nasa isslob t2t it security role based training
play

NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 - PowerPoint PPT Presentation

Mar 07, 2023 •430 likes •559 views

National Aeronautics and Space Administration NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 Gretchen Morris www.nasa.gov 1 National Aeronautics and Space Administration Topics to Cover Accomplishments Offerings

  1. National Aeronautics and Space Administration NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 Gretchen Morris www.nasa.gov 1

  2. National Aeronautics and Space Administration Topics to Cover • Accomplishments • Offerings • Lessons learned • Next steps www.nasa.gov 2

  3. National Aeronautics and Space Administration Criteria for Course Development • Roles defined by Role-Based IT Security Training Matrices in NIST SP 800-16 – NIST 800-16 documents 46 modular components which can build a role – Modules in each course can be re-used for other roles – 800-16 has recommendations which modules could be used to build a role – ITSATC has completed 39 beginning and 23 intermediate modules • NASA-specific courses include info, such as: – Processes – NASA-specific titles • ISSLOB T2T Requirements – 508-compliant – Shared Content Object Reference Model (SCORM) compliant – Learning Management System (LMS) compatible (i.e., tracking requirements) – Operable in a Federal Desktop Core Configuration (FDCC) environment www.nasa.gov 3

  4. National Aeronautics and Space Administration NIST 800-16 Template Template Template A B C D E F G Training Areas Manage Acquire Design & Implement & Review & Use Other Develop Operate Evaluate 1 Laws & Regulations 1A 1B 1C 1D 1E 1F 2 Security Program 2.1 Planning 2.1A 2.1B 2.1C 2.1D 2.1E 2.2 Management 2.2A 2.2B 2.2C 2.2D 2.2E 3 System Life Cycle Security 3.1 Initiation 3.1A 3.1B 3.1C 3.1E 3.1F 3.2 Development 3.2A 3.2B 3.2C 3.2D 3.2E 3.2F 3.3 Test & Evaluation 3.3C 3.3D 3.3E 3.3F 3.4 Implementation 3.4A 3.4B 3.4C 3.4D 3.4E 3.4F 3.5 Operations 3.5A 3.5B 3.5C 3.5D 3.5E 3.5F 3.6 Termination 3.6A 3.6D 3.6E 4 Other www.nasa.gov 4

  5. National Aeronautics and Space Administration NASA T2T Role-Based Offerings • Roles with NASA Specific Information Removed – System Administrators – Chief Information Officers • Roles with NASA-specific content – Certification Agents & Authorizing Officials (CA&AO) – Chief Information Officers – Chief Information Officers – Intermediate – Organizational Computer Security Officials – System Administrators – Beginning – System Administrators – Intermediate – System Owners www.nasa.gov 5

  6. National Aeronautics and Space Administration Other Courses Included • IT System Security Plan Development • Risk Management • Basic ISSA – Information System Security Authorization – Was Certification & Accreditation www.nasa.gov 6

  7. National Aeronautics and Space Administration Process to get Materials • E-Mail ITSATC@lists.nasa.gov • Include – Name – Agency – Mailing address – Email address – Number of copies requested www.nasa.gov 7

  8. National Aeronautics and Space Administration Rules for Use • Provide Credit to NASA • Materials may be modified with Agency specifics to meet specific needs • Provide feedback to NASA ITSATC via the “Evaluation of NASA Provided Training” form that is included on the CD • The NASA ITSATC does not have the resources to reprogram the courses, but will assist as resources allow • Follow instructions in CD Read Me file to open the courses • Email the ITSATC (ITSATC@lists.nasa.gov) if you have any questions www.nasa.gov 8

  9. National Aeronautics and Space Administration Who have we shared the materials with? • Department of Education • FBI • Department of Interior • HUD • Census Bureau • ATF • OSHA • NIH • DHS • NRC • EPA • Department of Commerce • Department of Labor • GAO • OPM • HHS • State Department • Library of Congress • NIST • FDIC • DoD • IRS • NDIC • Canadian Government • Global Learning Systems • DOJ www.nasa.gov 9

  10. National Aeronautics and Space Administration Distribution Method • Mail on CD – CD includes all course materials and an evaluation form – Provided at no charge – NASA answers questions on the content, but is not responsible for modifying the content or programming to make it operational in a Federal LMS • Reasons for not using web – Desire to know and document distribution – Resources www.nasa.gov 10

  11. National Aeronautics and Space Administration Next Steps • Courses – Currently under development • Working to update and populate the matrix in NIST 800-16 – Using Draft Version 2 where possible – Beginning Level • From this, any role’s course can be quickly compiled • Social Networking – Under consideration • Making materials available module-by-module so that they can more easily be adapted • NIST 800-16 – Intermediate Level • Follow up with Distribution – Revise courses based on feedback www.nasa.gov 11

  12. National Aeronautics and Space Administration Contact Information • NASA IT Security Awareness & Training Center (ITSATC) – ITSATC@lists.nasa.gov • Richard Kurak – Program Manager, NASA ITSATC – 216-433-8256 – Richard.S.Kurak@nasa.gov www.nasa.gov 12

