TABLE OF CONTENTS COURSE TITLE COURSE NAME PAGE A FRAUD UPDATE: FORENSIC AND INVESTIGATIVE AUDITING. . . . . . 24 A PRACTICAL APPROACH TO CERTIFYING A SYSTEM. . . . . . . . . . 83 ADP SECURITY OFFICERS (ADPSO) CONCEPTS . . . . . . . . . . . 2 ADVANCED DATA COMM NETWORKS: SECURITY/AUDITABILITY . . . . . . 55 ADVANCED EDP AUDITING - GBA 577. . . . . . . . . . . . . . . . 79 ADVANCED TECHNOLOGY CONFERENCE . . . . . . . . . . . . . . . . 10 ADVANCED NETWORK SECURITY ARCHITECTURE . . . . . . . . . . . . 75 AIS SECURITY STRATEGIES. . . . . . . . . . . . . . . . . . . . 60 APPLICATION SECURITY REVIEWS . . . . . . . . . . . . . . . . . 30 ARCHITECTURE FOR SECURE SYSTEMS. . . . . . . . . . . . . . . . 73 AUDIT SOFTWARE FOR THE 21ST CENTURY. . . . . . . . . . . . . . 48 AUDIT AND SECURITY OF CLIENT/SERVER ARCHITECTURES. . . . . . . 24 AUDIT AND SECURITY OF RELATIONAL DATABASES AND APPLICATIONS. . 57 AUDIT AND CONTROL OF END-USER COMPUTING (EUC). . . . . . . . . 40 AUDIT AND CONTROL OF ELECTRONIC DATA INTERCHANGE . . . . . . . 39 AUDIT, CONTROL, AND SECURITY OF LAN AND MAINFRAME CONNECTIVITY 31 AUDITING EDI APPLICATIONS. . . . . . . . . . . . . . . . . . . 47 AUDITING THE DATA CENTER FOR CONTROLS, EFFICIENCY, AND COST-EFFECTIVENESS . . . . . . . . . . . . . . . . . . . . 68 AUDITING THE DATA CENTER (M2020) . . . . . . . . . . . . . . . 36 AUDITING FRAUD: PREVENT, DETECT, & CONTROL . . . . . . . . . . 54 AUDITING ADVANCED INFORMATION TECHNOLOGY . . . . . . . . . . . 51 AUDITING CLIENT/SERVER TECHNOLOGY. . . . . . . . . . . . . . . 49 AUDITING SYSTEM DEVELOPMENT: NEW TECHNIQUES FOR NEW TECHNOLOGIES 47 AUDITING DATACOMM NETWORKS . . . . . . . . . . . . . . . . . . 50 AUDITING INFORMATION SYSTEMS . . . . . . . . . . . . . . . . . 41 AUDITING THE SYSTEMS DEVELOPMENT PROCESS . . . . . . . . . . . 70 BASIC SECURITY FOR PC USERS . . . . . . . . . . . . . . . . . 44 BASICS OF COMPUTER SECURITY. . . . . . . . . . . . . . . . . . 18 BECOMING AN EFFECTIVE DATA SECURITY OFFICER. . . . . . . . . . 53 BUILDING INFORMATION SECURITY AWARENESS. . . . . . . . . . . . 27 BUSINESS RESUMPTION PLANNING (M2046) . . . . . . . . . . . . . 21 BUSINESS FRAUD (M2008) . . . . . . . . . . . . . . . . . . . . 38 BUSINESS IMPACT ANALYSIS . . . . . . . . . . . . . . . . . . . 85 BUSINESS IMPACT ANALYSIS (M2044) . . . . . . . . . . . . . . . 21 CASE STUDIES IN MULTILEVEL SECURE NETWORKING . . . . . . . . . 13 COMMUNICATION SECURITY PRINCIPLES & PRACTICES. . . . . . . . . 66 COMMUNICATIONS TECHNOLOGIES. . . . . . . . . . . . . . . . . . 86 COMPREHENSIVE INFOSEC SEMINAR. . . . . . . . . . . . . . . . . 66 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 COMPUTER VIRUSES SEMINAR . . . . . . . . . . . . . . . . . . . 84 COMPUTER SECURITY FOR THE END-USER . . . . . . . . . . . . . . 80 COMPUTER SECURITY. . . . . . . . . . . . . . . . . . . . . . . 32 COMPUTER SECURITY SEMINAR. . . . . . . . . . . . . . . . . . . 64 COMPUTER CRIME & INDUSTRIAL ESPIONAGE. . . . . . . . . . . . . 82 COMPUTER SECURITY AWARENESS TRAINING . . . . . . . . . . . . . 3 COMPUTER SECURITY FOR EXECUTIVES . . . . . . . . . . . . . . . 3 COMPUTER SECURITY FOR SECURITY AND MIS PROFESSIONALS . . . . . 43 COMPUTER SECURITY AND PRIVACY. . . . . . . . . . . . . . . . . 67 COMPUTER SECURITY FOR END USERS. . . . . . . . . . . . . . . . 2 COMPUTER SECURITY. . . . . . . . . . . . . . . . . . . . . . . 35 COMPUTER VIRUSES, TROJAN HORSES, AND LOGIC BOMBS . . . . . . . 61 COMPUTER SECURITY IN APPLICATION SOFTWARE. . . . . . . . . . . 34 COMPUTER VIRUSES: DETECT, PREVENT, CURE INFECTIONS . . . . . . 69 COMPUTER FRAUD (M2010) . . . . . . . . . . . . . . . . . . . . 38 COMPUTER SECURITY EXECUTIVE OVERVIEW . . . . . . . . . . . . . 1 COMPUTER SECURITY SYSTEMS I - CS 229 . . . . . . . . . . . . . 58 COMPUTER SECURITY AWARENESS (CBT). . . . . . . . . . . . . . . 7 COMPUTER SECURITY FOR MANAGERS . . . . . . . . . . . . . . . . 30 COMPUTER VIRUSES . . . . . . . . . . . . . . . . . . . . . . . 31 COMPUTER SECURITY FOR SECURITY & ADP PROGRAM MANAGERS. . . . . 17 COMPUTER SECURITY AWARENESS. . . . . . . . . . . . . . . . . . 6 COMPUTER SECURITY & CONTINGENCY PLANNING . . . . . . . . . . . 51 COMPUTER SECURITY FOR MANAGERS SEMINAR . . . . . . . . . . . . 53 COMPUTER SECURITY FOR SECURITY OFFICERS. . . . . . . . . . . . 62 COMPUTER SECURITY SYSTEMS II - CS 329. . . . . . . . . . . . . 58 COMSEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 CONTINUITY OF OPERATIONS/DISASTER RECOVERY PLANNING: PART I. . 8 CONTINUITY OF OPERATIONS/DISASTER RECOVERY PLANNING: PART II WORKSHOP 30 CONTROL AND SECURITY OF LOCAL AREA NETWORKS. . . . . . . . . . 52 CONTROL AND SECURITY OF LANS . . . . . . . . . . . . . . . . . 50 DATA CENTER RECOVERY PLANNING (M2040). . . . . . . . . . . . . 20 DATA COMMUNICATIONS SECURITY . . . . . . . . . . . . . . . . . 28 DATA SECURITY PLANNING: STRATEGIES FOR EFFECTIVE INFORMATION SECURITY (W9898). . . . . . . . . . . . . . . . . . . . . . . . . . 22 DATA SECURITY PLANNING . . . . . . . . . . . . . . . . . . . . 68 DATABASE SECURITY SEMINAR. . . . . . . . . . . . . . . . . . . 65 DETECTING AND PREVENTING COMPUTER FRAUD. . . . . . . . . . . . 11 DEVELOPING COMPUTER SECURITY POLICIES & PROCEDURES . . . . . . 28 DISASTER RECOVERY PLANNING . . . . . . . . . . . . . . . . . . 70 DISASTER RECOVERY PLANNING: STRATEGIES TO DEVELOP & MAINTAIN PROVABLE RECOVERY CAPABILITY (W9912). . . . . . . . . . . . . . . . . . 20 EDI: New Frontiers For Auditors. . . . . . . . . . . . . . . . 56 EDP AUDITING - CIS 433 . . . . . . . . . . . . . . . . . . . . 78 EDP CONCEPTS FOR BUSINESS. . . . . . . . . . . . . . . . . . . 6 EDP AUDITING: THE FIRST STEP . . . . . . . . . . . . . . . . . 52 EXECUTIVE AIS SECURITY BRIEFING. . . . . . . . . . . . . . . . 8 FEDERAL AIS COMPUTER SECURITY REQUIREMENTS . . . . . . . . . . 4 FUNDAMENTALS OF COMPUTER SECURITY FOR FEDERAL INFORMATION SYSTEMS 64 HOW TO MANAGE AN INFORMATION SECURITY PROGRAM: A GUIDE FOR NEWLY APPOINTED MANAGERS . . . . . . . . . . . . . . . . . . . . 23 IMPLEMENTING & MANAGING A COMPUTER SECURITY PROGRAM. . . . . . 19 IMPLEMENTING AND TESTING THE DISASTER RECOVERY PLAN. . . . . . 88 INFORMATION RISK ASSESSMENT AND SECURITY MANAGEMENT - CSMN 655 82 INFORMATION POLICY - CS 230. . . . . . . . . . . . . . . . . . 63 INFORMATION SECURITY PRINCIPLES AND PRACTICES. . . . . . . . . 17 INFORMATION SYSTEMS AUDIT WORKSHOP . . . . . . . . . . . . . . 49 INFORMATION RISK ASSESSMENT & SECURITY MANAGEMENT. . . . . . . 3 INFORMATION SYSTEMS SECURITY (CSI 214) . . . . . . . . . . . . 81 INFORMATION SYSTEMS SEMINAR FOR INTERNAL AUDITORS. . . . . . . 4 INFORMATION SECURITY AND POLICY. . . . . . . . . . . . . . . . 32 INFOSEC FOUNDATIONS SEMINAR. . . . . . . . . . . . . . . . . . 54 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 INFOSEC EVALUATIONS USING FORMAL METHODS . . . . . . . . . . . 76 INTEGRATED AUDITING: THE BASICS. . . . . . . . . . . . . . . . 42 INTRODUCTION TO COMPUTER SECURITY FOR NON-ADP MANAGERS . . . . 16 INTRODUCTION TO COMPUTER SECURITY FOR FIRST-LEVEL SUPERVISORS. 16 INTRODUCTION TO SOFTWARE VERIFICATION. . . . . . . . . . . . . 76 INTRODUCTION TO EDP AUDITING (M2022) . . . . . . . . . . . . . 37 INTRODUCTION TO LAN SECURITY . . . . . . . . . . . . . . . . . 10 INTRODUCTION TO AUDITING MICROS AND LANS: CONTROLLING END-USER COMPUTING. . . . . . . . . . . . . . . . . . . . . . . . . 43 INTRODUCTION TO SECURE SYSTEMS . . . . . . . . . . . . . . . . 34 KEEPING OUT OF TROUBLE WITH THE SOFTWARE POLICE. . . . . . . . 9 LAN SECURITY (M2006) . . . . . . . . . . . . . . . . . . . . . 37 LAN SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . 90 LAN TUNING AND PERFORMANCE FOR AUDIT AND SECURITY PERSONNEL. . 57 LAN SECURITY OVERVIEW. . . . . . . . . . . . . . . . . . . . . 9 LAN SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . 28 LEGAL ENVIRONMENT OF INFORMATION SYSTEMS - GBA 560 . . . . . . 79 MANAGING COMPUTER SECURITY-MERGERSS, ACQISITIONS, AND DIVESTITURES 67 MANAGING THE ACQUISITION OF MLS RESOURCES. . . . . . . . . . . 14 MANAGING AND DEVELOPING A DISASTER RECOVERY PLAN . . . . . . . 87 MANAGING AN ORGANIZATION-WIDE INFORMATION SECURITY PROGRAM . . 27 MARKETPLACE IMPLICATIONS OF THE EVOLUTION OF EVALUATION CRITERIA 7 MICRO SECURITY FOR INFORMATION SYSTEMS SECURITY ANALYSTS . . . 35 MICROCOMPUTER SECURITY . . . . . . . . . . . . . . . . . . . . 7 MICROCOMPUTER SECURITY . . . . . . . . . . . . . . . . . . . . 62 MODEL INTERPRETATIONS. . . . . . . . . . . . . . . . . . . . . 75 NETWORK AUDITING (M2034) . . . . . . . . . . . . . . . . . . . 35 NETWORK SECURITY ARCHITECTURE. . . . . . . . . . . . . . . . . 74 NETWORK RECOVERY PLANNING (M2056). . . . . . . . . . . . . . . 22 NETWORK SECURITY . . . . . . . . . . . . . . . . . . . . . . . 77 NETWORK SECURITY SEMINAR . . . . . . . . . . . . . . . . . . . 65 NEW FRONTIERS FOR AUDITORS . . . . . . . . . . . . . . . . . . 56 ON-LINE, DISTRIBUTED COMMUNICATIONS SYSTEMS: CONTROL, AUDIT & SECURITY 55 OPERATING SYSTEM SECURITY CONCEPTS . . . . . . . . . . . . . . 72 OPERATIONAL NETWORK SECURITY SEMINAR . . . . . . . . . . . . . 84 PC/LAN RECOVERY PLANNING (M2042) . . . . . . . . . . . . . . . 20 PC/LAN AUDITING (M2028). . . . . . . . . . . . . . . . . . . . 36 PC SECURITY (M2004). . . . . . . . . . . . . . . . . . . . . . 37 PC SECURITY. . . . . . . . . . . . . . . . . . . . . . . . . . 89 PC-LAN AND DATA SECURITY . . . . . . . . . . . . . . . . . . . 9 PHYSICAL SECURITY FOR DATA PROCESSING. . . . . . . . . . . . . 31 PLANNING AN EDP DISASTER RECOVERY PROGRAM. . . . . . . . . . . 33 PRACTICAL CONSIDERATIONS FOR IMPLEMENTING A MULTILEVEL SECURE NETWORK 15 PRACTICAL ASPECTS OF OWNING A MULTILEVEL SECURE NETWORK. . . . 14 PRACTICAL ASPECTS OF PLANNING TO ACQUIRE MULTILEVEL SECURITY IN AN OPEN SYSTEMS ENVIRONMENT. . . . . . . . . . . . . . . . . . . . . . 12 PRACTICAL CONSIDERATIONS FOR PLANNING & IMPLEMENTING MULTILEVEL SECURITY IN AN OPEN SYSTEMS ENVIRONMENT . . . . . . . . . . . . . . 13 PRACTICAL CONSIDERATIONS FOR PLANNING MULTILEVEL SECURITY IN AN OPEN SYSTEMS ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . 15 PRACTICAL ASPECTS OF ACQUIRING AND OWNING A MULTILEVEL SECURE NETWORK 11 PRACTICAL CONSIDERATIONS FOR ACQUIRING AND IMPLEMENTING A MULTILEVEL SECURE NETWORK . . . . . . . . . . . . . . . . . . . . . . 12 PROTECTING YOUR NETWORKS FROM HACKERS, VIRUSES, AND OTHER ATTACKS 23 PROTECTING NETWORKS & SMALL SYSTEMS. . . . . . . . . . . . . . 29 RECENT DEVELOPMENTS IN INFORMATION SECURITY . . . . . . . . . 25 RISK ASSESSMENT. . . . . . . . . . . . . . . . . . . . . . . . 19 RISK ASSESSMENT TECHNIQUES FOR AUDITORS. . . . . . . . . . . . 71 RISK MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . 25 SECURE SYSTEMS DESIGN AND PROGRAM MANAGEMENT . . . . . . . . . 26 SECURITY AND PRIVACY OF INFORMATION SYSTEMS - GBA 578. . . . . 78 SECURITY TECHNOLOGY IN THE REAL WORLD. . . . . . . . . . . . . 45 SECURITY AND CONTROL IN AUTOMATED SYSTEMS-AUDIT IS . . . . . . 63 SECURITY IN SOFTWARE APPLICATIONS. . . . . . . . . . . . . . . 33 TELECOMMUNICATIONS SECURITY SYSTEMS - EE 250 . . . . . . . . . 59 TELECOMMUNICATIONS FOR INFORMATION SYSTEMS SECURITY ANALYSTS . 1 TEMPEST PROGRAM MANAGEMENT AND SYSTEMS ENGINEERING . . . . . . 81 THE CMW: USER TUTORIAL . . . . . . . . . . . . . . . . . . . . 90 THE SECURITY-AUDIT ALLIANCE. . . . . . . . . . . . . . . . . . 83 THE SYSTEMS INTEGRATOR'S PERSPECTIVE ON AIS SECURITY STRATEGIES 8 THE DATA CENTER: AUDITING FOR PROFIT . . . . . . . . . . . . . 