NEWS AT SEI
This article was originally published in News at SEI on: March 1, 2002
Over the past two years, the number of security incidents reported to the CERT® Coordination Center has increased sharply. Incidents are occurring more frequently, and the resulting damage to systems and networks has been increasingly severe.
To help organizations protect themselves from and respond to network security threats, the SEI offers enterprise-wide training for organizations. The courses incorporate current trends and developments in network security and computer security incident response.
As opposed to technology-based point solutions, the courses approach information security, survivability, and risk from a broad perspective to provide a more comprehensive solution. Courses can be taken individually, or as part of a larger information security curriculum (see Figure 1).
These courses address the need to increase the numbers of managers and technical staff trained to incorporate security practices,” explains Barbara Laswell, manager of practices development and training. “Collaboration with strategic customers provides valuable real-world examples that drive development of the course content.”
Figure 1: Information Security Curriculum
Five courses derive from the work of the CERT Coordination Center, and provide introductory and advanced training for technical staff and managers of computer security incident response teams (CSIRTs):
Three courses focus on broader Internet security issues designed to educate technical staff, policymakers, managers, and senior executives who are responsible for protecting information assets that are critical to their enterprise’s mission.
The NSS Program is also offering a new course in support of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method.
The OCTAVE Method Training Workshop is designed for interdisciplinary analysis teams that will lead and perform information security risk evaluations for their organizations. The workshop covers the OCTAVE Method, preparation for implementing the method, and guidelines for tailoring the method to meet an organization’s unique needs.
As a result of implementing OCTAVE, enterprises may identify training needs related to the protection of critical information assets. For example, in one enterprise conducting an OCTAVE, the need arose to provide a common frame of reference for information security concepts across the organization. The NSS course Concepts and Trends in Information Security addressed this need.
To date, a variety of organizations from the United States and abroad have participated in the courses, including representatives from all of the critical infrastructure sectors. The SEI continues to work with strategic customers to create courses that serve the needs of the greater community.
Currently, the program is developing a Department of Defense-sponsored introductory level security and survivability course for system and network administrators. In addition, the program is collaborating with partners in law enforcement and the academic community to develop a computer forensics workshop for managers and technical staff from industry, academic, and law enforcement organizations. There is an acute need for these sectors to work together to collect, analyze, and preserve artifacts as well as to develop digital forensics methods related to electronic crime. Laswell explains, “By transitioning best practices through our courses, we help organizations protect against today’s threats, mitigate future threats, and improve the information assurance posture of organizations and their networked systems.”
For more information
Please tell us what you
think with this short
(< 5 minute) survey.