Position: Jr. Information Assurance Analyst
Duration: Full Time
Location- Wright Patterson Dayton, Ohio
We are looking to bring 2-3 staff to support our HIAR HIAM contract at wright Peterson Dayton, Ohio. We are looking to bring staff on full time basis. We are not looking any certification like CISSP but they need to have Security Plus
information assurance
Backfill Position of a Cyber security / Information Assurance Analyst in Monterey, CA
Location: Monterey, CA
Duration: Full Time
Active Secret security Clearance
Duties may include:
• Support an Information Systems Security, Education, Training, and Awareness Program.
• support implementation and enforcement of Information Security Policies and Procedures.
• Review and update all Information Systems Security Plans/SSPs and support certification and accreditation efforts.
• Provide technical support in the areas of vulnerability assessment, risk assessment, and security implementation.
Technical Skills:
Information Assurance
HBSS
ACAS
STIG
Retina, MacAfee
Become an Information System Security Engineer
I have been doing Information Security for about 20 years and I have notice that there are not a lot of IT professionals getting into this field. It is too bad because it is really a missed opportunity. It is a growing industry with a need for good IT professionals.
Here are few more reasons to get into it.
info assurance
Info assurance is a comprehensive approach to information security. It included risk management, information protection, operational risk, business risk, assurance technology and much more.
More on “What is Info Assurance”?
Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data. Information assurance is used as a more complete approach to information security.
Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training. Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.
Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.
By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies. But IA jobs expect specific certification(s), experience and degree. The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140. There are lots of titles that are considered within IA: System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.
Information Assurance Vulnerability Alert
The DoD information system vulnerabilities are alerted with messages called Information Assurance Vulnerability Alerts (IAVA). Vulnerabilities are evaluated to see what impact (if any) the might have and sent out by to all branches and units withing the organization. This is done in accordance with DoDD 8500.1, Information Assurance directive.
Implementation of security-related software patches directed through the DoD IAVA program shall not be delayed pending evaluation of changes that may result from the patches. — DoDI 8500.2 Compliance with DoD-directed solutions, such as USSTRATCOM Command Tasking Orders (CTOs), Information Assurance Vulnerability Alerts (IAVAs), and Information Operation Conditions (INFOCONs) shall be a management review item. — DoDI 8500.2
Information assurance vulnerability alert are technical advisories, alerts and vulnerabilities of applications, operating systems, and servers identified by DoD Computer Emergency Response Team which is a division of the United States Cyber Command.
Information Assurance Vulnerability Management (IAVM) is the process of the getting the IAVAs out to all Combatant Commands/Services/Agencies/Field Activities (CC/S/A/FAs). Specifically, the IAVM process:
- Establishes positive control of the Department of Defense (DoD) Information Assurance Vulnerability Alert (IAVA) system
- Provides access to vulnerability notifications that require action
- Requires acknowledgement of action messages
- Requires compliance and reporting status
- Tracks compliance and reporting
- Conducts random compliance checks
DoD Annex for NIAP Protection Profiles For Mobile Devices
The National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) and DISA Field Security Operations (FSO) are pleased to announce the publication of the DoD Annex for NIAP Protection Profiles for mobile devices. Mobile Device Fundamentals Protection Profile (MDFPP) is a document created through DISA/NIAP collaboration, addresses the DoD specificity to the NIST SP 800-53 controls identified in the MDFPP. As a result, the Annex in conjunction with the PP serves as a single specification, within the DoD, for security of Mobile Devices and supersedes the current DISA MOS SRG Version 1, Release 3. The publication of the Annex does not eliminate the DoD need for a product-specific Security Technical Implementation Guide (STIG); however, the results of the Common Criteria evaluation will be used to formulate a STIG. The benefit of this approach is that at the conclusion of a successful NIAP evaluation, a vendor’s product will be certified as meeting the requisite NIST SP 800-53 controls and the information needed for a STIG will be available.
The DoD Annex for NIAP Protection Profiles for mobile devices, MDFPP, is located at http://iase.disa.mil/stigs/
The scope of the DoD Annex for NIAP Protection Profiles for mobile devices is applicable to all DoD-administered systems and all systems connected to DoD networks.
According to the document:
[DoD Annex for NIAP Protection Profiles for mobile devices] does not eliminate the DoD need for a product-specific Security Technical Implementation Guide (STIG); however, the results of the Common Criteria
evaluation will be used to formulate a STIG. The benefit of this approach is that at the
conclusion of a successful NIAP evaluation, a vendor’s product will be certified as meeting the
requisite NIST SP 800-53 controls and the information needed for a STIG will be availableMobile Device Fundamentals
Approved Protection Profiles
More one Assurance Technology