56 THE CMW: ADMINISTRATOR TUTORIAL. . . . . . . . . . . . . . . . 61 THE CMW: APPLICATION PROGRAMMING . . . . . . . . . . . . . . . 88 THE INTEGRATED AUDIT WORKSHOP. . . . . . . . . . . . . . . . . 48 THEORETICAL FOUNDATION/TRUST OF INFORMATION SYSTEMS. . . . . . 73 TRUSTED SYSTEMS CRITERIA AND CONCEPTS. . . . . . . . . . . . . 72 TRUSTED INTEGRATION/SYSTEM CERTIFICATION . . . . . . . . . . . 71 UNDERSTANDING TRUSTED SYSTEMS. . . . . . . . . . . . . . . . . 19 UPS: DESIGN, SELECTION AND SPECIFICATION . . . . . . . . . . . 34 USING INVESTIGATIVE SOFTWARE TO DETECT FRAUD . . . . . . . . . 47 WRITING SECURITY PLANS . . . . . . . . . . . . . . . . . . . . 26 LIST OF APPENDICES A - Major Categories B - Vendor List C - Product List D - Product Specific Courses E - Training Matrix APPENDIX A MAJOR CATAGORIES COMPUTER SECURITY BASICS EXECUTIVES COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7 Computer Security Awareness Training . . . . . . . . . . . . . 3 Computer Security Executive Overview . . . . . . . . . . . . . 1 Computer Security For End Users. . . . . . . . . . . . . . . . 2 Computer Security For Executives . . . . . . . . . . . . . . . 3 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 4 Information Systems Seminar For Internal Auditors. . . . . . . 4 Microcomputer Security . . . . . . . . . . . . . . . . . . . . .7 Telecommunications for Information Systems Security Analysts . 1 SECURITY PLANNING & MANAGEMENT EXECUTIVES COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7 Computer Security Awareness Training . . . . . . . . . . . . . 3 Computer Security Executive Overview . . . . . . . . . . . . . 1 Computer Security For End Users. . . . . . . . . . . . . . . . 2 Computer Security For Executives . . . . . . . . . . . . . . . 3 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 Information Systems Seminar For Internal Auditors. . . . . . . 4 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Telecommunications for Information Systems Security Analysts . 1 SECURITY PLANNING & MANAGEMENT EXECUTIVES COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 Marketplace Implications of the Evolution of Evaluation Criteria 7 Telecommunications for Information Systems Security Analysts . 1 The Systems Integrator's Perspective on AIS Security Strategies 8 COMPUTER SECURITY POLICY & PROCEDURES EXECUTIVES COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 Keeping Out of Trouble with the Software Police. . . . . . . . 9 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 CONTINGENCY PLANNING EXECUTIVES COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Executive AIS Security Briefing. . . . . . . . . . . . . . . . 8 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 Keeping Out of Trouble with the Software Police. . . . . . . . 9 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 SYSTEMS LIFE CYCLE MANAGEMENT EXECUTIVES COURSE TITLE PAGE EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Information Systems Seminar For Internal Auditors. . . . . . . 4 COMPUTER SECURITY BASICS PROGRAM & FUNCTIONAL MANAGERS COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Advanced Technology Conference . . . . . . . . . . . . . . . 10 Basics of Computer Security. . . . . . . . . . . . . . . . . 18 Case Studies in Multilevel Secure Networking . . . . . . . . 13 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7 Computer Security Awareness Training . . . . . . . . . . . . . 3 Computer Security For End Users. . . . . . . . . . . . . . . . 2 Computer Security for Security & ADP Program Managers. . . . 17 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 8 Detecting and Preventing Computer Fraud. . . . . . . . . . . 11 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Implementing & Managing a Computer Security Program. . . . . . 19 Information Security Principles and Practice . . . . . . . . 17 Information Risk Assessment & Security Management. . . . . . . 3 Information Systems Seminar For Internal Auditors. . . . . . . 4 Introduction to LAN Security . . . . . . . . . . . . . . . . 10 Introduction to Computer Security for Non-ADP Managers . . . 16 Introduction to Computer Security for First-Level Supervisors 16 LAN Security Overview. . . . . . . . . . . . . . . . . . . . . 9 Managing the Acquisition of MLS Resources. . . . . . . . . . 14 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9 Practical Considerations for Planning and Implementing Multilevel Security in an Open Systems Environment . . . . . . . . . 13 Practical Aspects of Planning to Acquire Multilevel Security in an Open Systems Environment. . . . 12 Practical Considerations for Acquiring and Implementing a MultiLevel Secure Network. . . . . . . . . 12 Practical Aspects of Owning a Multilevel Secure Network. . . 14 Practical Considerations for Planning Multilevel Security in an Open Systems Environment. . . . . . . . . . . . . . . . . 15 Practical Considerations for Implementing a MultiLevel Secure Network. . . . . . . . . . . . . . . . . . . . . . 15 Practical Aspects of Acquiring and Owning a Multilevel Secure Network . . . . . . . . . . . . . . . 11 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Telecommunications for Information Systems Security Analysts . 1 Understanding Trusted Systems. . . . . . . . . . . . . . . . 19 SECURITY PLANNING & MANAGEMENT PROGRAM & FUNCTIONAL MANAGERS COURSE TITLE PAGE A Fraud Update: Forensic and Investigative Auditing. . . . . 24 ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Advanced Technology Conference . . . . . . . . . . . . . . . 10 Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit and Security of Client/Server Architectures. . . . . . 24 Building Information Security Awareness. . . . . . . . . . . 27 Business Impact Analysis (M2044) . . . . . . . . . . . . . . 21 Business Resumption Planning (M2046) . . . . . . . . . . . . 21 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 29 Computer Security For Managers . . . . . . . . . . . . . . . 30 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Continuity of Operations/Disaster Recovery Planning: Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30 Data Communications Security . . . . . . . . . . . . . . . . 28 Data Security Planning: Strategies for Effective Information Security (W9898). . . . . . . . . . . . . . . . . . . . . 22 Data Center Recovery Planning (M2040). . . . . . . . . . . . 20 Developing Computer Security Policies & Procedures . . . . . 28 Disaster Recovery Planning: Strategies to Develop and Maintain Provable Recovery Capability (W9912). . . . . . . . . . . 20 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 How to Manage an Information Security Program A Guide for Newly Appointed Managers. . . . . . . . . . . . . . . . . . . . 23 Implementing & Managing a Computer Security Program. . . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28 LAN Security Overview. . . . . . . . . . . . . . . . . . . . 9 Managing Org-Wide Information Security Program . . . . . . . 27 Network Recovery Planning (M2056). . . . . . . . . . . . . . 22 PC/LAN Recovery Planning (M2042) . . . . . . . . . . . . . . 20 PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9 Physical Security for Data Processing. . . . . . . . . . . . 31 Protecting Networks & Small Systems. . . . . . . . . . . . . 29 Protecting Your Networks from Hackers, Viruses, and Other Attacks . . . . . . . . . . . . . . . . . . . . . . 23 Recent Developments in Information Security. . . . . . . . . 25 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . . 19 Secure Systems Design and Program Management . . . . . . . . 26 Telecommunications for Information Systems Security Analysts . 1 Writing Security Plans . . . . . . . . . . . . . . . . . . . 26 COMPUTER SECURITY POLICY & PROCEDURES PROGRAM & FUNCTIONAL MANAGERS COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Advanced Technology Conference . . . . . . . . . . . . . . . . 10 Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit, Control, and Security of LAN and Mainframe Connectivity 31 Building Information Security Awareness. . . . . . . . . . . 27 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Viruses, Troj Horses, and Logic Bombs . . . . . . . 61 Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31 Computer Security. . . . . . . . . . . . . . . . . . . . . . 32 Continuity of Operations/Disaster Recovery Planning: Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Developing Computer Security Policies & Procedures . . . . . 28 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Implementing & Managing a Computer Security Program. . . . . 19 Information Security and Policy. . . . . . . . . . . . . . . 32 Information Security Principles and Practice . . . . . . . . 17 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 Keeping Out of Trouble with the Software Police. . . . . . . . 9 LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Physical Security for Data Processing. . . . . . . . . . . . 31 Protecting Networks & Small Systems. . . . . . . . . . . . . 29 Recent Developments in Information Security. . . . . . . . . 25 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 Secure Systems Design and Program Management . . . . . . . . 26 CONTINGENCY PLANNING PROGRAM & FUNCTIONAL MANAGERS COURSE TITLE PAGE Advanced Technology Conference . . . . . . . . . . . . . . . 10 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Data Communications Security . . . . . . . . . . . . . . . . 28 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Security Principles and Practice . . . . . . . . 17 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Planning an EDP Disaster Recovery Program. . . . . . . . . . 33 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 SYSTEMS LIFE CYCLE MANAGEMENT PROGRAM & FUNCTIONAL MANAGERS COURSE TITLE PAGE Advanced Technology Conference . . . . . . . . . . . . . . . 10 Application Security Reviews . . . . . . . . . . . . . . . . 30 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security In Application Software. . . . . . . . . . 34 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Introduction to Secure Systems . . . . . . . . . . . . . . . 34 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Secure Systems Design and Program Management . . . . . . . . 26 Security in Software Applications. . . . . . . . . . . . . . 33 UPS: Design, Selection and Specification . . . . . . . . . . 34 COMPUTER SECURITY BASICS IRM, SECURITY, & AUDIT COURSE TITLE PAGE ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Advanced Data Comm Networks: Security/Auditability . . . . . . 55 Advanced Technology Conference . . . . . . . . . . . . . . . 10 Audit Software for the 21st Century. . . . . . . . . . . . . 48 Audit and Control of Electronic Data Interchange . . . . . . 39 Audit and Security of Relational Databases and Applications. . 57 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36 Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Auditing System Development: New Techniques for New Technologies47 Auditing Fraud: Prevent, Detect, & Control . . . . . . . . . . 54 Auditing Advanced Information Technology . . . . . . . . . . . 51 Auditing Datacomm Networks . . . . . . . . . . . . . . . . . . 50 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 Becoming An Effective Data Security Officer. . . . . . . . . . 53 Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . 38 Computer Security Awareness. . . . . . . . . . . . . . . . . . 6 Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38 Computer Security for Managers Seminar . . . . . . . . . . . 53 Computer Security. . . . . . . . . . . . . . . . . . . . . . . 32 Computer Security & Contingency Planning . . . . . . . . . . 51 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7 Computer Security for Security and MIS Professionals . . . . . 89 Computer Security For End Users. . . . . . . . . . . . . . . . 2 Computer Security Awareness Training . . . . . . . . . . . . . 3 Control and Security of LANS . . . . . . . . . . . . . . . . 50 Control and Security of Local Area Networks. . . . . . . . . 52 Detecting and Preventing Computer Fraud. . . . . . . . . . . 11 EDI: New Frontiers For Auditors. . . . . . . . . . . . . . . . 56 EDP Auditing: The First Step . . . . . . . . . . . . . . . . . 52 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Implementing & Managing a Computer Security Program. . . . . 19 Information Risk Assessment & Security Management. . . . . . . 3 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Systems Audit Workshop . . . . . . . . . . . . . . 49 INFOSEC Foundations Seminar. . . . . . . . . . . . . . . . . . 54 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Intro. to Auditing Micros and LANs: Controlling End-User Computing . . . . . . . . . . . . . . . . . . . . . . . . . 43 Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37 Introduction to LAN Security . . . . . . . . . . . . . . . . 10 LAN Tuning and Performance for Audit and Security Personnel. 57 LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37 Micro Security for Information Systems Security Analysts . . . 35 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35 On-Line, Dist Comm Sys:Control, Audit & Security . . . . . . . 55 PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37 PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Security Technology in the Real World. . . . . . . . . . . . 45 The Integrated Audit Workshop. . . . . . . . . . . . . . . . 48 The Data Center: Auditing For Profit . . . . . . . . . . . . . 56 Understanding Trusted Systems. . . . . . . . . . . . . . . . 19 Using Investigative Software to Detect Fraud . . . . . . . . 47 SECURITY PLANNING & MANAGEMENT IRM, SECURITY, & AUDIT COURSE TITLE PAGE A Fraud Update: Forensic and Investigative Auditing. . . . . 24 ADP Security Officers (ADPSO) Concepts . . . . . . . . . . . . 2 Advanced Technology Conference . . . . . . . . . . . . . . . 10 AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60 Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Audit and Security of Client/Server Architectures. . . . . . 24 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47 Becoming An Effective Data Security Officer. . . . . . . . . . 53 Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61 Computer Security For Security Officers. . . . . . . . . . . 62 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Continuity of Operations/Disaster Recovery Planning: Part II Workshop. . . . . . . . . . . . . . . . . . . . . 30 Control and Security of LANS . . . . . . . . . . . . . . . . 50 CS 329 - Computer Security Systems II. . . . . . . . . . . . . 58 Data Communications Security . . . . . . . . . . . . . . . . 28 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 EE 250 - Telecommunications Security Systems . . . . . . . . . 59 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Implementing & Managing a Computer Security Program. . . . . 19 Information Security Principles and Practice . . . . . . . . 17 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Microcomputer Security . . . . . . . . . . . . . . . . . . . 62 Physical Security for Data Processing. . . . . . . . . . . . 31 Protecting Networks & Small Systems. . . . . . . . . . . . . 29 Protecting Your Networks from Hackers, Viruses, and Other Attacks 23 Recent Developments in Information Security. . . . . . . . . 25 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 Security Technology in the Real World. . . . . . . . . . . . 45 The CMW: Administrator Tutorial. . . . . . . . . . . . . . . . 61 Writing Security Plans . . . . . . . . . . . . . . . . . . . 26 COMPUTER SECURITY POLICY & PROCEDURES IRM, SECURITY, & AUDIT COURSE TITLE PAGE Advanced Technology Conference . . . . . . . . . . . . . . . 10 Audit, Control, and Security of LAN and Mainframe Connectivity 31 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Audit Software for the 21st Century. . . . . . . . . . . . . 48 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Auditing EDI Applications. . . . . . . . . . . . . . . . . . 47 Auditing the Data Center for Controls, Efficiency, and Cost-Effectiveness. . . . . . . . . . . . . . . . . . . . 68 Auditing Advanced Information Technology . . . . . . . . . . . 69 Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . 38 Communication Security Principles & Practices. . . . . . . . 66 Comprehensive INFOSEC Seminar. . . . . . . . . . . . . . . . 66 Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61 Computer Security. . . . . . . . . . . . . . . . . . . . . . 35 Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31 Computer Viruses: Detect, Prevent, Cure Infections . . . . . 69 Computer Security And Privacy. . . . . . . . . . . . . . . . . 67 Computer Security for Managers Seminar . . . . . . . . . . . 53 Computer Security Seminar. . . . . . . . . . . . . . . . . . 64 Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38 Computer Security & Contingency Planning . . . . . . . . . . 51 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Control and Security of LANS . . . . . . . . . . . . . . . . 50 CS 230 - Information Policy. . . . . . . . . . . . . . . . . . 63 Data Security Planning . . . . . . . . . . . . . . . . . . . . 68 Database Security Seminar. . . . . . . . . . . . . . . . . . 65 Developing Computer Security Policies & Procedures . . . . . 28 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Fundamentals of Computer Security for Federal Information Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Security Principles and Practice . . . . . . . . 17 Information Risk Assessment & Security Management. . . . . . . 3 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37 Keeping Out of Trouble with the Software Police. . . . . . . . 9 LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37 Managing Computer Security-Mergs, Acq, and Divestitures. . . 67 Microcomputer Security . . . . . . . . . . . . . . . . . . . 62 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Network Security Seminar . . . . . . . . . . . . . . . . . . 65 Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35 PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37 PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36 Protecting Networks & Small Systems. . . . . . . . . . . . . 29 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 Security Technology in the Real World. . . . . . . . . . . . 45 Security and Control in Automated Systems-Audit IS . . . . . . 63 CONTINGENCY PLANNING IRM, SECURITY, & AUDIT COURSE TITLE PAGE Advanced Technology Conference . . . . . . . . . . . . . . . 10 Advanced Network Security Architecture . . . . . . . . . . . . 75 AIS Security Strategies. . . . . . . . . . . . . . . . . . . . 60 Application Security Reviews . . . . . . . . . . . . . . . . 30 Architecture for Secure Systems. . . . . . . . . . . . . . . . 73 Audit and Control of Electronic Data Interchange . . . . . . 39 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Auditing Client/Server Technology. . . . . . . . . . . . . . 24 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Auditing the Data Center for Controls, Efficiency, and Cost-Effectiveness . . . . . . . . . . . . . . . . . . . 68 Computer Security & Contingency Planning . . . . . . . . . . 51 Continuity of Operations/Disaster Rec. Planning: Part II Worksho 30 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Control and Security of LANS . . . . . . . . . . . . . . . . 50 Data Communications Security . . . . . . . . . . . . . . . . 28 Disaster Recovery Planning . . . . . . . . . . . . . . . . . . 70 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Information Systems Seminar For Internal Auditors. . . . . . . 4 INFOSEC Evaluations Using Formal Methods . . . . . . . . . . . 76 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Introduction to Software Verification. . . . . . . . . . . . . 76 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Model Interpretations. . . . . . . . . . . . . . . . . . . . . 75 Network Security Architecture. . . . . . . . . . . . . . . . . 74 Operating System Security Concepts . . . . . . . . . . . . . . 72 Physical Security for Data Processing. . . . . . . . . . . . 31 Risk Management. . . . . . . . . . . . . . . . . . . . . . . 25 Risk Assessment Techniques For Auditors. . . . . . . . . . . . 71 Trusted Integration/System Certification . . . . . . . . . . . 71 Trusted Systems Criteria and Concepts. . . . . . . . . . . . . 72 SYSTEMS LIFE CYCLE MANAGEMENT IRM, SECURITY, & AUDIT COURSE TITLE PAGE AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60 Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing the Systems Development Process . . . . . . . . . . . 70 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Auditing System Development: New Techniques for New Technologies47 Becoming Effective Data Security Officer . . . . . . . . . . . 53 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 Computer Security for the End-User . . . . . . . . . . . . . . 80 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Systems Security (CSI 214) . . . . . . . . . . . 81 Information Security Principles and Practice . . . . . . . . 17 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Introduction to Secure Systems . . . . . . . . . . . . . . . 34 Network Security . . . . . . . . . . . . . . . . . . . . . . . 77 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 UPS: Design, Selection and Specification . . . . . . . . . . 34 COMPUTER SECURITY BASICS ADP MANAGEMENT AND OPERATIONS COURSE TITLE PAGE Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Advanced Information Technology . . . . . . . . . . . 69 Auditing System Development: New Techniques for New Technologies47 Auditing the Data Center (M2020) . . . . . . . . . . . . . . 36 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Auditing Datacomm Networks . . . . . . . . . . . . . . . . . . 50 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 Business Fraud (M2008) . . . . . . . . . . . . . . . . . . . . 38 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security For End Users. . . . . . . . . . . . . . . . 2 Computer Security Awareness (CBT). . . . . . . . . . . . . . . 7 Computer Security Awareness Training . . . . . . . . . . . . . 3 Computer Security & Contingency Planning . . . . . . . . . . 51 Computer Security for Managers Seminar . . . . . . . . . . . 53 Computer Fraud (M2010) . . . . . . . . . . . . . . . . . . . 38 Computer Security Awareness. . . . . . . . . . . . . . . . . . 6 Computer Security for Security and MIS Professionals . . . . . 89 Control and Security of LANS . . . . . . . . . . . . . . . . 50 Detecting and Preventing Computer Fraud. . . . . . . . . . . 11 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Risk Assessment & Security Management. . . . . . . 