• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

information assurance degree online

Who has the authority to appoint an IAM (ISSM)

March 18, 2015 by Bruce Brown Leave a Comment

Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?

An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM).  The program manager, system manager or component commanders appoints the Information security security manager in writing.

According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.

In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2

The Army currently uses AR 25-2, Information Assurance (being replaced).  The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.

IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.

 

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance, information assurance degree online, Information Assurance Jobs, Risk Management For DoD IT, roles Tagged With: IAM, ISSM

info assurance

February 11, 2014 by Bruce Brown Leave a Comment

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.

Filed Under: Assurance Technology, Information Assurance, information assurance degree online, Information Assurance Jobs, operational risk Tagged With: army information assurance, IA, ia jobs, IAM, IAO, info assurance, information assurance, information assurance air force, information protection, ISSM, ISSO, system security plan

security engineer

January 22, 2014 by Bruce Brown 1 Comment

System Security Engineer is a critical job in the cyberspace workforce.  As information technology has become a centerpiece for our lives, the security of IT has been more and more in demand.  A security engineer is expected to have a working understanding of IT enough to be able to strike a balance between operational functionality and application security controls.

System Security Engineer (ISSE, CSSE, SSE I/S Security Engineer) actually can mean anything.. So you actually need to read the job description.  But in this post, I am referring to SSE from the perspective Risk Management and DIARMF.

DIARMF Select balance
DIARMF
blog.eircomforbusiness.com/profile/Andy (andy O’Kelly, eircomforbusiness.com)

And Risk Management SSE needs to be savvy enough with the operational needs and security needs to balance the risk.  While a security engineer does not take risks of the organization they work for, they do consult the decision makers that do take risks.

Many security engineers are not hands on.  Meaning they might not touch the servers or configure routers, but they must know enough to orchestrate the over all security of the organization or system they are assigned to.

System Security Engineering Tasks

I have been in system security engineer positions where I did have hands-on tasks working directly with the system administrators and I have had some where I rarely even seen the systems that I wrote system security plans for.

System Security Engineers do consultation where they are working directly with information owners, project managers, information system security managers or technical security practitioners to come up with the most cost effective strategy for applying security controls with a certain level of effort within a certain time constraint.   A good security engineer understands all these factors and make sure the decision makers are well informed.  As an SSE the last thing you want to do is a prima madonna and attempt to put security beyond the scope of the operational mission.  And don’t be a hero, even if you really care about the mission you must ALWAYS remember the risk is not yours to bear and neither is the decision of what security controls (if any) will be applied.

Tasks of a system security engineer  

System security engineers do system security related documentation such as system security plans, plan of action and milestones, security assessment reports and other supporting documentation.

A day in the life of a system security engineer might consist of attending configuration management meetings, meeting with system administrators to address new challenges, writing authorization packages, coordinating with other units to complete an authorization package, reading the latest change to a regulation or organizational standard, WRITING an organizational standard and in some cases they are actually doing security administration on some system.

CYBER System Security Engineer (CSSE)

With Dod 8140 and the cyber-ization of the every goddamn thing! I believe the new term will be CYBER System Security Engineer (CSSE) and in the past it was commonly refer to as an Information System Security Engineer (ISSE).

As stated above and SSE can be just about anything computer security related.  I have been a SSE and done nothing put paperwork but also been an SSE and done mostly installations of system security controls.  My former co-worker just got a position as an Information System Security Engineer (I/SE) and he will be doing all ArcSight admin stuff.

Filed Under: Information Assurance, information assurance degree online, Information Assurance Jobs, risk jobs Tagged With: entry level information assurance jobs, ia jobs, information assurance jobs, security engineer

information assurance awareness certificate

January 21, 2014 by Bruce Brown Leave a Comment

One of the most unavoidable rituals of getting an account on any Defense network is getting a “information assurance awareness certificate”.

Information Assurance Awareness Certificate Pages:

  • iase.disa.mil/index2.html

  • Army: ia.signal.army.mil/DoDIAA

The test is about 20 knowledge based questions that are fairly easy.  Even if you are not familiar with the way Defense does things, you can just take the test a few times until you pass it.

information assurance awareness certificate
information assurance awareness certificate

Here are some examples of the information assurance awareness certificate:

information assurance awareness certificate
information assurance awareness certificate
information assurance awareness certificate
information assurance awareness certificate

 

 

Filed Under: DIARMF, information assurance degree online, Information Assurance Jobs Tagged With: IA, info assurance, info assure, informaiton assurance, information assurance, Information Assurance Awareness, information assurance awareness certificate

Information Assurance Degree Online

January 18, 2014 by Bruce Brown Leave a Comment

Information Assurance Degree Online

There is no replacement for good, solid experience in Information Assurance, but an Information Assurance Degree Online is a great way to  put you ahead of the competition or even start your career in the ever expanding and never ending world of Information System Security.

I have been doing this for well over a decade, and let me tell you IT IS A VERY SOLID living.  And there are two main reasons for this:

  1. Sensitive Information:  Since Information Assurance typically involves doing work for the government and working with sensitive information, you don’t have to worry about outsourcing to India or China.  You will often HAVE to be a U.S. Citizen and need a security clearance to do the work.  I am not sure how this works in other countries but I will be its the same.  If you are UK for example or India (for that matter) they will require you to be a citizen of the applicable country to work on classified projects.
  2. Security on Critical Systems:  As information systems become more critical to every aspect of our lives so does Information Assurance.  So the work because more and more are needed.

There used to be some sort of stigma about online degrees because of all the scam paper degrees from fake, unaccredited companies that started cropping up with the rise of then Internet.  But now everyone has jumped on the bandwagon: Stanford, Harvard, MIT all have accelerated courses and online programs.  Few colleges take adult education serious enough to include something as specialized as “Information Assurance”.   If you have kids, or work full time, or are in the Armed services, those few colleges that are include an information assurance degree online are truly a blessing.

So now that we know how great an opportunity Information Assurance is, lets talk about what information assurance degree online to get!

For top Information Assurance Online Degrees, look for university programs that have been awarded National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency’s Information Assurance Courseware Evaluation program.

http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml

http://www.nsa.gov/IA/ACADEMIC_OUTREACH/IACE_PROGRAM/INDEX.SHTML

information assurance degree online wgu
information assurance degree online wgu

Western Governors University Information Assurance Degree Online – I have heard GREAT things about WGU.  Their tuition cost is UNBEATABLE!  When I first heard how much it cost I thought it was a scam, but once I read more and talked to a counselor I realized they are legit.  Their Information assurance degree online program is certified by the National Security Agency’s Information Assurance Courseware Evaluation program.   The most incredible thing about WGU is that they take IT certifications as credits.  That combined with the VERY affordable cost will force you to get off your ass and get a Information Assurance degree!

Here are some of the IT Certs they will take toward your degree:

  • Cisco Certified Entry Network Technician (CCENT)
    EC-Council Ethical Hacking and Countermeasures (EC0-350)
    EC-Council Computer Hacking Forensic Investigator (EC0-349)

  • http://www.wgu.edu/online_it_degrees/information_security_assurance_degree

 

Capella University Information Assurance Degree Online
Capella University Information Assurance Degree Online

Capella University Information Assurance Degree Online – Capella is on of the top degree programs for Information Assurance degrees online.  Its is consistently picked as a National Center of Academic Excellence in Information Assurance Education (CAE/IAE) by the National Security Agency and the U.S. Department of Homeland Security each year.  If you already have a Certified Information System Security Professional (CISSP) certification and have been doing Information Assurance work, they will legitimately knock off the amount of credits you have to do.

http://www.capella.edu/online-degrees/masters-information-assurance-security/

For more top Information Assurance Online Degrees, look for university programs that have been awarded National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency’s Information Assurance Courseware Evaluation program.

http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml

http://www.nsa.gov/IA/ACADEMIC_OUTREACH/IACE_PROGRAM/INDEX.SHTML

 

Other notable universities with Information Assurance Degrees Online:

Regis IA Degree Online 

Filed Under: Information Assurance, information assurance degree online Tagged With: IA, information assurance, information assurance degree, information assurance degree online, information assurance degree program

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in