"Computer Security Training & Awareness Course Compendium", 1994
a4b858e11173412d23a52dd7f265594113c10852430b16d710d1dcf1cc47abee TABLE OF CONTENTS
COURSE TITLE
COURSE NAME PAGE
A FRAUD UPDATE: FORENSIC AND INVESTIGATIVE AUDITING. . . . . . 24
A PRACTICAL APPROACH TO CERTIFYING A SYSTEM. . . . . . . . . . 83
ADP SECURITY OFFICERS (ADPSO) CONCEPTS . . . . . . . . . . . 2
ADVANCED DATA COMM NETWORKS: SECURITY/AUDITABILITY . . . . . . 55
ADVANCED EDP AUDITING - GBA 577. . . . . . . . . . . . . . . . 79
ADVANCED TECHNOLOGY CONFERENCE . . . . . . . . . . . . . . . . 10
ADVANCED NETWORK SECURITY ARCHITECTURE . . . . . . . . . . . . 75
AIS SECURITY STRATEGIES. . . . . . . . . . . . . . . . . . . . 60
APPLICATION SECURITY REVIEWS . . . . . . . . . . . . . . . . . 30
ARCHITECTURE FOR SECURE SYSTEMS. . . . . . . . . . . . . . . . 73
AUDIT SOFTWARE FOR THE 21ST CENTURY. . . . . . . . . . . . . . 48
AUDIT AND SECURITY OF CLIENT/SERVER ARCHITECTURES. . . . . . . 24
AUDIT AND SECURITY OF RELATIONAL DATABASES AND APPLICATIONS. . 57
AUDIT AND CONTROL OF END-USER COMPUTING (EUC). . . . . . . . . 40
AUDIT AND CONTROL OF ELECTRONIC DATA INTERCHANGE . . . . . . . 39
AUDIT, CONTROL, AND SECURITY OF LAN AND MAINFRAME CONNECTIVITY 31
AUDITING EDI APPLICATIONS. . . . . . . . . . . . . . . . . . . 47
AUDITING THE DATA CENTER FOR CONTROLS, EFFICIENCY, AND
COST-EFFECTIVENESS . . . . . . . . . . . . . . . . . . . . 68
AUDITING THE DATA CENTER (M2020) . . . . . . . . . . . . . . . 36
AUDITING FRAUD: PREVENT, DETECT, & CONTROL . . . . . . . . . . 54
AUDITING ADVANCED INFORMATION TECHNOLOGY . . . . . . . . . . . 51
AUDITING CLIENT/SERVER TECHNOLOGY. . . . . . . . . . . . . . . 49
AUDITING SYSTEM DEVELOPMENT: NEW TECHNIQUES FOR NEW TECHNOLOGIES 47
AUDITING DATACOMM NETWORKS . . . . . . . . . . . . . . . . . . 50
AUDITING INFORMATION SYSTEMS . . . . . . . . . . . . . . . . . 41
AUDITING THE SYSTEMS DEVELOPMENT PROCESS . . . . . . . . . . . 70
BASIC SECURITY FOR PC USERS . . . . . . . . . . . . . . . . . 44
BASICS OF COMPUTER SECURITY. . . . . . . . . . . . . . . . . . 18
BECOMING AN EFFECTIVE DATA SECURITY OFFICER. . . . . . . . . . 53
BUILDING INFORMATION SECURITY AWARENESS. . . . . . . . . . . . 27
BUSINESS RESUMPTION PLANNING (M2046) . . . . . . . . . . . . . 21
BUSINESS FRAUD (M2008) . . . . . . . . . . . . . . . . . . . . 38
BUSINESS IMPACT ANALYSIS . . . . . . . . . . . . . . . . . . . 85
BUSINESS IMPACT ANALYSIS (M2044) . . . . . . . . . . . . . . . 21
CASE STUDIES IN MULTILEVEL SECURE NETWORKING . . . . . . . . . 13
COMMUNICATION SECURITY PRINCIPLES & PRACTICES. . . . . . . . . 66
COMMUNICATIONS TECHNOLOGIES. . . . . . . . . . . . . . . . . . 86
COMPREHENSIVE INFOSEC SEMINAR. . . . . . . . . . . . . . . . . 66
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
COMPUTER VIRUSES SEMINAR . . . . . . . . . . . . . . . . . . . 84
COMPUTER SECURITY FOR THE END-USER . . . . . . . . . . . . . . 80
COMPUTER SECURITY. . . . . . . . . . . . . . . . . . . . . . . 32
COMPUTER SECURITY SEMINAR. . . . . . . . . . . . . . . . . . . 64
COMPUTER CRIME & INDUSTRIAL ESPIONAGE. . . . . . . . . . . . . 82
COMPUTER SECURITY AWARENESS TRAINING . . . . . . . . . . . . . 3
COMPUTER SECURITY FOR EXECUTIVES . . . . . . . . . . . . . . . 3
COMPUTER SECURITY FOR SECURITY AND MIS PROFESSIONALS . . . . . 43
COMPUTER SECURITY AND PRIVACY. . . . . . . . . . . . . . . . . 67
COMPUTER SECURITY FOR END USERS. . . . . . . . . . . . . . . . 2
COMPUTER SECURITY. . . . . . . . . . . . . . . . . . . . . . . 35
COMPUTER VIRUSES, TROJAN HORSES, AND LOGIC BOMBS . . . . . . . 61
COMPUTER SECURITY IN APPLICATION SOFTWARE. . . . . . . . . . . 34
COMPUTER VIRUSES: DETECT, PREVENT, CURE INFECTIONS . . . . . . 69
COMPUTER FRAUD (M2010) . . . . . . . . . . . . . . . . . . . . 38
COMPUTER SECURITY EXECUTIVE OVERVIEW . . . . . . . . . . . . . 1
COMPUTER SECURITY SYSTEMS I - CS 229 . . . . . . . . . . . . . 58
COMPUTER SECURITY AWARENESS (CBT). . . . . . . . . . . . . . . 7
COMPUTER SECURITY FOR MANAGERS . . . . . . . . . . . . . . . . 30
COMPUTER VIRUSES . . . . . . . . . . . . . . . . . . . . . . . 31
COMPUTER SECURITY FOR SECURITY & ADP PROGRAM MANAGERS. . . . . 17
COMPUTER SECURITY AWARENESS. . . . . . . . . . . . . . . . . . 6
COMPUTER SECURITY & CONTINGENCY PLANNING . . . . . . . . . . . 51
COMPUTER SECURITY FOR MANAGERS SEMINAR . . . . . . . . . . . . 53
COMPUTER SECURITY FOR SECURITY OFFICERS. . . . . . . . . . . . 62
COMPUTER SECURITY SYSTEMS II - CS 329. . . . . . . . . . . . . 58
COMSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
CONTINUITY OF OPERATIONS/DISASTER RECOVERY PLANNING: PART I. . 8
CONTINUITY OF OPERATIONS/DISASTER RECOVERY PLANNING: PART II WORKSHOP 30
CONTROL AND SECURITY OF LOCAL AREA NETWORKS. . . . . . . . . . 52
CONTROL AND SECURITY OF LANS . . . . . . . . . . . . . . . . . 50
DATA CENTER RECOVERY PLANNING (M2040). . . . . . . . . . . . . 20
DATA COMMUNICATIONS SECURITY . . . . . . . . . . . . . . . . . 28
DATA SECURITY PLANNING: STRATEGIES FOR EFFECTIVE INFORMATION SECURITY
(W9898). . . . . . . . . . . . . . . . . . . . . . . . . . 22
DATA SECURITY PLANNING . . . . . . . . . . . . . . . . . . . . 68
DATABASE SECURITY SEMINAR. . . . . . . . . . . . . . . . . . . 65
DETECTING AND PREVENTING COMPUTER FRAUD. . . . . . . . . . . . 11
DEVELOPING COMPUTER SECURITY POLICIES & PROCEDURES . . . . . . 28
DISASTER RECOVERY PLANNING . . . . . . . . . . . . . . . . . . 70
DISASTER RECOVERY PLANNING: STRATEGIES TO DEVELOP & MAINTAIN PROVABLE
RECOVERY CAPABILITY (W9912). . . . . . . . . . . . . . . . . . 20
EDI: New Frontiers For Auditors. . . . . . . . . . . . . . . . 56
EDP AUDITING - CIS 433 . . . . . . . . . . . . . . . . . . . . 78
EDP CONCEPTS FOR BUSINESS. . . . . . . . . . . . . . . . . . . 6
EDP AUDITING: THE FIRST STEP . . . . . . . . . . . . . . . . . 52
EXECUTIVE AIS SECURITY BRIEFING. . . . . . . . . . . . . . . . 8
FEDERAL AIS COMPUTER SECURITY REQUIREMENTS . . . . . . . . . . 4
FUNDAMENTALS OF COMPUTER SECURITY FOR FEDERAL INFORMATION SYSTEMS 64
HOW TO MANAGE AN INFORMATION SECURITY PROGRAM: A GUIDE FOR NEWLY
APPOINTED MANAGERS . . . . . . . . . . . . . . . . . . . . 23
IMPLEMENTING & MANAGING A COMPUTER SECURITY PROGRAM. . . . . . 19
IMPLEMENTING AND TESTING THE DISASTER RECOVERY PLAN. . . . . . 88
INFORMATION RISK ASSESSMENT AND SECURITY MANAGEMENT - CSMN 655 82
INFORMATION POLICY - CS 230. . . . . . . . . . . . . . . . . . 63
INFORMATION SECURITY PRINCIPLES AND PRACTICES. . . . . . . . . 17
INFORMATION SYSTEMS AUDIT WORKSHOP . . . . . . . . . . . . . . 49
INFORMATION RISK ASSESSMENT & SECURITY MANAGEMENT. . . . . . . 3
INFORMATION SYSTEMS SECURITY (CSI 214) . . . . . . . . . . . . 81
INFORMATION SYSTEMS SEMINAR FOR INTERNAL AUDITORS. . . . . . . 4
INFORMATION SECURITY AND POLICY. . . . . . . . . . . . . . . . 32
INFOSEC FOUNDATIONS SEMINAR. . . . . . . . . . . . . . . . . . 54
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
INFOSEC EVALUATIONS USING FORMAL METHODS . . . . . . . . . . . 76
INTEGRATED AUDITING: THE BASICS. . . . . . . . . . . . . . . . 42
INTRODUCTION TO COMPUTER SECURITY FOR NON-ADP MANAGERS . . . . 16
INTRODUCTION TO COMPUTER SECURITY FOR FIRST-LEVEL SUPERVISORS. 16
INTRODUCTION TO SOFTWARE VERIFICATION. . . . . . . . . . . . . 76
INTRODUCTION TO EDP AUDITING (M2022) . . . . . . . . . . . . . 37
INTRODUCTION TO LAN SECURITY . . . . . . . . . . . . . . . . . 10
INTRODUCTION TO AUDITING MICROS AND LANS: CONTROLLING END-USER
COMPUTING. . . . . . . . . . . . . . . . . . . . . . . . . 43
INTRODUCTION TO SECURE SYSTEMS . . . . . . . . . . . . . . . . 34
KEEPING OUT OF TROUBLE WITH THE SOFTWARE POLICE. . . . . . . . 9
LAN SECURITY (M2006) . . . . . . . . . . . . . . . . . . . . . 37
LAN SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . 90
LAN TUNING AND PERFORMANCE FOR AUDIT AND SECURITY PERSONNEL. . 57
LAN SECURITY OVERVIEW. . . . . . . . . . . . . . . . . . . . . 9
LAN SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . 28
LEGAL ENVIRONMENT OF INFORMATION SYSTEMS - GBA 560 . . . . . . 79
MANAGING COMPUTER SECURITY-MERGERSS, ACQISITIONS, AND DIVESTITURES 67
MANAGING THE ACQUISITION OF MLS RESOURCES. . . . . . . . . . . 14
MANAGING AND DEVELOPING A DISASTER RECOVERY PLAN . . . . . . . 87
MANAGING AN ORGANIZATION-WIDE INFORMATION SECURITY PROGRAM . . 27
MARKETPLACE IMPLICATIONS OF THE EVOLUTION OF EVALUATION CRITERIA 7
MICRO SECURITY FOR INFORMATION SYSTEMS SECURITY ANALYSTS . . . 35
MICROCOMPUTER SECURITY . . . . . . . . . . . . . . . . . . . . 7
MICROCOMPUTER SECURITY . . . . . . . . . . . . . . . . . . . . 62
MODEL INTERPRETATIONS. . . . . . . . . . . . . . . . . . . . . 75
NETWORK AUDITING (M2034) . . . . . . . . . . . . . . . . . . . 35
NETWORK SECURITY ARCHITECTURE. . . . . . . . . . . . . . . . . 74
NETWORK RECOVERY PLANNING (M2056). . . . . . . . . . . . . . . 22
NETWORK SECURITY . . . . . . . . . . . . . . . . . . . . . . . 77
NETWORK SECURITY SEMINAR . . . . . . . . . . . . . . . . . . . 65
NEW FRONTIERS FOR AUDITORS . . . . . . . . . . . . . . . . . . 56
ON-LINE, DISTRIBUTED COMMUNICATIONS SYSTEMS: CONTROL, AUDIT & SECURITY 55
OPERATING SYSTEM SECURITY CONCEPTS . . . . . . . . . . . . . . 72
OPERATIONAL NETWORK SECURITY SEMINAR . . . . . . . . . . . . . 84
PC/LAN RECOVERY PLANNING (M2042) . . . . . . . . . . . . . . . 20
PC/LAN AUDITING (M2028). . . . . . . . . . . . . . . . . . . . 36
PC SECURITY (M2004). . . . . . . . . . . . . . . . . . . . . . 37
PC SECURITY. . . . . . . . . . . . . . . . . . . . . . . . . . 89
PC-LAN AND DATA SECURITY . . . . . . . . . . . . . . . . . . . 9
PHYSICAL SECURITY FOR DATA PROCESSING. . . . . . . . . . . . . 31
PLANNING AN EDP DISASTER RECOVERY PROGRAM. . . . . . . . . . . 33
PRACTICAL CONSIDERATIONS FOR IMPLEMENTING A MULTILEVEL SECURE NETWORK 15
PRACTICAL ASPECTS OF OWNING A MULTILEVEL SECURE NETWORK. . . . 14
PRACTICAL ASPECTS OF PLANNING TO ACQUIRE MULTILEVEL SECURITY IN AN OPEN
SYSTEMS ENVIRONMENT. . . . . . . . . . . . . . . . . . . . . . 12
PRACTICAL CONSIDERATIONS FOR PLANNING & IMPLEMENTING MULTILEVEL SECURITY
IN AN OPEN SYSTEMS ENVIRONMENT . . . . . . . . . . . . . . 13
PRACTICAL CONSIDERATIONS FOR PLANNING MULTILEVEL SECURITY IN AN OPEN
SYSTEMS ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . 15
PRACTICAL ASPECTS OF ACQUIRING AND OWNING A MULTILEVEL SECURE NETWORK 11
PRACTICAL CONSIDERATIONS FOR ACQUIRING AND IMPLEMENTING A MULTILEVEL
SECURE NETWORK . . . . . . . . . . . . . . . . . . . . . . 12
PROTECTING YOUR NETWORKS FROM HACKERS, VIRUSES, AND OTHER ATTACKS 23
PROTECTING NETWORKS & SMALL SYSTEMS. . . . . . . . . . . . . . 29
RECENT DEVELOPMENTS IN INFORMATION SECURITY . . . . . . . . . 25
RISK ASSESSMENT. . . . . . . . . . . . . . . . . . . . . . . . 19
RISK ASSESSMENT TECHNIQUES FOR AUDITORS. . . . . . . . . . . . 71
RISK MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . 25
SECURE SYSTEMS DESIGN AND PROGRAM MANAGEMENT . . . . . . . . . 26
SECURITY AND PRIVACY OF INFORMATION SYSTEMS - GBA 578. . . . . 78
SECURITY TECHNOLOGY IN THE REAL WORLD. . . . . . . . . . . . . 45
SECURITY AND CONTROL IN AUTOMATED SYSTEMS-AUDIT IS . . . . . . 63
SECURITY IN SOFTWARE APPLICATIONS. . . . . . . . . . . . . . . 33
TELECOMMUNICATIONS SECURITY SYSTEMS - EE 250 . . . . . . . . . 59
TELECOMMUNICATIONS FOR INFORMATION SYSTEMS SECURITY ANALYSTS . 1
TEMPEST PROGRAM MANAGEMENT AND SYSTEMS ENGINEERING . . . . . . 81
THE CMW: USER TUTORIAL . . . . . . . . . . . . . . . . . . . . 90
THE SECURITY-AUDIT ALLIANCE. . . . . . . . . . . . . . . . . . 83
THE SYSTEMS INTEGRATOR'S PERSPECTIVE ON AIS SECURITY STRATEGIES 8
THE DATA CENTER: AUDITING FOR PROFIT . . . . . . . . . . . . . 56
THE CMW: ADMINISTRATOR TUTORIAL. . . . . . . . . . . . . . . . 61
THE CMW: APPLICATION PROGRAMMING . . . . . . . . . . . . . . . 88
THE INTEGRATED AUDIT WORKSHOP. . . . . . . . . . . . . . . . . 48
THEORETICAL FOUNDATION/TRUST OF INFORMATION SYSTEMS. . . . . . 73
TRUSTED SYSTEMS CRITERIA AND CONCEPTS. . . . . . . . . . . . . 72
TRUSTED INTEGRATION/SYSTEM CERTIFICATION . . . . . . . . . . . 71
UNDERSTANDING TRUSTED SYSTEMS. . . . . . . . . . . . . . . . . 19
UPS: DESIGN, SELECTION AND SPECIFICATION . . . . . . . . . . . 34
USING INVESTIGATIVE SOFTWARE TO DETECT FRAUD . . . . . . . . . 47
WRITING SECURITY PLANS . . . . . . . . . . . . . . . . . . . . 26
LIST OF APPENDICES
A - Major Categories
B - Vendor List
C - Product List
D - Product Specific Courses
E - Training Matrix
APPENDIX A
MAJOR CATAGORIES
COMPUTER SECURITY BASICS
EXECUTIVES
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7
Computer Security Awareness Training . . . . . . . . . . . . . 3
Computer Security Executive Overview . . . . . . . . . . . . . 1
Computer Security For End Users. . . . . . . . . . . . . . . . 2
Computer Security For Executives . . . . . . . . . . . . . . . 3
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 4
Information Systems Seminar For Internal Auditors. . . . . . . 4
Microcomputer Security . . . . . . . . . . . . . . . . . . . . .7
Telecommunications for Information Systems Security Analysts . 1
SECURITY PLANNING & MANAGEMENT
EXECUTIVES
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7
Computer Security Awareness Training . . . . . . . . . . . . . 3
Computer Security Executive Overview . . . . . . . . . . . . . 1
Computer Security For End Users. . . . . . . . . . . . . . . . 2
Computer Security For Executives . . . . . . . . . . . . . . . 3
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
Information Systems Seminar For Internal Auditors. . . . . . . 4
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Telecommunications for Information Systems Security Analysts . 1
SECURITY PLANNING & MANAGEMENT
EXECUTIVES
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
Marketplace Implications of the Evolution of Evaluation Criteria 7
Telecommunications for Information Systems Security Analysts . 1
The Systems Integrator's Perspective on AIS Security Strategies 8
COMPUTER SECURITY POLICY & PROCEDURES
EXECUTIVES
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
Keeping Out of Trouble with the Software Police. . . . . . . . 9
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
CONTINGENCY PLANNING
EXECUTIVES
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
Keeping Out of Trouble with the Software Police. . . . . . . . 9
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
SYSTEMS LIFE CYCLE MANAGEMENT
EXECUTIVES
COURSE TITLE PAGE
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Information Systems Seminar For Internal Auditors. . . . . . . 4
COMPUTER SECURITY BASICS
PROGRAM & FUNCTIONAL MANAGERS
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Basics of Computer Security. . . . . . . . . . . . . . . . . 18
Case Studies in Multilevel Secure Networking . . . . . . . . 13
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7
Computer Security Awareness Training . . . . . . . . . . . . . 3
Computer Security For End Users. . . . . . . . . . . . . . . . 2
Computer Security for Security & ADP Program Managers. . . . 17
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8
Detecting and Preventing Computer Fraud. . . . . . . . . . . 11
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Implementing & Managing a Computer Security Program. . . . . . 19
Information Security Principles and Practice . . . . . . . . 17
Information Risk Assessment & Security Management. . . . . . . 3
Information Systems Seminar For Internal Auditors. . . . . . . 4
Introduction to LAN Security . . . . . . . . . . . . . . . . 10
Introduction to Computer Security for Non-ADP Managers . . . 16
Introduction to Computer Security for First-Level Supervisors 16
LAN Security Overview. . . . . . . . . . . . . . . . . . . . . 9
Managing the Acquisition of MLS Resources. . . . . . . . . . 14
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9
Practical Considerations for Planning and Implementing Multilevel
Security in an Open Systems Environment . . . . . . . . . 13
Practical Aspects of Planning to Acquire
Multilevel Security in an Open Systems Environment. . . . 12
Practical Considerations for Acquiring and
Implementing a MultiLevel Secure Network. . . . . . . . . 12
Practical Aspects of Owning a Multilevel Secure Network. . . 14
Practical Considerations for Planning Multilevel Security in an
Open Systems Environment. . . . . . . . . . . . . . . . . 15
Practical Considerations for Implementing a MultiLevel
Secure Network. . . . . . . . . . . . . . . . . . . . . . 15
Practical Aspects of Acquiring and Owning
a Multilevel Secure Network . . . . . . . . . . . . . . . 11
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Telecommunications for Information Systems Security Analysts . 1
Understanding Trusted Systems. . . . . . . . . . . . . . . . 19
SECURITY PLANNING & MANAGEMENT
PROGRAM & FUNCTIONAL MANAGERS
COURSE TITLE PAGE
A Fraud Update: Forensic and Investigative Auditing. . . . . 24
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit and Security of Client/Server Architectures. . . . . . 24
Building Information Security Awareness. . . . . . . . . . . 27
Business Impact Analysis (M2044) . . . . . . . . . . . . . . 21
Business Resumption Planning (M2046) . . . . . . . . . . . . 21
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 29
Computer Security For Managers . . . . . . . . . . . . . . . 30
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Continuity of Operations/Disaster Recovery Planning:
Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30
Data Communications Security . . . . . . . . . . . . . . . . 28
Data Security Planning: Strategies for Effective Information
Security (W9898). . . . . . . . . . . . . . . . . . . . . 22
Data Center Recovery Planning (M2040). . . . . . . . . . . . 20
Developing Computer Security Policies & Procedures . . . . . 28
Disaster Recovery Planning: Strategies to Develop and Maintain
Provable Recovery Capability (W9912). . . . . . . . . . . 20
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
How to Manage an Information Security Program A Guide for Newly
Appointed Managers. . . . . . . . . . . . . . . . . . . . 23
Implementing & Managing a Computer Security Program. . . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28
LAN Security Overview. . . . . . . . . . . . . . . . . . . . 9
Managing Org-Wide Information Security Program . . . . . . . 27
Network Recovery Planning (M2056). . . . . . . . . . . . . . 22
PC/LAN Recovery Planning (M2042) . . . . . . . . . . . . . . 20
PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9
Physical Security for Data Processing. . . . . . . . . . . . 31
Protecting Networks & Small Systems. . . . . . . . . . . . . 29
Protecting Your Networks from Hackers, Viruses, and
Other Attacks . . . . . . . . . . . . . . . . . . . . . . 23
Recent Developments in Information Security. . . . . . . . . 25
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . . 19
Secure Systems Design and Program Management . . . . . . . . 26
Telecommunications for Information Systems Security Analysts . 1
Writing Security Plans . . . . . . . . . . . . . . . . . . . 26
COMPUTER SECURITY POLICY & PROCEDURES
PROGRAM & FUNCTIONAL MANAGERS
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Advanced Technology Conference . . . . . . . . . . . . . . . . 10
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit, Control, and Security of LAN and Mainframe Connectivity 31
Building Information Security Awareness. . . . . . . . . . . 27
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Viruses, Troj Horses, and Logic Bombs . . . . . . . 61
Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31
Computer Security. . . . . . . . . . . . . . . . . . . . . . 32
Continuity of Operations/Disaster Recovery Planning:
Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Developing Computer Security Policies & Procedures . . . . . 28
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Implementing & Managing a Computer Security Program. . . . . 19
Information Security and Policy. . . . . . . . . . . . . . . 32
Information Security Principles and Practice . . . . . . . . 17
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
Keeping Out of Trouble with the Software Police. . . . . . . . 9
LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Physical Security for Data Processing. . . . . . . . . . . . 31
Protecting Networks & Small Systems. . . . . . . . . . . . . 29
Recent Developments in Information Security. . . . . . . . . 25
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
Secure Systems Design and Program Management . . . . . . . . 26
CONTINGENCY PLANNING
PROGRAM & FUNCTIONAL MANAGERS
COURSE TITLE PAGE
Advanced Technology Conference . . . . . . . . . . . . . . . 10
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Data Communications Security . . . . . . . . . . . . . . . . 28
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Security Principles and Practice . . . . . . . . 17
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Planning an EDP Disaster Recovery Program. . . . . . . . . . 33
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
SYSTEMS LIFE CYCLE MANAGEMENT
PROGRAM & FUNCTIONAL MANAGERS
COURSE TITLE PAGE
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Application Security Reviews . . . . . . . . . . . . . . . . 30
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security In Application Software. . . . . . . . . . 34
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Introduction to Secure Systems . . . . . . . . . . . . . . . 34
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Secure Systems Design and Program Management . . . . . . . . 26
Security in Software Applications. . . . . . . . . . . . . . 33
UPS: Design, Selection and Specification . . . . . . . . . . 34
COMPUTER SECURITY BASICS
IRM, SECURITY, & AUDIT
COURSE TITLE PAGE
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Advanced Data Comm Networks: Security/Auditability . . . . . . 55
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Audit Software for the 21st Century. . . . . . . . . . . . . 48
Audit and Control of Electronic Data Interchange . . . . . . 39
Audit and Security of Relational Databases and Applications. . 57
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36
Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Auditing System Development: New Techniques for New Technologies47
Auditing Fraud: Prevent, Detect, & Control . . . . . . . . . . 54
Auditing Advanced Information Technology . . . . . . . . . . . 51
Auditing Datacomm Networks . . . . . . . . . . . . . . . . . . 50
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
Becoming An Effective Data Security Officer. . . . . . . . . . 53
Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . 38
Computer Security Awareness. . . . . . . . . . . . . . . . . . 6
Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38
Computer Security for Managers Seminar . . . . . . . . . . . 53
Computer Security. . . . . . . . . . . . . . . . . . . . . . . 32
Computer Security & Contingency Planning . . . . . . . . . . 51
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7
Computer Security for Security and MIS Professionals . . . . . 89
Computer Security For End Users. . . . . . . . . . . . . . . . 2
Computer Security Awareness Training . . . . . . . . . . . . . 3
Control and Security of LANS . . . . . . . . . . . . . . . . 50
Control and Security of Local Area Networks. . . . . . . . . 52
Detecting and Preventing Computer Fraud. . . . . . . . . . . 11
EDI: New Frontiers For Auditors. . . . . . . . . . . . . . . . 56
EDP Auditing: The First Step . . . . . . . . . . . . . . . . . 52
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Implementing & Managing a Computer Security Program. . . . . 19
Information Risk Assessment & Security Management. . . . . . . 3
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Systems Audit Workshop . . . . . . . . . . . . . . 49
INFOSEC Foundations Seminar. . . . . . . . . . . . . . . . . . 54
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Intro. to Auditing Micros and LANs: Controlling End-User
Computing . . . . . . . . . . . . . . . . . . . . . . . . . 43
Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37
Introduction to LAN Security . . . . . . . . . . . . . . . . 10
LAN Tuning and Performance for Audit and Security Personnel. 57
LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37
Micro Security for Information Systems Security Analysts . . . 35
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35
On-Line, Dist Comm Sys:Control, Audit & Security . . . . . . . 55
PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37
PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Security Technology in the Real World. . . . . . . . . . . . 45
The Integrated Audit Workshop. . . . . . . . . . . . . . . . 48
The Data Center: Auditing For Profit . . . . . . . . . . . . . 56
Understanding Trusted Systems. . . . . . . . . . . . . . . . 19
Using Investigative Software to Detect Fraud . . . . . . . . 47
SECURITY PLANNING & MANAGEMENT
IRM, SECURITY, & AUDIT
COURSE TITLE PAGE
A Fraud Update: Forensic and Investigative Auditing. . . . . 24
ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2
Advanced Technology Conference . . . . . . . . . . . . . . . 10
AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Audit and Security of Client/Server Architectures. . . . . . 24
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47
Becoming An Effective Data Security Officer. . . . . . . . . . 53
Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61
Computer Security For Security Officers. . . . . . . . . . . 62
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Continuity of Operations/Disaster Recovery Planning:
Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30
Control and Security of LANS . . . . . . . . . . . . . . . . 50
CS 329 - Computer Security Systems II. . . . . . . . . . . . . 58
Data Communications Security . . . . . . . . . . . . . . . . 28
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
EE 250 - Telecommunications Security Systems . . . . . . . . . 59
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Implementing & Managing a Computer Security Program. . . . . 19
Information Security Principles and Practice . . . . . . . . 17
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Microcomputer Security . . . . . . . . . . . . . . . . . . . 62
Physical Security for Data Processing. . . . . . . . . . . . 31
Protecting Networks & Small Systems. . . . . . . . . . . . . 29
Protecting Your Networks from Hackers, Viruses, and Other Attacks 23
Recent Developments in Information Security. . . . . . . . . 25
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
Security Technology in the Real World. . . . . . . . . . . . 45
The CMW: Administrator Tutorial. . . . . . . . . . . . . . . . 61
Writing Security Plans . . . . . . . . . . . . . . . . . . . 26
COMPUTER SECURITY POLICY & PROCEDURES
IRM, SECURITY, & AUDIT
COURSE TITLE PAGE
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Audit, Control, and Security of LAN and Mainframe Connectivity 31
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Audit Software for the 21st Century. . . . . . . . . . . . . 48
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47
Auditing the Data Center for Controls, Efficiency, and
Cost-Effectiveness. . . . . . . . . . . . . . . . . . . . 68
Auditing Advanced Information Technology . . . . . . . . . . . 69
Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . 38
Communication Security Principles & Practices. . . . . . . . 66
Comprehensive INFOSEC Seminar. . . . . . . . . . . . . . . . 66
Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61
Computer Security. . . . . . . . . . . . . . . . . . . . . . 35
Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31
Computer Viruses: Detect, Prevent, Cure Infections . . . . . 69
Computer Security And Privacy. . . . . . . . . . . . . . . . . 67
Computer Security for Managers Seminar . . . . . . . . . . . 53
Computer Security Seminar. . . . . . . . . . . . . . . . . . 64
Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38
Computer Security & Contingency Planning . . . . . . . . . . 51
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Control and Security of LANS . . . . . . . . . . . . . . . . 50
CS 230 - Information Policy. . . . . . . . . . . . . . . . . . 63
Data Security Planning . . . . . . . . . . . . . . . . . . . . 68
Database Security Seminar. . . . . . . . . . . . . . . . . . 65
Developing Computer Security Policies & Procedures . . . . . 28
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Fundamentals of Computer Security for Federal Information
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Security Principles and Practice . . . . . . . . 17
Information Risk Assessment & Security Management. . . . . . . 3
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37
Keeping Out of Trouble with the Software Police. . . . . . . . 9
LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37
Managing Computer Security-Mergs, Acq, and Divestitures. . . 67
Microcomputer Security . . . . . . . . . . . . . . . . . . . 62
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Network Security Seminar . . . . . . . . . . . . . . . . . . 65
Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35
PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37
PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36
Protecting Networks & Small Systems. . . . . . . . . . . . . 29
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
Security Technology in the Real World. . . . . . . . . . . . 45
Security and Control in Automated Systems-Audit IS . . . . . . 63
CONTINGENCY PLANNING
IRM, SECURITY, & AUDIT
COURSE TITLE PAGE
Advanced Technology Conference . . . . . . . . . . . . . . . 10
Advanced Network Security Architecture . . . . . . . . . . . . 75
AIS Security Strategies. . . . . . . . . . . . . . . . . . . . 60
Application Security Reviews . . . . . . . . . . . . . . . . 30
Architecture for Secure Systems. . . . . . . . . . . . . . . . 73
Audit and Control of Electronic Data Interchange . . . . . . 39
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Auditing Client/Server Technology. . . . . . . . . . . . . . 24
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Auditing the Data Center for Controls, Efficiency,
and Cost-Effectiveness . . . . . . . . . . . . . . . . . . . 68
Computer Security & Contingency Planning . . . . . . . . . . 51
Continuity of Operations/Disaster Rec. Planning: Part II Worksho 30
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Control and Security of LANS . . . . . . . . . . . . . . . . 50
Data Communications Security . . . . . . . . . . . . . . . . 28
Disaster Recovery Planning . . . . . . . . . . . . . . . . . . 70
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Information Systems Seminar For Internal Auditors. . . . . . . 4
INFOSEC Evaluations Using Formal Methods . . . . . . . . . . . 76
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Introduction to Software Verification. . . . . . . . . . . . . 76
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Model Interpretations. . . . . . . . . . . . . . . . . . . . . 75
Network Security Architecture. . . . . . . . . . . . . . . . . 74
Operating System Security Concepts . . . . . . . . . . . . . . 72
Physical Security for Data Processing. . . . . . . . . . . . 31
Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25
Risk Assessment Techniques For Auditors. . . . . . . . . . . . 71
Trusted Integration/System Certification . . . . . . . . . . . 71
Trusted Systems Criteria and Concepts. . . . . . . . . . . . . 72
SYSTEMS LIFE CYCLE MANAGEMENT
IRM, SECURITY, & AUDIT
COURSE TITLE PAGE
AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing the Systems Development Process . . . . . . . . . . . 70
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Auditing System Development: New Techniques for New Technologies47
Becoming Effective Data Security Officer . . . . . . . . . . . 53
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
Computer Security for the End-User . . . . . . . . . . . . . . 80
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Systems Security (CSI 214) . . . . . . . . . . . 81
Information Security Principles and Practice . . . . . . . . 17
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Introduction to Secure Systems . . . . . . . . . . . . . . . 34
Network Security . . . . . . . . . . . . . . . . . . . . . . . 77
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
UPS: Design, Selection and Specification . . . . . . . . . . 34
COMPUTER SECURITY BASICS
ADP MANAGEMENT AND OPERATIONS
COURSE TITLE PAGE
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Advanced Information Technology . . . . . . . . . . . 69
Auditing System Development: New Techniques for New Technologies47
Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Auditing Datacomm Networks . . . . . . . . . . . . . . . . . . 50
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . . 38
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security For End Users. . . . . . . . . . . . . . . . 2
Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7
Computer Security Awareness Training . . . . . . . . . . . . . 3
Computer Security & Contingency Planning . . . . . . . . . . 51
Computer Security for Managers Seminar . . . . . . . . . . . 53
Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38
Computer Security Awareness. . . . . . . . . . . . . . . . . . 6
Computer Security for Security and MIS Professionals . . . . . 89
Control and Security of LANS . . . . . . . . . . . . . . . . 50
Detecting and Preventing Computer Fraud. . . . . . . . . . . 11
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Risk Assessment & Security Management. . . . . . . 3
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
INFOSEC Foundations Seminar. . . . . . . . . . . . . . . . . . 54
Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37
Introduction to LAN Security . . . . . . . . . . . . . . . . 10
LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35
PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36
PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37
Protecting Your Networks from Hackers, Viruses, and Other Attacks 23
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Security Technology in the Real World. . . . . . . . . . . . 45
The Data Center: Auditing For Profit . . . . . . . . . . . . . 56
SECURITY PLANNING AND MANAGEMENT
ADP MANAGEMENT AND OPERATIONS
COURSE TITLE PAGE
A Fraud Update: Forensic and Investigative Auditing. . . . . 24
A Practical Approach to Certifying a System. . . . . . . . . . 83
AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit and Security of Relational Databases and Applications. . 57
Audit and Security of Client/Server Architectures. . . . . . 24
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Becoming Effective Data Security Officer . . . . . . . . . . . 80
Building Information Security Awareness. . . . . . . . . . . 27
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security & Contingency Planning . . . . . . . . . . . 51
Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61
Continuity of Operations/Disaster Recovery Planning: Part II Workshop 30
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Control and Security of LANS . . . . . . . . . . . . . . . . 50
CSMN 655 - Information Risk Assessment and Security Management 82
Data Communications Security . . . . . . . . . . . . . . . . 28
Developing Computer Security Policies & Procedures . . . . . 28
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Security (CSI 214) . . . . . . . . . . . 81
Information Risk Assessment & Security Management. . . . . . . 3
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Security Principles and Practice . . . . . . . . 17
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28
LAN Tuning and Performance for Audit and Security Personnel. 57
Microcomputer Security . . . . . . . . . . . . . . . . . . . 62
Physical Security for Data Processing. . . . . . . . . . . . . 31
Protecting Networks & Small Systems 29
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
Secure Systems Design and Program Management . . . . . . . . 26
Security in Software Applications. . . . . . . . . . . . . . 33
Security Technology in the Real World. . . . . . . . . . . . 45
TEMPEST Program Management and Systems Engineering . . . . . 81
The Security-Audit Alliance. . . . . . . . . . . . . . . . . . 83
COMPUTER SECURITY POLICY AND PROCEDURES
ADP MANAGEMENT AND OPERATIONS
COURSE TITLE PAGE
Audit, Control, and Security of LAN and Mainframe Connectivity 31
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security & Contingency Planning . . . . . . . . . . . 51
Computer Viruses: Detect, Prevent, Cure Infections . . . . . 69
Computer Viruses Seminar . . . . . . . . . . . . . . . . . . . 84
Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31
Computer Security. . . . . . . . . . . . . . . . . . . . . . 35
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Control and Security of LANS . . . . . . . . . . . . . . . . 50
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
Implementing & Managing a Computer Security Program. . . . . 19
Information Systems Seminar For Internal Auditors. . . . . . . 4
Information Systems Security (CSI 214) . . . . . . . . . . . 81
Information Security Principles and Practice . . . . . . . . 17
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Operational Network Security Seminar . . . . . . . . . . . . . 84
Secure Systems Design and Program Management . . . . . . . . 26
TEMPEST Program Management and Systems Engineering . . . . . 81
CONTINGENCY PLANNING
ADP MANAGEMENT AND OPERATIONS
COURSE TITLE PAGE
Application Security Reviews . . . . . . . . . . . . . . . . 30
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Client/Server Technology. . . . . . . . . . . . . . 49
Business Impact Analysis . . . . . . . . . . . . . . . . . . 85
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
Communications Technologies. . . . . . . . . . . . . . . . . . 86
COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Computer Security & Contingency Planning . . . . . . . . . . 51
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
Continuity of Operations/Disaster Recovery Planning: Part II Workshop 30
Disaster Recovery Planning . . . . . . . . . . . . . . . . . 70
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
Implementing and Testing the Disaster Recovery Plan. . . . . . 88
Information Systems Seminar For Internal Auditors. . . . . . . 4
INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Managing and Developing a Disaster Recovery Plan . . . . . . . 87
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Physical Security for Data Processing. . . . . . . . . . . . 31
SYSTEMS LIFE CYCLE MANAGEMENT
ADP MANAGEMENT AND OPERATIONS
COURSE TITLE PAGE
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing System Development: New Techniques for New Technologies 47
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
Information Systems Seminar For Internal Auditors. . . . . . . 4
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
TEMPEST Program Management and Systems Engineering . . . . . 81
The CMW: Application Programming . . . . . . . . . . . . . . . 88
COMPUTER SECURITY BASICS
END USERS
COURSE TITLE PAGE
Audit and Control of Electronic Data Interchange . . . . . . 39
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
Computer Security for the End-User . . . . . . . . . . . . . . 80
Computer Security: For Security and MIS Professionals. . . . . 43
Computer Security & Contingency Planning . . . . . . . . . . 51
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
Information Systems Seminar For Internal Auditors. . . . . . . 4
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
LAN Security Overview. . . . . . . . . . . . . . . . . . . . . 9
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
Network Security . . . . . . . . . . . . . . . . . . . . . . . 77
PC SECURITY. . . . . . . . . . . . . . . . . . . . . . . . . . 89
PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
TEMPEST Program Management and Systems Engineering . . . . . 81
SECURITY PLANNING AND MANAGEMENT
END USERS
COURSE TITLE PAGE
Audit and Security of Relational Databases and Applications. . 57
Audit and Control of Electronic Data Interchange . . . . . . 39
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Basic Security For PC Users. . . . . . . . . . . . . . . . . 44
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31
Continuity of Operations/Disaster Rec. Planning: Part II Workshop 30
Continuity of Operations/Disaster Recovery Planning: Part I. . 8
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Federal AIS Computer Security Requirements . . . . . . . . . . 4
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 560 Legal Environment of Information Systems . . . . . . 79
Information Systems Seminar For Internal Auditors. . . . . . . 4
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Physical Security for Data Processing. . . . . . . . . . . . 31
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
TEMPEST Program Management and Systems Engineering . . . . . 81
COMPUTER SECURITY POLICY AND PROCEDURES
END USERS
COURSE TITLE PAGE
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Computer Security: For Security and MIS Professionals. . . . . 43
Computer Security & Contingency Planning . . . . . . . . . . . 51
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
Information Systems Seminar For Internal Auditors. . . . . . . 4
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
LAN Security . . . . . . . . . . . . . . . . . . . . . . . . . 90
Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7
TEMPEST Program Management and Systems Engineering . . . . . 81
The CMW: User Tutorial . . . . . . . . . . . . . . . . . . . . 90
CONTINGENCY PLANNING
END USERS
COURSE TITLE PAGE
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Business Impact Analysis . . . . . . . . . . . . . . . . . . . 85
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
GBA 560 Legal Environment of Information Systems . . . . . . 79
Information Systems Seminar For Internal Auditors. . . . . . . 4
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
SYSTEMS LIFE CYCLE MANAGEMENT
END USERS
COURSE TITLE PAGE
Audit and Control of End-user Computing (EUC). . . . . . . . 40
Audit and Control of Electronic Data Interchange . . . . . . 39
Auditing Information Systems . . . . . . . . . . . . . . . . 41
Auditing System Development: New Techniques for New Technologies 47
CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78
EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6
GBA 560 Legal Environment of Information Systems . . . . . . 79
GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79
GBA 578: Security and Privacy of Information Systems . . . . 78
Information Systems Seminar For Internal Auditors. . . . . . . 4
Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42
Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19
TEMPEST Program Management and Systems Engineering . . . . . 81
APPENDEX B
VENDOR LIST
VENDOR NAME
Anne Arundel Community College
Page(s): 81
ARCA
Page(s): 53, 54, 64, 65, 66, 71, 84, 108
Booz-Allen & Hamilton Inc.
