nist role based training guideline sp 800 16 rev 1
play

NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, - PowerPoint PPT Presentation

Sep 19, 2022 •12 likes •92 views

NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, CISSP Computer Security Division National Institute of Standards and Technology - March 23, 2010 - mark.wilson@nist.gov (301) 975-3870 (voice) http://csrc.nist.gov/

  1. NIST Role-based Training Guideline: SP 800-16, Rev. 1 Mark Wilson, CISSP Computer Security Division National Institute of Standards and Technology - March 23, 2010 - mark.wilson@nist.gov (301) 975-3870 (voice) http://csrc.nist.gov/

  2. Document Drivers • Two Audiences: Information Security Professionals and Instructional Design Professionals • “Harmonization” / “Transformation” Efforts: – NSA’s CNSS training standards – DHS’ Essential Body of Knowledge – OPM’s 2210 Series Training Topics/Competencies/Behaviors – CIO Council’s IT Workforce Committee (Matrix Project) – DOD’s 8570 Training and Certification Program – ODNI’s Cyber Training Subdirectory – ISS LOB Tier 2 Role-based Training Initiative – CNCI Cyber Education Efforts (Initiative 8 / “8-Plus”) 2

  3. Training Requirements Vs. Options • Requirements: • Options: – Identify people with – Number of roles to use significant – Build a course or responsibilities for module information security – Presentation mode (e.g., – Train them instructor-led, technology-based, incorporate avatars) – Order of content in course or module – Topics and elements 3

  4. The Rules • Rule #1: Identify people with significant responsibility for information security • Rule #2: Do not open SP 800-16, Rev. 1 until organization has identified people with significant responsibility for information security • Rule #3: The list of roles in SP 800-16, Rev. 1 is a catalog; use what you need and do not use what you do not need 4

  5. The “Learning Continuum” In Draft Special Publication 800-16, Rev. 1 5

  6. Awareness and Training Relationships Role- Role- Role- Role- Role- Role- Based Based Based Based Based Based ISS LOB Training: Training: Training: Training: Training: Training: Tier 2 Efforts CIO SAISO System System Info. System Admin. Owner Owner Security Officer ISS LOB Information Security Awareness Training: Basics and Literacy Tier 1 Target Audience = All Users Of Information and Information Systems Efforts Information Security Awareness: Target Audience = All Employees Posters, Lanyards, Badges, E-mail Advisories, Log-in Screen Warnings, Computer Security Day, Trinkets, Newsletters, “Awards” from Mgmt. 6

  7. Draft Rev. 1 Key Thoughts/Goals • Final document expected this FY • SP 800-16, Rev. 1 to be supported by: – web-based “reference model” [on our CSRC] – 2 SOPs: information security professionals and instructional design professionals • Eventual “Rev. 2” could be – should be?!?! – the product of the current harmonization/ transformation effort 7

  8. - Thank You - Mark Wilson, CISSP Computer Security Division National Institute of Standards and Technology mark.wilson@nist.gov (301) 975-3870 (voice)

Recommend

Transition Monitoring Process Training Based on Division of DD Guideline # 6 7 Overview

Transition Monitoring Process Training Based on Division of DD Guideline # 6 7 Overview

Transition Monitoring Process Training Based on Division of DD Guideline # 6 7 Overview What is transition monitoring? The Benchmarks and authorities with some examples; APTS data; Annual Trend Reports; Reminders

1.19k views • 34 slides
ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and

ROLE BASED ACCESS CONTROL (RBAC) John Barkley RBAC Project Leader Software Diagnostics and Conformance Testing National Institute of Standards and Technology (301) 975-3346 jbarkley@nist.gov http://hissa.nist.gov/rbac/ ACTIVE PARTICIPANTS

635 views • 27 slides
Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community

Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community

DoN: An Opportunity to Advance Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community Engagement Guideline January 11, 2017 Retooling DoN for Todays Health Care Market Development of Revised CHI

627 views • 25 slides
Introduction to the SmPC guideline SmPC training presentation Note : for full information refer

Introduction to the SmPC guideline SmPC training presentation Note : for full information refer

Introduction to the SmPC guideline SmPC training presentation Note : for full information refer to the European Commissions Guideline on summary of product characteristics (SmPC) SmPC Advisory Group An agency of the European Union Table of

728 views • 10 slides
WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER

WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER

WORKING IN PARTNERSHIP WITH A SPECIALIST TRAINING PROVIDER - WHAT IS THE ROLE OF FURTHER EDUCATION? NFEC National Conference, Leicester November 2013 Introducing The Medical Room UK based company, Incorporated 2007 Preferred suppliers to

385 views • 21 slides
TRAINING COURSE ON MALAYSIA VARIATION GUIDELINE Zahura a Binti Mohamed @ Ismai ail Biro

TRAINING COURSE ON MALAYSIA VARIATION GUIDELINE Zahura a Binti Mohamed @ Ismai ail Biro

TRAINING COURSE ON MALAYSIA VARIATION GUIDELINE Zahura a Binti Mohamed @ Ismai ail Biro Pengawalan Farmas aseut utikal kal Kebang ngsaan aan Kementerian an Kesihat atan an Malaysia Type of Drug Substance (DS) Variations Change and/or

534 views • 16 slides
DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role

DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role

DoD Shared Service Center for ISS LOB Tier I Security Awareness Training a and Tier II Role Based Training UNCLASSIFIED DoD ISSLOB Annual Awareness Training FY11 product in use (DoD, Federal, IC) FY12 product funded Customer

140 views • 12 slides
NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST had awarded larger ESPC ($45M) with 4 ECMs the previous year (June 2015) Non-selected ECM was fixed-tilt, ground-mounted solar array on federal

559 views • 17 slides
guideline recommendations Instructions for guideline translators Recommendations form the core of

guideline recommendations Instructions for guideline translators Recommendations form the core of

How to identify and interpret ERBP guideline recommendations Instructions for guideline translators Recommendations form the core of any clinical practice guideline, and therefore require special attention during the process of translation.

523 views • 14 slides
Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

1 Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69 submissions in first round, from hundreds of people. (+13 submissions that NIST declared incomplete or improper.) 22 signature-system submissions. 5

1.97k views • 196 slides
Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity Framework (NIST CSF) A Business Case Agenda and Objectives The Digital Innovation Economy The Cyber Security Problem The Cyber Security Solution

260 views • 22 slides
Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center

Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center

Gretchen Ann Morris, CISSP DB Consulting Group NASA IT Security Awareness and Training Center Objectives for this session Review our role-based course development process Learn how to personalize our role-based courses for your agency

318 views • 12 slides
Augmented Data Training of Joint Acoustic/Phonotactic DNN i-vectors for NIST LRE 2015 Alan

Augmented Data Training of Joint Acoustic/Phonotactic DNN i-vectors for NIST LRE 2015 Alan

Augmented Data Training of Joint Acoustic/Phonotactic DNN i-vectors for NIST LRE 2015 Alan McCree, Greg Sell, and Daniel Garcia-Romero JHU HLTCOE Odyssey 2016 1 Overview JHU HLTCOE submission to LRE15 One of top performers

327 views • 20 slides
8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use

8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use

8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use of Pharmacogenetic Methodologies in the Pharmacokinetic Evaluation of Medicinal Products Marc Maliepaard PhD Senior Clinical assessor CBG-MEB

401 views • 27 slides
U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST

ISSLOB SSC CYBERSECURITY AWARENESS U.S. DEPARTMENT OF STATE JSAS Cyber Security IT Security Awareness training consistent with NIST SP 800-50 A proven, reliable solution that verifies retention of material and concepts A well

344 views • 17 slides
FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010

FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010

FISSEA: Panel Discussion ISS LOB Tier 2 Training VA National IT Training Academy March 25, 2010 Importance of ISS LOB Tier 2 Training Supports compliance for role-based training requirement of FISMA Reduces development cost per

656 views • 8 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides
Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications

Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications

Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications (External) Site where document is utilised: MNCLHD Description: Guideline for approval process of external presentations and publications Keywords:

320 views • 5 slides
Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed Wearable Augmented Reality Framework Studienarbeit Lothar Richter Chair for Applied Software Engineering Summary Development of a short and easy

430 views • 30 slides
Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition

Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition

Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition of the guideline originally published in 1999 and revised in 2001 under the same title. 1. Purpose and scope The aim of this guideline is to

302 views • 13 slides
OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

Presentation of the rank metric Description of the scheme Security and parameters OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography Standardization Conference Carlos AguilarMelchor 2 Nicolas Aragon 1 Slim

157 views • 15 slides
Understanding Early Stage Technology Development Based on: NIST GCR 02-841 Between Invention and

Understanding Early Stage Technology Development Based on: NIST GCR 02-841 Between Invention and

Understanding Early Stage Technology Development Based on: NIST GCR 02-841 Between Invention and Innovation An Analysis of Funding for Early-Stage Technology Development Diptesh Nandi Economic nature and value of technology based innovations

467 views • 14 slides
NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 Gretchen Morris www.nasa.gov 1

NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 Gretchen Morris www.nasa.gov 1

National Aeronautics and Space Administration NASA ISSLOB T2T IT Security Role-Based Training March 15, 2011 Gretchen Morris www.nasa.gov 1 National Aeronautics and Space Administration Topics to Cover Accomplishments Offerings

559 views • 12 slides
Federal Computer Security Managers Forum Meeting September 10, 2018 NIST Gaithersburg NIST

Federal Computer Security Managers Forum Meeting September 10, 2018 NIST Gaithersburg NIST

Federal Computer Security Managers Forum Meeting September 10, 2018 NIST Gaithersburg NIST Heritage Room NIST Building 101 Ground Floor Map FCSM Quarterly Meeting Overview| 2 NIST Building 101 Ground Floor Map Stairs to Outside and

664 views • 11 slides

More recommend