The course is based on the National Security Agency’s (NSA) Information Security (INFOSEC) Evaluation Methodology (IEM), which is NSA’s recommended methodology for evaluating an organization’s technical security. The course will examine the process of coordinating with the customer, setting the scope of the project, obtaining legal authorization, conducting the ten baseline activities of the evaluation, and compiling a meaningful and understandable final product for the customer. Students registering for this course will be required to participate in an actual IEM based evaluation as a course project. The documentation created during this course can be added to the student’s portfolio.
Learning Objectives
1. Enumerate the required steps and processes for conducting the NSA IAM and IEM. 2. Demonstrate the ability to help a customer define and prioritize Critical Information. 3. Define the Critical Path within an organization based on defined Critical Information. 4. Conduct technical evaluation activities against organizational technical resources. 5. Identify the basic components required for a quality Final Report. 6. Interface and interview mission critical personnel within an organization in a professional manner.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.