Security isn’t
about technology.
Table of contents
It’s about people.
Educational Resources ....................................................3
Technology may be one
aspect of information
assurance, but the real
challenge is managing
the human side. To be truly
effective in this growing sector of IT,
you need to learn the policies, procedures,
structure and management of an enterprisewide information assurance system. Only
Norwich University has the expertise to deliver this kind of
comprehensive education in an online Master of Science in
Information Assurance degree.
Quality. Taught by leaders in the information assurance field,
you’ll earn your degree from a fully-accredited university with
over 185 years of academic heritage.
Convenience. Earn your degree in less than two years, not
five—with the anytime, anywhere convenience of online
instruction that fits education around your work and family.
Experience. With our unique case study program, you’ll be able
to meld theory and practice to graduate with actual information
assurance consulting experience.
learn more:
www3.norwich.edu/msia • 800.NU.ONLINE
msia@norwich.edu
“It’s about time that a program of this caliber is finally
available. Where else can you get the best-of-the-best security
thinkers and practitioners under one virtual roof?”
-- Winn Schwartau, President, Interpact, Inc.
Events..................................................................................9
Online Resources ..........................................................13
Associations/Organizations ........................................21
Industry Sponsors..........................................................25
Welcome to the inaugural issue of (ISC)2’s Resource Guide for
Today’s U.S. Government Information Security Professional.
Professional. (ISC)2 has
published this guide as part of its ongoing commitment to help
advance the information security
industry. Its purpose is to better
equip government INFOSEC
professionals with quick access to
helpful information specific to their
James E. Duffy, CISSP
discipline. We hope that this handy
guide will become a trusted resource Executive Director
for you and your colleagues.
About (ISC)2
(ISC)2 is a non-profit organization that has certified approximately
25,000 Information Security professionals in 100 countries in the
last 15 years. (ISC)2 is dedicated to offering internationally recognized credibility to government information security professionals at every career level. Based in Vienna,Va. with offices in
London and Hong Kong, (ISC)2 is vendor neutral and serves as
an advocate on public policy issues affecting the Information
Security profession.
The information included in this guide was verified as of the publication
date. Updates to information listed herein should be e-mailed to
guideinfo@extensiongroup.com. To request additional copies, go to
www.isc2.org.
© Copyright 2004 (ISC)2, Inc. All Rights Reserved.
The George Washington University, located in
the heart of Washington DC, offers a variety of
programs of study in information security and
assurance, ranging from purely technical courses
of study, such as network and computer security,
to higher level systems engineering oriented
courses of study, such as information security
management. Degrees granted range from
bachelors through doctoral studies. In addition to
academic degree programs, certain courses have
been evaluated to conform to National Training
Standards for information security. GWU is an
NSA-certified Center of Academic Excellence for
Information Assurance Education.
SCHOOL OF ENGINEERING AND APPLIED SCIENCE
www.seas.gwu.edu • 202.994.8675 • engineering@gwu.edu
GW is an equal opportunity/affirmative action institution.
Educational
Resources
IN FO RM A TIO N SECURITY
A N D ASSURANC E
Educational Resources
Centers of Excellence for Information
Assurance Education
The National Security Agency (NSA) has designated the academic
institutions listed below as Centers of Excellence in Information
Assurance Education. For additional program information, see
www.nsa.gov/isso or call the NSA INFOSEC Service Center at
800-688-6115.
Air Force Institute of
Technology
Drexel University
Center for INFOSEC Education
and Research
Wright-Patterson Air Force Base, Ohio
(937) 255-3636 x4622
Department of Electrical and
Computer Engineering
Philadelphia, Pennsylvania
(215) 895-2241
(215) 895-1695 Fax
www.afit.edu
www.ece.drexel.edu
Auburn University
East Stroudsburg
University
Information Assurance Laboratory
Department of Computer Science
and Software Engineering
Auburn, Alabama
(334) 844-6360
Computer Science Department
East Stroudsburg, Pennsylvania
(570) 422-3779
www.esu.edu/cpsc
www.eng.auburn.edu/users/hamil
ton/security/
Florida State
University
Capitol College
Department of Computer Science
Tallahassee, Florida
(850) 644-2644
(850) 644-0058 Fax
Graduate Programs in Network
Security
Laurel, Maryland
(301) 369-2800
(800) 950-1992
http://www.cs.fsu.edu/infosec/
www.capitol-college.edu/
academics/grad/msns2.html
George Mason
University
Carnegie Mellon
University
Center for Secure Information Systems
Fairfax,Virginia
(703) 993-1653
(703) 993-1638 Fax
Center of Academic Excellence in
Information Assurance Education
Software Engineering Institute
Pittsburgh, Pennsylvania
(412) 268-5800
(412) 268-6257 Fax
www.isse.gmu.edu/~csis/index.html
George Washington
University
School of Engineering and Applied
Science
Washington, DC
(202) 994-6158
(800) 537-SEAS
www.sei.cmu.edu
www.seas.gwu.edu
3
Educational Resources
Georgia Institute of
Technology
Mississippi State
University
College of Computing
Atlanta, Georgia
(404) 894-3152
(404) 894-9846 Fax
Center for Computer Security
Research
Department of Computer Science
and Engineering
Mississippi State, Mississippi
(662) 325-7450
(662) 325-8997 Fax
www.cc.gatech.edu
Idaho State University
National Information Assurance
Training and Education Center
Pocatello, Idaho
(208) 282-0211
www.csu.msstate.edu
http://security.isu.edu or
