Assurance, Assurance/DIACAP, Assurance/DITSCAP, Certification/Security+, Certification/Security+/Infrastructure Security/Network, Certification/Security+/Operational & Organizational, Computer Security, DIARMF, Main Digg, Risk Management Framework, Security Awareness, Security Awareness/ISSA
Information Assurance Awareness Training
NIST Special Publication 800-50, is a regulation dedicated to IA Awareness Training
NIST SP 800-5, Building an Information Technology Security Awareness & Training Program
The 800-50 includes guidance on development and sustainment of an awareness & training IT Security (aka information assurance training) program for all users, employees and supervisors within an organization. Having a training program is mandated by the Federal Information Security Act of 2002.
IA Awareness Training – Roles & Responsibilities
Agency heads – must ensure that high priority is given to effective security awareness and training for employees. Appoint a CIO
CIO – Establish overall strategy, funding, tracking and report is in place for the IT security awareness and training program
IT Security Program Manager – tactical deployment, development and maintenance of the IT security & awareness program.
Managers – responsible for complying with IT security awareness program. Work with CIO and IT Security Program Managers to share responsibility. Ensure all users are trained to fulfill their security roles before access is giving. Promote professional development and certification of the IT staff.
Users – largest audience in any organization and are the single most important group of people who can help to reduce unintentional errors.
800-50 calls learning a “continuum”. The continuum of learning starts awareness and builds into education.
Awareness – awareness is not training. Awareness focuses on security concerns to ensure users are mindful of basic rules and issues in a given environment.
Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. – 800-50
Training – is a formal focused method to develop a skill for job performance.
Training strives to produce relevant and needed security skills and competencies – 800-50
Education – combines multidisciplinary areas into a common body of knowledge.
Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge . . . and strives to produce IT security specialists and professionals capable of vision and pro-active response. –800-50
The all seeing eye of Google is upon Safe browsing and and alerts for your network. I think this is proof that Google is not “evil” as some say. Some believe that Google is “evil” just because they want to organize all of the worlds data. To this I say, “stop, hatin’!”
Google has taken steps toward protecting is users from malware and phishing attacks by alerting webmasters of malicious content and bad URLs.
Now Google offers a service for Network Administartors that allows system owners to receive early notifications for malicious content on their network. Its called “Google Safe Browsing Alerts“. As an example of how powerful this can be, imagine an Internet Service Provider have such a service.
I can already hear the “nayers of google” crying, “what about the privacy of the networks and your users?” To this I say, “SHUT THE HELL UP!” Google loves you. Google died for your sins. Repent, for the kingdom of Google is at hand.
That is all.
Firewalls 101: How stuff works DOT com. Great for establishing a foundation for understanding the firewall.
Firewall FAQ great for newbies and rusty IT Security test takers from the undisputed champions on Infosyssec who continue to hack the hackers.
Exhaustive Firewall Links from CERIAS.
Another great article by Cisco. White Paper on Cisco's PIX firewall and Stateful Firewall Security.
ISAserver.org: The No.1 unofficial ISA Server 2000
& 2004 resource site – This feed offers news, articles, tutorials
and reviews for ISA administrators. —> ISA SERVER/FIREWALL FEED
Dr. Tom Shinder's ISA Server Firewall Blog. Not updated very often, but good info on ISA firewalls.
Home PC Firewall Guide. Comprensive site about configuring firewalls.