Page(s): 7, 19, 26, 34, 89
California State Polytechnic, Univ, Pomona
Page(s): 78, 79
Canaudit Inc
Page(s): 45, 47, 48, 49, 50, 51, 52, 56, 96, 107, 111, 112, 113, 117
CENTER for Adv. Professional Develop
Page(s): 69
Computer Security Institute
Page(s): 27, 28, 29, 33, 53, 61, 62, 66, 67, 82, 83
COMSIS
Page(s): 4, 8, 19, 28, 30, 31, 80
DATAPRO Educational Services
Page(s): 1, 9, 35, 90
Disaster Recovery Institute
Page(s): 85, 86, 87, 88
DPEC
Page(s): 7
Ernst & Young
Page(s): 4, 6
George Mason University
Page(s): 17, 25, 107
George Washington University/GSAS
Page(s): 32
Grumman Data Systems & Services
Page(s): 7, 8, 11, 12, 13, 14, 15, 91, 99, 105, 127
GSA Training Center
Page(s): 3, 32
IBM Management Institute
Page(s): 68, 70
Information Resources Management College
Page(s): 60
Johns Hopkins University
Page(s): 67
MACRO International, Inc.
Page(s): 1, 16, 17
MIS Training Institute
Page(s): 9, 10, 11, 23, 24, 31, 43, 54, 55, 57, 68, 71, 93, 96, 98, 104, 109, 110, 114, 115, 117, 118, 119,
120, 121, 122, 123, 126, 128, 129
Montgomery College
Page(s): 35
National Security Agency
Page(s): 72, 73, 74, 75, 76
Naval Computer and Telecommunications Station
Page(s): 2, 25, 44
RSH Consulting, Inc.
Page(s): 92, 126
SAFEware
Page(s): 125
Security Engineering Services, Inc.
Page(s): 18, 26, 44, 77, 81
Skill Dynamics - An IBM Company
Page(s): 20, 21, 22, 35, 36, 37, 38, 92, 93, 100, 101, 102, 105, 110, 116, 118, 119, 121, 122
The George Washington University
Page(s): 58, 59, 63
The Institute of Internal Auditors
Page(s): 10, 40, 41, 42
The Henderson Group
Page(s): 94, 95, 97, 103
Thomas R. Hardy & Associates, Inc.
Page(s): 18
Trainix
Page(s): 106
Trusted Systems Training, Inc.
Page(s): 61, 88, 90, 124
University of Wisconsin, Milwaukee
Page(s): 34
University of Maryland, University College
Page(s): 3, 82
USDA Graduate School
Page(s): 2, 3, 30, 31, 33, 62, 63, 64, 70
APPENDIX D
PRODUCT SPECIFIC COURSES
PRODUCT PAGE
A Three Day Emergency Session on PBX Fraud . . . . . . . . . .128
Advanced Audit, Control, and Security/ DEC's VAX/VMS . . . . .114
AS/400 Security Concepts and Implementations (S6050). . . . .116
AS/400 Recovery and Availability Management (S6051) . . . . .116
Audit, Control, and Security Of AS/400 . . . . . . . . . . . .117
Audit/Security Concepts-MVS/XA & MVS/ESA . . . . . . . . . . .122
Audit and Security of Novell . . . . . . . . . . . . . . . . .108
Audit and Security of Tandem Systems . . . . . . . . . . . . .111
Audit and Security of Unix-Based Operating Systems . . . . . .103
Audit and Security of Banyan VINES . . . . . . . . . . . . . .126
Audit & Security of DB2. . . . . . . . . . . . . . . . . . . . 96
Audit, Control and Security of CICS/ESA. . . . . . . . . . . . 11
Auditing AS/400: A Step By Step Approach . . . . . . . . . . .117
Auditing DB2 . . . . . . . . . . . . . . . . . . . . . . . . . 96
Auditing UNIX. . . . . . . . . . . . . . . . . . . . . . . . .106
Auditing MVS in a CA-ACF2 Environment (M2030) . . . . . . . . 99
Auditing MVS in a RACF Environment (M2026). . . . . . . . . .101
Auditing MVS in a CA-TOP SECRET Environment (M2032) . . . . . 99
Auditing Decnet. . . . . . . . . . . . . . . . . . . . . . . .112
Auditing RACF. . . . . . . . . . . . . . . . . . . . . . . . . 92
Auditing VAX: A Comprehensive Approach . . . . . . . . . . . .113
CA-ACF2: Proper Implementation and Security. . . . . . . . . .118
CA-TOP Secret: Proper Implementation and Security. . . . . . .119
Converting from CA-TOP SECRET to RACF (H3890). . . . . . . .119
Converting CA-ACF2 to RACF (H3891) . . . . . . . . . . . . .118
Effective RACF Administration (H3927) . . . . . . . . . . . . 92
Enterprise Systems Analysis for MVS/ESA & MVS/XA . . . . . . .123
Guide To Auditing Novell Networks V.3. . . . . . . . . . . . .109
Hands-On-Lans: Auditing Novell Networks Workshop . . . . . . .110
How to Get the Most Out of RACF. . . . . . . . . . . . . . . . 94
IBM LAN Server: Audit and Security . . . . . . . . . . . . . .129
Implementing Security for CICS Using RACF (H4001). . . . . .121
Introduction to DEC's VAX/VMS Operating System . . . . . . . .113
MaxSix Trusted Networking. . . . . . . . . . . . . . . . . . .124
MVS/ESA Disaster Recovery (J3716). . . . . . . . . . . . . . .122
MVS Security (M2002) . . . . . . . . . . . . . . . . . . . . .102
MVS/ESA as a Server, Peer and Open System Audit, Control,
and Security . . . . . . . . . . . . . . . . . . . . . . . . 97
MVS Auditing (M2024) . . . . . . . . . . . . . . . . . . . . .100
MVS/ESA -RACF Security Topics (H3918) . . . . . . . . . . . .101
Novell NetWare Security (M2000). . . . . . . . . . . . . . .109
OS/MVS and SMF: Security and Audit Facilities. . . . . . . . . 97
Practical Approach to Auditing RACF. . . . . . . . . . . . . . 94
Practical Approach to Auditing MVS Security. . . . . . . . . .102
Practical Approach to Auditing DB2 Security. . . . . . . . . . 95
RACF: Proper Implementation and Security . . . . . . . . . . . 93
RACF Installation (H3837) . . . . . . . . . . . . . . . . . . 93
SAFE = Security Awareness from Education . . . . . . . . . . .125
SE01: RACF for Project Managers. . . . . . . . . . . . . . . . 91
SE02: RACF for Security Officers . . . . . . . . . . . . . . . 91
SECO1-M: MVS Security for Project Managers . . . . . . . . . . 98
SECO2-M: MVS Security for Security Officers. . . . . . . . . . 98
SECO2-V: VM Security for Project Managers. . . . . . . . . . .127
SECO3-U: Unix Security . . . . . . . . . . . . . . . . . . . .104
SECO3-V: VM Security for Security Officers . . . . . . . . . .127
Security & Auditing of SNA Networks/ACF/VTAM & NCP . . . . . .120
Security for Banyan VINES LANs . . . . . . . . . . . . . . . .126
Unix Workshop. . . . . . . . . . . . . . . . . . . . . . . . .103
UNIX Security Seminar. . . . . . . . . . . . . . . . . . . . .107
UNIX Security . . . . . . . . . . . . . . . . . . . . . . . .106
UNIX Security For Users. . . . . . . . . . . . . . . . . . . .105
UNIX/AIX Security (M2012) . . . . . . . . . . . . . . . . . .104
UNIX Systems Security. . . . . . . . . . . . . . . . . . . . .105
What Data Security Officers & Auditors Need to Know and Do About
VTAM Security. . . . . . . . . . . . . . . . . . . . . . . . 96
APPENCIX C
PRODUCT LIST
PRODUCT PAGE
AS/400 . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
BANYAN VINES . . . . . . . . . . . . . . . . . . . . . . . . 126
CA-ACF2. . . . . . . . . . . . . . . . . . . . . . . . . . . 118
CA-TOP SECRET. . . . . . . . . . . . . . . . . . . . . . . . 119
CICS/ESA . . . . . . . . . . . . . . . . . . . . . . . . . . 121
DB2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
DECNET . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
IBM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
MAXSIX . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
MVS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
NOVELL . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
PBX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
RACF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
SAFEware . . . . . . . . . . . . . . . . . . . . . . . . . . 125
SNA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
TANDEM . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
VAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
VTAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
COURSE TITLE: Telecommunications for Information Systems Security Analysts
COURSE LENGTH: 32 HRS
VENDOR:
DATAPRO Educational Services
600 Delran Parkway
Delran, NJ 08076
(609) 764-0100
This course provides an introduction of basic telecommunications systems and mediums for the System
Security analyst and an understanding of the integral role they play in successful protection of the system's
data. They will learn current regulatory and control concepts, gain a working knowledge of
telecommunications principles and develop an understanding of the products and services offered from various
vendors. They will also learn proactive techniques that support diverse information transmission mediums and
develop an understanding of telecommunication systems vulnerabilities. They will learn how to evaluate the
present contingency plan and how to develop a risk analysis formula. They will develop a project plan for
contingency implementations of hardware and software that support disaster recovery.
COURSE TITLE: Computer Security Executive Overview
COURSE LENGTH: 3 HRS.
VENDOR:
MACRO International, Inc.
8850 Stanford Boulevard
Columbia, MD 21045
(410) 290-2800
This briefing is designed for executive personnel and will present an overview of applicable laws and other
requirements for computer security. The course will emphasize implementation of these requirements at the
executive management level, and the role of senior management in supporting security initiatives.
COURSE TITLE: ADP Security Officers (ADPSO) Concepts
COURSE LENGTH: 8 HRS
VENDOR:
Naval Computer and Telecommunications Station
ATTN Code N823
PO Box 357056
San Diego, CA 92135-7056
(619) 545-8628 - DSN 735-8628
This one-day course is an overview of what is involved in implementing a command AIS Security Program
and discusses the DoD and DON Minimum Program Requirements policy. This course is excellent for a
beginner ADPSO or other AIS Security staff members. The course outlines the responsibilities of DON
management and command AIS Security Staff members, identifies the steps necessary for accreditation, and
the structure of the DON AIS Security Program which includes a discussion on the Controlled Access
Protection (CAP) Guidebook (NAVSO P-5239-15). The course discusses aids in solving common AIS
Security problems and discusses methods in determining system security levels. This course is conducted at
the NAVCOMTELSTA San Diego facility or at your command.
COURSE TITLE: Computer Security For End Users
COURSE LENGTH: 1 DAY
VENDOR:
USDA, Graduate School
600 Maryland Ave, SW
Washington, DC 20024
(202) 447-7124
This workshop will give you an overview of the threats to, and vulnerabilities of, computer systems, and
appropriate safeguards to protect those systems. We will stress your role in the protection of sensitive data,
and in the prevention and detection of computer crime. You will receive checklists and suggestions for
becoming more aware of possible computer security problems in your office, and you will be able to get advice
on how to deal with concerns that are specific to your agency or installation.
COURSE TITLE: Computer Security For Executives
COURSE LENGTH: 3 HRS
VENDOR:
USDA, Graduate School
600 Maryland Ave, SW
Washington, DC 20024
(202) 447-7124
This briefing will give you a basic understanding of computer security. It includes an overview of threats and
vulnerabilities to computer systems and your responsibility for the assessment of your agency's computer
security program. We will review briefly the history of computers, then examine current dependencies on
computers, applicable laws and regulations, computer crime, viruses, and touch on espionage. Bring your
questions because the briefing is designed to be responsive to your needs. Time has been reserved at various
points for you to raise concerns from your individual agency perspective.
COURSE TITLE: Computer Security Awareness Training
COURSE LENGTH: 3 HRS
VENDOR:
GSA Training Center
P.O. Box 15608
Arlington, VA 22215-0608
Joan Bender: (703) 603-3213
Participants learn to be aware of threats to and vulnerabilities of computer systems, as well as to encourage
use of improved security practices. Topics include: Computer Security Act of 1987; computer fraud, waste,
and abuse; and types of computer hackers. Also discussed are natural disasters and human errors relating to
computer security.
COURSE TITLE: Information Risk Assessment & Security Management
COURSE LENGTH: 1 SEM
VENDOR:
University of Maryland, University College
University Boulevard at Adelphi Road
College Park, MD 20742-1614
(301) 985-7155
An examination of the proliferation of corporate data bases and the development of telecommunications
network technology as gateways or invitations to intrusion. Ways of investigating the management of the risk
and security data and data systems are presented as a function of design through recovery and protection.
Issues of risk and security, as they relate to specific industries and government, are major topics in the course.
Examples are presented of how major technological advances in computer and operating systems have placed
data, as tangible corporate assets, at risk. Both quantitative sampling techniques for risk assessment and for
qualitative decision-making under uncertainty are explored.
COURSE TITLE: Federal AIS Computer Security Requirements
COURSE LENGTH: 1 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
Ronald E. Freedman: (301) 588-0800
This course begins with a review of the Federal Computer Security framework and an introduction to the key
players and legislation that has shaped Federal Computer Security policy.
COURSE TITLE: Information Systems Seminar For Internal Auditors
COURSE LENGTH: 5 DAY
VENDOR:
Ernst & Young
2000 National City Center
Cleveland, OH 44114
Morton T. Siegel: (800) 289-5745
This introductory seminar of computer concepts and controls is designed for the MIS or internal auditing
professional who needs to learn about basic computer concepts, computer controls and security, system life
cycle planning and control, and contingency planning. Individuals with these backgrounds who complete this
seminar will be exposed to every major aspect of information systems auditing and should be able, with the
tools provided in the seminar, to perform basic IS Audits. In addition, the seminar will emphasize how ISA
is integrated with the internal audit process. This is a five-day, classroom program consisting of stand-alone
modules that can be presented as a whole or modules can be selected to provide training on specific subjects
in shorter-duration programs. Call the vendor for more information regarding which of the following modules
have been selected for this particular training area.
Module 1-Introduction to the Seminar
Module 2-Information Systems Auditor's Role
Module 3-Getting Started
Module 4-Planning the IS Audit
Module 5-Overview of the ISA Function
Module 6-Overview of Computer Operations
Module 7-A Management Approach to Computer Fraud
Module 8-Introduction to General Controls
Module 9-Organization and Administration
Module 10-System Development Life Cycle
Module 11-Change Control and Management
Module 12-Case Study
Module 13-The Time Bomb
Module 14-Access Control
Module 15-Case Study
Module 16-Program Execution
Module 17-Continuity of Operations
Module 18-Outsourcing and Other Alternative Processing
Module 19-Cloak and Data
Module 20-Data Bases
Module 21-Minicomputer Systems-Audit and Control Considerations
Module 22-Microcomputers-Audit and Control Considerations
Module 23-Introduction to Application Control Reviews
Module 24-Input Control Objectives and Procedures
Module 25-Case Study-Input Controls
Module 26-Processing Control Objectives and Procedures
Module 27-Output Control Objectives and Procedures
Module 28-Case Study-Processing and Output Controls
Module 29-Generalized Audit Software and Other CAATs
Module 30-Summary
COURSE TITLE: EDP Concepts For Business
COURSE LENGTH: SELF-PACED
VENDOR:
Ernst & Young
2000 National City Center
Cleveland, OH 44114
Morton T. Siegel: (800) 289-5745
EDP Concepts for Business is an interactive computer-based training (CBT) program. The student receives
information and is coached based upon the answers to teaching questions. This was designed to involve the
student, be flexible, and be responsive to the student's needs; this format focuses on the student. You need
only an IBM PC, XT, AT, or any IBM-compatible microcomputer with at least 192K memory. Call the
vendor for more information regarding which of the following modules have been selected for this particular
training area.
Module 1-Computers and Their Components
Module 2-Data and Data Processing
Module 3-Programs and Languages
Module 4-The System Development Life Cycle
Module 5-EDP Personnel
Module 6-Access Control and Security
COURSE TITLE: Computer Security Awareness
COURSE LENGTH: 1 HR
VENDOR:
Booz-Allen & Hamilton Inc.
8283 Greensboro Drive
McLean, VA 22102-3838
(703) 902-5201
The purpose of this course is to provide participants with an awareness of computer security, to sensitize them
to the need for computer security policies and practices in the workplace, and to motivate each individual to
practice effective computer security techniques. The instructional content of the course is composed
of:requirements of computer-security-related laws and circulars; definitions and examples of basic computer
security terms; the increasing concern to protect computer assets; and basic computer practices, controls, and
countermeasures. NOTE:Contact the vendor for information concerning specialized agency training.
COURSE TITLE: Microcomputer Security
COURSE LENGTH: 2 HRS
VENDOR:
Booz-Allen & Hamilton Inc.
8283 Greensboro Drive
McLean, VA 22102-3838
(703) 902-5201
The purpose of this microcomputer security course is to sensitize participants to the need for microcomputer
security and to provide each individual with some practical tools to protect their microcomputer assets,
especially the stored information. The course provides practical information on computer security that
microcomputer users can implement immediately. NOTE:Contact the vendor for information concerning
specialized agency training.
COURSE TITLE: Computer Security Awareness (CBT)
COURSE LENGTH: 5-8 HRS
VENDOR:
DPEC
1679 Old Henderson Road
Columbus, OH 43220-3644
(800) 223-3732
This is a Computer Based Training (CBT) course using the framework of administrative, physical and logical
security. Computer Security Awareness explains contingency planning and precautions against computer crime
from the viewpoint of mainframe computers and micros; a computer security checklist is included. This is
a modular course lasting 5 - 8 hours. The number of hours is based upon a student interacting with
approximately 60-120 screens per hour.
COURSE TITLE: Marketplace Implications of the Evolution of Evaluation Criteria
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy
(410) 859-0123
This seminar covers the current state of the Evolution of Trusted Computer Product Evaluation schemes, of
North America and Europe, the products which are evaluated and the conclusions which can be drawn. The
discussions will concentrate on the US Federal Criteria and the implications of the proposed Common Criteria,
for the marketplace in general, and for the integration of COTS products specifically. The briefing is designed
to be responsive to your needs, and time is reserved for in-depth discussions of issues which affect you most
critically.
COURSE TITLE: The Systems Integrator's Perspective on AIS Security Strategies
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
This course presents the application of system integration and composition concepts to the management and
acquisition of AIS, especially where sensitive data is concerned. A major portion of the seminar concentrates
on determining the security implications of alternative approaches and involvement of the appropriate players
during the acquisition process. Managers responsible for the acquisition of sensitive computing resources will
benefit from this seminar.
COURSE TITLE: Continuity of Operations/Disaster Recovery Planning: Part I
COURSE LENGTH: 1 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
Ronald E. Freedman: (301) 588-0800
This course outlines the steps to be performed to determine backup/recovery requirements, and effectively plan
and develop a COOP/DRP for both applications and installations.
COURSE TITLE: Executive AIS Security Briefing
COURSE LENGTH: 1/2 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
Ronald E. Freedman: (301) 588-0800
This course provides a brief overview of Federal Computer Security requirements and objectives and explores
Senior Managements role in protecting assets.
COURSE TITLE: Keeping Out of Trouble with the Software Police
COURSE LENGTH: 1 DAY
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2356
Pam Bissett: (508) 879-7999
The common practice of copying and sharing is no longer being tolerated by software publishers. Organized
under the umbrellas of the Software Publishers Association (SPA), they are waging an all-out war against
abusers of copyright law. In this special, one-day session, you will learn how to keep your organization
"software legal." Without a lot of confusing "legalese," you will learn: what you need to know about
software license and copyright laws; the methods being used to enforce software licenses and to prosecute
copyright infringement; how to recognize potential violations in your organization; and step-by-step guidelines
for establishing and implementing a practical code of software ethics.
COURSE TITLE: LAN Security Overview
COURSE LENGTH: 16 HRS
VENDOR:
DATAPRO Educational Services
600 Delran Parkway
Delran, NJ 08076
(609) 764-0100
This course will provide the Systems Security analyst with a basic understanding of the security implications
of the Local Area Networks and familiarize the students with the functional considerations of LAN security
routines. The class format will provide a controlled forum for the analyst to discuss the various security
routines and procedures currently in use by the government, their establishment and design. there will also
be discussions on the various types of security measures integrate into the Network Operating Systems of
Novell, Banyan, SCO UNIX and Starian.
COURSE TITLE: PC-LAN and Data Security
COURSE LENGTH: 40 HRS
VENDOR:
DATAPRO Educational Services
600 Delran Parkway
Delran, NJ 08076
(609) 764-0100
This course is intended to give a perspective of the various types of security threats to the first and second level
managers of the Telecom and MIS departments. It has a broad scope, however, it provides a good foundation
for future courses to focus on individual issues and develop security plans.
COURSE TITLE: Advanced Technology Conference
COURSE LENGTH: 3 DAYS
VENDOR:
The Institute of
Internal Auditors
249 Maitland Avenue
Altamonte Springs, FL 32701
(407) 830-7600 ext. 1
The Institute of Internal Auditors' annual Advanced Technology Conference presents world-renowned
technology experts who will share the solutions, tools, and techniques needed to validate and enhance job
performance.
This interactive program addresses a variety of technology challenges that auditors face. Attendees are
provided the opportunity to stay on top of emerging trends as well as the knowledge to utilize the tools and
techniques available for auditing today's technology.
Security professionals will find the sessions informative from the standpoint of learning the business concerns,
risks, and related control techniques involved in current and emerging technology.
Participants have the opportunity to:
Discuss the newest advances in audit technology.
Hear the most informed and experienced speakers.
Understand cutting-edge emerging technologies.
The conference provides a forum in which to learn and exchange information on all aspects of audit, control,
and security technologies.
COURSE TITLE: Introduction to LAN Security
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
Protecting increasingly sensitive LANs is now the most critical security issue facing today's enterprise. In this
intensive, three-day seminar you will benefit from and experience-based, real-world approach to LAN
security. You will gain an understanding of basic LAN technology and security threats. You will learn the
specific components that ensure a solid LAN security program and how security should be designed into the
system. You will leave this high-impact session prepared to plan and implement effective and responsive LAN
COURSE TITLE: Detecting and Preventing Computer Fraud
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
As the gap between computer technology and computer security widens, IS and Internal Auditors are relied
upon more than ever to ensure the integrity and security of organizational data. In this high-impact seminar
you will focus on the risks and threats inherent in computer environments and the controls that are necessary
to assure management that exposures are held to acceptable levels. Through case studies and "real-life"
exercises, you will explore areas of computer fraud, risk management, and treats. You will leave this three-day seminar knowing the controls for preventing computer fraud and methods for detecting it, should it occur.
COURSE TITLE: Practical Aspects of Acquiring and Owning a Multilevel Secure Network
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the course: Give managers and Technical personnel the tools to make appropriate acquisition
and operating decisions regarding MLS Information Systems. Following custom modules:
Module A. The Technology with MLS added. Mandatory Access Control labels, Exploring operational
impacts of MLS: MAC vs DAC - vulnerabilities New audit considerations - impact of MLS and MAC on the
makeup and sensitivity of the Audit Trail data.
Module B. The Environment with MLS added. Impact of an MLS accreditation on configuration
management. Hardware, ancillary equipment, software, especially upgrading to new functionality.
Maintaining accreditation - documentation for the Life cycle A checklist of warning signs for the
Admin/Security staff Addressing security violations (vulnerabilities) in the MLS environment. How to use
the CERT to best advantage.
Module C. Acquisition of Trusted Systems. A seminar for local procurement initiators, managers, and
procurement technicians to review the appropriate usage of language in an RFP for Trusted Systems, or MLS
Network components. This seminar discusses specification language for the SOW, how to use CDRLs for
acquiring Assurance documentation, and pitfalls to avoid in preparation of the procurement plan.
COURSE TITLE: Practical Considerations for Acquiring and Implementing a MultiLevel Secure
Network
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the Course: Give managers and technical personnel the tools to select acquire and implement
cost effective security technologies in information systems.
Module A. Sorting out the technologies defined by NCSC
A discussion of the subtleties of the "Rainbow" books
Module B. Overview of the State-of-the-Art
A Look beyond the Hype at the marketplace of Trusted Systems
Module C. Acquisition of Trusted Systems: A seminar for local procurement initiators, managers,
and procurement technicians to review the appropriate usage of language in an RFP for Trusted
Systems, or MLS Network components.
COURSE TITLE: Practical Aspects of Planning to Acquire Multilevel Security in an Open Systems
Environment
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the Course: Give managers and technical executives the tools to plan and acquire cost effective
technologies for ensuring the enforcement of their security policies in information systems.Custom modules
include:
Module A. Organizational Responsibilities
DoD Security Policy Refresher. complying with DoD Inst 5200.28
Module B. Understanding which Technology is for which Problem
(Getting there -from here)
Module C. Acquisition of Trusted Systems
A seminar for local procurement initiators, managers, and procurement technicians to review the appropriate
usage of language in an RFP for Trusted Systems.
COURSE TITLE: Practical Considerations for Planning and Implementing Multilevel
Security in an Open Systems Environment
COURSE LENGTH: 16 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the Course: Give technical executives the tools to plan and select cost effective technologies and
to make cost-effective Operational decisions regarding the enforcement of their security policies in MLS
Information Systems. This course is a tailored set of modules customized from among:
Organizational Responsibilities [2 hrs]
Sorting out the technologies defined by NCSC [4 hrs]
Overview of the State-of-the-Art [2 hrs]
Understanding which Technology is for which Problem
(Getting there -from here) [3 hrs]
The Technology with MLS added [3 hrs]
The Environment with MLS added [2 hrs]
COURSE TITLE: Case Studies in Multilevel Secure Networking
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the course: Give on-site managers and Technical personnel tools based on specific local cases,
to make cost-effective Operational decisions regarding migration to MLS Information Systems. This briefing
will cover: The Customer Environment with MLS Added, Identifying your accreditor, Reviewing
requirements for Internal Review Audits, Coordinating with the CM/QA team on-site, Tracing the flow of
ADP Security Reporting Reviewing specific responsibilities and requirements for co-location of CRYPTO
or other NSA approved/controlled items, Exploring which state-of-the-art systems might meet specific local
requirements, while being within the range of our resources. Sampler of Evaluated Operating Systems,
Workstations, Networking Components and Specialty Components. Specific information about levels of
expertise required to implement a system on-site with them.
COURSE TITLE: Managing the Acquisition of MLS Resources
COURSE LENGTH: 4 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the course: Give on-site managers and Technical personnel tools to make cost-effective
procurement decisions regarding migration to MLS Information Systems. Specific topic discussed: Acquisition
of Trusted Systems: A seminar for local procurement initiators, managers, and procurement technicians to
review the appropriate usage of language in an RFP for Trusted Systems, or MLS Network components. This
seminar discusses specification language for the SOW, how to use CDRLs for acquiring Assurance
documentation, and pitfalls to avoid in preparation of the procurement plan. You will also receive a copy of
the NSA and NIST Acquisition guidance for trusted systems.
COURSE TITLE: Practical Aspects of Owning a Multilevel Secure Network
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the course: Give managers and Technical personnel the tools to make cost-effective Operational
decisions regarding MLS Information Systems. Course Curriculum consists of: The Technology with MLS
added The Information Systems equivalents to Markings, Caveats, handling instructions - Mandatory Access
Control labels Exploring operational impacts of MLS: MAC vs DAC- vulnerabilities New audit considerations
- impact of MLS and MAC on the makeup and sensitivity of the Audit Trail data. Tracking an atomic action
through several audit trails. Enhancing the security profile of an MLS system Impact of an MLS accreditation
on Configuration Management A checklist of warning signs for the Admin/Security staff Addressing security
violations How to use the CERT to best advantage Impact of having a CRYPTO in the closet. You will receive
checklists and suggestions for operating sensitive systems daily.