http://niatec.info
Information Resources
Management College
Washington, DC
(202) 685-6300
(202) 685-3974 Fax
National Defense
University
Indiana University of
Pennsylvania
www.ndu.edu/irmc
Indiana, Pennsylvania
(724) 357-2100
Naval Postgraduate
School
http://www.iup.edu
Iowa State University
Information Systems Security
Laboratory
Ames, Iowa
(515) 294-4111
Center for Information Systems
Security Studies and Research
Monterey, California
(831) 656-3758
(831) 656-2814 Fax
http://www.issl.org
http://cisr.nps.navy.mil
James Madison
University
New Jersey Institute
of Technology
Harrisonburg,Virginia
(540) 568-8772
(540) 568-6023 Fax
College of Computing Sciences
University Heights, Newark,
New Jersey
(973) 596-5765
(973) 596-5777 Fax
www.infosec.jmu.edu
Johns Hopkins
University
www.it.njit.edu
New Mexico Tech
Information Security Institute
Baltimore, Maryland
(410) 516-4250
(410) 516-8457 Fax
Department of Computer Science
Socorro, New Mexico
(505) 835-5126
(505) 835-5587 Fax
www.jhuisi.jhu.edu
www.cs.nmt.edu
4
Resource Guide for Today’s U.S. Government Information Security Professional
North Carolina State
University
Portland State
University
Computer Science Department
Raleigh, North Carolina
(919) 515-5764
(919) 515-7925 Fax
College of Engineering and
Computer Science
Portland, Oregon
(503) 725-4036
(503) 725-3211 Fax
http://ecommerce.ncsu.edu/infosec/
www.cs.pdx.edu
Northeastern
University
Purdue University
The Center for Education and
Research in Information Assurance
and Security (CERIAS)
West Lafayette, Indiana
(765) 494-7841
(765) 496-3181 Fax
College of Computer and
Information Science
Boston, Massachusetts
(617) 373-2462
(617) 373-5121 Fax
www.northeastern.edu
www.cerias.purdue.edu
Norwich University
Stanford University
Northfield,Vermont
(802) 485-2001
(800) 468-6679
(802) 485-2032 Fax
Computer Science Department
Stanford, California
(650) 723-2273
(650) 725-7411 Fax
www.norwich.edu/biz/cs
http://crypto.stanford.edu/seclab
Pennsylvania State
University
State University of
New York, Buffalo
Center for Information Assurance
School of Information Sciences and
Technology
University Park, Pennsylvania
(814) 865-3529
(814) 865-6426 Fax
Center of Excellence in
Information Systems Assurance
Research and Education
Department of Computer Science
and Engineering
Buffalo, New York
(716) 645-3180 x300
(716) 645-3464 Fax
http://net1.ist.psu.edu/cica/
Polytechnic University
http://www.cse.buffalo.edu/caeiae/
Brooklyn, New York
(718) 260-3600
(718) 260-3136 Fax
State University of New
York, Stony Brook
www.poly.edu
Computer Science Department
Stony Brook, New York
(631) 632-6000
www.cs.sunysb.edu
Educational Resources
Stevens Institute of
Technology
University of Idaho
Department of Computer Science
Hoboken, New Jersey
(201) 216-5328
(201) 216-8249 Fax
Center for Secure and Dependable
Systems
Moscow, Idaho
(208) 885-4114
(208) 885-7099 Fax
www.cs.stevens-tech.edu
www.csds.uidaho.edu
Center for Systems Assurance
Syracuse, New York
(315) 443-2938
(315) 443-1122 Fax
Department of Computer Science
Urbana, Illinois
(217) 333-4428
University of Illinois at
Urbana-Champaign
Syracuse University
www.csa.syr.edu
http://ciae.cs.uiuc.edu/
Texas A&M University
University of
Maryland, Baltimore
County
Center for Information Assurance
and Security
College Station,Texas
(979) 845-8585
(979) 845-1855 Fax
Center for Information Security
and Assurance
Baltimore, Maryland
(410) 455-3500
(410) 455-3969 Fax
http://cias.tamu.edu/
Towson University
www.cisa.umbc.edu
Center for Applied Information
Technology
Towson, Maryland
(410) 704-4909
(410) 704-4908 Fax
University of Maryland
University College
Adelphi, Maryland
(800) 888-UMUC
www.towson.edu/CAIT/
www.umuc.edu
University of
California at Davis
University of
Massachusetts,
Amherst
Computer Security Laboratory
Department of Computer Science
Davis, California
(530) 752-7004
(530) 752-4767 Fax
Department of Computer Science
Amherst, Massachusetts
(413) 545-2744
(413) 545-1249 Fax
http://seclab.cs.ucdavis.edu/
University of Dallas
www.cs.umass.edu
Center for Information Assurance
Graduate School of Management
Irving,Texas
(972) 721-5174
http://gsmweb.udallas.edu/
info_assurance/
6
7
Educational Resources
University of Nebraska
at Omaha
University of Virginia
School of Engineering and Applied
Science
Charlottesville,Virginia
(434) 924-3072
Nebraska University Consortium
on Information Assurance
College of Information Science and
Technology
Omaha, Nebraska
(402) 554-2380
(402) 554-3284 Fax
www.seas.virginia.edu
Walsh College
www.walshcollege.edu/pages/432.asp
University of North
Carolina, Charlotte
U.S. Military Academy,
West Point
The Laboratory of Information
Integration, Security and Privacy
Department of Software and
Information Systems
Charlotte, North Carolina
(704) 687-3783
Information Technology and
Operations Center
Department of Electrical
Engineering and Computer Science
West Point, New York
(845) 938-4628
www.sis.uncc.edu/LIISP
www.itoc.usma.edu
University of
Pennsylvania
West Virginia
University
Department of Computer and
Information Science
Philadelphia, Pennsylvania
(215) 898-8560
(215) 898-0587 Fax
Lane Department of Computer
Science and Electrical Engineering
College of Engineering and Mineral
Resources
Morgantown,West Virginia
(304) 293-0405
(304) 293-8602 Fax
www.upenn.edu/programs/
University of Texas,
San Antonio
www.lcsee.cemr.wvu.edu
College of Business
San Antonio,Texas
(210) 458-4313
(210) 458-4308 Fax
www.utsa.edu
University of Tulsa
Center for Information Security
Tulsa, Oklahoma
(918) 631-3269
www.cis.utulsa.edu
8
Events
Information Assurance Center
Troy, Michigan
(248) 823-1369
http://nucia.ist.unomaha.edu/
Events
Tradeshows and Events for the Federal
Security Professional
Few industries have the number and scope of professional
meetings, conferences, tradeshows, and seminars as the information security discipline. This guide includes events scheduled for
2004, particularly those focused on the concerns of INFOSEC for
government applications. (Events are listed by date.)
