NIST Computer Security Resource Clearinghouse
 
 

 Federal Information Systems Security
Educators’ Association (FISSEA)
Nomination Letter--Educator of the Year

Nomination
 I nominate the following group
     Dorothea de Zafra
     John Tressler
     Sadie Pitcher
     John B. Ippolito
 as FISSEA Educators of the Year.

The recent completion of the "final draft" of the training guideline which will replace NIST Special Publication 500-172 (Computer Security Training Guidelines) marks a major milestone in FISSEA's growth as a professional organization.  FISSEA can take great pride in the fact that it served not only as a catalyst for the development of this critically needed successor guideline, but also chartered a working group to actually produce it.  This guideline, "Information Technology Security Training Requirements: A Role- and Performance-based Model," will soon be issued as NIST Special Publication 800-16.  It could not have been completed without hundreds of hours of hard work and personal sacrifice on the part of the FISSEA working group which produced it after more than four years of intensive effort.  Working drafts of this guideline already have won wide acceptance and, as a result, the publication will serve as a true "training road-map."  In addition, efforts undertaken with the national security community during the development process have allowed their needs to be addressed directly and incorporated seamlessly into the final product, offering the hope that a single document will serve as the training reference in both defense and civilian agency communities. Therefore, it seems fitting that the FISSEA working group which developed the new training guideline be recognized as recipients of the FISSEA "Educators of the Year Award" to be awarded in March, 1998.  These individuals, who are the first to point to the many contributions which their colleagues outside of the working group have made to it, truly have achieved a remarkable accomplishment.  They have worked together as a team in an exceedingly effective manner, and this document could not have been completed without their individual and collective contributions.  In fact, it is because of the sustained, unique and crucial synergy developed by and among the four working group members that it is possible only to nominate the entire team.

Now that NIST Special Publication 800-16 is being readied for publication, its full significance will become readily apparent.  For the first time, it is expected that role-based training modules can be developed reliably and completely.  The distinction between awareness and training will be clear to all.  The lucid description of a learning continuum, with levels of learning, has received much attention and will serve as a model to other educators in diverse fields.  Because of the very detailed outlines for developing training modules at the "Basics and Literacy" levels, as well as at the higher levels of role- based training, IT Security professionals will be equipped to develop and conduct training courses and materials with confidence, reproducibility and cohesion across organizational lines.  As well, they are encouraged directly to evaluate both individual courses and the overall IT security training program, thus documenting in business terms the benefit of the educational investment.  Finally, because of its extensibility, the training guideline will be able to serve the IT Security profession for years to come.

Beyond the excellent technical content, this document also holds a compelling and formidable challenge for us, the IT Security community, to embrace the distilled concepts, follow the "road-map" and add our own energy and imagination to do something truly bold.  For me, that bold something is the building of a common understanding, not only among ourselves but between and among Human Resources professionals, managers and IT auditors, that the information and strategy contained in the document are sound and are an appropriate basis for elaboration of "best practices" which should infuse job descriptions, personal evaluations / training plans, and formal audit procedures.  In its elicitation of a response to this challenge, the document may well accomplish the outcome most prized by all educators: to change individual behavior for the better.


Top of Page   Back to FISSEA Page   CSRC Home Page
Back to Organization's Page   NIST's Homepage
Please send comments or suggestions to webmaster-csrc@nist.rip.
Last Modified: July 25, 2001.