COURSE TITLE: Practical Considerations for Implementing a MultiLevel Secure Network
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy: (410) 859-0123
Objectives of the Course: Give managers and technical personnel the tools to select and use cost effective
security technologies in information systems. Specific topics: technologies defined by NCSC The TCSEC
"Orange Book", The TNI "Red Book": MIAD components, The TDI "Purple Book": TCB subsets, The CSSI
"Powder Blue Book": components which support the security policy in a more restrained fashion, The
ISSPSC: there's more in there than the EPL. The definitive catalog of NSA evaluated technology. A Look
beyond the Hype at the marketplace of Trusted Systems IBM's MVS/ESA RACF (B1), CA's B1 Security
Amdahl's Trusted MDF, Unisys OS-1100 (B1)Workstations CMWs Networks and components Xerox XEU,
LEAD, Motorola NES, Blacker A sampler of specialty components (subsystems) Making an informed decision
to use non-evaluated product and the cost of getting smart enough to be able to evaluate it yourself.
COURSE TITLE: Practical Considerations for Planning Multilevel Security in an Open Systems
Environment
COURSE LENGTH: 8 HRS
VENDOR:
Grumman Data Systems & Services
839 Elkridge Landing Rd. Suite 106
Linthicum, MD 21090
Bruce Levy (410) 859-0123
Objectives of the Course: Give managers and technical executives the tools to plan and select cost effective
technologies for planning the enforcement of their security policies in information systems. Specific topics:
Organizational Responsibilities DoD Security Policy Refresher, Complying with DoD Inst 5200.28,
Accreditation Requirements, What Certification means, How Evaluation helps, Documentation of your system
(network), Cost effective steps toward MLS, Avoiding common password headaches, Some Practical
approaches to all that Audit trail. You will get expert advice on what works and what your installation needs
to enter the distributed age of computing.
COURSE TITLE: Introduction to Computer Security for First-Level Supervisors
COURSE LENGTH: 8 HRS.
VENDOR:
MACRO International, Inc.
8850 Stanford Boulevard
Columbia, MD 21045
(410) 290-2800
This program is designed for first-level supervisors and emphasizes the role of the supervisor in implementing
and managing computer security programs. The course discusses approaches for instilling security awareness
in staff, training, security administration, and incident management and reporting. An overview of threats,
protection strategies, and implementation of policies and procedures is presented, emphasizing requirements
for different levels of system sensitivity.
COURSE TITLE: Introduction to Computer Security for Non-ADP Managers
COURSE LENGTH: 8 HRS.
VENDOR:
MACRO International, Inc.
8850 Stanford Boulevard
Columbia, MD 21045
(410) 290-2800
This program is designed to provide mid-level managers with an overview of computer security program
planning and management. Presentation will emphasize compliance with P.L. 100-235 and other laws and
requirements for classified and unclassified systems. Discussion will also emphasize the threat against
sensitive systems; capabilities of potential adversaries; asset value; sensitivity and definition of protection
levels appropriate to the threat; contingency planning; and management risk acceptance. The course will
also cover the development of security plans emphasizing human resource management practices, the
implementation of computer security programs within budget and staff constraints.
COURSE TITLE: Computer Security for Security & ADP Program Managers
COURSE LENGTH: 3 DAYS
VENDOR:
MACRO International, Inc.
8850 Stanford Boulevard
Columbia, MD 21045
(410) 290-2800
This course is designed for ADP program managers and computer security program managers. It
provides an overview of Public Law 100-235 and other laws and requirements for computer security.
Discussion will emphasize various types of threats against sensitive systems; capabilities of potential
adversaries; areas of vulnerability; and control techniques.
This course provides a comprehensive understanding of the full range of potential threat and the
effectiveness of alternative security controls against different threats. This course is oriented toward those
with prior programming and systems development experience.
COURSE TITLE: Information Security Principles and Practices
COURSE LENGTH: 4.5 DAYS
VENDOR:
George Mason University
Department of Information & Software Systems Engineering
School of Information Technology and Engineering
Fairfax, VA 22030-4444
Ravi Sandhu: (703) 993-1659
This course introduces fundamental issues and concepts of information security, emphasizing the Trusted
computer System Evaluation Criteria (TCSEC), which is the seminal publication providing authoritative
guidance concerning trust technology; and its eventual successor, the Federal Criteria for Information
Technology Security. Security policy, risk management, certification and accreditation are discussed in
their supporting roles. The threat of viruses and other rogue programs is discussed; a case study
reinforces the lessons learned. Practical advice for trusted system integration is provided.
COURSE TITLE: COMPUSEC
COURSE LENGTH: 2 DAYS
VENDOR:
Security Engineering Services, Inc.
5005 Bayside Road
Chesapeake Beach, MD 20732
Bruce Gabrielson: (301) 855-4565
This class is an unclassified overview of COMPUSEC requirements, issues and related COMSEC and
TEMPEST information. Attendees should be able to intelligently address technical vulnerability issues in
their ADP systems.
Topics Covered
Laws and DoD Specifications, Trusted Computer Systems, Risk Management, Configuration
Management, Data Remnance, Software Disk Protection, Virus Protection, Network Overviews,
COMSEC Protection,
TEMPEST Protection, OPSEC Issues
Student Background: Intended for entry level security people.
COURSE TITLE: Basics of Computer Security
COURSE LENGTH: 2 DAYS
VENDOR:
Thomas R. Hardy & Associates, Inc.
P.O. Box 5631
Derwood, Maryland 20855
(301) 921-0595
This course is designed for end users and management personnel - it presents the elements necessary for
developing a secure computer system environment. The class addresses the needs of small and large
systems, and network configuration. Topics include: Planning and design; Threats and Vulnerabilities;
Countermeasures; Contingency planning and disaster recovery; Backup site planning; Responsibilities.
COURSE TITLE: Understanding Trusted Systems
COURSE LENGTH: 1 DAY
VENDOR:
BoozAllen & Hamilton
8th Floor, Room 822
8283 Greensboro Drive
McLean, VA 22102-3838
Butch Chaboudy: (703) 902-5265
This course provides an understanding of the Trusted System Evaluation Criteria (Orange Book) and the
Trusted Network Criteria and Trusted Database Management interpretation. The student will gain a
working knowledge of the security fundamentals, the features of each class and the assurance required of
these features. Additionally, the student will be introduced to other appropriate rainbow series books.
COURSE TITLE: Implementing & Managing a Computer Security Program
COURSE LENGTH: 1 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
(301) 588-5922
This course provides an overview of a computer security program, and describes the requirements and
rationale for each program element.
COURSE TITLE: Risk Assessment
COURSE LENGTH: 1 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
(301) 588-5922
This course provides a global examination of computer security risk assessment and the techniques for
applying risk assessment.
COURSE TITLE: Disaster Recovery Planning: Strategies to Develop and Maintain Provable
Recovery Capability (W9912)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course teaches you how to develop, maintain, and test your disaster recovery plan. The objective is to
develop provable recovery capability, not paper documentation. The focus is on what the organization - I/S
and the business functions - must put in place now, keep current and test to the satisfaction of responsible
executives that the business can survive the loss of processing capability. The course discusses strategies that
are independent of any particular hardware or software implementation. This is a management course, not
a technical course.
COURSE TITLE: Data Center Recovery Planning (M2040)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course provides you with a basic understanding of the disaster recovery planning process within a data
center environment. The course focuses on the recovery of the data center and communications to and
from business units/departments. All phases of the recovery planning process, from disaster declaration
through relocation to a new facility, are discussed
COURSE TITLE: PC/LAN Recovery Planning (M2042)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course provides you with a basic understanding of the disaster recovery planning process
encompassing personal computers (PCs) and local area networks (LANs). The course focuses on the
recovery of stand-alone PCs, LANs (the file server environment), and LAN communications to and from
business units/departments. All phases of the recovery planning process, from disaster declaration through
relocation to a new facility, are discussed.
COURSE TITLE: Business Impact Analysis (M2044)
COURSE LENGTH: 2 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course teaches you how to perform a risk analysis to ascertain the impact that a disaster may have on
your business. You will also learn how to analyze your important business functions and the
consequences, if lost, to the organization. You will learn the time period after which this loss becomes
critical and the priorities that each important business function has within the overall recovery process.
You'll learn to use a process involving a thorough impact analysis focusing on all aspects of the business,
not just computerized processes. The course enables you to build an impact analysis and better understand
your overall business process.
COURSE TITLE: Business Resumption Planning (M2046)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course teaches you the many facets of preparing a Business Resumption Plan (BRP). To be able to
resume normal business operations within an organization after a serious outage, an effective recovery
plan must be in place. This course focuses on the business reasoning of such a plan and identifies some of
the obstacles that will have to be overcome. Having a Business Resumption Plan in place may prevent
unnecessary loss to your organization if a disaster affects your manual or automated business functions.
The course shows how to build an effective BRP for your organization. Full attention will be given to the
different aspects of the plan, auditors who must review the competency of an organization's recovery
plans.
COURSE TITLE: Network Recovery Planning (M2056)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course teaches you the fundamentals of handling adverse conditions on networks and recovering
functionality even after complete shutdown or network failure. Different data exchange protocols and their
benefits and vulnerabilities are presented along with the use of servers, routers, and gateways. Typical
local area networks (LANs) and wide area networks (WANs) that mix topologies are also examined.
Particular attention is given to preventing the network failure or shutdown, and to minimizing its effect.
COURSE TITLE: Data Security Planning: Strategies for Effective Information Security (W9898)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACH (800) 426-8322
This course teaches you how to plan and implement data security. It is based upon and uses examples
from successful programs. It takes an organizational view of information and presents many policies,
standards and guidelines of IBM and other organizations. The course discusses strategies that are
independent of any particular hardware or software implementation. This is a management course, not a
technical course. The course discusses programs and processes within the context of end-user computing
and shows how they can enhance protection.
COURSE TITLE: Protecting Your Networks from Hackers, Viruses, and Other Attacks
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
Hackers, phone phreaks, viruses, corporate spies, and disgruntled employees are all real threats to today's
organizations. In this three-day technical seminar you will examine the nature of these significant security
threats and vulnerabilities. You will learn practical, cost-effective security and audit techniques that will
dramatically improve your success in reducing risk while enabling you to go systematically monitor your
organization's security strengths and weakness. You will leave this high-tech session with sample
checklists, a set of valuable software tools, and "how-to" reference materials that will increase your
effectiveness and decrease of attacks on your network.
COURSE TITLE: How to Manage an Information Security Program A Guide for Newly Appointed
Managers
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
This three-day session will be your guide to establishing and managing a workable information security
program. You will learn the components of a comprehensive plan, covering access control software
applications; telecom/network security measures; physical protection of the computer facility; and the legal
and regularity aspects of information security. You will learn how to protect your organization from
computer crime and viruses. You will explore disaster recovery and the key elements of an effective
business continuity program. You will leave this session with a blueprint for building an information
security program or for measuring an existing one.
COURSE TITLE: Audit and Security of Client/Server Architectures
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
As more critical applications continue to move onto networks, the open architecture concept, a lack of true
separation of duties, poor administration, and often unfamiliar network tools leave organizations open to
risk. In this timely seminar you will review the basics of client/server architectures, uncover the risks
within the technology, and identify cost-effective controls for plugging these loopholes. You will learn
how to spot poorly designed client/server applications and how to identify connection risks. You will
explore communications protocols, distributed databases, and the most commonly used network operation
systems, including NetWare, VINES, Unix, NT and OS/2. You will leave this in-depth seminar with a
checklist that you can use as a foundation for a customized workplan for your own client/server audits.
COURSE TITLE: A Fraud Update: Forensic and Investigative Auditing
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
As incidents of fraud continue rise, management now more than ever looks to Audit as its first line of
defense against this bottom-line busting crime. Using case studies and interactive exercises, this three-day
seminar will be your road map through the major fraud concerns facing organizations today. You will
cover investigative principles, forensic auditing, rules of evidence, and federal fraud statue and sentencing
guidelines. You will learn how to develop evidence to support fraud allegations and what the
responsibilities of the audit committee are when fraud is discovered. This high-impact session will provide
you with a solid understanding of contemporary fraud issues and Audit's role in protecting the organization
from this pervasive and complicated crime.
COURSE TITLE: Risk Management
COURSE LENGTH: 24 HRS
VENDOR:
Naval Computer and Telecommunications Station
ATTN Code N823
PO Box 357056
San Diego, CA 92135-7056
(619) 545-8628 - DSN 735-8628
This three-day course is a comprehensive study of Risk Management and is given in a workshop type
environment. This course will provide the attendee with a definition of what comprises Risk Management
and will explain the different components of Risk Management. Instruction will consist of discussion on
Risk Analysis, Contingency Planning, and Security Test and Evaluation (ST&E). Attendees will have a
thorough understanding of each of these Risk Management phases and how to prepare them. Course will
provide the attendee with actual hands-on exercises for each of these phases. Risk Analysis instruction will
include preparation of a Risk Analysis using the three different methods. Also the Risk Analysis portion
will include principles for performing a Risk Analysis on a Local Area Network (LAN). Strongly
recommend completion of the ADPSO Concepts course before taking this course. This course is
conducted at the NAVCOMTELSTA San Diego facility or at your command.
COURSE TITLE: Recent Developments in Information Security
COURSE LENGTH: 4.5 DAYS
VENDOR:
George Mason University
Department of Information & Software Systems Engineering
School of Information Technology and Engineering
Fairfax, VA 22030-4444
Ravi Sandhu: (703) 993-1659
This intensive course presents a comprehensive approach to recent developments in Information
Technology (IT) security. Technology and policy issues for secure operations employing both Computer
Security (COMPUSEC) and Communications Security (COMSEC) components of Information Security
(INFOSEC) are presented. Contemporary issues addressed include: encryption, key escrow, and key
management for authentication, integrity, and confidentiality; proposed standards such as Digital Signature
and Clipper; challenges in developing international criteria; database issues such as polyinstantiation,
inference, and aggregation; and access control beyond the TCSEC (Orange Book).
Discussions will include the use of empirical and theoretical computer and database system and network
design approachers. Broader issues will also be presented, such as integrating security with computer,
database, and network systems design and development requirements; and evaluating the degree of security
available for a given computer, database and/or network system. Extensive practical advice for trusted
system integration is provided.
COURSE TITLE: Secure Systems Design and Program Management
COURSE LENGTH: 2 DAYS
VENDOR:
Security Engineering Services, Inc.