Focus on FISMA
Conference and
Symposium –
Improving Your Grade
AFCEA Homeland
Security Conference
February 24 - 26, 2004
Ronald Reagan Building and
International Trade Center
Washington, DC
January 27, 2004
Ronald Reagan Building and
International Trade Center
Washington, DC
www.afcea.org/homeland04/
Information Assurance
2004: Securing Our
Critical Infrastructure
www.potomacforum.org
2004 High Assurance
Internet Protocol
Encryption (HAIPE)
Symposium
February 25 - 26, 2004
Crown Plaza Hotel
Arlington,Virginia
www.idga.org
January 27 - 29, 2004
San Diego, California
2004 Information
Assurance Workshop
Information Assurance
– Defense Counter
Information Operations
Workshop
February 2 - 5, 2004
Hyatt Regency Atlanta
Atlanta, Georgia
Sponsored by the 50th Space Wing
March 4, 2004
Colorado Springs, Colorado
www.iaevents.com
www.technologyforums.com
2004 National Threat
Symposium
2004 PACOM CMS/EKMS
2nd Annual Conference
February 10 - 11, 2004
National Nuclear Security
Administration
Las Vegas, Nevada
United States Pacific Command
Communications Security Material
System/Electronic Key Management
System Conference
March 8 - 12, 2004
Waikiki Beach Marriott Resort
Honolulu, Hawaii
www.iaevents.com
www.iaevents.com
www.iaevents.com
9
Events
17th Annual FISSEA
Conference Federal
Information System
Security Educator’s
Association
Colloquium for
Information Systems
Security Education
(CISSE)
June 7 - 10, 2004
United States Military Academy
West Point, New York
March 10, 2004
University of Maryland University
College
The Inn & Conference Center
Adelphi, Maryland
www.ncisse.org/conferences.htm
2004 National OPSEC
Conference and
Exhibition
www.fbcinc.com
The 2004 Homeland &
Global Security Summit
June 7 - 11, 2004
Baltimore Marriott
Waterfront Hotel
Baltimore, Maryland
March 31 - April 1, 2004
Washington Convention Center
Washington, DC
www.iaevents.com
DoE Information
Management
Conference
www.globalsecurity.bz/conferences
/current_conferences/hgss04/
AFCEA Spring
Intelligence Symposium
June, 2004 (Exact dates TBA)
Location TBA
April 21 - 22, 2004
Langley,Virginia
2004 Cross Domains
Solutions Workshop
NetSec 2004
Conference and
Exhibition: Building
the Secure Enterprise
www.iaevents.com
www.gocsi.com/events/netsec.jhtml
www.afcea.org/calendar
April 27 - 29, 2004
The National Conference Center
Lansdowne,Virginia
June 14 - 16, 2004
Hyatt Regency Embarcadero
San Francisco, California
Redstone
Arsenal/NASA Marshall
Annual IA Workshop
Federal Information
Security Conference
(FISC 2004)
May 5 - 6, 2004
Huntsville, Alabama
June 16 - 17, 2004
Colorado Springs, Colorado
www.technologyforums.com
www.fbcinc.com/fisc/
DoE Cyber Security
Group Training
Conference
Veterans Affairs InfoSec
Conference 2004
June 21 - 25, 2004
Atlanta, Georgia
May 24 - 27, 2004
Overland Park, Kansas
www.technologyforums.com/
upcoming_events/
http://cybertrain.labworks.org/
conferences/may2004/
10
Collaborate · Educate · Innovate
The E-Gov Institute is dedicated to providing quality
educational offerings to those involved in government IT.
Developed in conjunction with government and industry
practitioners, designed to provide real-world solutions, and
presented in a collaborative setting, the E-Gov Institute forums
and conferences aim to encourage innovation in public service.
To learn more, please visit www.e-gov.com
www.e-gov.com, email
info@e-gov.com or call 800-746-0099.
T H E E - G OV I N S T I T U T E 2 0 0 4 C U R R I C U LU M
Enterprise Architecture
Conference: February 3–5 Exhibition: February 5
Web-Enabled Government
Conference: February 4–5 Exhibition: February 5
Knowledge Management
Conference: April 12–14 Exhibition: April 14
The Annual Government Solutions Forum
Conference: June 2–4 Exhibition: June 2–3
Enterprise Architecture
Conference: September 20–22
Exhibition: September 22
Program Management Summit
November 18–19
Homeland Security
Conference: November 30–December 2
Exhibition: November 30
Information Assurance
Conference: November 30–December 2
Exhibition: November 30
Events
Government
Symposium on
Information Sharing
and Homeland
Security
June 28 - 30, 2004
Orlando, Florida
www.federalevents.com
Army Materiel
Command (AMC)
Annual Information
Assurance Workshop
July 7 - 8, 2004
Rock Island Arsenal
Rock Island, Illinois
www.technologyforums.com
GOVSEC 2004
Federal Information
Assurance Conference
2004 (FIAC 2004)
October 26 - 27, 2004
University of Maryland University
College – The Inn & Conference
Center
Adelphi, Maryland
www.fedpage.com and
www.fbcinc.com
ShadowCon - Military
Information Assurance
Conference &
Exposition
November 2004 (Exact dates TBA)
Quantico,Virginia
www.technologyforums.com
31st Annual Computer
Security Conference
and Exhibition
www.govsecinfo.com
November 8 - 10, 2004
Marriott Wardman Park Hotel
Washington, DC
Sponsored by the AFCEA Southern
Arizona Chapter
October 5 - 7, 2004
Ft. Huachuca, Arizona
www.afcea-southaz.org
AFCEA Fall Intelligence
Symposium 2004
October 20 - 21, 2004
DIAC, Bolling Air Force Base
Washington, DC
www.afcea.org/calendar/
www.gocsi.com/events/
annual.jhtml
E-Gov Institute
Information Assurance
2004 and Homeland
Security 2004
November 30 - December 2, 2004
Ronald Reagan Building and
International Trade Center
Washington, DC
www.e-gov.com
DoD Cyber Crime
Conference and
Exposition 2004
Today's government IT buyers
sit at the intersection of
government, business and
technology, building
technology-driven solutions
that make government more
efficient,collaborative and
citizen-centric – in short,
building smart government.
Federal Computer Week is
the only government media
brand that provides
integrated coverage of
business, technology and
government issues – helping
government IT buyers buy,
build and manage
technology in ways that
deliver results.
To learn how Federal Computer Week
can help you get results,
visit www.fcw.com.
December 2004 (Exact dates TBA)
Las Vegas, Nevada
www.technologyforums.com
12
Deeper. Smarter. Gets more done.
Online
Resources
July 28 - 29, 2004
Washington Convention Center
Washington, DC
Command, Control,
Communications,
Computers and
Intelligence Systems
Technology (C4IST)
Smart government starts here.
Online Resources
Index
Government Online Resources ..............................................13
Organizational Security Resources Online ..........................15
Educational Resources – Security Link Libraries Online ....18
For Consumers, Families, and Educators ..............................19
Industry Portals – Resources Online ....................................19
Professional Publications ........................................................20
For current online security news and information, go to
www.FCW.com.
Government Online Resources
Many government websites provide frequently updated information for
security professionals. The sites listed below include a range of references
and services, including CERTs, security standards, best practices, and
national cybersecurity policy.
Executive Office of the President
National Strategy to Secure Cyberspace, Office of the President
www.whitehouse.gov/pcipb/
Homeland Security Information
www.whitehouse.gov/homeland
Federal Trade Commission
Online Security-Related Resources
http://www.ftc.gov/bcp/conline/edcams/infosecurity/resources.html
National Institutes of Health
Advanced Laboratory Workstation System
http://www.alw.nih.gov/Security/security.html
National Security Agency
Information Assurance Directorate
www.nsa.gov/isso
Office of Personnel Management
Scholarship for Service, Cyber Corps – Defending America’s Cyberspace
www.sfs.opm.gov
13
source
Resource
GuideGuide
for Today’s
for Today’s
U.S. U.S.
Government
GovernmentInformation
InformationSecurity
Security Professional
Professional
U.S. Department of Commerce
Online Resources
U.S. Department of Justice
Computer Security Resource Center
Computer Security Division, Information Technology Laboratory
Computer Crime and Intellectual Property Section (CCIPS)
of the Criminal Division, National Computer Crime Center
http://csrc.nist.gov
www.cybercrime.gov
ICAT Metabase, National Institute for Standards and Technology
Computer Security Division, Information Technology Laboratory
InfraGuard
Federal Bureau of Investigation
http://icat.nist.gov/icat.cfm
www.infraguard.net
National Information Assurance Partnership
Internet Fraud Complaint Center (IFCC)
www.niap.nist.gov
www.ifccfbi.gov
U.S. Department of Defense
The Information Assurance Technology Analysis Center (IATAC)
Defense Technical Information Center (DTIC), Defense Information
Systems Agency (DISA)
http://iac.dtic.mil/iatac
U.S. Department of Energy
Information Security Resource Center (ISRC), Pacific Northwest National
Laboratory (PNNL)
www.pnl.gov/isrc/
U.S. Department of Homeland Security
www.dhs.gov
Information Analysis and Infrastructure Protection Directorate
www.nipc.gov and www.ciao.gov
Federal Computer Incident Response Center
www.fedcirc.gov
Organizational Security Resources Online
A range of professional organizations provide resources to the INFOSEC
community online. Use these sites to locate membership opportunities,
review technical committee reports and white papers, and browse current
information security “hot topics.”
Business Software Alliance
www.bsa.org
Center for Internet Security
www.cisecurity.org
CERT Coordination Center, Carnegie Mellon
University, Software Engineering Institute
www.cert.org
Electronic Privacy Information Center
www.epic.org
The U.S. Computer Emergency Readiness Team
The National Cyber Security Response System
www.us-cert.gov
Forum of Incident Response and Security Teams
(FIRST)
www.first.org
High-Tech Crime Network
www.htcn.org
IEEE Computer Society Technical Committee on
Security and Privacy
www.ieee-security.org
14
15
Online Resources
source
Resource
GuideGuide
for Today’s
for Today’s
U.S. U.S.
Government
GovernmentInformation
InformationSecurity
Security Professional
Professional
Extend your marketing infrastructure.
The International Association for Cryptologic
Research (IACR)
www.iacr.org
Information Assurance Technical Framework
Forum (IATF)
www.iatf.net
Information Security Forum
www.securityforum.org
Information Systems Audit and Control
Association (ISACA)
www.isaca.org
Information Systems Security Association
www.issa.org
Information Technology Association of America,
Information Security
www.itaa.org/infosec
International Information Systems
Security
Certification Consortium (ISC)2
www.isc2.org
The Internet Engineering Task Force
You’ve got goals for building your business.
You’ve got the knowledge to do it.
But you don’t always have the bandwidth
it takes to reach your audience.
Extension Group is a full-service marketing firm offering
integrated communications services to a diverse group of
technology clients within public sector markets—federal
civilian and defense, state and local, and education.
www.ietf.org
Internet Security Alliance
www.isalliance.org
National Security Institute
www.nsi.org
OASIS, Security Services Technical Committee
www.oasis-open.org
The Open Security Project
www.opsec.org
The SANS Institute
www.sans.org
• Direct marketing
• Corporate branding
• Print and broadcast
advertising
• Custom publishing
• Product introductions
• Collateral development
• Public relations
• Market research
• Strategic planning
For more information, call (703) 234-7815
or go to www.extensiongroup.com
16
Resource
Resource Guide
GuideforforToday’s
Today’sU.S.U.S.
Government
Government
Information
Information
Security
Security
Professional
Professional
Educational Resources –
Security Link Libraries Online
This select group of academic organizations have assembled easy-to-use
online resource libraries for information security professionals. Additional
links are available on the websites listed in the section above for the
Centers of Excellence for Information Assurance Education (see page 6).
American Association of Community Colleges
www.aacc.nche.edu
George Mason University, Center for Secure
Information Systems
http://www.isse.gmu.edu/~csis/links.html
Idaho State University, National Information
Assurance Training and Education Center
(NIATEC)
http://niatec.info/orglinks.htm
Purdue University, The Center for Education and
Research in Information Assurance and Security
(CERIAS)
www.cerias.purdue.edu
University of Dallas, Center for Information
Assurance
http://gsmweb.udallas.edu/info_assurance/links.html
University of Tulsa, Center for Information
Security
www.cis.utulsa.edu/links/
Online Resources
For Consumers, Families, and Educators
A number of websites provide guidance to consumers, families, and educators to ensure they employ and teach best practices and safe access to
online information. The following sites include practical reference material
and online security guidance for these targeted groups.
Association for Computer Security Day
www.computersecurityday.org
The Cyber Citizen Partnership
http://cybercitizenship.org/
Get Net Wise About Security
http://security.getnetwise.org
Stay Safe Online, sponsored by the National
Cyber Security Alliance
(public and private sector sponsors)
www.staysafeonline.info
Industry Portals – Resources Online
The online portal is an ideal forum to track the enormous volume of
information available in the dynamic INFOSEC environment. Several
organizations and independent security professionals host online portals
for cataloging and discussion of the latest security updates, warnings,
glossaries, and related hot topics.
The Association for Computing Machinery Portal
http://portal.acm.org/portal.cfm
Computer Cops
www.computercops.biz
INFOSYSSEC: The Security Portal for
Information Systems Security Professionals
www.infosyssec.org
IT Toolbox – Knowledge Portal for Security
Professionals
http://security.ittoolbox.com/
The Encyclopedia of Computer Security (TECS)
www.itsecurity.com
Windows Security.com – Network Security Library
http://secinf.net
18
19
Online Resources
Professional Publications
These professional publications focus on federal government policy, current
and emerging technologies, and the broader information security market.
Each hosts companion websites that collectively provide a wealth of
information on INFOSEC issues, solutions, and resources.
Access Control and Security Systems
Your people get out and about,
not your data.
www.securitysolutions.com
CSO Magazine
www.csoonline.com
Federal Computer Week
Firewall.com
HP lets you enjoy wireless productivity without
compromising data security. At HP, we don’t simply sell
www.firewall.com
secure wireless products. We work with you to develop complete,
Government Computer News
secure wireless solutions. Along with our technology partners, we
www.gcn.com
create solutions that meet FIPS 140-2 federal security standards for
Government Executive
wireless services, ensuring that every step along your wireless path
www.govexec.com
is afforded the best protection possible. Our Intel® processor-
Information Security
powered notebooks, as well as our handhelds and tablet PCs, can
www.fcw.com
www.infosecuritymag.com and www.searchsecurity.com
Internet Security News
www.internetsecuritynews.com
be equipped with biometric fingerprint access. And our ProCurve
wireless appliances let you employ a number of open standards
network access protocols and state-of-the-art data privacy,
including 802.1X Web-based authentication and VPN. Demand
www.isc2.org
more. Demand technology that lets you roam freely while keeping
Linux Security
your data under lock and key.
www.linuxsecurity.com
SC Magazine
www.scmagazine.com
Security Administrator
www.winnetmag.com/WindowsSecurity/
Intel is a registered trademark of Intel Corporation
or its subsidiaries in the United States and other
countries. ©2004 Hewlett-Packard Development
Company, L.P. The information contained herein is
subject to change without notice.
Security News Portal
www.securitynewsportal.com
20
Demand secure mobility. Download “Making Secure
Mobility Possible” from www.hp.com/go/securefed
or call us at 1-800-727-5472.
Associations/
Organizations
(ISC)2 Journal
Associations/Organizations
Professional Associations and Organizations
This guide includes associations and organizations that are considered a professional resource to the government information security community. All of these groups offer some type of INFOSEC
education and information as part of their annual agendas, meetings,
and publications, and many offer opportunities for individual membership, professional networking, access to custom research, and
special events.
AFCEA International
www.afcea.org
4400 Fair Lakes Court
Fairfax,Virginia 22033-3899
(703) 631-6100
(800) 336-4583
American Council for Technology (ACT) and
Industry Advisory Council (IAC)
www.fgipc.org and www.iaconline.org
11350 Random Hills Road, Suite 120
Fairfax,Virginia 22030
(703) 218-1965
ASIS International
www.asisonline.org
1625 Prince Street
Alexandria,Virginia 22314
(703) 519-6200
Association for Computing Machinery (ACM)
www.acm.org
1515 Broadway
New York, New York 10036
(212) 626-0500
(800) 342-6626
Association for Computer Security Day
www.computersecurityday.org
P. O. Box 39110
Washington, DC 20016
Computer Security Institute
www.gosci.com
600 Harrison Street
San Francisco, Califoria
(415) 947-6320
21
Associations/Organizations
The Computing Technology Association
(CompTIA)
www.comptia.org
1815 S. Meyers Road, Suite 300
Oakbrook Terrace, Illinois 60181
(630) 678-8300
Government Electronics and Information
Technology Association (GEIA)
www.geia.org
2500 Wilson Boulevard
Arlington,Virginia 22201
(703) 907-7566
Information Systems Audit and Control
Association (ISACA)
www.isaca.org
3701 Algonquin Road, Suite 1010
Rolling Meadows, Illinois 60008
(847) 253-1545
Information Systems Security Association (ISSA)
www.issa.org
ISSA Headquarters
Technical Enterprises, Inc.
7044 S. 13th Street
Oak Creek,Wisonsin 53154
(414) 768-8000
(800) 370-ISSA
Information Technology Association of America
(ITAA)
www.itaa.org
1401 Wilson Boulevard, Suite 1100
Arlington,Virginia 22209
(703) 522-5055
Information
Assurance
for Business
Walsh College offers Information
Assurance Education for both Bachelor
and Master degrees with a business focus.
Walsh College is the only institution in
the state of Michigan with Center of
Excellence designation and the only
institution in the state with the faculty
expertise and rigorous curriculum
necessary to produce qualified
professionals.
The Walsh Information Assurance Center,
an academic partner with ISC2, provides
member organizations with education,
information and training in responding
to cyber threats and safeguards the
nation’s information assets.
Institute for Defense and Government
Advancement (IDGA)
www.idga.org
(800) 882-8684
Organizations interested in
membership or individuals
seeking education should
check www.walshcollege.edu
or call 248-823-1369.
22
Associations/Organizations
Institute of Electrical and Electronics Engineers
(IEEE)
www.ieee.org and www.computer.org
1828 L Street, N.W., Suite 1202
Washington, DC 20036
(202) 785-0017
International Information Systems Forensics
Association (IIFSA)
www.infoforensics.org
300 Satellite Boulevard
Suwanee, Georgia 30024
International Information Systems Security
Certification Consortium, Inc. (ISC)2
www.isc2.org
1964 Gallows Road, Suite 210
Vienna,Virginia 22182
(888) 333-4458
National Defense Industrial Association (NDIA)
www.ndia.org
2111 Wilson Blvd., Suite 400
Arlington,Virginia 22201
(703) 522-1820
SANS Institute
www.sans.org
8120 Woodmont Avenue,
Suite 205
Bethesda, Maryland 20814
(301) 654-7267
USENIX
www.usenix.org
2560 Ninth Street, Suite 215
Berkeley, CA, 94710
(510) 528-8649
(800) 882-8684
Industry
Sponsors
24
Industry Sponsors
Industry Sponsors
Few organizations require the level of information security
dictated by current and emerging government mandates designed
to protect our national infrastructure, including cyberspace. As a
result, the information security field is populated with diverse
product and service providers focused on meeting specific
government requirements. The sponsors listed below have
declared their commitment to meeting and exceeding the
INFOSEC needs of their government clients.
BEA Government Systems
BEA Government Systems sets the standard for
supplying enterprise platforms and security
infrastructure, the key enablers of e-government, to
nearly every civilian, intelligence and military agency
in the federal government. BEA's innovative
technologies allow organizations to rapidly deploy and secure proven egovernment solutions that significantly improve organizational efficiency,
responsiveness, and preparedness.
BEA Government Systems is focused on delivering standards-based,
government standards compliant, J2EE application platform and enterprise
security infrastructure technology to both the government and federal
industry customer.
Booz Allen Hamilton
Booz Allen Hamilton combines strategy with
technology and insight with action, working with
clients to deliver results today that endure tomorrow.
Booz Allen, a global leader in strategy and technology consulting, provides
services to major international corporations and government clients
around the world.
25
source
Resource
GuideGuide
for Today’s
for Today’s
U.S. U.S.
Government
GovernmentInformation
InformationSecurity
Security Professional
Professional
Capella University
Capella University is an accredited, online university.
Founded in 1993 to serve working adults and
employers, we offer bachelor’s, master’s and Ph.D.
degree programs and certificates in business,
technology, education, human services and
psychology.The university serves more than 9,000 adult learners in 50
states and in 40 countries.
The School of Technology’s master’s in IT with information security
specialization is designed around the ten domains of the CISSP. Capella is
the first online university to be selected by (ISC)2 as the organization’s first
web-based education provider. For more information, call 1-888-CAPELLA,
Ext 6170 or visit www.capella.edu/cisspcert.
DelCreo
DelCreo helps security, risk and control
professionals succeed. DelCreo has some of the
most respected leaders in the field of risk management. Our consulting
team members have developed and implemented enterprise risk
management, information security, crisis and incident management, business
continuity, insurance, and privacy programs for organizations ranging from
public sector entities to the Fortune 50. DelCreo’s mission is to aid
security, risk and control professionals in the design and implementation of
their programs. The services provided by DelCreo aid in assessing,
detecting, managing, and responding to organizational threats and
vulnerabilities by implementing effective risk management processes, tools,
and technology.
Federal Business Council, Inc.
Federal Business Council, Inc. (FBC) specializes in the
production of technology events and conferences at
both Federal Government and off-site locations
throughout the United States. FBC has been
connecting the Federal Information Technology
community with government technology and procurement personnel for
over 25 years. Some of the services FBC offers include:
• Conference Management through GSA schedule (GS-23F-0338K).
• CISSP and SSCP credits at specific Information Security events
including FIAC and FISC.
• Table-top exhibits of cutting-edge technologies.
Visit www.fbcinc.com/fisc and www.fbcinc.com/fiac for attendee information.
View all our events at www.fbcinc.com or contact 800-878-2940 for more
information.
26
Industry Sponsors
Federal
Computer Week
FCW Media Group’s products and services form
an integrated information system that helps
government IT decision-makers buy, manage and
use technology. Its brands include Federal Computer
Week, FCW.com, the Government CIO Summits and the Federal 100
awards. In addition, the E-Gov Institute hosts a series of in-depth
conferences and exhibitions focused on top government technology issues
and solutions. FCW Media Group’s brands reach all members of the IT
buying team across federal, state and local government, and systems
integrators. FCW Media Group is a division of 101communications.To
learn more, visit www.fcw.com.
FederalNewsRadio.com
Your Source For Federal News...Now stay up to date on the
latest concerning Federal management, procurement, technology,
pay and benefits, policy and security. FederalNewsRadio.com is
also the only place to READ and HEAR Mike Causey everyday.
George
Washington University
The George Washington University, located in
the heart of Washington DC, offers a variety of
programs of study in information security and
assurance, ranging from purely technical courses of study, such as network
and computer security, to higher level systems engineering oriented
courses of study, such as information security management. Degrees
granted range from bachelors through doctoral studies. In addition to
academic degree programs, certain courses have been evaluated to
conform to National Training Standards for information security. GWU is an
NSA-certified Center of Academic Excellence for Information Assurance
Education. For more information, see http://www.seas.gwu.edu/~infosec/.
Hewlett-Packard
HP delivers vital technology for business and life. The
company’s solutions span IT infrastructure, personal
computing and access devices, global services and imaging
and printing for consumers, enterprises and small and
medium business. HP is a dynamic, powerful team of
140,000 employees with capabilities in 178 countries doing business in
more than 40 currencies and more than 10 languages. More information
about HP is available at http://www.hp.com.
Hewlett-Packard Company, Federal Sales/Marketing
2101 Gaither Road,
Rockville, Maryland 20850
(301) 258-2000
27
Industry Sponsors
InfoSec
Academy
InfoSec Academy, a subsidiary of The Training
Camp, offers accelerated certification training
through outcome-based, blended-learning
programs for enterprises, government
organizations and individual information security professionals.The course
portfolio includes vendor, vendor-neutral, and professional certifications
for the full spectrum of information security job titles.
InfoSec Academy ensures effective and efficient knowledge transfer by
delivering an innovative, high-quality learning environment with an
emphasis on each student’s learning style, taught by expert instructors
who have years of industry experience. Certification programs include
the Official (ISC)2 CISSP Training Camp, Certified Ethical Hacker, Forensics
Certified Computer Examiner,Wireless Security, and more.
Additional details can be found online at http://www.infosecacademy.com.
Infosecurity
Conference & Exhibition
Infosecurity Conference & Exhibition, organized by
Reed Exhibitions, is a global event represented in 9
countries including United States, Canada, Europe,
China, Netherlands, France, Scandinavia, Italy and
Russia. Infosecurity is organized by independent knowledge leaders at the
front lines of information security. With a 360-degree perspective on
today’s critical information security issues, the Infosecurity Conference &
Exhibition is the ideal forum for all information asset stakeholders, security
experts and practitioners to exchange real-world concerns and solutions,
and learn about the most current, best practices, policies, procedures and
products. Infosecurity essentially offers attendees a comprehensive
conference program lead by industry experts, coupled with an exhibition
floor occupied by leading companies.
Visit www.infosecurityevent.com or contact Scott C.Temple, Industry Vice
President, (203) 840-5396, stemple@reedexpo.com.
COMPLEX ISSUES
CLEAR SOLUTIONS
3INCE "OOZ !LLEN (AMILTON HAS SERVED THE 53
'OVERNMENT 7E UNDERSTAND THE CHALLENGES OF PUBLIC
SERVICEĀAND HAVE THE CAPABILITIES AND EXPERIENCE TO HELP
SOLVE CRITICAL PROBLEMS
"OOZ !LLEN COMBINES STRATEGY WITH TECHNOLOGY AND INSIGHT
WITH ACTION WORKING WITH CLIENTS TO DELIVER RESULTS TODAY
THAT ENDURE TOMORROW
7E SEEK PROFESSIONALS WITH SECURITY CLEARANCES
)NTELLIGENCE AND )MAGERY !NALYSTS
&INANCIAL -ANAGERS #OST %STIMATORS "UDGET !NALYST
3OFTWARE AND $ATABASE %NGINEERS
3YSTEMS %NGINEERS )NTEGRATORS !RCHITECTS
0HYSICAL 3ECURITY 3PECIALISTS
-ANAGEMENT #ONSULTANTS ORGANIZATIONAL DESIGN
CHANGE MANAGEMENT "02 (2 AND STRATEGIC
COMMUNICATIONS
#ANDIDATES WILL BE SUBJECT TO A GOVERNMENT SECURITY
INVESTIGATION AND MUST SATISFY ELIGIBILITY REQUIREMENTS FOR
ACCESS TO CLASSIFIED INFORMATION 433#) REQUIRED 3OME
WILL REQUIRE A POLYGRAPH
6ISIT WWWBOOZALLENCOM TO CREATE YOUR PERSONAL SKILLS
AND EXPERIENCE PROFILE AND SUBMIT YOUR RESUME WITH A
VALID E MAIL ADDRESS 2EFERENCE %VENT )$ 7E ARE
PROUD OF OUR DIVERSE WORK ENVIRONMENT %/% -&6$
28
source
Resource
GuideGuide
for Today’s
for Today’s
U.S. U.S.
Government
GovernmentInformation
InformationSecurity
Security Professional
Professional
INSYTE Business Solutions
Changing business models, dynamic new technologies and
shifting economic trends are the norm these days. By
providing quality IT Certification Training, Cost Effective
Databases,Web Development and Network Management,
Insyte Business Solutions has helped hundreds of individuals
and organizations navigate through today’s fluid
marketplace. Our career training programs include IT Security Specialist,
featuring the Official (ISC)2 curriculum - which leads to the prestigious
CISSP certification; Computer Support Specialist with CompTIA’s A+ and
Net+ certifications; Cisco Certified Network Professional (CCNP); Microsoft
Certified Systems Engineer (MCSE); and Certified Internet Webmaster.
Contact Information:
(703) 535-8600
info@insytellc.com
www.InsyteLLC.com
Industry Sponsors
The National Defense University
(NDU)
The National Defense University (NDU), Information
Resources Management College (IRMC) prepares military
and civilian leaders to direct the information component of
national power by leveraging information and information
technology for strategic advantage. IRMC is located at Ft.
McNair in Washington, DC and is accredited by the Commission on
Higher Education of the Mid Association of Colleges and Schools.
IRMC offers an IA Certificate Program that emphasizes contemporary
security issues from a policy, technology and management perspective.
Courses are offered on site, and on-line. IRMC is designated as a Center
of Academic Excellence in Information Assurance Education by NSA.
Students may receive credit for completing the IA certificate program that
can be applied toward a Master’s or PhD program at ten partner universities.
For more information about IRMC, the IA Certificate Program and other
Certificate programs, please see www.ndu.edu/irmc/.
(ISC)2
(ISC)2 is a non-profit organization that has certified
approximately 25,000 Information Security
professionals in over 100 countries in the last 15 years.
Based in Vienna,Va. with offices in London and Hong
Kong, (ISC)2 is vendor neutral and serves as an
advocate on public policy issues affecting the
Information Security profession. For more information,
contact us at (888) 333-4458 or visit www.isc2.org.
NetStar-1
NetStar-1 designs, delivers and supports a wide range
®
Karta Technologies
Karta Technologies, an industry leader in web-based
IT Security training, offers the only online rolesbased curriculum that has been certified by the
National Security Agency and Committee on
National Security Systems (CNSS) for meeting
national education and training requirements. Users
who successfully complete the required curriculum can earn a nationally
recognized certificate from CNSS.
The curriculum is closely aligned with the security domains that comprise
the CBK. As a recognized alliance partner with (ISC)2, individuals holding a
CISSP or SSCP can earn CPE credit for each hour of training
accomplished in Karta’s IT Security Library. For more information, please
visit www.karta.com or contact gsoltys@karta.com.
30
of enterprise solutions that are driven by the
convergence of video, voice and data in both
Government and business.We enhance the value of
these solutions by paying special attention to the
security and reliability of these applications. NetStar-1's business model is
built on establishing strategic relationships with a select group of clients
who value our technical strengths and engineering excellence.
www.netstar-one.com
Norwich University Master’s of
Information
Assurance Degree
Earn a Master’s of Information Assurance
Degree online in less than 24 months from
Norwich University. The anytime, anywhere
format allows you to learn without disrupting your career and family life.
This is the only online graduate program in the country that focuses
exclusively on the management of information security. Industry leading
teachers, and a comprehensive curriculum in information security, are just
two of the reasons why Norwich University has been designated a Center
of Excellence in Information Assurance Education by the National Security
Agency. Join over 185 years of proud academic heritage.
http://www3.norwich.edu/msia
31
Industry Sponsors
Security
Horizon
Security Horizon, a veteran-owned small business,
was founded in 2000 by information security
professionals with extensive backgrounds in
commercial, United States Government, and Department of Defense
(DoD) environments. Security Horizon offerings include security
assessments and network vulnerability evaluations, penetration testing,
security policy development, and National Security Agency (NSA)
INFOSEC training courses and appraisals. Many of our consultants hold
high-level security clearances and our experience includes work with the
NSA, Defense Information Systems Agency (DISA), United States Navy
(USN), and the United States Air Force (USAF). Security Horizon is
headquartered in Colorado Springs, Colorado and is an official (ISC)2 SM
training partner.
VCampus
VCampus offers a variety of web-based learning
solutions to enable your organization to address
the growing demand for qualified information security professionals.
Security College Online (www.securitycollegeonline.com) offers courses
on topics including Information Security, Contingency Planning, Physical
Security,Workplace Security and HIPAA Training as well as (ISC)2
Certification Training. VCampus also builds customized Information
Security Awareness Training to meet your organization’s FISMA
requirements. Web-based courses offer the convenience of anytime
anywhere access to important information without the schedule
limitations or travel requirements associated with traditional classroombased courses. To learn more, visit www.vcampus.com or contact us at
(800) 915-9298.
Walsh
College
The NSA has designated Walsh College as a Center of
Academic Excellence in Information Assurance
Education for both Bachelor and Master degrees.Walsh
College is the only institution in the state of Michigan
with Center of Excellence designation and the only
institution in the state with the faculty expertise and rigorous curriculum
necessary to produce qualified professionals. The Walsh Information
Assurance Center, an academic partner with (ISC)2, provides member
organizations with education, information and training in responding to
cyber threats and safeguards the nation's information assets.
Organizations interested in membership or individuals seeking education
should check www.walshcollege.edu or call 248-823-1369.
32
