Building Blocks Technologies

Training Services
Course Develsopment Services
Training Instruction Services Consulting Services

Services

Technology Training: Security: ISSO Orientation

Course Objectives:

Upon completion of this course the student will be able to:

  • Explain importance of IT Governance in the role of the ISSO.
  • Define Confidentiality, Integrity and Availability for Information Systems Security.
  • Describe the certification and accreditation and explain the importance of these for an organization and the impact to the ISSO.
  • Describe the necessities in implementing a site Security Policy and the importance to the Department of National Defence and the rest of the Government of Canada.
  • Explain the importance of reporting the status of site security for the ISSO.

Course Type:

The course is taught in class with an instructor.

Prerequisite:

None

Duration:

5-days

Audience:

This course is intended for those in government or private industry positions of Information Security or wishing to become Information Systems Security Officers, or for those need to advance their skills and knowledge in managing system and organization security.

Course Description:

This five-day course is based upon the National Security Agency's directive for National Training Standard from the Committee on National Security Systems (CNSS) as specified in CNSSI No. 4014; Information System Security Officer (ISSO). This course addresses the entry level standards which covers the fundamentals of Information Systems from a top down approach. The course covers IT Governance, certification, and accreditation, public key infrastructures, configuration management, intrusion detection, incident response. Given a series of system security breaches, the ISSO will identify system vulnerabilities and recommend security solutions required to return systems to an operational level of assurance.
Course Outline

Setting the Foundation and Understanding your Role

  • Security Concepts
  • Security Practices
  • Security Policies
  • ISSO Defined
  • Common Responsibilities
  • Types of ISSO
  • Type-specific Responsibilities

    • Understanding, Implementing and Managing Site Security

  • Confidentiality, Integrity and Availability for Sites
  • Site Security Principles
  • The Role of Site Security Policy
  • Site Security Policies
  • Plans and Procedures
  • Facility Approval
  • Operational Management
  • Access Control
  • Incident Response
    		•

    Understanding, Implementing and Managing System Security

  • Confidentiality, Integrity and Availability for Systems
  • System Security Principles
  • The Role of System Security Policy
  • System Security Policies
  • Plans and Procedures
  • Media Handling
  • Security Tools and Methods
  • Operational Management
  • Incident Response

    • Understanding and Developing Site and System Reporting

  • Report Categories
  • Measurement
  • Reporting Roles and Responsibilities
  • Reporting Audiences
  • Report Planning
  • Reporting Formats and Conventions
  • Reporting to Management
  • Legal Considerations
    		•

    Achieving Security Certification and Accreditation

  • Certification and Accreditation
  • Certification Practices
  • Certification Elements
  • Personnel Accreditation
  • Systems Accreditation (Type Accreditation)
  • Accreditation Activities
    		•