3 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 INFOSEC Foundations Seminar. . . . . . . . . . . . . . . . . . 54 Introduction to EDP Auditing (M2022) . . . . . . . . . . . . 37 Introduction to LAN Security . . . . . . . . . . . . . . . . 10 LAN Security (M2006) . . . . . . . . . . . . . . . . . . . . 37 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Network Auditing (M2034) . . . . . . . . . . . . . . . . . . 35 PC/LAN Auditing (M2028). . . . . . . . . . . . . . . . . . . 36 PC Security (M2004). . . . . . . . . . . . . . . . . . . . . 37 Protecting Your Networks from Hackers, Viruses, and Other Attacks 23 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Security Technology in the Real World. . . . . . . . . . . . 45 The Data Center: Auditing For Profit . . . . . . . . . . . . . 56 SECURITY PLANNING AND MANAGEMENT ADP MANAGEMENT AND OPERATIONS COURSE TITLE PAGE A Fraud Update: Forensic and Investigative Auditing. . . . . 24 A Practical Approach to Certifying a System. . . . . . . . . . 83 AIS Security Strategies. . . . . . . . . . . . . . . . . . . 60 Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit and Security of Relational Databases and Applications. . 57 Audit and Security of Client/Server Architectures. . . . . . 24 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Becoming Effective Data Security Officer . . . . . . . . . . . 80 Building Information Security Awareness. . . . . . . . . . . 27 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security & Contingency Planning . . . . . . . . . . . 51 Computer Viruses, Trojan Horses, and Logic Bombs . . . . . . 61 Continuity of Operations/Disaster Recovery Planning: Part II Workshop 30 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Control and Security of LANS . . . . . . . . . . . . . . . . 50 CSMN 655 - Information Risk Assessment and Security Management 82 Data Communications Security . . . . . . . . . . . . . . . . 28 Developing Computer Security Policies & Procedures . . . . . 28 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Security (CSI 214) . . . . . . . . . . . 81 Information Risk Assessment & Security Management. . . . . . . 3 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Security Principles and Practice . . . . . . . . 17 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 LAN Security . . . . . . . . . . . . . . . . . . . . . . . . 28 LAN Tuning and Performance for Audit and Security Personnel. 57 Microcomputer Security . . . . . . . . . . . . . . . . . . . 62 Physical Security for Data Processing. . . . . . . . . . . . . 31 Protecting Networks & Small Systems 29 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 Secure Systems Design and Program Management . . . . . . . . 26 Security in Software Applications. . . . . . . . . . . . . . 33 Security Technology in the Real World. . . . . . . . . . . . 45 TEMPEST Program Management and Systems Engineering . . . . . 81 The Security-Audit Alliance. . . . . . . . . . . . . . . . . . 83 COMPUTER SECURITY POLICY AND PROCEDURES ADP MANAGEMENT AND OPERATIONS COURSE TITLE PAGE Audit, Control, and Security of LAN and Mainframe Connectivity 31 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security & Contingency Planning . . . . . . . . . . . 51 Computer Viruses: Detect, Prevent, Cure Infections . . . . . 69 Computer Viruses Seminar . . . . . . . . . . . . . . . . . . . 84 Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31 Computer Security. . . . . . . . . . . . . . . . . . . . . . 35 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Control and Security of LANS . . . . . . . . . . . . . . . . 50 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 Implementing & Managing a Computer Security Program. . . . . 19 Information Systems Seminar For Internal Auditors. . . . . . . 4 Information Systems Security (CSI 214) . . . . . . . . . . . 81 Information Security Principles and Practice . . . . . . . . 17 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Operational Network Security Seminar . . . . . . . . . . . . . 84 Secure Systems Design and Program Management . . . . . . . . 26 TEMPEST Program Management and Systems Engineering . . . . . 81 CONTINGENCY PLANNING ADP MANAGEMENT AND OPERATIONS COURSE TITLE PAGE Application Security Reviews . . . . . . . . . . . . . . . . 30 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Client/Server Technology. . . . . . . . . . . . . . 49 Business Impact Analysis . . . . . . . . . . . . . . . . . . 85 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 Communications Technologies. . . . . . . . . . . . . . . . . . 86 COMPUSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Computer Security & Contingency Planning . . . . . . . . . . 51 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 Continuity of Operations/Disaster Recovery Planning: Part II Workshop 30 Disaster Recovery Planning . . . . . . . . . . . . . . . . . 70 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 Implementing and Testing the Disaster Recovery Plan. . . . . . 88 Information Systems Seminar For Internal Auditors. . . . . . . 4 INFOSEC. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Managing and Developing a Disaster Recovery Plan . . . . . . . 87 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Physical Security for Data Processing. . . . . . . . . . . . 31 SYSTEMS LIFE CYCLE MANAGEMENT ADP MANAGEMENT AND OPERATIONS COURSE TITLE PAGE Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing System Development: New Techniques for New Technologies 47 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 Information Systems Seminar For Internal Auditors. . . . . . . 4 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 TEMPEST Program Management and Systems Engineering . . . . . 81 The CMW: Application Programming . . . . . . . . . . . . . . . 88 COMPUTER SECURITY BASICS END USERS COURSE TITLE PAGE Audit and Control of Electronic Data Interchange . . . . . . 39 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 Computer Security for the End-User . . . . . . . . . . . . . . 80 Computer Security: For Security and MIS Professionals. . . . . 43 Computer Security & Contingency Planning . . . . . . . . . . 51 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 Information Systems Seminar For Internal Auditors. . . . . . . 4 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 LAN Security Overview. . . . . . . . . . . . . . . . . . . . . 9 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 Network Security . . . . . . . . . . . . . . . . . . . . . . . 77 PC SECURITY. . . . . . . . . . . . . . . . . . . . . . . . . . 89 PC-LAN and Data Security . . . . . . . . . . . . . . . . . . . 9 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 TEMPEST Program Management and Systems Engineering . . . . . 81 SECURITY PLANNING AND MANAGEMENT END USERS COURSE TITLE PAGE Audit and Security of Relational Databases and Applications. . 57 Audit and Control of Electronic Data Interchange . . . . . . 39 Audit and Control of End-user Computing (EUC). . . . . . . . 40 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Basic Security For PC Users. . . . . . . . . . . . . . . . . 44 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 Computer Viruses . . . . . . . . . . . . . . . . . . . . . . 31 Continuity of Operations/Disaster Rec. Planning: Part II Workshop 30 Continuity of Operations/Disaster Recovery Planning: Part I. . 8 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Federal AIS Computer Security Requirements . . . . . . . . . . 4 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 560 Legal Environment of Information Systems . . . . . . 79 Information Systems Seminar For Internal Auditors. . . . . . . 4 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Physical Security for Data Processing. . . . . . . . . . . . 31 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 TEMPEST Program Management and Systems Engineering . . . . . 81 COMPUTER SECURITY POLICY AND PROCEDURES END USERS COURSE TITLE PAGE Audit and Control of End-user Computing (EUC). . . . . . . . 40 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Computer Security: For Security and MIS Professionals. . . . . 43 Computer Security & Contingency Planning . . . . . . . . . . . 51 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 Information Systems Seminar For Internal Auditors. . . . . . . 4 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 LAN Security . . . . . . . . . . . . . . . . . . . . . . . . . 90 Microcomputer Security . . . . . . . . . . . . . . . . . . . . 7 TEMPEST Program Management and Systems Engineering . . . . . 81 The CMW: User Tutorial . . . . . . . . . . . . . . . . . . . . 90 CONTINGENCY PLANNING END USERS COURSE TITLE PAGE Audit and Control of End-user Computing (EUC). . . . . . . . 40 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Business Impact Analysis . . . . . . . . . . . . . . . . . . . 85 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 GBA 560 Legal Environment of Information Systems . . . . . . 79 Information Systems Seminar For Internal Auditors. . . . . . . 4 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 SYSTEMS LIFE CYCLE MANAGEMENT END USERS COURSE TITLE PAGE Audit and Control of End-user Computing (EUC). . . . . . . . 40 Audit and Control of Electronic Data Interchange . . . . . . 39 Auditing Information Systems . . . . . . . . . . . . . . . . 41 Auditing System Development: New Techniques for New Technologies 47 CIS 433, EDP Auditing. . . . . . . . . . . . . . . . . . . . 78 EDP Concepts For Business. . . . . . . . . . . . . . . . . . . 6 GBA 560 Legal Environment of Information Systems . . . . . . 79 GBA 577: Advanced EDP Auditing . . . . . . . . . . . . . . . 79 GBA 578: Security and Privacy of Information Systems . . . . 78 Information Systems Seminar For Internal Auditors. . . . . . . 4 Integrated Auditing: The Basics. . . . . . . . . . . . . . . 42 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . 19 TEMPEST Program Management and Systems Engineering . . . . . 