Information
NSTISSI No. 4011 20 June 1994
NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY
NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS
NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY
NATIONAL MANAGER
FOREWORD
1. This instruction provides the minimum course content for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications security and automated information systems (AIS) security. 2. Representatives of the National Security Telecommunications and Information Systems Security Committee may obtain additional copies of this instruction from: Executive Secretariat National Security Telecommunications and Information Systems Security Committee National Security Agency Fort George G. Meade, MD 20755-6000 3. U.S. Government contractors are to contact their appropriate government agency or Contracting Officer Representative regarding distribution of this document.
J. M. McCONNELL Vice Admiral, U.S. Navy
NSTISSI No. 4011
NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS
PURPOSE . . . . . . . . SCOPE AND APPLICABILITY REFERENCES. . . . . . . RESPONSIBILITIES. . . . TRAINING STANDARD . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
SECTION I II III IV V
SECTION I - PURPOSE 1. This instruction establishes the minimum training standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security.
SECTION II - SCOPE AND APPLICABILITY 2. National Security Telecommunications and Information Systems Security Directive No. 501 establishes the requirement for federal departments and agencies to implement training programs for INFOSEC professionals. As defined in NSTISSD 501, an INFOSEC professional
NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY
NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS
NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY
NATIONAL MANAGER
FOREWORD
1. This instruction provides the minimum course content for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications security and automated information systems (AIS) security. 2. Representatives of the National Security Telecommunications and Information Systems Security Committee may obtain additional copies of this instruction from: Executive Secretariat National Security Telecommunications and Information Systems Security Committee National Security Agency Fort George G. Meade, MD 20755-6000 3. U.S. Government contractors are to contact their appropriate government agency or Contracting Officer Representative regarding distribution of this document.
J. M. McCONNELL Vice Admiral, U.S. Navy
NSTISSI No. 4011
NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS
PURPOSE . . . . . . . . SCOPE AND APPLICABILITY REFERENCES. . . . . . . RESPONSIBILITIES. . . . TRAINING STANDARD . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
SECTION I II III IV V
SECTION I - PURPOSE 1. This instruction establishes the minimum training standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security.
SECTION II - SCOPE AND APPLICABILITY 2. National Security Telecommunications and Information Systems Security Directive No. 501 establishes the requirement for federal departments and agencies to implement training programs for INFOSEC professionals. As defined in NSTISSD 501, an INFOSEC professional
References: [CHR90]Interview with Agent Jim Christy, Chief, Air Force Office of Special Investigations, Computer Crime Division, 26 March 1990. [DOD85]Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Department of Defense, Washington, DC, December 1985. [DOJ88]Basic Considerations in Investigating and Proving Computer-Related Federal Crimes, U.S. Department of Justice, Justice Management Division, Washington, DC, November 1988. [HIG89]Higgins, John C., Information Security as a Topic in Undergraduate Education of Computer Scientists, Proceedings of the 12th National Computer Security Conference, November 1989. [MAC89]Maconachy, W.V., Computer Security Education, Training, and Awareness: Turning a Philosophical Orientation into Practical Reality, Proceedings of the 12th National Computer Security Conference, November 1989. [OTA87]U.S. Congress, Office of Technology Assessment, Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information, OTA-CIT-310, Washington, DC, U.S. Government Printing Office, October 1987. [PFL89]Pfleeger, Charles P., Security in Computing, PrenticeHall, 1989. ANNEX TO NSTISSI No. 4011