sp 800 16 rev 1 3 rd draft
play

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal - PowerPoint PPT Presentation

Jan 14, 2024 •338 likes •750 views

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

  1. SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  2. Background • NIST SP 800-16 “Information Technology Security Training Requirements: A Role- and Performance- Based Model” April 1998 • NIST SP 800-16 Rev 1 DRAFT March 2009 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  3. Document Development • Landscape Analysis • Draft Development – 2 nd Public Draft October 2013 – 3 rd Public Draft March 2014 • Comments due April 30 • Final Publication – June 2014 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  4. Purpose Provide a comprehensive, yet flexible, training methodology for the development of role-based training courses or modules for personnel who have been identified as having significant IT/cybersecurity responsibilities within Federal Organizations. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  5. Relationships • SP 800-50 Building an Information Technology Security Awareness and Training Program • FIPS)200 Minimum Security Requirements for Federal Information and Information Systems • NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations • NIST SP 800-53 A Guide for Assessing the Security Controls in Federal Information Systems and Organizations NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  6. Management • Understand the necessity of role-based training • Plan for the development, implementation and evaluation of role-based training • Understand how roles with security related responsibilities are identified within their organization NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  7. Using SP 800-16 • IT/Cybersecurity Specialist – Subject Matter Expert (SME) – Identify training courses and training – Identify training gaps and needs – Develop baseline NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  8. Using SP 800-16 • Training Professionals – Understand IT security requirements and knowledge/skills required – Evaluate course quality – Obtain the appropriate courses and materials – Develop or customize courses/materials – Tailor their teaching approach to achieve the desired Learning Objectives. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  9. Cybersecurity Proficiency NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  10. Cybersecurity Essentials • Technical underpinnings of cybersecurity and its taxonomy, terminology and challenges; • Common information and computer system security vulnerabilities; • Common cyber attack mechanisms, their consequences and motivation for use; • Different types of cryptographic algorithms; • Intrusion, types of intruders, techniques and motivation; • Firewalls and other means of intrusion prevention; • Vulnerabilities unique to virtual computing environments; • Social engineering and its implications to cybersecurity; and • Fundamental security design principles and their role in limiting point of vulnerability. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  11. Organizational Responsibilities • Organization Head • CIO • SAISO • CLO • Managers • Training Developer • Personnel with Significant IT/Cyber security responsibilities • Users NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  12. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  13. Competency Levels • Level I - skill requirements are basic and are usually obtained during the first few years in that role. • Level II - skill requirements are considered intermediate, and are those skills that have obtained and honed during more years in that role • Level III skill requirements are considered expert, and are those skills that can only be obtained after many years in the role. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  14. Competency Levels NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  15. Functional Perspectives • Manage – Program or technical aspect of a security program – Overseeing the lifecycle of a computer system, network or application; – Responsibilities for the training of staff • Design – Scoping a program or developing procedures, process and architecture – Design of a computer system, network or application; • Implement – Putting programs, processes, polices into place; – Operation/maintenance of a computer system, network or application • Evaluate – assessing the effectiveness of any of the above actions. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  16. Training Methods Diagram NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  17. Overview • Chap 6 Worked Example • Chap 7 Evaluation Methodology • Appendices – Appendix A: Functions – Appendix B: Knowledge and Skills Category – Appendix C: Roles – Appendix D: Sample Evaluation Forms – Appendix E: Glossary – Appendix F: Acronyms – Appendix G: References NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  18. Appendix A: Functions • Functions and roles should be identified as candidates for role-based training – Function Area : Identifies a security function area; – Roles Areas : Identifies various roles that are covered by the function. These roles are guidelines and may exist under different names within a particular Agency; – Definition : Provides a definition of the function; and – Outcome(s): Identifies the various outcomes that the training module should strive to meet for each of the functions and their associated roles. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  19. Appendix B: Knowledge and Skills Category • Knowledge unit and the associated knowledge and skills INDUSTRIAL CONTROL SYSTEMS ICS-1 Knowledge of risk(s) specific to Industrial Control Systems (ICS) ICS-2 Knowledge of ICS unique performance and reliability requirements ICS-3 Skill in restricting logical access to the ICS network and network activity ICS-4 Skill in restricting physical access to the ICS network and devices ICS-5 Skill in protecting individual ICS components from exploitation ICS-6 Skill in maintaining functionality during adverse conditions ICS-7 Skill in restoring ICS after incident quickly NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  20. Appendix C: Roles • Competency/knowledge unit and associated Knowledge and Skills required by a particular role – Function Area: This area corresponds with Appendix A: Function Area. – Role Area: This describes the overall role; – Roles: Identifies various roles that are covered by the function – Responsibility: Defines the activities, tasks and/or responsibilities of that particular role; – Knowledge Unit: Identifies the competencies associated with the role. – Corresponding Knowledge and Skills Table: Functional perspectives for tailoring. • Manage – responsible for management (e.g., managers, team leads, project managers) • Design – responsible for design activities (e.g., system developers, engineers) • Implement – execute implementation (e.g., system administrators, network administrators) • Evaluate – evaluation activities (e.g., testers, security analysts) • Flexibility is required for most role-based training NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  21. Appendix D: Sample Evaluation Forms • The forms that will assist in the evaluation of the training are located within this appendix • Important to the overall process NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  22. Appendix E, F and G • These appendices are the glossary, acronyms and references • Glossary and Acronyms do not include all Federal Organization – will have to tailor to your organization • References provide NIST, FIPS and NICE documents that can provide additional guidance NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  23. Worked Example Step 1 • Conducting the Agency-Wide Needs Assessment – Identify any gaps in the current training program, and/or identify those roles which require training – Federal Organization to use their own process – NIST SP 800-50 to provide guidance NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  24. Worked Example Step 1 - Continued • For example, the Needs Assessment of Organization X determined that the contracting individuals have not been trained in security areas. • This would be a training gap NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  25. Worked Example Step 2 • Identify the functions, using Appendix A • Outcomes are also listed in Appendix – Learning Objectives(s) should be in the forefront • Important: Just because a function or role is listed within the appendices; it does not mean that a training course or module must be built for that role. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  26. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

