Date: 11/11/97 8:30:36 AM From: Marshall D Abrams Subject: Computer Security training available To: (""@LOCAL) While browsing the net, I discovered the following training materials. I have not checked out any of the materials, but thought to bring it to your attention as a possibility for contributing to meeting your sponsor's information security training needs. At NISThttp://csrc.nist.gov/training/, nd170.zip [3031089 bytes] 1996-04-29 Introduction to Computer Security, National Cryptologic School, (Interactive Courseware Trainee Guide) (formerly, CP-133) (37 zipped files, DOS program) Also at this URL is the draft Information Technology Security Training Requirements: A Role- and Performance-Based Model in Adobe Acrobat PDF Format: main.PDF [791 KB] October 22, 1997 - This file contains the main body of the document. App-a-d.PDF [87 KB] October 20, 1997 - Appendix A, B, C, and D. App-e.PDF [457 KB] October 20, 1997 - Appendix E. I also browsed to DISA http://www.disa.mil/ciss/cbtdown.html and found the following: IPMO INFOSEC Computer Based Training Courseware Download Page The IPMO distributes Computer Based Training (CBT) produced by various INFOSEC agencies. IN-170 Introduction to Computer Security (NSA) - - (Zipped File Size: 3.23 MB) Being renumbered as ND-170. IN-150 Introduction to Information Systems Security (NSA) - - (Zipped File Size: 2.31 MB) Being renumbered as ND-150. DOD CS-100 Introduction to Computer Security (DOD) - - (Zipped File Size: 3.35 MB) OP-301 OPSEC Fundamentals - - (Zipped File Size: 2.07 MB) Also at DIST, I visited http://www.disa.mil/ciss/itfcour.html and found the following course descriptions. Note that you can download IPMO INFOSEC course materials, in Microsoft Powerpoint format. Course Title: INFOSEC for End Users, Course Number: INFOSEC-101, Course Length: 8 Hours Course Description: This course provides a basic introduction to: major categories of threats and vulnerabilities; common examples of computer abuse; common systems vulnerabilties, good information system security practices; explains when audit trails are mandatory; basic malicious logic; basic concepts of contingency planning; goals and policy governing the automated information system environment; and gives a basic knowledge of responsibilities toward protecting information systems resources. Course Title: Operational Information Systems Security, Course Number: ND-225, Course Length: 5 days Course Description: This course provides the student with the basic tools and concepts required to: Implement and maintain an Information Systems Security (INFOSEC) program; understand the need for INFOSEC; roles and responsibilities; modes of operations; risk management; trusted systems; identification and authentication access controls; mitigating risk of equipment and storage media; malicious code; audit trails; PC and UNIX vulnerabilities; and network security. Course Title: INFOSEC for Information Systems Security Managers and Information Systems Security Officers (ISSM/ ISSO), Course Number: INFOSEC-300, Course Length: 5 days Course Description: This course focuses on: Information Systems Security Policies; roles and responsibilities; modes of operations; basic concepts of risk management; contingency planning; certification and accreditation; internetwork connectivity; access controls; auditing; Computer Security Technical Vulnerability Reporting Program (CSTVRP); Trusted Computer Systems practices, procedures, and concepts; malicious logic; network security; basic concepts of cryptography; and computer crime. Sincerely, Marshall D Abrams telephone 703-883-6938 Information Systems Security Division secretary 703-883-7794 The MITRE Corporation, W-422 facsimile 703-883-1397 1820 Dolley Madison Blvd, Mc Lean, VA 22101-3481