|< Day Day Up >|| |
Assisting in the efforts to enhance law-enforcement's capabilities for preventing and prosecuting cyberspace attacks will mean reporting more incidents and filing necessary complaints to support the prosecution of perpetrators. The importance of reporting incidents to law enforcement and how to report incidents is discussed in depth in Chapter 4.
In addition to increased and improved reporting of computer-related incidents, organizations also need support of training programs for lawenforcement professionals, as well as IT security professionals to work with law enforcement. There has been considerable effort put forth to train more IT security professionals. This effort will better enable the enforcement of laws, because organizations will have more qualified staff to assist lawenforcement actions. Although there have been several national initiatives to improve training, much of the actual training takes place at the local level.
One example of how the gap between national initiatives and local resources has been bridged is the National INFOSEC Education & Training Program supported by the NSA, the National Science Foundation (NSF), and other federal agencies.
The NSF provides financial support for the Federal Cyber Service: Scholarship for Service Program designed to increase the number of qualified students entering the fields of information assurance (IA) and computer security and to increase the capacity of the U.S. higher-education enterprise to continue to produce professionals in these fields. The program has two tracks.
The scholarship track provides funding to colleges and universities to award scholarships in the IA and computer security fields. Scholarship recipients will become part of the Federal Cyber Service of IT specialists, who ensure the protection of the U.S. government information infrastructure. Upon graduation, after their two-year scholarships, the recipients are required to work for a federal agency for two years in fulfillment of their Federal Cyber Service commitment.
The capacity-building track provides funds to colleges and universities to improve the quality and increase the training of IA and computer security professionals through the professional development of IA faculty and the development of academic programs. Partnerships designed to increase participation by underrepresented groups are particularly encouraged.
The NSA certifies academic programs for participation in the Federal Cyber Service: Scholarship for Service Program as Centers of Academic Excellence in Information Assurance Education. NSA grants the designations following a rigorous review of university applications against published criteria based on training standards established by the National Security Telecommunications and Information Systems Security Committee (NSTISSC). The NSTISSC has established standards for IS security professionals that provide the minimum training and education standards for properly executing the duties and responsibilities of:
Information systems security (INFOSEC) professionals
Designated approving authority (DAA)
System administration (SA) in IS security
IS security officers (IAD)
The Information Assurance Courseware Evaluation Process takes the next step in meeting national education and training requirements in IA. The process systematically assesses the degree to which the various institutional, college, and university curriculums satisfy NSTISSI standards. The NSTISSC Education, Training, and Awareness Issue Group (ETAIG) established the Information Assurance Courseware Evaluation Working Group (IACEWG) to develop and implement this process. The process certifies institutions as meeting all of the elements of a specific standard with a designated set of courseware. The certification does not make a judgment as to the quality of the presentation of the material within the set of courseware, but only that all of the elements of a specific standard are covered.
The process assesses the curriculum of an institution, college, or university against the NSTISSI standards. The data for this evaluation is electronically submitted by the institution in a standardized format through an interactive Web site that will also maintain the privacy of the information. All submissions must be made electronically. Much of the required information was previously developed by institutions requesting designation as a Center of Academic Excellence under the Centers of Academic Excellence in Information Assurance Education (CAEIAE) program.
The IACE submission will identify specific courses of instruction and will provide a mapping of the course content against the elements of an NSTISSI standard. The mapping will be performed for all the applicable courses, and an evaluation will be made by a review board to determine the degree to which the institution meets the standards. After working with the institution to ensure all the elements of the standard are met, the institution will receive formal certification. It is important to note that this process certifies the institution, not the individual attending the institution. Certified institutions will be authorized to issue certificates to their students.
Each year, newly designated CAEIAEs are recognized in a formal presentation at the annual Conference of the Colloquium for Information Systems Security Education. The colloquium conference provides a forum for key officials in government, industry, and academia to focus on current and emerging requirements in IA education and to encourage the development and expansion of curricula at graduate and undergraduate levels. As of summer 2003, the 50 universities designated as CAEIAEs are the following:
Air Force Institute of Technology
Carnegie Mellon University
East Stroudsburg University
Florida State University
George Mason University
George Washington University
Georgia Institute of Technology
Idaho State University
Indiana University of Pennsylvania
Information Resources Management College of the National Defense University
Iowa State University
James Madison University
Johns Hopkins University
Mississippi State University
Naval Postgraduate School
New Jersey Institute of Technology
New Mexico Institute of Mining and Technology
North Carolina State University
Pennsylvania State University
Portland State University
State University of New York, Buffalo
State University of New York, Stony Brook
Stevens Institute of Technology
Texas A&M University
University of California, Davis
University of Dallas
University of Idaho
University of Illinois, Urbana-Champaign
University of Maryland, Baltimore County
University of Maryland, University College
University of Massachusetts, Amherst
University of Nebraska, Omaha
University of North Carolina, Charlotte
University of Pennsylvania
University of Texas, San Antonio
University of Tulsa
University of Virginia
U.S. Military Academy, West Point
West Virginia University
|< Day Day Up >|| |