81 APPENDEX B VENDOR LIST VENDOR NAME Anne Arundel Community College Page(s): 81 ARCA Page(s): 53, 54, 64, 65, 66, 71, 84, 108 Booz-Allen & Hamilton Inc. Page(s): 7, 19, 26, 34, 89 California State Polytechnic, Univ, Pomona Page(s): 78, 79 Canaudit Inc Page(s): 45, 47, 48, 49, 50, 51, 52, 56, 96, 107, 111, 112, 113, 117 CENTER for Adv. Professional Develop Page(s): 69 Computer Security Institute Page(s): 27, 28, 29, 33, 53, 61, 62, 66, 67, 82, 83 COMSIS Page(s): 4, 8, 19, 28, 30, 31, 80 DATAPRO Educational Services Page(s): 1, 9, 35, 90 Disaster Recovery Institute Page(s): 85, 86, 87, 88 DPEC Page(s): 7 Ernst & Young Page(s): 4, 6 George Mason University Page(s): 17, 25, 107 George Washington University/GSAS Page(s): 32 Grumman Data Systems & Services Page(s): 7, 8, 11, 12, 13, 14, 15, 91, 99, 105, 127 GSA Training Center Page(s): 3, 32 IBM Management Institute Page(s): 68, 70 Information Resources Management College Page(s): 60 Johns Hopkins University Page(s): 67 MACRO International, Inc. Page(s): 1, 16, 17 MIS Training Institute Page(s): 9, 10, 11, 23, 24, 31, 43, 54, 55, 57, 68, 71, 93, 96, 98, 104, 109, 110, 114, 115, 117, 118, 119, 120, 121, 122, 123, 126, 128, 129 Montgomery College Page(s): 35 National Security Agency Page(s): 72, 73, 74, 75, 76 Naval Computer and Telecommunications Station Page(s): 2, 25, 44 RSH Consulting, Inc. Page(s): 92, 126 SAFEware Page(s): 125 Security Engineering Services, Inc. Page(s): 18, 26, 44, 77, 81 Skill Dynamics - An IBM Company Page(s): 20, 21, 22, 35, 36, 37, 38, 92, 93, 100, 101, 102, 105, 110, 116, 118, 119, 121, 122 The George Washington University Page(s): 58, 59, 63 The Institute of Internal Auditors Page(s): 10, 40, 41, 42 The Henderson Group Page(s): 94, 95, 97, 103 Thomas R. Hardy & Associates, Inc. Page(s): 18 Trainix Page(s): 106 Trusted Systems Training, Inc. Page(s): 61, 88, 90, 124 University of Wisconsin, Milwaukee Page(s): 34 University of Maryland, University College Page(s): 3, 82 USDA Graduate School Page(s): 2, 3, 30, 31, 33, 62, 63, 64, 70 APPENDIX D PRODUCT SPECIFIC COURSES PRODUCT PAGE A Three Day Emergency Session on PBX Fraud . . . . . . . . . .128 Advanced Audit, Control, and Security/ DEC's VAX/VMS . . . . .114 AS/400 Security Concepts and Implementations (S6050). . . . .116 AS/400 Recovery and Availability Management (S6051) . . . . .116 Audit, Control, and Security Of AS/400 . . . . . . . . . . . .117 Audit/Security Concepts-MVS/XA & MVS/ESA . . . . . . . . . . .122 Audit and Security of Novell . . . . . . . . . . . . . . . . .108 Audit and Security of Tandem Systems . . . . . . . . . . . . .111 Audit and Security of Unix-Based Operating Systems . . . . . .103 Audit and Security of Banyan VINES . . . . . . . . . . . . . .126 Audit & Security of DB2. . . . . . . . . . . . . . . . . . . . 96 Audit, Control and Security of CICS/ESA. . . . . . . . . . . . 11 Auditing AS/400: A Step By Step Approach . . . . . . . . . . .117 Auditing DB2 . . . . . . . . . . . . . . . . . . . . . . . . . 96 Auditing UNIX. . . . . . . . . . . . . . . . . . . . . . . . .106 Auditing MVS in a CA-ACF2 Environment (M2030) . . . . . . . . 99 Auditing MVS in a RACF Environment (M2026). . . . . . . . . .101 Auditing MVS in a CA-TOP SECRET Environment (M2032) . . . . . 99 Auditing Decnet. . . . . . . . . . . . . . . . . . . . . . . .112 Auditing RACF. . . . . . . . . . . . . . . . . . . . . . . . . 92 Auditing VAX: A Comprehensive Approach . . . . . . . . . . . .113 CA-ACF2: Proper Implementation and Security. . . . . . . . . .118 CA-TOP Secret: Proper Implementation and Security. . . . . . .119 Converting from CA-TOP SECRET to RACF (H3890). . . . . . . .119 Converting CA-ACF2 to RACF (H3891) . . . . . . . . . . . . .118 Effective RACF Administration (H3927) . . . . . . . . . . . . 92 Enterprise Systems Analysis for MVS/ESA & MVS/XA . . . . . . .123 Guide To Auditing Novell Networks V.3. . . . . . . . . . . . .109 Hands-On-Lans: Auditing Novell Networks Workshop . . . . . . .110 How to Get the Most Out of RACF. . . . . . . . . . . . . . . . 94 IBM LAN Server: Audit and Security . . . . . . . . . . . . . .129 Implementing Security for CICS Using RACF (H4001). . . . . .121 Introduction to DEC's VAX/VMS Operating System . . . . . . . .113 MaxSix Trusted Networking. . . . . . . . . . . . . . . . . . .124 MVS/ESA Disaster Recovery (J3716). . . . . . . . . . . . . . .122 MVS Security (M2002) . . . . . . . . . . . . . . . . . . . . .102 MVS/ESA as a Server, Peer and Open System Audit, Control, and Security . . . . . . . . . . . . . . . . . . . . . . . . 97 MVS Auditing (M2024) . . . . . . . . . . . . . . . . . . . . .100 MVS/ESA -RACF Security Topics (H3918) . . . . . . . . . . . .101 Novell NetWare Security (M2000). . . . . . . . . . . . . . .109 OS/MVS and SMF: Security and Audit Facilities. . . . . . . . . 97 Practical Approach to Auditing RACF. . . . . . . . . . . . . . 94 Practical Approach to Auditing MVS Security. . . . . . . . . .102 Practical Approach to Auditing DB2 Security. . . . . . . . . . 95 RACF: Proper Implementation and Security . . . . . . . . . . . 93 RACF Installation (H3837) . . . . . . . . . . . . . . . . . . 93 SAFE = Security Awareness from Education . . . . . . . . . . .125 SE01: RACF for Project Managers. . . . . . . . . . . . . . . . 91 SE02: RACF for Security Officers . . . . . . . . . . . . . . . 91 SECO1-M: MVS Security for Project Managers . . . . . . . . . . 98 SECO2-M: MVS Security for Security Officers. . . . . . . . . . 98 SECO2-V: VM Security for Project Managers. . . . . . . . . . .127 SECO3-U: Unix Security . . . . . . . . . . . . . . . . . . . .104 SECO3-V: VM Security for Security Officers . . . . . . . . . .127 Security & Auditing of SNA Networks/ACF/VTAM & NCP . . . . . .120 Security for Banyan VINES LANs . . . . . . . . . . . . . . . .126 Unix Workshop. . . . . . . . . . . . . . . . . . . . . . . . .103 UNIX Security Seminar. . . . . . . . . . . . . . . . . . . . .107 UNIX Security . . . . . . . . . . . . . . . . . . . . . . . .106 UNIX Security For Users. . . . . . . . . . . . . . . . . . . .105 UNIX/AIX Security (M2012) . . . . . . . . . . . . . . . . . .104 UNIX Systems Security. . . . . . . . . . . . . . . . . . . . .105 What Data Security Officers & Auditors Need to Know and Do About VTAM Security. . . . . . . . . . . . . . . . . . . . . . . . 96 APPENCIX C PRODUCT LIST PRODUCT PAGE AS/400 . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 BANYAN VINES . . . . . . . . . . . . . . . . . . . . . . . . 126 CA-ACF2. . . . . . . . . . . . . . . . . . . . . . . . . . . 118 CA-TOP SECRET. . . . . . . . . . . . . . . . . . . . . . . . 119 CICS/ESA . . . . . . . . . . . . . . . . . . . . . . . . . . 121 DB2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 DECNET . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 IBM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 MAXSIX . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 MVS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 NOVELL . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 PBX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 RACF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 SAFEware . . . . . . . . . . . . . . . . . . . . . . . . . . 125 SNA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 TANDEM . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 VAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 VTAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 COURSE TITLE: Telecommunications for Information Systems Security Analysts COURSE LENGTH: 32 HRS VENDOR: DATAPRO Educational Services 600 Delran Parkway Delran, NJ 08076 (609) 764-0100 This course provides an introduction of basic telecommunications systems and mediums for the System Security analyst and an understanding of the integral role they play in successful protection of the system's data. They will learn current regulatory and control concepts, gain a working knowledge of telecommunications principles and develop an understanding of the products and services offered from various vendors. They will also learn proactive techniques that support diverse information transmission mediums and develop an understanding of telecommunication systems vulnerabilities. They will learn how to evaluate the present contingency plan and how to develop a risk analysis formula. They will develop a project plan for contingency implementations of hardware and software that support disaster recovery. COURSE TITLE: Computer Security Executive Overview COURSE LENGTH: 3 HRS. VENDOR: MACRO International, Inc. 8850 Stanford Boulevard Columbia, MD 21045 (410) 290-2800 This briefing is designed for executive personnel and will present an overview of applicable laws and other requirements for computer security. The course will emphasize implementation of these requirements at the executive management level, and the role of senior management in supporting security initiatives. COURSE TITLE: ADP Security Officers (ADPSO) Concepts COURSE LENGTH: 8 HRS VENDOR: Naval Computer and Telecommunications Station ATTN Code N823 PO Box 357056 San Diego, CA 92135-7056 (619) 545-8628 - DSN 735-8628 This one-day course is an overview of what is involved in implementing a command AIS Security Program and discusses the DoD and DON Minimum Program Requirements policy. This course is excellent for a beginner ADPSO or other AIS Security staff members. The course outlines the responsibilities of DON management and command AIS Security Staff members, identifies the steps necessary for accreditation, and the structure of the DON AIS Security Program which includes a discussion on the Controlled Access Protection (CAP) Guidebook (NAVSO P-5239-15). The course discusses aids in solving common AIS Security problems and discusses methods in determining system security levels. This course is conducted at the NAVCOMTELSTA San Diego facility or at your command. COURSE TITLE: Computer Security For End Users COURSE LENGTH: 1 DAY VENDOR: USDA, Graduate School 600 Maryland Ave, SW Washington, DC 20024 (202) 447-7124 This workshop will give you an overview of the threats to, and vulnerabilities of, computer systems, and appropriate safeguards to protect those systems. We will stress your role in the protection of sensitive data, and in the prevention and detection of computer crime. You will receive checklists and suggestions for becoming more aware of possible computer security problems in your office, and you will be able to get advice on how to deal with concerns that are specific to your agency or installation. COURSE TITLE: Computer Security For Executives COURSE LENGTH: 3 HRS VENDOR: USDA, Graduate School 600 Maryland Ave, SW Washington, DC 20024 (202) 447-7124 This briefing will give you a basic understanding of computer security. It includes an overview of threats and vulnerabilities to computer systems and your responsibility for the assessment of your agency's computer security program. We will review briefly the history of computers, then examine current dependencies on computers, applicable laws and regulations, computer crime, viruses, and touch on espionage. Bring your questions because the briefing is designed to be responsive to your needs. Time has been reserved at various points for you to raise concerns from your individual agency perspective. COURSE TITLE: Computer Security Awareness Training COURSE LENGTH: 3 HRS VENDOR: GSA Training Center P.O. Box 15608 Arlington, VA 22215-0608 Joan Bender: (703) 603-3213 Participants learn to be aware of threats to and vulnerabilities of computer systems, as well as to encourage use of improved security practices. Topics include: Computer Security Act of 1987; computer fraud, waste, and abuse; and types of computer hackers. Also discussed are natural disasters and human errors relating to computer security. COURSE TITLE: Information Risk Assessment & Security Management COURSE LENGTH: 1 SEM VENDOR: University of Maryland, University College University Boulevard at Adelphi Road College Park, MD 20742-1614 (301) 985-7155 An examination of the proliferation of corporate data bases and the development of telecommunications network technology as gateways or invitations to intrusion. Ways of investigating the management of the risk and security data and data systems are presented as a function of design through recovery and protection. Issues of risk and security, as they relate to specific industries and government, are major topics in the course. Examples are presented of how major technological advances in computer and operating systems have placed data, as tangible corporate assets, at risk. Both quantitative sampling techniques for risk assessment and for qualitative decision-making under uncertainty are explored. COURSE TITLE: Federal AIS Computer Security