NEWS AT SEI
This article was originally published in News at SEI on: February 1, 2006
Video, documentation, demonstrations, and lab exercises offer unique learning opportunities for information-security professionals.
Today’s networks are complex and globally connected. Educating those responsible for the security and survivability of these networks—and the computer systems they connect—is a major challenge. An even greater challenge is to provide this education in a way that is accessible and not tied to a certain place or time.
To meet these challenges, the CERT Program at the Carnegie Mellon Software Engineering Institute (SEI) has launched the CERT Virtual Training Environment (VTE). Available to anyone connected to the Internet, VTE employs technology to deliver security knowledge to information-security professionals.
CERT VTE provides quick access to training materials such as white papers, captured desktop screen demonstrations, recorded course lectures, and hands-on training labs for information technology professionals who cannot attend in-person training. VTE also provides trained personnel with a means to refresh and practice their knowledge and skills. Thus, network administrators and other IT security professionals can learn from experts with over 17 years of security knowledge and expertise without having to leave their desks.
Different Content for Different Needs
VTE offers Knowledge in Depth for Defense in Depth (KD3) training material covering topics on information assurance, cyber forensics, and other IT-related topics in three different forms.
First, CERT VTE offers a free public-access Web “library” of content that includes documents, demonstrations of concept applications, and videotaped lectures. Users who wish to learn the basics of computer security can visit the VTE library and select a subject they want to learn more about.
In the library, students can choose one or more of the following subject-matter groups: asset and risk management, information assurance policy and implementation, TCP/IP security, cryptography, host-system hardening, securing network infrastructure, firewalls and network security, intrusion detection, synchronization and logging, forensics and incident handling. The content for these 10 groups incorporates existing materials from CERT public course offerings, as well as other special material drawn from training and courses that are not offered to the public.
“The SEI’s mission is to transition knowledge and technology,” says Jim Wrubel, senior member of the technical staff and VTE team lead. “By providing free access to these documents, we are not only fulfilling that mission, but also raising the awareness that an informed and educated IT community will prevent security problems before they happen.”
Next, VTE offers a paid subscription service, which contains lab environments that users can access, performing exercises that test the skills learned through use of the other VTE materials.
“These labs provide a unique training exercise—a chance to apply the knowledge described in the lectures, documents, and demos found in the public library. They provide a chance to try new skills in a risk-free environment,” says Wrubel.
Finally, beginning in March 2006, information-security professionals will have the opportunity to complete full courses in this online environment. The online classroom mode will offer a guided path through course content, track and evaluate student progress, and give students the opportunity to interact with a course instructor via email and chat sessions. There will be a charge for each course taken, and students who complete these online courses will be eligible for continuing education units (CEUs), just like in-person SEI course attendees.
VTE will initially offer online versions of three courses that are now offered in live public and customer-site locations: Information Security for Technical Staff, Advanced Information Security for Technical Staff. More network-security and incident-handling courses will be added in the future. By the summer of 2006, special tracks will be available that will allow organizations to meet the training-compliance needs of directives such as DoD 8570 and the Federal Information Security Management Act (FISMA). VTE can also be used by organizations to host their own private content, to be delivered exclusively to their designated audiences.