This course will explore the role of the non-technical DoD security specialist related to information systems security, information assurance and cybersecurity. Emphasis will be placed on developing effective relationships between the many organizational players who have a role in information systems security, information assurance and cybersecurity and how these relationships serve to increase operational effectiveness and security of the organization.
The course will include but will not be limited to the following topics:
•Links between Information Systems Security, Information Assurance, Cybersecurity and other security disciplines.
•Three Elements of Information Systems Security (CIA)
•Six elements of an Information System:
• Assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures;
• Describe and assess the strengths and weaknesses of general cybersecurity models, including the CIA triad;
• Describe and appraise the interrelationships among elements that comprise a modern security system, including hardware, software, policies, and people;
• Assess and describe how all domains of security interact to achieve effective system-wide security at the enterprise level.
• Describe the interrelationships among security roles and responsibilities in a modern information-driven enterprise - to include interrelationships across security domains (IT, physical, classification, personnel, and so on);
• Assess the role of strategy and policy in determining the success of information security;
• Estimate the possible consequences of misaligning enterprise strategy, security policy, and security plans;
• Design a notional information security plan that incorporates relevant principles of lifecycle management;
• Explain the principles of risk and conduct a notional risk management exercise;
• Describe the role of good metrics and key performance indicators (KPIs) in security assessment and governance;
• Define and develop good information security metrics;
• Characterize the current legal and regulatory environment as it applies to cybersecurity;
• Identify, characterize, and evaluate the most common security standards and associated catalogues of security controls;
• Contrast the various approaches to security training and formulate a simple training agenda;
• Justify the need for business continuity planning and propose how to implement such a plan successfully within a modern enterprise;
• Compare and contrast logical and physical security;
• Appraise the current structure of cybersecurity roles across the DoD enterprise, including the roles and responsibilities of the relevant organizations;
• Assess the strengths and weaknesses of the certification and accreditation approach to cybersecurity;
• Evaluate the trends and patterns that will determine the future state of cybersecurity.