Requirements COURSE LENGTH: 1 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 Ronald E. Freedman: (301) 588-0800 This course begins with a review of the Federal Computer Security framework and an introduction to the key players and legislation that has shaped Federal Computer Security policy. COURSE TITLE: Information Systems Seminar For Internal Auditors COURSE LENGTH: 5 DAY VENDOR: Ernst & Young 2000 National City Center Cleveland, OH 44114 Morton T. Siegel: (800) 289-5745 This introductory seminar of computer concepts and controls is designed for the MIS or internal auditing professional who needs to learn about basic computer concepts, computer controls and security, system life cycle planning and control, and contingency planning. Individuals with these backgrounds who complete this seminar will be exposed to every major aspect of information systems auditing and should be able, with the tools provided in the seminar, to perform basic IS Audits. In addition, the seminar will emphasize how ISA is integrated with the internal audit process. This is a five-day, classroom program consisting of stand-alone modules that can be presented as a whole or modules can be selected to provide training on specific subjects in shorter-duration programs. Call the vendor for more information regarding which of the following modules have been selected for this particular training area. Module 1-Introduction to the Seminar Module 2-Information Systems Auditor's Role Module 3-Getting Started Module 4-Planning the IS Audit Module 5-Overview of the ISA Function Module 6-Overview of Computer Operations Module 7-A Management Approach to Computer Fraud Module 8-Introduction to General Controls Module 9-Organization and Administration Module 10-System Development Life Cycle Module 11-Change Control and Management Module 12-Case Study Module 13-The Time Bomb Module 14-Access Control Module 15-Case Study Module 16-Program Execution Module 17-Continuity of Operations Module 18-Outsourcing and Other Alternative Processing Module 19-Cloak and Data Module 20-Data Bases Module 21-Minicomputer Systems-Audit and Control Considerations Module 22-Microcomputers-Audit and Control Considerations Module 23-Introduction to Application Control Reviews Module 24-Input Control Objectives and Procedures Module 25-Case Study-Input Controls Module 26-Processing Control Objectives and Procedures Module 27-Output Control Objectives and Procedures Module 28-Case Study-Processing and Output Controls Module 29-Generalized Audit Software and Other CAATs Module 30-Summary COURSE TITLE: EDP Concepts For Business COURSE LENGTH: SELF-PACED VENDOR: Ernst & Young 2000 National City Center Cleveland, OH 44114 Morton T. Siegel: (800) 289-5745 EDP Concepts for Business is an interactive computer-based training (CBT) program. The student receives information and is coached based upon the answers to teaching questions. This was designed to involve the student, be flexible, and be responsive to the student's needs; this format focuses on the student. You need only an IBM PC, XT, AT, or any IBM-compatible microcomputer with at least 192K memory. Call the vendor for more information regarding which of the following modules have been selected for this particular training area. Module 1-Computers and Their Components Module 2-Data and Data Processing Module 3-Programs and Languages Module 4-The System Development Life Cycle Module 5-EDP Personnel Module 6-Access Control and Security COURSE TITLE: Computer Security Awareness COURSE LENGTH: 1 HR VENDOR: Booz-Allen & Hamilton Inc. 8283 Greensboro Drive McLean, VA 22102-3838 (703) 902-5201 The purpose of this course is to provide participants with an awareness of computer security, to sensitize them to the need for computer security policies and practices in the workplace, and to motivate each individual to practice effective computer security techniques. The instructional content of the course is composed of:requirements of computer-security-related laws and circulars; definitions and examples of basic computer security terms; the increasing concern to protect computer assets; and basic computer practices, controls, and countermeasures. NOTE:Contact the vendor for information concerning specialized agency training. COURSE TITLE: Microcomputer Security COURSE LENGTH: 2 HRS VENDOR: Booz-Allen & Hamilton Inc. 8283 Greensboro Drive McLean, VA 22102-3838 (703) 902-5201 The purpose of this microcomputer security course is to sensitize participants to the need for microcomputer security and to provide each individual with some practical tools to protect their microcomputer assets, especially the stored information. The course provides practical information on computer security that microcomputer users can implement immediately. NOTE:Contact the vendor for information concerning specialized agency training. COURSE TITLE: Computer Security Awareness (CBT) COURSE LENGTH: 5-8 HRS VENDOR: DPEC 1679 Old Henderson Road Columbus, OH 43220-3644 (800) 223-3732 This is a Computer Based Training (CBT) course using the framework of administrative, physical and logical security. Computer Security Awareness explains contingency planning and precautions against computer crime from the viewpoint of mainframe computers and micros; a computer security checklist is included. This is a modular course lasting 5 - 8 hours. The number of hours is based upon a student interacting with approximately 60-120 screens per hour. COURSE TITLE: Marketplace Implications of the Evolution of Evaluation Criteria COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy (410) 859-0123 This seminar covers the current state of the Evolution of Trusted Computer Product Evaluation schemes, of North America and Europe, the products which are evaluated and the conclusions which can be drawn. The discussions will concentrate on the US Federal Criteria and the implications of the proposed Common Criteria, for the marketplace in general, and for the integration of COTS products specifically. The briefing is designed to be responsive to your needs, and time is reserved for in-depth discussions of issues which affect you most critically. COURSE TITLE: The Systems Integrator's Perspective on AIS Security Strategies COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 This course presents the application of system integration and composition concepts to the management and acquisition of AIS, especially where sensitive data is concerned. A major portion of the seminar concentrates on determining the security implications of alternative approaches and involvement of the appropriate players during the acquisition process. Managers responsible for the acquisition of sensitive computing resources will benefit from this seminar. COURSE TITLE: Continuity of Operations/Disaster Recovery Planning: Part I COURSE LENGTH: 1 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 Ronald E. Freedman: (301) 588-0800 This course outlines the steps to be performed to determine backup/recovery requirements, and effectively plan and develop a COOP/DRP for both applications and installations. COURSE TITLE: Executive AIS Security Briefing COURSE LENGTH: 1/2 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 Ronald E. Freedman: (301) 588-0800 This course provides a brief overview of Federal Computer Security requirements and objectives and explores Senior Managements role in protecting assets. COURSE TITLE: Keeping Out of Trouble with the Software Police COURSE LENGTH: 1 DAY VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2356 Pam Bissett: (508) 879-7999 The common practice of copying and sharing is no longer being tolerated by software publishers. Organized under the umbrellas of the Software Publishers Association (SPA), they are waging an all-out war against abusers of copyright law. In this special, one-day session, you will learn how to keep your organization "software legal." Without a lot of confusing "legalese," you will learn: what you need to know about software license and copyright laws; the methods being used to enforce software licenses and to prosecute copyright infringement; how to recognize potential violations in your organization; and step-by-step guidelines for establishing and implementing a practical code of software ethics. COURSE TITLE: LAN Security Overview COURSE LENGTH: 16 HRS VENDOR: DATAPRO Educational Services 600 Delran Parkway Delran, NJ 08076 (609) 764-0100 This course will provide the Systems Security analyst with a basic understanding of the security implications of the Local Area Networks and familiarize the students with the functional considerations of LAN security routines. The class format will provide a controlled forum for the analyst to discuss the various security routines and procedures currently in use by the government, their establishment and design. there will also be discussions on the various types of security measures integrate into the Network Operating Systems of Novell, Banyan, SCO UNIX and Starian. COURSE TITLE: PC-LAN and Data Security COURSE LENGTH: 40 HRS VENDOR: DATAPRO Educational Services 600 Delran Parkway Delran, NJ 08076 (609) 764-0100 This course is intended to give a perspective of the various types of security threats to the first and second level managers of the Telecom and MIS departments. It has a broad scope, however, it provides a good foundation for future courses to focus on individual issues and develop security plans. COURSE TITLE: Advanced Technology Conference COURSE LENGTH: 3 DAYS VENDOR: The Institute of Internal Auditors 249 Maitland Avenue Altamonte Springs, FL 32701 (407) 830-7600 ext. 1 The Institute of Internal Auditors' annual Advanced Technology Conference presents world-renowned technology experts who will share the solutions, tools, and techniques needed to validate and enhance job performance. This interactive program addresses a variety of technology challenges that auditors face. Attendees are provided the opportunity to stay on top of emerging trends as well as the knowledge to utilize the tools and techniques available for auditing today's technology. Security professionals will find the sessions informative from the standpoint of learning the business concerns, risks, and related control techniques involved in current and emerging technology. Participants have the opportunity to: Discuss the newest advances in audit technology. Hear the most informed and experienced speakers. Understand cutting-edge emerging technologies. The conference provides a forum in which to learn and exchange information on all aspects of audit, control, and security technologies. COURSE TITLE: Introduction to LAN Security COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 Protecting increasingly sensitive LANs is now the most critical security issue facing today's enterprise. In this intensive, three-day seminar you will benefit from and experience-based, real-world approach to LAN security. You will gain an understanding of basic LAN technology and security threats. You will learn the specific components that ensure a solid LAN security program and how security should be designed into the system. You will leave this high-impact session prepared to plan and implement effective and responsive LAN COURSE TITLE: Detecting and Preventing Computer Fraud COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 As the gap between computer technology and computer