  27. Worked Example Step 3 • Annotate the associated training outcomes and learning objectives • Appendix C will provide some associated role areas and roles and help shape the learning objectives • Using the appropriate role, the corresponding knowledge and skills can be identified using Appendix B NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

Broker & TPA JAD May 23, 2013 DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2 Broker Topics Transaction files Broker XSD Group file 834 Individual initial enrollment with broker

730 views • 25 slides
PRESENTATION OF THE DRAFT RESOLUTIONS AND TEXT OF THE DRAFT RESOLUTIONS FIRST AND SECOND

PRESENTATION OF THE DRAFT RESOLUTIONS AND TEXT OF THE DRAFT RESOLUTIONS FIRST AND SECOND

MANAGEMENT REPORT AND DRAFT RESOLUTIONS PRESENTATION OF THE DRAFT RESOLUTIONS AND TEXT OF THE DRAFT RESOLUTIONS FIRST AND SECOND RESOLUTIONS Approval of the separate and consolidated fi nancial statements for fi scal year 2017 In the fi rst

352 views • 10 slides
DRAFT - Do not cite or quote DRAFT - Do not cite or quote DRAFT - Do not cite or quote 2017

DRAFT - Do not cite or quote DRAFT - Do not cite or quote DRAFT - Do not cite or quote 2017

DRAFT - Do not cite or quote DRAFT - Do not cite or quote DRAFT - Do not cite or quote 2017 Regulation 85 Rulemaking Cleanup and Corrections Define Headwaters Cooling Towers - potentially remove from regulation

611 views • 10 slides
DRAFT This is a draft paper and numbers and impacts are subject to change as further work is

DRAFT This is a draft paper and numbers and impacts are subject to change as further work is

CONFIDENTIAL DRAFT FOR DISCUSSION SUBJECT TO CIC APPROVAL DRAFT This is a draft paper and numbers and impacts are subject to change as further work is carried out. Draft numbers were provided for capital so that the Committee could have the

459 views • 6 slides
Go 2 Draft Designs Hello everyone, Im here to talk about the draft designs that the Go team

Go 2 Draft Designs Hello everyone, Im here to talk about the draft designs that the Go team

Go 2 Draft Designs Hello everyone, Im here to talk about the draft designs that the Go team recently released for possible future additions to Go, specifically about two areas: improved error handling and parametric polymorphism (AKA generics),

411 views • 29 slides
DRAFT RESPONSE DOCUMENT 2017 DRAFT TAXATION LAWS AMENDMENT BILL (TLAB) AND DRAFT TAX

DRAFT RESPONSE DOCUMENT 2017 DRAFT TAXATION LAWS AMENDMENT BILL (TLAB) AND DRAFT TAX

DRAFT RESPONSE DOCUMENT 2017 DRAFT TAXATION LAWS AMENDMENT BILL (TLAB) AND DRAFT TAX ADMINISTRATION LAWS AMENDMENT BILL (TALAB) Standing Committee on Finance Presenters: National Treasury and SARS | 14 September 2017 Consultation process

410 views • 37 slides
Water Budgets and Modeling KGA Coordination Committee Meeting CA Water Foundation DRAFT DRAFT

