ConvoCourses

Cyber Security Compliance and IT Jobs

information assurance degree online

Who has the authority to appoint an IAM (ISSM)

by Leave a Comment

Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?

An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM).  The program manager, system manager or component commanders appoints the Information security security manager in writing.

According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.

In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2

The Army currently uses AR 25-2, Information Assurance (being replaced).  The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.

IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.

 

info assurance

by Leave a Comment

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.

security engineer

by 1 Comment

System Security Engineer is a critical job in the cyberspace workforce.  As information technology has become a centerpiece for our lives, the security of IT has been more and more in demand.  A security engineer is expected to have a working understanding of IT enough to be able to strike a balance between operational functionality and application security controls.

System Security Engineer (ISSE, CSSE, SSE I/S Security Engineer) actually can mean anything.. So you actually need to read the job description.  But in this post, I am referring to SSE from the perspective Risk Management and DIARMF.

DIARMF Select balance
DIARMF
blog.eircomforbusiness.com/profile/Andy (andy O’Kelly, eircomforbusiness.com)

And Risk Management SSE needs to be savvy enough with the operational needs and security needs to balance the risk.  While a security engineer does not take risks of the organization they work for, they do consult the decision makers that do take risks.

Many security engineers are not hands on.  Meaning they might not touch the servers or configure routers, but they must know enough to orchestrate the over all security of the organization or system they are assigned to.

System Security Engineering Tasks

I have been in system security engineer positions where I did have hands-on tasks working directly with the system administrators and I have had some where I rarely even seen the systems that I wrote system security plans for.

System Security Engineers do consultation where they are working directly with information owners, project managers, information system security managers or technical security practitioners to come up with the most cost effective strategy for applying security controls with a certain level of effort within a certain time constraint.   A good security engineer understands all these factors and make sure the decision makers are well informed.  As an SSE the last thing you want to do is a prima madonna and attempt to put security beyond the scope of the operational mission.  And don’t be a hero, even if you really care about the mission you must ALWAYS remember the risk is not yours to bear and neither is the decision of what security controls (if any) will be applied.

Tasks of a system security engineer  

System security engineers do system security related documentation such as system security plans, plan of action and milestones, security assessment reports and other supporting documentation.

A day in the life of a system security engineer might consist of attending configuration management meetings, meeting with system administrators to address new challenges, writing authorization packages, coordinating with other units to complete an authorization package, reading the latest change to a regulation or organizational standard, WRITING an organizational standard and in some cases they are actually doing security administration on some system.

CYBER System Security Engineer (CSSE)

With Dod 8140 and the cyber-ization of the every goddamn thing! I believe the new term will be CYBER System Security Engineer (CSSE) and in the past it was commonly refer to as an Information System Security Engineer (ISSE).

As stated above and SSE can be just about anything computer security related.  I have been a SSE and done nothing put paperwork but also been an SSE and done mostly installations of system security controls.  My former co-worker just got a position as an Information System Security Engineer (I/SE) and he will be doing all ArcSight admin stuff.

information assurance awareness certificate

by Leave a Comment

One of the most unavoidable rituals of getting an account on any Defense network is getting a “information assurance awareness certificate”.

Information Assurance Awareness Certificate Pages:

  • iase.disa.mil/index2.html

  • Army: ia.signal.army.mil/DoDIAA

The test is about 20 knowledge based questions that are fairly easy.  Even if you are not familiar with the way Defense does things, you can just take the test a few times until you pass it.

information assurance awareness certificate
information assurance awareness certificate

Here are some examples of the information assurance awareness certificate:

information assurance awareness certificate
information assurance awareness certificate
information assurance awareness certificate
information assurance awareness certificate

 

 

Information Assurance Degree Online

by Leave a Comment

Information Assurance Degree Online

There is no replacement for good, solid experience in Information Assurance, but an Information Assurance Degree Online is a great way to  put you ahead of the competition or even start your career in the ever expanding and never ending world of Information System Security.

I have been doing this for well over a decade, and let me tell you IT IS A VERY SOLID living.  And there are two main reasons for this:

  1. Sensitive Information:  Since Information Assurance typically involves doing work for the government and working with sensitive information, you don’t have to worry about outsourcing to India or China.  You will often HAVE to be a U.S. Citizen and need a security clearance to do the work.  I am not sure how this works in other countries but I will be its the same.  If you are UK for example or India (for that matter) they will require you to be a citizen of the applicable country to work on classified projects.
  2. Security on Critical Systems:  As information systems become more critical to every aspect of our lives so does Information Assurance.  So the work because more and more are needed.

There used to be some sort of stigma about online degrees because of all the scam paper degrees from fake, unaccredited companies that started cropping up with the rise of then Internet.  But now everyone has jumped on the bandwagon: Stanford, Harvard, MIT all have accelerated courses and online programs.  Few colleges take adult education serious enough to include something as specialized as “Information Assurance”.   If you have kids, or work full time, or are in the Armed services, those few colleges that are include an information assurance degree online are truly a blessing.

So now that we know how great an opportunity Information Assurance is, lets talk about what information assurance degree online to get!

For top Information Assurance Online Degrees, look for university programs that have been awarded National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency’s Information Assurance Courseware Evaluation program.

http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml

http://www.nsa.gov/IA/ACADEMIC_OUTREACH/IACE_PROGRAM/INDEX.SHTML

information assurance degree online wgu
information assurance degree online wgu

Western Governors University Information Assurance Degree Online – I have heard GREAT things about WGU.  Their tuition cost is UNBEATABLE!  When I first heard how much it cost I thought it was a scam, but once I read more and talked to a counselor I realized they are legit.  Their Information assurance degree online program is certified by the National Security Agency’s Information Assurance Courseware Evaluation program.   The most incredible thing about WGU is that they take IT certifications as credits.  That combined with the VERY affordable cost will force you to get off your ass and get a Information Assurance degree!

Here are some of the IT Certs they will take toward your degree:

 

Capella University Information Assurance Degree Online
Capella University Information Assurance Degree Online

Capella University Information Assurance Degree Online – Capella is on of the top degree programs for Information Assurance degrees online.  Its is consistently picked as a National Center of Academic Excellence in Information Assurance Education (CAE/IAE) by the National Security Agency and the U.S. Department of Homeland Security each year.  If you already have a Certified Information System Security Professional (CISSP) certification and have been doing Information Assurance work, they will legitimately knock off the amount of credits you have to do.

http://www.capella.edu/online-degrees/masters-information-assurance-security/

For more top Information Assurance Online Degrees, look for university programs that have been awarded National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency’s Information Assurance Courseware Evaluation program.

http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml

http://www.nsa.gov/IA/ACADEMIC_OUTREACH/IACE_PROGRAM/INDEX.SHTML

 

Other notable universities with Information Assurance Degrees Online:

Regis IA Degree Online