Upload
henry-manning
View
217
Download
0
Embed Size (px)
Citation preview
Information Assurance Education Today
LTC Clifton H. Poole, CISSP, CISM, IAMInformation Resources Management College
National Defense University
Policy2004The EDUCAUSE Policy Conference
Secure Path of Improvement
IA is an evolutionary process in how information systems are and will be defended in the future.
Computer Security
Information Assurance
(Gil Duvall, 2004)
Computer security to IA - What Changed?
Computer security - measures & controls that ensure the confidentiality, integrity, and availability of information systems (IS) assets including h/w, s/w, firmware, and information being processed, stored and communicated.
Information assurance (IA) - information operations that protect and defend information and IS by ensuring their confidentiality, integrity, availability, authentication, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction [correction] capabilities.
*NSTISSI #4009 - Infosec Glossary(Gil Duvall, 2004)
Why the Evolution to IA ?
Topic Area Then (~1985) Now (2004)
Computer access & literacy Ad hoc Integral part of society
Threats Moderate/Known Attacks High/Unknown Adversary
VulnerabilitiesFew applications &
Operating SystemsCross functional applications
& legacy support
Connectivity Level Need to knowAny-to-Any
(E2E, B2B, B2C, P2P)
Evaluation CriteriaOrange Book/TCSEC
(C2, B1, etc)
The Common Criteria(assurance at the functional
level)
Accreditation Standard Each CustomerNational level certification &
accreditation programs
…a significant shift in the distributed computing environment (DCE)
(Gil Duvall, 2004)
Centers of Academic Excellence •Partnerships in IA Education
•IA Treated as a Multidisciplinary Science
•University Encourages the Practice of IA
•Academic Program Encourages Research in IA
•IA Curriculum Reaches Beyond Geographic Borders
•Faculty Active in IA Practice and Research and Contribute to IA Literature
•State-of-the-Art IA Resources
•Declared Concentrations
•Declared Center for IA Education or Research
•Full-time IA Faculty
Objective of Program Criteria - The criteria are designed to measure and recognize the depth and maturity of Information Assurance (IA) academic programs, and to stimulate the development of broad-ranging IA programs to meet the varying needs of the student population, including work-force professionals, as well as the employment needs of government and industry.
http://www.nsa.gov/ia/academia/caemap.cfm?MenuID=10.1.1.2
http://www.defenselink.mil/nii/iasp/DoDMembersMain.htm
DoD civilian employees, military officers and enlisted members
•Information Resources Management College (IRMC)
•Naval Postgraduate School (NPS )
•Air Force Institute of Technology (AFIT)
Federal Cyber Service: Scholarship for Service
This program seeks to increase the number of qualified students entering the fields of information assurance and computer security and to increase the capacity of the United States higher education enterprise to continue to produce professionals in these fields.
•Scholarship Track
•Capacity Building Track
http://www.ehr.nsf.gov/ehr/DUE/programs/sfs/
Other Perspectives
Outputs
A world-class graduate IA program.
Inputs
Student feedback
Faculty feedback
IA research
Industry practices
Competition
Stakeholders Needs
Resource/Mechanisms
Strategic Plan
Funding
Staff support
Controls
IA Standards
Gov’t Requirements
Course Schedule