5005 Bayside Road
Chesapeake Beach, MD 20732
Bruce Gabrielson: (301) 855-4565
Participants learn technical rational and requirements that lead to formal management decision making
regarding security issues. Topics Covered: Org. Security, Systems Security Engineering Management,
Risk Management, Audit Controls, Contingency Planning, Risk Analysis, System Test and Evaluation,
System Design, Network Administration, UNIX, Apple System 7, Config. Management, Life Cycle
Management, Virus Protection, COMSEC, Control, TEMPEST Control and Vulnerability Assessments
COURSE TITLE: Writing Security Plans
COURSE LENGTH: 2 DAYS
VENDOR:
BoozAllen & Hamilton
8th Floor, Room 822
8283 Greensboro Drive
McLean, VA 22102-3838
Butch Chaboudy: (703) 902-5265
This course is designed to provide the System Security Officer with the knowledge to develop an ADP
security plan that will meet the requirements to PL 100-235 and D/CID 1/16. Practical exercises are
provided allowing students to develop key sections of a security plan as part of a work group. Each
exercise is conducted following appropriate instruction in "how to" write the plan. Upon completion of the
course, the student will know what information is needed in the development of a security plan, what the
plan should include, where that information can be obtained and how to write policy statements and
security requirements.
COURSE TITLE: Managing Org-Wide Information Security Program
COURSE LENGTH: 3 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
This program examines key issues in building and maintaining a security program that serves more than
one division...a program that cuts across traditional boundaries and must deal with geographically and
organizationally distinct units. Practical, cost-effective ideas on how to structure a plan, tools for
evaluating risks and safeguards, and ways to encourage participation and commitment from all levels of the
organization. Legislative and regulatory pressures including but not limited to the Foreign Corrupt
Practices Act, copyright protection, and the Computer Security Act of 1987. Take-home materials include
articles, checklists, forms, and information sources. NOTE: Ask about available discount for government
hosted classes.
COURSE TITLE: Building Information Security Awareness
COURSE LENGTH: 2 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
This seminar shows how to "educate" managers, users, and DP personnel on the importance of protecting
information resources. Top managers need to know in macro, bottom-line terms. Data security
professionals need detailed technical training. Computer users, operators, and programmers must be
shown what they can do on a day-to-day operational basis. This program delivers practical ideas and
techniques on how to tailor a computer security training/orientation program to each of these diverse
groups. You will learn how to plan a program. You will be shown what types of information should be
gathered for presentation, how it should be logically organized for maximum impact, and which meeting
and presentation techniques are most effective. And finally, you will be given specific ideas on how to
measure the effectiveness of your security awareness program. As a "deliverable," you will develop an
individualized training plan to be used in your own environment. NOTE: Ask about available discount for
government hosted classes.
COURSE TITLE: Data Communications Security
COURSE LENGTH: 2.5 DAYS
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
(301) 588-5922
This course provides an overview of network processing technologies, security threats, safeguards, and
protection strategies. The data communications environments covered in this course include Local Area
Networks, Wide Area Networks, Distributed Data Processing, and remote mainframe access.
COURSE TITLE: Developing Computer Security Policies & Procedures
COURSE LENGTH: 2 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
This seminar is for DP managers, data security managers, and security officers responsible for developing
computer security policies and procedures and integrating them into a comprehensive data processing
security manual. You will learn how to determine what policies are needed, what areas a manual should
cover, and how to gather the necessary information. Two different approaches - step-by-step "cookbook"
procedures vs. more generalized policy statements. How to establish working liaisons with support staff in
other areas, what's needed to get your policies and manual reviewed and approved, and pitfalls that must
be avoided. Critique actual samples of procedures and policies currently in use. NOTE: Ask about
available discount for government hosted classes.
COURSE TITLE: LAN Security
COURSE LENGTH: 2 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
Local area networks (LANs) are significantly impacting the way organizations do business. As more and
more critical work migrates from mainframes to LANs, the need for better controls becomes apparent.
Learn about the security and control issues involved with LANs; the types of critical and sensitive data
now residing on LANs; the impact of loss, change or disclosure; and realistic remedies for identified
vulnerabilities. How transition technologies, topologies, and architectures create complex security,
recovery, and integrity problems. Security features of popular LAN systems software and add-on
packages. The need for policies, procedures, and administrative controls. NOTE: Ask about available
discount for government hosted classes.
COURSE TITLE: Protecting Networks & Small Systems
COURSE LENGTH: 3 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
Widespread use of microcomputers and telecommunications technology offers greater opportunities for
increasing white-collar productivity...and the risk that this technology will proliferate out of control. This
seminar provides a security and control perspective of the opportunities and pitfalls in this new
environment. It will be valuable for data processing management, communications management and
specialists, office automation management, EDP auditors, security officers, and users of small systems.
Participants are encouraged to bring a list of specific, relevant security problems currently being faced
within their own organizations. Selected "cases" will be analyzed and discussed. NOTE: Ask about
available discount for government hosted classes.
COURSE TITLE: Application Security Reviews
COURSE LENGTH: 1 DAY
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
(301) 588-5922
This course examines the requirements and objectives of application security and describes the techniques
and tools for conducting application security reviews. The course includes the planning process, review of
the baseline security goals, sensitivity and criticality determination, data collection methods, and control
weaknesses and safeguards determination.
COURSE TITLE: Computer Security For Managers
COURSE LENGTH: 1 DAY
VENDOR:
USDA, Graduate School
600 Maryland Ave, SW
Washington, DC 20024
(202) 447-7124
This workshop will show you how to develop computer security awareness for end-users, and your role in
program management, planning, personnel security, contingency planning, and the systems development
life cycle. We will briefly review the Computer Security Act of 1987, and cover threats to, and
vulnerabilities of, computer systems and appropriate safeguards, and various approaches to risk
assessment. You will receive checklists and suggestions for becoming more aware of possible computer
security problems in your office, and you will be able to get advice on how to deal with concerns that are
specific to your agency or installation.
COURSE TITLE: Continuity of Operations/Disaster Rec. Planning: Part II Workshop
COURSE LENGTH: 3 DAYS
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
Ronald E. Freedman: (301) 588-0800
This course will be specifically tailored toward the individual course audiences' environment. To
accomplish this, research questionnaires must be completed by course participants prior to attending.
These questionnaires will provide the baseline hardware, software, physical, and operational environments
critical to the development of a discreet COOP/DRP.
COURSE TITLE: Physical Security for Data Processing
COURSE LENGTH: 2 DAYS
VENDOR:
COMSIS
8737 Colesville Road, Suite 1100
Silver Spring, MD 20910
(301) 588-5922
This course provides essential training to personnel in the areas of physical and environmental security in
both large scale (mainframes) and small scale (PC) processing environments.
COURSE TITLE: Audit, Control, and Security of LAN and Mainframe Connectivity
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
In this fast-paced, three seminar you will focus on the control, security, and management aspects that
should be included in any LAN evaluation. After a general overview of a LAN environment, you will
review the Open Systems and OSI "standardized" models of any computing/communication system and
develop a layered audit/analysis work plan based on the models. With this work plan as a guide, you will
investigate: LAN topologies; protocols; LAN interconnections to wide area networks (WANs); client-server and peer-to-peer LAN architectures; LAB Network Operating Systems; connecting LANs to
mainframes; and many more related topics. Keeping jargon and technology in its proper perspective,
emphasis will be placed on those aspects of LAN operation with the greatest audit and security concerns.
A basic understanding of the fundamentals of microcomputers and PC-based applications such as
spreadsheets and database management is strongly recommended.
COURSE TITLE: Computer Viruses
COURSE LENGTH: 3 HRS
VENDOR:
USDA Graduate School
600 Maryland Ave., S.W.
Washington, D.C. 20024
(202) 447-7124
This briefing is designed to provide you with a basic understanding of the nature of computer viruses and
suggested methods and procedures for identifying and dealing with them. The material will focus
primarily on the microcomputer based environment but network and mini-computer virus issues will be
discussed as well.
COURSE TITLE: Computer Security
COURSE LENGTH: 5 DAY
VENDOR:
GSA Training Center
P.O. Box 15608
Arlington, VA 22215-0608
Joan Bender: (703) 603-3213
Participants learn about federal computer security regulations and guidelines and their implementation in
government agencies. Topics include: a threat overview, national computer security policies, an overview
of the National Institute of Standards and Technology and the National Computer Security Center, physical
security considerations, microcomputer security considerations, introduction to risk assessment, qualitative
risk assessment, quantitative risk assessment, other risk assessment methodologies, contingency planning,
design reviews and system tests, and security certification and accreditation.
COURSE TITLE: Information Security and Policy
COURSE LENGTH: 1 SEMESTER
VENDOR:
George Washington University/GSAS
2000 G Street, NW
Washington, DC 20077-2685
(202) 994-7061
Computer fraud and effective countermeasures for computer system security. The social and legal
environment of information systems, including data privacy and ethics in database management.
Information access policy, data security, contracts. Antitrust and other business implications of policies,
transborder data flow, technology transfer, electronic funds transfer systems, criminal justice information
systems, cross-cultural differences, computer infringement of copyright, and protection or property rights
in software. Prerequisite: AdSc 202 and 203.
COURSE TITLE: Planning an EDP Disaster Recovery Program
COURSE LENGTH: 3 DAY
VENDOR:
Computer Security Institute
600 Harrison Street
San Francisco CA 94107
(415) 905-2626
This seminar examines the critical components of the disaster recovery planning process in detail and offers
a practical framework for implementing a disaster recovery program. A "big think" approach is required,
because recovery planning is tedious, time-consuming, and requires management commitment plus cooperation
from all levels of user personnel. Less than 20% of the top 1,000 U.S. firms have workable EDP disaster
recovery plans that have been successfully tested. Indeed, many organizations today have no formal plans at
all. Some have tried to formulate a plan but failed because they underestimated the scope and complexity of
the task. Although a 3-day seminar cannot provide all the details necessary for a comprehensive program, this
seminar will give you a firm grounding in the knowledge and skills needed for a successful disaster recovery
planning effort. NOTE: Ask about available discount for government hosted classes.
COURSE TITLE: Security in Software Applications
COURSE LENGTH: 3 HRS
VENDOR:
USDA Graduate School
600 Maryland Ave., S.W.
Washington, D.C. 20024
(202) 447-7124
This briefing is designed to provide participants with a basic understanding of features and techniques for
incorporating computer security into the design and development of software applications. The material
covered explores a variety of computer security design and programming techniques to enable programmers
and system designers to build security into their applications.
COURSE TITLE: Introduction to Secure Systems
COURSE LENGTH: 2 DAYS
VENDOR:
BoozAllen & Hamilton
8th Floor, Room 822
8283 Greensboro Drive
McLean, VA 22102-3838
Butch Chaboudy: (703) 902-5265
This class provides the student with an understanding of the basic principles to follow in the development and
operation of secure systems--that is, systems that we can trust to protect sensitive or classified information.
This course provides the fundamentals of determining security requirements for trusted systems, determination
of mode of operation, calculation of the level of trusted needed for a system, and an understanding of the
collective impact of security features on a system.
COURSE TITLE: UPS: Design, Selection and Specification
COURSE LENGTH: 2 DAY
VENDOR:
University of Wisconsin, Milwaukee
929 North 6th Street
Milwaukee, WI 53203
(800) 222-3623
Program objectives of this institute will have been accomplished if, upon completion, the attendee can answer
satisfactorily the following questions: Where is UPS needed? When is UPS needed? Should the system be
redundant? How should components be chosen? How is a system designed? What level of protection is
appropriate? What are the system maintenance requirements? What grounding and noise problems need
consideration? How can satisfactory performance be achieved while satisfying the NEC? NOTE:Previous
attendees will find that material has been added to the program since they last attended.
COURSE TITLE: Computer Security In Application Software
COURSE LENGTH: 2 DAY
VENDOR:
Booz-Allen & Hamilton Inc.
8283 Greensboro Drive
McLean, VA 22102-3838
(703) 902-5201
This course presents a logical sequence of overall computer security activities during the application
development life cycle. The course will assist application developers, sponsors, and owners in identifying
security activities that should be considered for applications, whether they are being developed, significantly
enhanced, or routinely debugged. This course is primarily intended for application software managers and
support personnel. NOTE:Contact the vendor for information concerning specialized agency training.
COURSE TITLE: Computer Security
COURSE LENGTH: 1 SEM
VENDOR:
Montgomery College
51 Mannakee Street
Rockville, MD 20850
(301) 279-5185
This course surveys major topics in assessment and development of security procedures for a variety of
computer system. Emphasis is on analysis of security needs, risk assessment and practical measures for
security management. topics include LAN security, protection for personal computers, physical security,
hardware and software protection and products, virus countermeasures and the human aspects of computer
security.
COURSE TITLE: Micro Security for Information Systems Security Analysts
COURSE LENGTH: 32 HRS
VENDOR:
DATAPRO Educational Services
600 Delran Parkway
Delran, NJ 08076
(609) 764-0100
Security Analysts and functional Security coordinators will develop basic microcomputer security skills and
understand the integral role they play in successful protection of system-wide data. Participants will learn
various methods for proper disk handling and secure storage, determine proper data backup techniques and
learn techniques for controlling access to data hardware and software. They will learn how to evaluate the
present contingency plan and develop a risk analysis formula and also will develop a project plan for
contingency implementations of hardware and software.
COURSE TITLE: Network Auditing (M2034)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you the fundamentals of performing a security audit on a computer network. The course
will begin with a review of positive and negative aspects of today's most commonly used networks. The
security facts and assumptions of each network topology are explored in lecture and classroom exercises. This
examination of networks includes all elements of network security (the node, the media, and the control unit).
Different data exchange protocols and their benefits and vulnerabilities are examined along with the use of
servers, routers, and gateways. Typical local area networks (LANs) and wide area networks (WANs) that
mix several topologies are also examined for their vulnerabilities.
COURSE TITLE: PC/LAN Auditing (M2028)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you how to review the security controls in a PC/LAN environment. You will explore the
hardware and software components that impact the protection of the PC/LAN environment. You will learn
the types of information needed to assess the strength of implemented controls as well as how to perform the
collection of this information. Examples are presented that allow you to gain experience in interpreting
security related data.
COURSE TITLE: Auditing the Data Center (M2020)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you how to develop a data center audit for environmental, operational, and procedural
issues and how to prepare for such an audit. You will learn how to locate potential problems within your data
center that could result in significant losses. This course focuses not only on the technological issues but on
the business issues as well. You will learn how to report the findings to management with words that will get
their attention. The classroom exercises will illustrate 200+ questions that can be utilized within the audit
process and that will help you in preparing a data center checklist specifically for your environment.