Recommend

DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role

DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role

DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role Based Training UNCLASSIFIED DoD ISSLOB Annual Awareness Training FY11 product in use (DoD, Federal, IC) FY12 product funded Customer

140 views • 12 slides
Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center

Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center

Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center Objectives for this session Review our role-based course development process Learn how to personalize our role-based courses for your agency

318 views • 12 slides
U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

ISSLOB SSC CYBERSECURITY AWARENESS U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST SP 800-50 A proven, reliable solution that verifies retention of material and concepts A well

344 views • 17 slides
Training Competency Assurance - Team Based Ralph Benham Maersk Training, Inc. History NASA

Training Competency Assurance - Team Based Ralph Benham Maersk Training, Inc. History NASA

DYNAMIC POSITIONING CONFERENCE OCTOBER 911, 2017 TRAINING/COMPETENCY Training Competency Assurance - Team Based Ralph Benham Maersk Training, Inc. History NASA study in 1979 Resource Management on the Flight Deck Human Factors

695 views • 15 slides
NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, CISSP Computer Security

NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, CISSP Computer Security

NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, CISSP Computer Security Division National Institute of Standards and Technology - March 23, 2010 - mark.wilson@nist.gov (301) 975-3870 (voice) http://csrc.nist.gov/

92 views • 8 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
The Role of MPPs at NASA and the Aerospace Industry Manny Salas May 22, 1997 Talk Outline

The Role of MPPs at NASA and the Aerospace Industry Manny Salas May 22, 1997 Talk Outline

The Role of MPPs at NASA and the Aerospace Industry Manny Salas May 22, 1997 Talk Outline NASA Aeronautics Computational Resources NASA Utilization & Availability Metrics NASA Aeronautics Parallel Software Aerospace

626 views • 47 slides
NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen

NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen

NASA Engineering Database NASA Engineering Database (NED) (NED) Prototype Prototype Stephen C. Waterbury NASA/Goddard Space Flight Center December, 2000 Model Interaction and Transformation Security, Services: Auth., Thin Expresso

440 views • 4 slides
UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE

UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE

UCP UK Security Training like no other CLOSE PROTECTION TRAINING At its very best UCP ARE APPROVED, INSURED AND ASSURED TO DELIVER THE UK SIA LICENSED TRAINING DONT CHOOSE A PROVIDER THAT IS NOT QUALIFIED TACTICAL FIREARMS TRAINING

684 views • 36 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER

WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER

WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER EDUCATION? NFEC National Conference, Leicester November 2013 Introducing The Medical Room UK based company, Incorporated 2007 Preferred suppliers to

385 views • 21 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 7 Intrusion Detection Topics Fundamentals Network IDS Snort Host-based IDS

1.03k views • 72 slides
New-school Security Awareness Training Greg Kras CISSP Chief Product Officer About Us Over

New-school Security Awareness Training Greg Kras CISSP Chief Product Officer About Us Over

New-school Security Awareness Training Greg Kras CISSP Chief Product Officer About Us Over 27,000 The worlds largest integrated Security Awareness Training and Simulated Phishing platform Based in Tampa Bay, Florida, founded in

609 views • 5 slides
Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 16, 2013 SafeConfig 2013: IEEE 6th

227 views • 18 slides
Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security

Effective Security for the Post-compliance Era Security Awareness and Training for Security Specialists M. ANGELA SASSE, RUHR UNIVERSITY BOCHUM & UCL The problem MENSCHLICH WELTOFFEN LEISTUNGSSTARK 2 ENISA Report December 2018

362 views • 33 slides
NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA

NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA

NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA LEVEL RISEPart 2: Future sea level and coastal storm projections Vivien Gornitz and Daniel Bader Columbia University/NASA Goddard Institute for

308 views • 27 slides
Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security Week 6 Week 2 Responsible

190 views • 18 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010

FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010

FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010 Importance of ISS LOB Tier 2 Training Supports compliance for role-based training requirement of FISMA Reduces development cost per

656 views • 8 slides
Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific Northwest National Laboratory Flocon 2015, Portland, OR, USA January 15, 2015 1 Motivation Analyzing a machines past behavior in the face of an

625 views • 23 slides
Assets for Use by Commercial Programs JIM ROBERTS & TERRY LAMBING NASA Kennedy Space Center

Assets for Use by Commercial Programs JIM ROBERTS & TERRY LAMBING NASA Kennedy Space Center

Methods Used in Pricing & Conveying NASA Assets for Use by Commercial Programs JIM ROBERTS & TERRY LAMBING NASA Kennedy Space Center Office of the CFO 2015 ICEAA Professional Development and Training Workshop Changes at NASA:

380 views • 33 slides
Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal

Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC Introduction Introduction

604 views • 16 slides
Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart

Semantic security framework and context- aware role-based access control ontology for Smart Spaces Semantic Big Data Workshop, ACM SIGMOD 2016 Conference 2016, San Francisco, California, July 1st 2016 Shohreh Hosseinzadeh, Natalia

240 views • 19 slides

More recommend