Information Assurance Education Today

LTC Clifton H. Poole, CISSP, CISM, IAMInformation Resources Management College

National Defense University

Policy2004The EDUCAUSE Policy Conference

Secure Path of Improvement

IA is an evolutionary process in how information systems are and will be defended in the future.

Computer Security

Information Assurance

(Gil Duvall, 2004)

Computer security to IA - What Changed?

Computer security - measures & controls that ensure the confidentiality, integrity, and availability of information systems (IS) assets including h/w, s/w, firmware, and information being processed, stored and communicated.

Information assurance (IA) - information operations that protect and defend information and IS by ensuring their confidentiality, integrity, availability, authentication, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction [correction] capabilities.

*NSTISSI #4009 - Infosec Glossary(Gil Duvall, 2004)

Why the Evolution to IA ?

Topic Area Then (~1985) Now (2004)

Computer access & literacy Ad hoc Integral part of society

Threats Moderate/Known Attacks High/Unknown Adversary

VulnerabilitiesFew applications &

Operating SystemsCross functional applications

& legacy support

Connectivity Level Need to knowAny-to-Any

(E2E, B2B, B2C, P2P)

Evaluation CriteriaOrange Book/TCSEC

(C2, B1, etc)

The Common Criteria(assurance at the functional

level)

Accreditation Standard Each CustomerNational level certification &

accreditation programs

…a significant shift in the distributed computing environment (DCE)

(Gil Duvall, 2004)

Centers of Academic Excellence •Partnerships in IA Education

•IA Treated as a Multidisciplinary Science

•University Encourages the Practice of IA

•Academic Program Encourages Research in IA

•IA Curriculum Reaches Beyond Geographic Borders

•Faculty Active in IA Practice and Research and Contribute to IA Literature

•State-of-the-Art IA Resources

•Declared Concentrations

•Declared Center for IA Education or Research

•Full-time IA Faculty

Objective of Program Criteria - The criteria are designed to measure and recognize the depth and maturity of Information Assurance (IA) academic programs, and to stimulate the development of broad-ranging IA programs to meet the varying needs of the student population, including work-force professionals, as well as the employment needs of government and industry.

http://www.nsa.gov/ia/academia/caemap.cfm?MenuID=10.1.1.2

http://www.defenselink.mil/nii/iasp/DoDMembersMain.htm

DoD civilian employees, military officers and enlisted members

•Information Resources Management College (IRMC)

•Naval Postgraduate School (NPS )

•Air Force Institute of Technology (AFIT)

Federal Cyber Service: Scholarship for Service

This program seeks to increase the number of qualified students entering the fields of information assurance and computer security and to increase the capacity of the United States higher education enterprise to continue to produce professionals in these fields.

•Scholarship Track

•Capacity Building Track

http://www.ehr.nsf.gov/ehr/DUE/programs/sfs/

Other Perspectives

Outputs

A world-class graduate IA program.

Inputs

Student feedback

Faculty feedback

IA research

Industry practices

Competition

Stakeholders Needs

Resource/Mechanisms

Strategic Plan

Funding

Staff support

Controls

IA Standards

Gov’t Requirements

Course Schedule