COURSE TITLE: Introduction to EDP Auditing (M2022)
COURSE LENGTH: 3 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you the fundamentals of auditing electronic data processing (EDP) information systems.
Reviewing the integrity and security of the business information processed by computers and their applications
requires specialized skills. This course provides the initial education for those skills by presenting an audit
approach to computerized information systems. You will learn about some of the tools and techniques
necessary to audit a computerized environment. The focus is on the computing center, distributed processing,
application development, operating systems, and the applications themselves. Classroom exercises will show
you how to identify the important elements of these systems and how to write effective audit reports.
COURSE TITLE: PC Security (M2004)
COURSE LENGTH: 1 day
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you the fundamentals involved in providing effective and comprehensive protection of
personal computers and the information they contain. You will learn how to examine the various components
of PCs and to identify problems that can impact the protection of the PC assets. Typical threats to and
concerns about the data residing on PCs will be discussed. Guidance on countermeasures for implementing
effective controls will also be given.
COURSE TITLE: LAN Security (M2006)
COURSE LENGTH: 1.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you the basics of how and where to implement effective controls in a local area network
(LAN). Security pitfalls existing in both the hardware and software components that make up a LAN will be
identified. The significant challenges presented by the fast growth of LANs in the workplace will be met head
on with guidelines for reducing security exposures. Although this course does not address the specific
implementations of any single network operating system (LAN Network Manager, NetWare, Banyan, etc.),
the topics discussed apply to any and all of these.
COURSE TITLE: Business Fraud (M2008)
COURSE LENGTH: 2 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches you about some of the most common frauds and criminal activities that your organization
could fall prey to. You will learn how to recognize and detect them before your business is exploited. You
will learn which tools to use to review your organization for on-going fraudulent activities and what to do when
they are detected. Crimes against business, such as industrial espionage, telemarketing crimes, computer
crimes, and employee crimes, are a part of U.S. business today. This course will help you to understand their
symptoms, their effects, and the methods to reduce their impact. Classroom exercises illustrate ways to detect
some of them and to avoid becoming their next victim.
COURSE TITLE: Computer Fraud (M2010)
COURSE LENGTH: 2.5 Days
VENDOR:
Skill Dynamics - An IBM Company
One IBM Plaza, 19th Floor
Chicago, IL 60611
(800) IBM-TEACh (800) 426-8322
This course teaches how to detect and prevent the use of the computer for fraudulent activities. The ease of
use that computers have provided to business has created an ease of use for the perpetrator of computer fraud.
You will learn how to recognize the signs of unauthorized computer activity. You will be taught the basic
ways that your organization can fall prey to these activities and the ways to prevent or minimize the threat.
The crimes discussed will range from actual programming issues to manipulation of computer for fraudulent
goals.
COURSE TITLE: Audit and Control of Electronic Data Interchange
COURSE LENGTH: 2.5 DAYS
VENDOR:
The Institute of
Internal Auditors
249 Maitland Avenue
Altamonte Springs, FL 32701
(407) 830-7600 ext. 1
This seminar explains clearly the risks and exposures that can result from opening the organization's computer
platform to additional users - both internal and external to the organization. This course covers the basics of
Electronic Data Interchange (EDI) and stresses internal controls that should be implemented to protect the
organization's assets.
Attendees will learn:
EDI concepts and terminology.
The benefits and risks of EDI.
Internal control requirements for internal and external users.
The basics of telecommunications and third party value-added networks.
Participants will perform a self-assessment of their organization's internal controls regarding EDI and will
develop an audit program throughout the course. An appendix will include a risk, control, and audit step
matrix, a generic audit program, current readings, and a glossary.
COURSE TITLE: Audit and Control of End-user Computing (EUC)
COURSE LENGTH: 2.5 DAYS
VENDOR:
The Institute of
Internal Auditors
249 Maitland Avenue
Altamonte Springs, FL 32701
(407) 830-7600 ext. 1
Audit and Control of End-user Computing focuses on the auditor's role in reviewing controls surrounding end-user developed applications. Attendees learn:
EUC concepts and terminology.
The benefits, risks, and exposures of EUC applications.
EUC controls.
How organizations should administer EUC applications.
What to include in the organization's EUC policy.
During this hands-on seminar, participants will use an IBM/Novell local area network (LAN) for class
exercises. LANSchool is used by the instructor for display of the class discussion material. Other packages
demonstrated or used include Lotus 123, Lotus FreeLance, Clear Software's ALLClear (flowcharting
package), Audit Command Language's ACL for networks, Software Publishers Association's SPAudit, and
WordPerfect.
Participants are provided the SAC Toolkit End-user Audit Program, Module 7 of the SAC report End-user
and Departmental Computing, sample EUC policies and responsibilities, a glossary of terms, and a sample
EUC survey document.
COURSE TITLE: Auditing Information Systems
COURSE LENGTH: 4.5 DAYS
VENDOR:
The Institute of
Internal Auditors
249 Maitland Avenue
Altamonte Springs, FL 32701
(407) 830-7600 ext. 1
This course explains the functions and controls required to safeguard assets in a computer processing
environment. It focuses on the auditor's role in reviewing systems management and those general or
environmental controls that affect applications operating within a given organization or network.
Key topics include:
The challenging issues and functions of information system units.
Internal audit's role in information system reviews.
Management information systems (MIS) standards.
Understanding data security and program change management.
Exploring system development life cycle concepts.
Understanding data bases, data processing standards, and processing support.
Disaster-recovery planning procedures.
Operating systems, distributed systems, and end-user computing.
Understanding network security and administration.
Sample audit programs, a glossary, and a bibliography of course-related reading materials provide an excellent
starting point for attendees preparing to audit information systems.
COURSE TITLE: Integrated Auditing: The Basics
COURSE LENGTH: 4.5 DAYS
VENDOR:
The Institute of
Internal Auditors
249 Maitland Avenue
Altamonte Springs, FL 32701
(407) 830-7600 ext. 1
This seminar offers the know-how to perform applications reviews in the computerized arena. The course
teaches basic EDP auditing skills and knowledge, and defines the "integrated auditor". The seminar includes
a comprehensive case study of a total audit. Participants are provided a sample audit program, a glossary of
terms, sample computer policies, and a sample user security manual.
Attendees learn:
The basics of computer controls, both within and around applications.
An approach to audit planning including
- risk analysis.
- identifying risks and exposures.
- development of test objectives.
- evaluation of results of auditing.
- reporting to management.
Minimal computer programming standards.
Tools and techniques needed to perform a review of modern automated applications, including
stand-alone applications and fully integrated mainframe applications.
Integrated Auditing: The Basics is tailored to auditors just entering the EDP audit arena, including auditors
in departments moving toward integration and financial/operational auditors performing functional audits
involving automated applications.
COURSE TITLE: Computer Security for Security and MIS Professionals
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
The very technologies that have streamlined today's organizations have created vast opportunities for computer
crime and misuse. With PCs on virtually every desktop and networks to link one workstation to another,
computer-savvy criminals and disgruntled employees have more ingenious ways to gain access to critical data
and confidential information. This plan-English seminar is an eye-opener that will be your road map through
a maze of high-tech, high risk exposures. You will discover how to plug the security loopholes in computer
systems, networks, E-mail, voice-mail, and fax transmissions that leave your organization vulnerable to attack.
The seminar covers: strategies for establishing polices and procedures that will keep costly abuse to a
minimum; employee security awareness techniques; sensitive legal issues surrounding employee privacy rights
and software copyright infringement; and more. You will leave this seminar with valuable guidelines and real-world models for preventing, detecting, and responding to criminal attacks, virus infections, and accidental
errors in your own organization.
COURSE TITLE: Intro. to Auditing Micros and LANs: Controlling End-User Computing
COURSE LENGTH: 3 DAYS
VENDOR:
MIS Training Institute
498 Concord Street
Framingham, MA 01701-2357
Pam Bissett: (508) 879-7999
LANs and microcomputers have placed the tools for processing and storing data directly on the decks of end
users. In this three-day seminar you will learn the fundamentals of microcomputer and LAN technology, and
how to classify the risks microcomputer and end-user computing have introduced into the organization. You
will examine the control techniques currently available to address these risks and how to conduct an audit using
a detailed audit program you can bring back for use in your own organization.
COURSE TITLE: Basic Security For PC Users
COURSE LENGTH: 8 HRS
VENDOR:
Naval Computer and Telecommunications Station
ATTN Code N823
PO Box 357056
San Diego, CA 92135-7056
(619) 545-8628 - DSN 735-8628
This one-day course provides the attendees with a basic understanding of the AIS Security Program
fundamentals. This course satisfies the awareness training requirements prescribed in the Public Law 100-235
which mandates that all users of computers must have awareness training. Course training focuses on ways
to eliminate or control potential problems in a microcomputer and Local Area Network (LAN) environment.
This course discusses the DON policy and Minimum Program Requirements that must be met to comply with
policy mandates. The attendees will be given techniques to enhance their awareness of vulnerabilities in a
microcomputer and LAN operating environment and the appropriate protective measures available to reduce
operating risks. This course is conducted at the NAVCOMTELSTA San Diego facility or at your command.
COURSE TITLE: INFOSEC
COURSE LENGTH:
VENDOR:
Security Engineering Services, Inc.
5005 Bayside Road
Chesapeake Beach, MD 20732
Bruce Gabrielson: (301) 855-4565
This course presents a comprehensive overview of information security (INFOSEC) focusing on network ADP
security and other technical issues seldom covered in general introductory level courses. DoD requirements
for government (NSA-NCCS, Air Force, MC, Navy, Joint Staff) and defense industry (DIS) are discussed.
Related OPSEC issues are presented.
Attendees should leave this course with a full understanding of the technically based INFOSEC security issues.
COURSE TITLE: Security Technology in the Real World
COURSE LENGTH:
VENDOR:
Canaudit Inc.
P.O. Box 4150
Simi Valley, CA 93093
(805) 583-3723
SEMINAR OUTLINE
A. THE NEW SECURITY IMPERATIVE :* Why technology security is on everyone's mind * Our
growing dependence on computers and communications * The range of threats: Some "horror stories"-Internal: - Error and omissions - Disgruntled employees - Natural disasters External: - Hackers - Competitors
- Viruses and Worms.
B. COMPUTER SECURITY RESEARCH:* Hot Topics: computer science point of view -Cryptography -
Identification - Distributed Database Security * Hot topics: business point of view - Security awareness in
industry - Level of security planning - Future plans protection.
C. WORKSHOP - IDENTIFYING KEY ISSUES FOR SEMINAR PARTICIPATION: *Introduction *
Worktime * Presentations.
D. GROUP DEBRIEFING ON WORKSHOP PROBLEMS OF IMPORTANCE
E. A METHODOLOGY FOR STRATEGIC RISK MANAGEMENT - ORGANIZATION MODELLING
* Functional model * Situation assessment * Situation simulation * Strategic systems planning and integration
* Data classification Exercise: Data classification questionnaire * Implementation of Data classification -
Mainframe - Unix environment.
F. UNIX SYSTEM SECURITY CONSIDERATIONS * Unix history with respect to security * Access
protection - owner, group, public - files and directories - listing file access (1s-1) - changing file access
(chmod) * Common Unix security problems - Password cracking - Getting root access - Superuser abuse -
Spoofing - Intelligent terminal problems * Unix network problems - Anonymous ftp - Competitors - Remote
logins - Worm programs.
G. WORKSHOP - SECURING FILES IN UNIX:* Background * Command writing exercise.
H. PHYSICAL SECURITY: * Access control * Fire protection * Flood/water damage * Theft protection
* Off site backup.
I. INSURANCE ASPECTS OF TECHNOLOGY: * Loss of assets * Loss of data * Loss of confidentiality
* Valuable papers * Business interruption * Software escrow.
J. LOGICAL ACCESS SECURITY :* Defining user IDs * Privilege fields * ID registration.
K. LEGAL ASPECTS OF T SECURITY: * What makes a "computer crime"? * Criminal Codes -
Unauthorized use of computer - Mischief against data * Civil remedies * Copyright infringement * Theft *
Fraud * Trade secrecy provisions * Working with law enforcement personnel.
L. WORKSHOP: DEALING WITH A VIRUS THREAT:* Problem description * Worktime * Presentation
of solutions.
M. COMMUNICATIONS SECURITY: * Wiretapping, low and high tech * Local area networks * Cellular
telephones * Fax modems * Voice mail systems.
N. RCMP EDP SECURITY: Bulletin #33 (reproduced with permission).
O. CONTINGENCY PLANNING :* Focus on corporate business issues * Proactive aspects * Reactive
aspects * Risk management issues * Key issues.
P. FOCUS ON ISSUES RAISED BY PARTICIPANTS: * Defining the problem * Seeking a solution - at
what cost?
Q. CREATING A SECURITY PLAN FOR YOUR ORGANIZATION:* Elements of a good security plan
* Who should do it * How to implement it * The need for regular review and testing.
R. CONTROLS IN A MICROCOMPUTER ENVIRONMENT: * Introduction * The acquisition process
* Installation and maintenance * Inventory control * Troubleshooting * Application development * Training
* Documentation * File back-up and data security
* Computer Viruses * Hardware Security * Input/Output and Processing Controls
* Application Dependency Model.
S. FUTURE TRENDS IN COMPUTER SECURITY
T. CONCLUDING REMARKS
COURSE TITLE: Using Investigative Software to Detect Fraud
COURSE LENGTH:
VENDOR:
Canaudit Inc.
P.O. Box 4150
Simi Valley, CA 93093
(805) 583-3723
This seminar is designed to teach the concepts of investigative software and provide participants with the skills
required to design, develop and install investigative software routines upon completion of the course material.
Each participant will receive a compendium of suggested investigative software routines for specific industries
and applications.
COURSE TITLE: Auditing System Development: New Techniques for New Technologies
COURSE LENGTH:
VENDOR:
Canaudit Inc.
P.O. Box 4150
Simi Valley, CA 93093
(805) 583-3723
This seminar focuses on the effect new technologies have on the audit approach and explores methods to ensure
that the audit requirement is met without slowing the project or becoming a drain on project resources. Special
emphasis is placed on early identification of control requirements and the rapid reporting techniques that are
required in today's dynamic system development environment.
COURSE TITLE: Auditing EDI Applications
COURSE LENGTH:
VENDOR:
Canaudit Inc.
P.O. Box 4150
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed