Learning

Teaching Information Assurance and Cybersecurity

umucWith the continually evolving threat landscape affecting organizations in all sectors, there is a persistent need to increase the number and qualifications of workers trained in information security disciplines. The conventional focus on information assurance or information security seems to have given way to cybersecurity as the term most in vogue, as seen in the recent rise of undergraduate and graduate academic degree programs in cybersecurity. A representative case-in-point is the University of Maryland University College, where SecurityArchitecture.com founder Stephen Gantz has taught since 2005 as an adjunct professor of information assurance. While UMUC has long had bachelors and masters degree (and graduate certificate) programs in information assurance, the university launched new degree programs in cybersecurity and cybersecurity policy in 2010 which quickly eclipsed the information assurance programs in popularity (UMUC dropped the undergraduate IA program several years ago, but continues to offer a master of science in information technology degree concentrated on information assurance).

What does it mean to learn, or to teach, information security? Security needs in public and private sector organizations – and correspondingly security jobs those organizations seek to fill – increasing emphasize the importance of practical,tangible qualifications, experience, and subject-matter expertise. While security certifications provide one means of gauging domain knowledge, and are frequently cited as required or strongly desired, particularly by government agencies and contractors, the widespread availability of written reference materials and online certification exam prep guides can make certifications unreliable indicators of capabilities needed to effective perform security functions. Many academic programs and professional training courses have shifted their emphasis to teaching hands-on security skills through the use of lab exercises and dedicated network environments that allow students the opportunity to approximate real-world defensive and offensive scenarios.

There is still an important role for security textbooks, reference materials, and even lectures or how-to guides. To achieve learning objectives in training settings that translate into effective operational security (including security management), there is no substitute for direct exposure to security tools, techniques, and deployment alternatives. For instance, one of the information assurance courses at UMUC focuses on intrusion detection and prevention, illustrated in practical terms through the hands-on use of Snort, one of the most popular open-source network IDS tools. Snort offers a lot of advanced features and complex intrusion analysis capabilities, but can nonetheless be installed and configured for basic experimentation and learning purposes on just about any computer workstation.

Security Training

We prepare training materials and provide training on a variety of security topics, with experience in online and face-to-face course delivery models. Our practitioners have worked in both university and professional training settings, and we can work with you to provide tailored, focused training ranging from half-day subject overviews to multi-day, in-depth topic coverage. Representative professional courses include:

  • Security Management Frameworks
  • Layered Security Architecture
  • Security Policy Development
  • Risk Management Fundamentals

Our areas of expertise include security management, security engineering, and the application of security control frameworks relevant to both private and public sector organizations; security policy development, implementation, and enforcement; layered security architecture, enterprise architecture, and defense-in-depth practices; enterprise risk management; and security and privacy compliance.

Training for Security Certifications

SecurityArchitecture.com does not provide certification-specific training or certification exam preparation. When seeking training in order to meet security and privacy certification requirements and to prepare for and successfully pass certification exams, tailored courses are often available from the certifying organizations themselves. There are also many third-party sources of security training that provide instruction not only for certification test preparation, but also in the fundamentals of security (which typically underlie the relevant certifications) and education in detailed technical and practical knowledge that can only be gained through hands-on exposure.

  • International Information Systems Security Certification Consortium (ISC)2 — maintains the common body of knowledge for the Certified Information Systems Security Professional (CISSP) and offers training related to the CISSP, its three specializations (ISSAP, ISSEP, ISSMP), and other certifications including the SSCP, CAP, CSSLP, CCFP, and HCISPP.
  • Information Systems Audit and Control Association (ISACA) — perhaps best known in the IT industry as the source for the Control Objectives for Information and related Technology (COBIT) IT management framework, ISACA provides training for available certifications in auditing (CISA), security management (CISM), risk management (CRISC), and IT governance (CGEIT).
  • The SANS (SysAdmin, Audit, Network, Security) Institute — offers a broad range of security training and certification programs, ranging in skill and experience level from basic to advanced. Under its flagship Global Information Assurance Certification (GIAC), the SANS Institute emphasizes advanced technical training with a number of very narrowly focused certifications. It also has training in specific domains related to security, including information systems, audit, management, operations, legal, and software.
  • International Association of Privacy Professionals (IAPP) — wholly focused on the domain of information privacy, the IAPP offers education on privacy laws and regulations worldwide, with training in support of its Certified Information Privacy Professional (CIPP) and its variations (CIPP/US, CIPP/C, CIPP/E, CIPP/G) as well as certifications in privacy management (CIPM) and technology (CIPT).
  • Security University — with a strong emphasis on hands-on training using a wide range of tools and technologies, this CNSS-approved third party training organization offers multiple technical certifications in support of its Qualified Information Securtiy Professional (Q/ISP) and Qualifed Information Assurance Professional (Q/IAP) certification programs.
  • TeachPrivacy — founded by renowned legal scholar and author Daniel J. Solove, TeachPrivacy offers a wide range of privacy awareness training materials, delivered as comprehensive program in targeted areas of knowledge or as modular topics that offer dynamic, interactive treatment of a wide range of privacy subjects.