The course is based on the National Security Agency’s (NSA) Information Security (INFOSEC) Evaluation Methodology (IEM), which is NSA’s recommended methodology for evaluating an organization’s technical security. The course will examine the process of coordinating with the customer, setting the scope of the project, obtaining legal authorization, conducting the ten baseline activities of the evaluation, and compiling a meaningful and understandable final product for the customer. Students registering for this course will be required to participate in an actual IEM based evaluation as a course project. The documentation created during this course can be added to the student’s portfolio.
1. Enumerate the required steps and processes for conducting the NSA IAM and IEM. 2. Demonstrate the ability to help a customer define and prioritize Critical Information. 3. Define the Critical Path within an organization based on defined Critical Information. 4. Conduct technical evaluation activities against organizational technical resources. 5. Identify the basic components required for a quality Final Report. 6. Interface and interview mission critical personnel within an organization in a professional manner.