- Smartphone smackdown: Storm vs. iPhone
- Cisco fights to keep No. 1 spot
- 10 IT security companies to watch
- Researchers take a step in quantum computing
- Making the Wi-Fi connection
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
Recent MSIA graduate Jacqueline R. Tregre is a senior information assurance engineer with the U.S. Army in Arizona. She has very kindly contributed the following article to the column. The remainder of today’s posting is entirely her work (with minor edits).
* * *
How much training is enough? The U.S. Department of Defense put its considerable resources into that very question and produced a manual, "Information Assurance Workforce Improvement Program." Publicly available, the manual calls for industry-standard certifications (and implicitly for the training to attain them) for both the technical personnel that actually put hands on systems, and for the management personnel responsible for running an organization's information assurance (IA) program.
This development is important to private industry because if these levels of certification are required for the operation of the government, then it is reasonable to believe these levels will eventually become a de facto standard for industry.
The Defense Department manual defines categories and specialties within the IA workforce, and certifications in both the computing and/or network environments and in the IA arena. For example, an enterprise administrator (Domain / Forest Administrator) should be certified in the operating system that he or she administers, plus any applications administered in that computing environment.
Furthermore, due to the extensive responsibilities of the individual, the manual demands that administrators (technically IAT-III, standing for IA Technical Level III) obtain suitable certifications. Options include CISSP, CISA, SCNA.
The IA Manager category, or IAM, is responsible for IA policy, procedures, and the IT workforce structure and training. The IAM-III requires the GSLC, the CISM, or the CISSP. Certifications such as these demonstrate that your IAM has the broadly scoped knowledge necessary to make prudent and reasonable decisions in information and network security policies and procedures.
The manual's certification requirements for Level III are the highest-level requirements; it also recognizes Levels II and I. These roughly correlate to Enterprise Level (III), Network Level (II), and System Level (I). The manual elaborates further on position requirements such as experience, knowledge, supervision, and other requirements, such as independence in actions. For example, the IAT-I works entirely within established policies and procedures, while the IAT-II "relies on experience and judgment to plan and accomplish goals within the [Network Environment]."
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (9)
DOD ContractorBy SEAJ on August 13, 2008, 1:01 pmI have been working with the DOD and most recently Army as a IT defense contractor the last 2.5 years. I personally agree with this transition. Many have made...
Reply | Read entire comment
I may be in bad mood but..By tuomoks on July 23, 2008, 2:58 amFirst, I'm not a big fan of certificates, just have 2 feet pile of them (from 70's and 80's - heh!) But - on low level jobs they at least show that you are interested?...
Reply | Read entire comment
This IIP is a British organizationBy DOD security guy on July 22, 2008, 8:52 pmThis IIP institute is a British organization. Within DOD, ASIS has the Certified Protection Professional (CPP) and NCMS has the Industrial Security Professional...
Reply | Read entire comment
Certs available at no cost . . By Jacqueline Tregre on July 21, 2008, 3:40 pmThe DoD has provided funds and test vouchers to its Services, so the training and the certification is at no cost to the individual.
Reply | Read entire comment
DOD Providing Certification RecommendationsBy Anonymous on July 18, 2008, 8:32 pmA step in the right direction but nothing more than that. I have sat many of the listed certifications but found that a Masters Degree to have been the most challenging...
Reply | Read entire comment
View all comments