security widens, IS and Internal Auditors are relied upon more than ever to ensure the integrity and security of organizational data. In this high-impact seminar you will focus on the risks and threats inherent in computer environments and the controls that are necessary to assure management that exposures are held to acceptable levels. Through case studies and "real-life" exercises, you will explore areas of computer fraud, risk management, and treats. You will leave this three-day seminar knowing the controls for preventing computer fraud and methods for detecting it, should it occur. COURSE TITLE: Practical Aspects of Acquiring and Owning a Multilevel Secure Network COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the course: Give managers and Technical personnel the tools to make appropriate acquisition and operating decisions regarding MLS Information Systems. Following custom modules: Module A. The Technology with MLS added. Mandatory Access Control labels, Exploring operational impacts of MLS: MAC vs DAC - vulnerabilities New audit considerations - impact of MLS and MAC on the makeup and sensitivity of the Audit Trail data. Module B. The Environment with MLS added. Impact of an MLS accreditation on configuration management. Hardware, ancillary equipment, software, especially upgrading to new functionality. Maintaining accreditation - documentation for the Life cycle A checklist of warning signs for the Admin/Security staff Addressing security violations (vulnerabilities) in the MLS environment. How to use the CERT to best advantage. Module C. Acquisition of Trusted Systems. A seminar for local procurement initiators, managers, and procurement technicians to review the appropriate usage of language in an RFP for Trusted Systems, or MLS Network components. This seminar discusses specification language for the SOW, how to use CDRLs for acquiring Assurance documentation, and pitfalls to avoid in preparation of the procurement plan. COURSE TITLE: Practical Considerations for Acquiring and Implementing a MultiLevel Secure Network COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the Course: Give managers and technical personnel the tools to select acquire and implement cost effective security technologies in information systems. Module A. Sorting out the technologies defined by NCSC A discussion of the subtleties of the "Rainbow" books Module B. Overview of the State-of-the-Art A Look beyond the Hype at the marketplace of Trusted Systems Module C. Acquisition of Trusted Systems: A seminar for local procurement initiators, managers, and procurement technicians to review the appropriate usage of language in an RFP for Trusted Systems, or MLS Network components. COURSE TITLE: Practical Aspects of Planning to Acquire Multilevel Security in an Open Systems Environment COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the Course: Give managers and technical executives the tools to plan and acquire cost effective technologies for ensuring the enforcement of their security policies in information systems.Custom modules include: Module A. Organizational Responsibilities DoD Security Policy Refresher. complying with DoD Inst 5200.28 Module B. Understanding which Technology is for which Problem (Getting there -from here) Module C. Acquisition of Trusted Systems A seminar for local procurement initiators, managers, and procurement technicians to review the appropriate usage of language in an RFP for Trusted Systems. COURSE TITLE: Practical Considerations for Planning and Implementing Multilevel Security in an Open Systems Environment COURSE LENGTH: 16 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the Course: Give technical executives the tools to plan and select cost effective technologies and to make cost-effective Operational decisions regarding the enforcement of their security policies in MLS Information Systems. This course is a tailored set of modules customized from among: Organizational Responsibilities [2 hrs] Sorting out the technologies defined by NCSC [4 hrs] Overview of the State-of-the-Art [2 hrs] Understanding which Technology is for which Problem (Getting there -from here) [3 hrs] The Technology with MLS added [3 hrs] The Environment with MLS added [2 hrs] COURSE TITLE: Case Studies in Multilevel Secure Networking COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the course: Give on-site managers and Technical personnel tools based on specific local cases, to make cost-effective Operational decisions regarding migration to MLS Information Systems. This briefing will cover: The Customer Environment with MLS Added, Identifying your accreditor, Reviewing requirements for Internal Review Audits, Coordinating with the CM/QA team on-site, Tracing the flow of ADP Security Reporting Reviewing specific responsibilities and requirements for co-location of CRYPTO or other NSA approved/controlled items, Exploring which state-of-the-art systems might meet specific local requirements, while being within the range of our resources. Sampler of Evaluated Operating Systems, Workstations, Networking Components and Specialty Components. Specific information about levels of expertise required to implement a system on-site with them. COURSE TITLE: Managing the Acquisition of MLS Resources COURSE LENGTH: 4 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the course: Give on-site managers and Technical personnel tools to make cost-effective procurement decisions regarding migration to MLS Information Systems. Specific topic discussed: Acquisition of Trusted Systems: A seminar for local procurement initiators, managers, and procurement technicians to review the appropriate usage of language in an RFP for Trusted Systems, or MLS Network components. This seminar discusses specification language for the SOW, how to use CDRLs for acquiring Assurance documentation, and pitfalls to avoid in preparation of the procurement plan. You will also receive a copy of the NSA and NIST Acquisition guidance for trusted systems. COURSE TITLE: Practical Aspects of Owning a Multilevel Secure Network COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the course: Give managers and Technical personnel the tools to make cost-effective Operational decisions regarding MLS Information Systems. Course Curriculum consists of: The Technology with MLS added The Information Systems equivalents to Markings, Caveats, handling instructions - Mandatory Access Control labels Exploring operational impacts of MLS: MAC vs DAC- vulnerabilities New audit considerations - impact of MLS and MAC on the makeup and sensitivity of the Audit Trail data. Tracking an atomic action through several audit trails. Enhancing the security profile of an MLS system Impact of an MLS accreditation on Configuration Management A checklist of warning signs for the Admin/Security staff Addressing security violations How to use the CERT to best advantage Impact of having a CRYPTO in the closet. You will receive checklists and suggestions for operating sensitive systems daily. COURSE TITLE: Practical Considerations for Implementing a MultiLevel Secure Network COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy: (410) 859-0123 Objectives of the Course: Give managers and technical personnel the tools to select and use cost effective security technologies in information systems. Specific topics: technologies defined by NCSC The TCSEC "Orange Book", The TNI "Red Book": MIAD components, The TDI "Purple Book": TCB subsets, The CSSI "Powder Blue Book": components which support the security policy in a more restrained fashion, The ISSPSC: there's more in there than the EPL. The definitive catalog of NSA evaluated technology. A Look beyond the Hype at the marketplace of Trusted Systems IBM's MVS/ESA RACF (B1), CA's B1 Security Amdahl's Trusted MDF, Unisys OS-1100 (B1)Workstations CMWs Networks and components Xerox XEU, LEAD, Motorola NES, Blacker A sampler of specialty components (subsystems) Making an informed decision to use non-evaluated product and the cost of getting smart enough to be able to evaluate it yourself. COURSE TITLE: Practical Considerations for Planning Multilevel Security in an Open Systems Environment COURSE LENGTH: 8 HRS VENDOR: Grumman Data Systems & Services 839 Elkridge Landing Rd. Suite 106 Linthicum, MD 21090 Bruce Levy (410) 859-0123 Objectives of the Course: Give managers and technical executives the tools to plan and select cost effective technologies for planning the enforcement of their security policies in information systems. Specific topics: Organizational Responsibilities DoD Security Policy Refresher, Complying with DoD Inst 5200.28, Accreditation Requirements, What Certification means, How Evaluation helps, Documentation of your system (network), Cost effective steps toward MLS, Avoiding common password headaches, Some Practical approaches to all that Audit trail. You will get expert advice on what works and what your installation needs to enter the distributed age of computing. COURSE TITLE: Introduction to Computer Security for First-Level Supervisors COURSE LENGTH: 8 HRS. VENDOR: MACRO International, Inc. 8850 Stanford Boulevard Columbia, MD 21045 (410) 290-2800 This program is designed for first-level supervisors and emphasizes the role of the supervisor in implementing and managing computer security programs. The course discusses approaches for instilling security awareness in staff, training, security administration, and incident management and reporting. An overview of threats, protection strategies, and implementation of policies and procedures is presented, emphasizing requirements for different levels of system sensitivity. COURSE TITLE: Introduction to Computer Security for Non-ADP Managers COURSE LENGTH: 8 HRS. VENDOR: MACRO International, Inc. 8850 Stanford Boulevard Columbia, MD 21045 (410) 290-2800 This program is designed to provide mid-level managers with an overview of computer security program planning and management. Presentation will emphasize compliance with P.L. 100-235 and other laws and requirements for classified and unclassified systems. Discussion will also emphasize the threat against sensitive systems; capabilities of potential adversaries; asset value; sensitivity and definition of protection levels appropriate to the threat; contingency planning; and management risk acceptance. The course will also cover the development of security plans emphasizing human resource management practices, the implementation of computer security programs within budget and staff constraints. COURSE TITLE: Computer Security for Security & ADP Program Managers COURSE LENGTH: 3 DAYS VENDOR: MACRO International, Inc. 8850 Stanford Boulevard Columbia, MD 21045 (410) 290-2800 This course is designed for ADP program managers and computer security program managers. It provides an overview of Public Law 100-235 and other laws and requirements for computer security. Discussion will emphasize various types of threats against sensitive systems; capabilities of potential adversaries; areas of vulnerability; and control techniques. This course provides a comprehensive understanding of the full range of potential threat and the effectiveness of alternative security controls against different threats. This course is oriented toward those with prior programming and systems development experience. COURSE TITLE: Information Security Principles and Practices COURSE LENGTH: 4.5 DAYS