Federal Information Systems Security Educators' Association


  FISSEA WORKSHOP


  FISSEA Homepage
 
  About FISSEA
 
  Workshops:
  October 12, 2005
  4th Free Workshop: Best
  Practices for Executive-Level
  Training: A Panel Discussion
 
  Archived FISSEA
  Sponsored Workshops
 
  FISSEA Bylaws
 
  2005-2006 Executive
  Board Biographies
 
  Newsletters
 
  On-line E-mail List -
  Rules & Guidance
 
  Contact FISSEA
 
  Poster, Website
  and Security
  Trinket Contest
 
  Conferences:
  March 20-21, 2006
  Bethesda North Marriott
  Hotel & Conference Center
  "Training for a Cyber Secure
  Future"

  Educator of the
  Year (EOY) Award

  EOY Award Recipients
 
  ATE Links
 

Agenda
9:00 - 9:30 Introduction (includes Activity 1)
9:30 - 9:50 How to Develop Role-Based Training
9:50 - 10:35 Small Group Exercise (Activity 2)
10:35 - 10:50 BREAK
10:50 - 11:50 Group Presentations (Activity 2 continued)
11:50 - 12:00 Summary

OUTLINE

Introduction

 1. What are the basic issues of IT Security?

  • Availability
  • Integrity
  • Confidentiality

 2. What are the key IT security risks?

 3. Who is responsible for IT security?

  • Roles defined by National Institute of Standards and Technology (NIST)

Activity 1: Class discussion to list IT security responsibilities for Managers and System Administrators, followed by hand-out and discussion of selected NIST-based requirements for the two roles:

  • How are the responsibilities similar?
  • How are the responsibilities different?

How to Develop Role-Based Training

 1. GISRA/FISMA mandates training for the roles related to Federal IT security requirements.

  • All roles share the general concepts and processes related to IT security.
  • Each role has specific IT-related performance/training requirements.

 2. Resources for identifying role-based training content

  • NIST SP 800-16 (IT Security Training Requirements: Role-Based Training)
  • NIST SP 800-16 IT Security Training Matrix
  • Agency-specific IT security regulations and procedures

Activity 2: Participants divided into two groups, Manager training and System Administrator training. The two groups subdivided into teams of 2-3 that will be assigned one task per team to develop training solutions. Working with flip charts, each team will identify and describe the:

  • Learning objective
  • Presentation mode(s)
  • Individual or group learning/practice activity
  • Learning measurement strategy

Each team will present its training solution to the combined group for discussion and feedback.

Summary

The key steps in developing role-based training will be reviewed, together with resources for identifying performance requirements and content topics.

Follow-up

Following the workshop, the training solutions will be turned into digital files that can be e-mailed to the FISSEA membership list and/or reproduced in the FISSEA newsletter as part of the workshop report.

back to Workshop Announcement page

 
FISSEA Homepage
Last updated: August 23, 2003
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to sectraining-info@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration