509-7511 or go to www.insidertraining.com for details. *************************************************** Allan Berg, now at the University of Dallas Graduate School of Management, as the Deputy Director, Center for Information Assurance can be reached at aberg@gsm.udallas.edu or by phone at (703) 788-6801. They have mapped our IA curriculum to the NSTISSI Standards 4011 through 4015 and have received both concurrence and recognition by the NSA for our efforts. Congrats!! Allan adds that for $480 per credit hour, all programs are 100% on-line and are taught by the same professors who teach the courses in a classroom on the university campus. For more info, check http://gsmweb.udallas.edu/info_assurance/ *************************************************** CSI 2004 April / May Seminar
Calendar *************************************************** 12-14MAY2004 - Electronic Entertainment Expo will be in Los Angeles, CA, at the Convention Center. If interested, check out the show site at: www.e3expo.com or contact Zach Toczynski at 1211 CONNECTICUT AVE #600, Washington, DC, or e-mail zach@theesa.com or telephone (202)223-2400. *************************************************** 19MAY2004 - Government Computer News is sponsoring a Management Leadership Conference at the Marriott Wardman Park hotel in Washington, DC. The Government fee is $195 and Industry is $295 which includes meals and breaks, a cocktail reception, and reference material. For More Information Or Registration visit http://www.gcn.com/a?Leadership_01 or Call 202-624-1756. *************************************************** 19-20MAY2004 - eFRAUD Conference at the Embassy Suites Hotel in New York City. Learn how to detect, investigate, and prevent electronic fraud. Express register online today at: http://pull.xmr3.com/p/10308-C907/7675358/http-www.misti.com-03-ef04eb4reg.html (if you click this link you will be leaving the FISSEA website, along with leaving NIST webserver) Please use EF04/EB4 as your Registration Code to ensure early- bird savings. *************************************************** 25MAY2004 Second FREE FISSEA Workshop, "Developing Role Based Information Assurance Training and Classroom Demonstrations", presented by the US Department of State, Diplomatic Security Training Center. See the flyer at the end for complete details. *************************************************** 25-27MAY2004 - U.S.
Department of Energy (DOE) Cyber Security Group (CSG) training conference,
titled "Take the Puzzle Out of Cyber Security" will be held
in Kansas City, with pre-conference workshops on May 24. As always,
there is no cost to attend the conference, although there is a $35 fee
for an optional social event. To make registration easy for you, this
year we have implemented a web-based registration form that will accept
credit cards (credit card needed only if you want to attend the social
event) http://cybertrain.labworks.org/conferences/may2004.
*************************************************** 8-9JUN2004 - The Forum on Information Security in Government will be held in Washington, DC, with Optional Workshops on 7 and 10JUN. Both the FISSEA Chair and Assistant Chair will be presenting sessions. More info can be found at http://pull.xmr3.com/p/3792-0DD3/92622542/http-www.misti.com-03-mi2eb1inf.html (by clicking this link, you will be leaving the FISSEA and NIST webserver) or by contacting MIS Training Institute at 498 Concord St., in Framingham, MA 01702-2357, Tel: (508) 879-7999, Fax: (508) 872-1153, E-mail: mis@misti.com *************************************************** 14-16JUN2004 CSI's 14th Annual NETSEC '04: BUILDING THE SECURE ENTERPRISE Conference Program is now available and registration is now open. NETSEC will be held in San Francisco at the Hyatt Regency Embarcadero. NetSec blends a management and awareness focus with technical solutions, giving you a balanced real-world perspective you won't find at other conferences. The conference program covers a broad array of topics, from the management issues of awareness, privacy and policy to more technical issues like wireless security, VPNs and Internet security. REGISTER FOR SHOW ONLY June 14-15 - FREE! http://i.nl03.net/ltr0/?_m=2g.0007.16.ri07j00zjt.1 Julie Hogan, Director of Events, CSI , Computer Security Institute, jhogan@cmp.com *************************************************** 01JUL2004 at 11:59pm is deadline for submission of papers to the Phrackstaff for presentation at PHRACK-62. "Dont bother us with lame articles -- only the real papers will make it." They are seeking papers on "hacking, phreaking, spying, carding, cybernetics, radio, electronics, forensics, reverse engineering, cryptography, anarchy, conspiracy, and world news." Also, they "will showcase selected tools from the hacking community." For more info, contact phrackstaff@phrack.org *************************************************** 8-11JUL2004 - Purdue University in West Lafayette, Indiana, will host CAITA-2004. This is a broadband conference, aimed at bringing together the scientific/technical elite. This year's Keynote is Dr. Dag von Lubitz, Laureate of the Smithsonian Award. More details on the Web at www.internetconferences.net *************************************************** 2nd FREE FISSEA
Workshop To learn more about this workshop, please visit this link on the FISSEA website. You will be opening up a MS Word file of the workshop announcement. |
Back to FISSEA Homepage
Back to Newsletter Index
Back to CSRC Homepage
Please send comments
or suggestions to webmaster-csrc@nist.gov.
Last Modified: April 19, 2004.