Water Budgets and Modeling KGA Coordination Committee Meeting CA Water Foundation DRAFT DRAFT

Water Budgets and Modeling KGA Coordination Committee Meeting CA Water Foundation DRAFT DRAFT GSP Requirements Focus on current and historical budgets first Must cover entire subbasin DRAFT DRAFT KRGSA Water Budgets - GSP Develop

386 views • 25 slides
Master Plan Draft Document Master Plan Draft Document Accomplishments Master Plan Draft Document

Master Plan Draft Document Master Plan Draft Document Accomplishments Master Plan Draft Document

Master Plan Draft Document Master Plan Draft Document Accomplishments Master Plan Draft Document Accomplishments TEAMWORK! - 35 Kimley-Horn Staff Members - 4 Specialty Subconsultants - 3 Utility Owners - 6 Public Infrastructure

683 views • 44 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

884 views • 40 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

820 views • 54 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

647 views • 15 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

474 views • 26 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

608 views • 39 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

950 views • 37 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

690 views • 44 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

676 views • 28 slides
Marketing Skills Presentation Presented to DMAWEF Professors Institute January 5, 2011

Marketing Skills Presentation Presented to DMAWEF Professors Institute January 5, 2011

Marketing Skills Presentation Presented to DMAWEF Professors Institute January 5, 2011 Marketing Skills Presentation Why its important To you To us Overview of Results Starting Salary Less Than $30,000 25.5%

328 views • 22 slides
FY 2014 Proposed Budget Worksession Capital Improvement Management Services g Operating and

FY 2014 Proposed Budget Worksession Capital Improvement Management Services g Operating and

City of San Antonio, Texas FY 2014 Proposed Budget Worksession Capital Improvement Management Services g Operating and Capital Budget Presented by Mike Frisbie, P.E., Capital Improvements Management Services Director August 27 2013 August

728 views • 40 slides
Los Angeles Community College District PROGRAM MANAGEMENT SERVICES 90-Day Progress Report July

Los Angeles Community College District PROGRAM MANAGEMENT SERVICES 90-Day Progress Report July

Los Angeles Community College District PROGRAM MANAGEMENT SERVICES 90-Day Progress Report July 24, 2013 Board of Trustees Meeting Building for tomorrows leaders Scope of the Presentation Establishment of uniform policies and procedures

321 views • 15 slides
Elisha R.T. Chiware Director: CPUT Libraries Models For Research Data Management Services Cape

Elisha R.T. Chiware Director: CPUT Libraries Models For Research Data Management Services Cape

Models For Research Data Management Services RESEARCH DATA MANAGEMENT SERVICES CAPE PENINSULA UNIVERSITY OF TECHNOLOGY Elisha R.T. Chiware Director: CPUT Libraries Models For Research Data Management Services Cape Peninsula University of

503 views • 29 slides
Presentation Overview BHR Agency Budget Salary Policy Employee Benefits 2 BHR's

Presentation Overview BHR Agency Budget Salary Policy Employee Benefits 2 BHR's

4 - 1/17/2014 - BHR Agency Presentation Wednesday, January 29, 2014 11:05 AM Bureau of Human Resources Budget Presentation to the Joint Committee on Appropriations January 17, 2014 Laurie R. Gill, Commissioner Presentation Overview BHR

1.01k views • 79 slides
The Key to Growing Large is Staying Small First: Focus on clients, distribution, &

The Key to Growing Large is Staying Small First: Focus on clients, distribution, &

The Key to Growing Large is Staying Small First: Focus on clients, distribution, & communications July, 2014 Presenter: Joyce C. Murithi, Senior Analyst, MicroSave Joyce@microsave.net @HelixInstitute 1 Project Description Through the

486 views • 13 slides
Our Vision SCLAA delivers value to Member Supply Chain and Logistics (SCL) professionals and

Our Vision SCLAA delivers value to Member Supply Chain and Logistics (SCL) professionals and

Our Vision SCLAA delivers value to Member Supply Chain and Logistics (SCL) professionals and practitioners, and prosperity and competitive advantage to Australia through development of the profession and practice of SCL, collaboration with

348 views • 24 slides
The Opioid Crisis in Colorado: Latest Developments and Responses Robert Valuck, PhD, RPh, FNAP

The Opioid Crisis in Colorado: Latest Developments and Responses Robert Valuck, PhD, RPh, FNAP

The Opioid Crisis in Colorado: Latest Developments and Responses Robert Valuck, PhD, RPh, FNAP Departments of Clinical Pharmacy, Epidemiology, and Family Medicine Director, Colorado Consortium for Prescription Drug Abuse Prevention November 27,

582 views • 42 slides

More recommend