DoD Foots the Bill for Web-Based Security Training
Our tax dollars at work...or is it tax dollars from our work? Regardless, you can save budgetary resources by outsourcing security training to our government. A curriculum of free web based training from the Department of Defense (DoD) concentrates on Information assurance (IA), although covers a wide range of security topics.
As security professionals, implementing principles of IA is almost reflexive in nature, although it has become one of those amorphously defined terms. Other than consistency with the CIA (confidentiality, integrity, availability) triad core, most comprehensive definitions vary considerably among sources. Maintaining my policy of providing vague, yet all encompassing definitions, I usually refer to IA as--assuring appropriate levels of all forms of security across processes involving information, or when lazy, just "assurance of information."
If unfamiliar with the intricacies of IA, know that it's an umbrella term that includes corporate governance issues such as privacy, authenticity, authorization, compliance, audits, business continuity, disaster recovery, and emphasizes areas of strategic risk management. Obviously, these are all relevant issues for our government's information resources.
The Technology Training Corporation's conference on Cyber Security, co-sponsored by the American Institute of Engineers, is scheduled to take place in Washington, DC on March 12th & 13th. Navigation from the conference's main page (see previous sentence for link), to the "about the conference" page, presents the following significantly statistic (although, not necessarily statistically significant) paragraph:
"Last year, the Department of Defense suffered an estimated 80,000 network attacks. On government networks alone, a new software vulnerability is exploited every 82 minutes. Meanwhile, attacks on US federal agencies' computer systems are increasing at alarming rates. Furthermore, utilities are being hit by an estimated 500 to 1000 attacks from hackers and malicious code every year. The financial and economic impact of a one day cyber sabotage effort that disrupts US credit and debit card transactions is estimated at being about $35 billion USD. For 2009, the national cyber budget will exceed $6 billion USD. Given our ever-increasing reliance on digital connectivity, it is imperative that the US directly engages these threats in order to avert potential catastrophe."
I haven't personally fact checked these numbers, but I think they're trying to convey that national cyber security is an issue of concern.
The DoD sponsored, Information Assurance Support Environment, claiming to be your "One-Stop-Shop" for IA information, offers slew of online IA training. Unfortunately, those without CAC (common access card) PKI authentication will be ineligible for a few of the presentations, however, I encourage you to watch, bookmark, and pass along the rest, provided in the following links.
Main starting page for IA Education, Training and Awareness
Information Systems Security Awareness - This provides an interactive course which is a scenario-based exercise in security awareness. Navigating through a "typical US government" building, you are presented with comically obvious informational situations, requiring responses in the form of multiple choice questions. My personal favorites are Miguel's enticing offer to hang out in his cubicle for some P2P file sharing and Alex's bank informing him that 10 years worth of savings have disappeared from his account.
Some other free video training courses include: