1-800-THE-TREE (1-800-843-8733)
 

NSA INFOSEC Assessment Methodology (IAM)

Establishing an Assessment Process for Your Organization

 
Course: U150     Type: Course Workshop     Duration: 2 Days

Quick Enroll    

You Will Learn How To
  • Implement the National Security Agency's INFOSEC Assessment Methodology
  • Establish the NSA model of Pre-Assessment, On-Site and Post-Assessment phases as a standardized baseline for your organization
  • Identify the steps and goals of an effective assessment
  • Determine baseline information categories necessary for analysis
  • Coordinate efforts with stakeholders and develop an assessment plan
  • Create a final report that guides post assessment activities

Course Benefits
In today's security landscape, assessing and securing computer networks is required in fields as diverse as government, healthcare and finance. This course gives you the skills needed to create and manage an assessment process that is compliant under Sarbanes-Oxley (SEC), FISMA (FIPS-199), FFIEC (banking), SCADA (utilities), HIPPA (healthcare) and others. You will learn a high-level, non-intrusive process ideal for identifying and correcting security weaknesses in your automated information systems. After successfully passing the course exam, attendee's will receive the NSA IAM Certification.

Who Should Attend
Auditors, consultants, managers and service providers who are involved in federal, state and local government, non-profit, commercial and private sector information security

Course Workshop
Through a series of interactive small-group workshops and an evolving case study, you design and develop an INFOSEC assessment plan
  • Determining the types of information processed by an organization
  • Creating an Information Criticality Matrix to rank the value and sensitivity of that information
  • Developing a detailed assessment plan that can be executed on-site
  • Generating findings and recommendations for your case study
  • Preparing and presenting a final report suitable for stakeholders

Course U150 Content
INFOSEC Assessment Methodology (IAM) Overview
Introducing the Vulnerability Discovery Triad
  • Benefiting from a top-down approach
  • Level I Assessments
  • Level II Evaluations
  • Level II Red Team
Goals of the IAM
  • Understanding the purpose of an Assessment
  • Identifying an organization's critical information
  • Discovering systems that process critical information
  • Determining a proper INFOSEC posture
  • Uncovering potential vulnerabilities
  • Recommending solutions to mitigate or eliminate vulnerability
Conducting Pre-Assessment Activities
Planning the Pre-Assessment Site Visit
  • Determining and managing the organization's expectations
  • Reviewing the organization's critical information
  • Discovering high-level system boundaries
  • Coordinating on-site activities with customer
  • Requesting documentation
Developing an Organizational INFOSEC Criticality Matrix (OICM)
  • Defining impact values
  • Assigning impact values to critical information
  • Defining high-level security goals
Writing an assessment plan
  • Establishing Points-of-Contact
  • Describing the Organization's mission
  • Revealing the OICM
  • Identifying hardware, software and communication connections
  • Developing a System Information Criticality Matrix
  • Addressing organizational constraints
  • Reviewing the organization's documentation
  • Establishing a timeline for the assessment
Performing the On-Site Phase
Conducting the Opening Meeting
  • Reviewing the assessment process
  • Emphasizing the hands-off approach
  • Finalizing the Assessment Plan
Interviewing Site personnel
  • Assigning team members to interviews
  • Establishing interview durations
  • Validating information gathered during Pre-Assessment
Evaluating system demonstrations
  • Supplementing pre-assessment information
  • Resolving conflicting information
Reviewing INFOSEC documentation
  • Account management policies and procedures
  • Best practices for session controls
  • Best practices for auditing
  • Policies for malicious code protection
  • System maintenance policies
  • Security testing and evaluation
  • Policies for networking and connectivity
  • Transmitting classified information
  • Controls for storage media
  • Labeling and identifying information
  • Understanding the physical environment and security capabilities
  • Personnel security
  • User education and awareness training
  • Developing recommendations
  • Out-briefing: review assessment plan with customer
Completing Post-Assessment Activities
Developing the Final Report
  • Organizing the report structure
  • Conducting a final review of documentation
  • Presenting recommendations
  • Reviewing the report with stakeholders
  • Establishing next-steps
Leveraging IAM training
  • NSA's IATRP Program
  • IAM certification
  
 
Request More Info

Salutation

First Name

Last Name

Company

Zip Code

Country
   Codes
Work Phone

Extension

E-mail

A representative will contact you to follow up your request.
Privacy Statement

Save as much as $1,000 on a Voucher 5-Pack!

NSA INFOSEC Assessment Methodology (IAM)
Upcoming Dates

NSA INFOSEC Assessment Methodology (IAM)
Bring Learning Tree On-Site

Course Tuition
$ 1,750 Standard Tuition
Tuition with a Savings Plan
$ 830 10-Day Pass
$ 1,665 Training Passport
$ 1,830 Flex-Pass
$ 2,095 Voucher 10-Pack
$ 1,575 Alumni Gold Discount
$ 1,375 Government Discount
 

 

NSA INFOSEC Assessment Methodology (IAM)


IAM logo
Customer Service or Enroll: 1-800-843-8733