VENDOR: George Mason University Department of Information & Software Systems Engineering School of Information Technology and Engineering Fairfax, VA 22030-4444 Ravi Sandhu: (703) 993-1659 This course introduces fundamental issues and concepts of information security, emphasizing the Trusted computer System Evaluation Criteria (TCSEC), which is the seminal publication providing authoritative guidance concerning trust technology; and its eventual successor, the Federal Criteria for Information Technology Security. Security policy, risk management, certification and accreditation are discussed in their supporting roles. The threat of viruses and other rogue programs is discussed; a case study reinforces the lessons learned. Practical advice for trusted system integration is provided. COURSE TITLE: COMPUSEC COURSE LENGTH: 2 DAYS VENDOR: Security Engineering Services, Inc. 5005 Bayside Road Chesapeake Beach, MD 20732 Bruce Gabrielson: (301) 855-4565 This class is an unclassified overview of COMPUSEC requirements, issues and related COMSEC and TEMPEST information. Attendees should be able to intelligently address technical vulnerability issues in their ADP systems. Topics Covered Laws and DoD Specifications, Trusted Computer Systems, Risk Management, Configuration Management, Data Remnance, Software Disk Protection, Virus Protection, Network Overviews, COMSEC Protection, TEMPEST Protection, OPSEC Issues Student Background: Intended for entry level security people. COURSE TITLE: Basics of Computer Security COURSE LENGTH: 2 DAYS VENDOR: Thomas R. Hardy & Associates, Inc. P.O. Box 5631 Derwood, Maryland 20855 (301) 921-0595 This course is designed for end users and management personnel - it presents the elements necessary for developing a secure computer system environment. The class addresses the needs of small and large systems, and network configuration. Topics include: Planning and design; Threats and Vulnerabilities; Countermeasures; Contingency planning and disaster recovery; Backup site planning; Responsibilities. COURSE TITLE: Understanding Trusted Systems COURSE LENGTH: 1 DAY VENDOR: BoozAllen & Hamilton 8th Floor, Room 822 8283 Greensboro Drive McLean, VA 22102-3838 Butch Chaboudy: (703) 902-5265 This course provides an understanding of the Trusted System Evaluation Criteria (Orange Book) and the Trusted Network Criteria and Trusted Database Management interpretation. The student will gain a working knowledge of the security fundamentals, the features of each class and the assurance required of these features. Additionally, the student will be introduced to other appropriate rainbow series books. COURSE TITLE: Implementing & Managing a Computer Security Program COURSE LENGTH: 1 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 (301) 588-5922 This course provides an overview of a computer security program, and describes the requirements and rationale for each program element. COURSE TITLE: Risk Assessment COURSE LENGTH: 1 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 (301) 588-5922 This course provides a global examination of computer security risk assessment and the techniques for applying risk assessment. COURSE TITLE: Disaster Recovery Planning: Strategies to Develop and Maintain Provable Recovery Capability (W9912) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course teaches you how to develop, maintain, and test your disaster recovery plan. The objective is to develop provable recovery capability, not paper documentation. The focus is on what the organization - I/S and the business functions - must put in place now, keep current and test to the satisfaction of responsible executives that the business can survive the loss of processing capability. The course discusses strategies that are independent of any particular hardware or software implementation. This is a management course, not a technical course. COURSE TITLE: Data Center Recovery Planning (M2040) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course provides you with a basic understanding of the disaster recovery planning process within a data center environment. The course focuses on the recovery of the data center and communications to and from business units/departments. All phases of the recovery planning process, from disaster declaration through relocation to a new facility, are discussed COURSE TITLE: PC/LAN Recovery Planning (M2042) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course provides you with a basic understanding of the disaster recovery planning process encompassing personal computers (PCs) and local area networks (LANs). The course focuses on the recovery of stand-alone PCs, LANs (the file server environment), and LAN communications to and from business units/departments. All phases of the recovery planning process, from disaster declaration through relocation to a new facility, are discussed. COURSE TITLE: Business Impact Analysis (M2044) COURSE LENGTH: 2 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course teaches you how to perform a risk analysis to ascertain the impact that a disaster may have on your business. You will also learn how to analyze your important business functions and the consequences, if lost, to the organization. You will learn the time period after which this loss becomes critical and the priorities that each important business function has within the overall recovery process. You'll learn to use a process involving a thorough impact analysis focusing on all aspects of the business, not just computerized processes. The course enables you to build an impact analysis and better understand your overall business process. COURSE TITLE: Business Resumption Planning (M2046) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course teaches you the many facets of preparing a Business Resumption Plan (BRP). To be able to resume normal business operations within an organization after a serious outage, an effective recovery plan must be in place. This course focuses on the business reasoning of such a plan and identifies some of the obstacles that will have to be overcome. Having a Business Resumption Plan in place may prevent unnecessary loss to your organization if a disaster affects your manual or automated business functions. The course shows how to build an effective BRP for your organization. Full attention will be given to the different aspects of the plan, auditors who must review the competency of an organization's recovery plans. COURSE TITLE: Network Recovery Planning (M2056) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course teaches you the fundamentals of handling adverse conditions on networks and recovering functionality even after complete shutdown or network failure. Different data exchange protocols and their benefits and vulnerabilities are presented along with the use of servers, routers, and gateways. Typical local area networks (LANs) and wide area networks (WANs) that mix topologies are also examined. Particular attention is given to preventing the network failure or shutdown, and to minimizing its effect. COURSE TITLE: Data Security Planning: Strategies for Effective Information Security (W9898) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACH (800) 426-8322 This course teaches you how to plan and implement data security. It is based upon and uses examples from successful programs. It takes an organizational view of information and presents many policies, standards and guidelines of IBM and other organizations. The course discusses strategies that are independent of any particular hardware or software implementation. This is a management course, not a technical course. The course discusses programs and processes within the context of end-user computing and shows how they can enhance protection. COURSE TITLE: Protecting Your Networks from Hackers, Viruses, and Other Attacks COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 Hackers, phone phreaks, viruses, corporate spies, and disgruntled employees are all real threats to today's organizations. In this three-day technical seminar you will examine the nature of these significant security threats and vulnerabilities. You will learn practical, cost-effective security and audit techniques that will dramatically improve your success in reducing risk while enabling you to go systematically monitor your organization's security strengths and weakness. You will leave this high-tech session with sample checklists, a set of valuable software tools, and "how-to" reference materials that will increase your effectiveness and decrease of attacks on your network. COURSE TITLE: How to Manage an Information Security Program A Guide for Newly Appointed Managers COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 This three-day session will be your guide to establishing and managing a workable information security program. You will learn the components of a comprehensive plan, covering access control software applications; telecom/network security measures; physical protection of the computer facility; and the legal and regularity aspects of information security. You will learn how to protect your organization from computer crime and viruses. You will explore disaster recovery and the key elements of an effective business continuity program. You will leave this session with a blueprint for building an information security program or for measuring an existing one. COURSE TITLE: Audit and Security of Client/Server Architectures COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 As more critical applications continue to move onto networks, the open architecture concept, a lack of true separation of duties, poor administration, and often unfamiliar network tools leave organizations open to risk. In this timely seminar you will review the basics of client/server architectures, uncover the risks within the technology, and identify cost-effective controls for plugging these loopholes. You will learn how to spot poorly designed client/server applications and how to identify connection risks. You will explore communications protocols, distributed databases, and the most commonly used network operation systems, including NetWare, VINES, Unix, NT and OS/2. You will leave this in-depth seminar with a checklist that you can use as a foundation for a customized workplan for your own client/server audits. COURSE TITLE: A Fraud Update: Forensic and Investigative Auditing COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 As incidents of fraud continue rise, management now more than ever looks to Audit as its first line of defense against this bottom-line busting crime. Using case studies and interactive exercises, this three-day seminar will be your road map through the major fraud concerns facing organizations today. You will cover investigative principles, forensic auditing, rules of evidence, and federal fraud statue and sentencing guidelines. You will learn how to develop evidence to support fraud allegations and what the responsibilities of the audit committee are when fraud is discovered. This high-impact session will provide you with a solid understanding of contemporary fraud issues and Audit's role in protecting the organization from this pervasive and complicated crime. COURSE TITLE: Risk Management COURSE LENGTH: 24 HRS VENDOR: Naval Computer and Telecommunications Station ATTN Code N823 PO Box 357056 San Diego, CA 92135-7056 (619) 545-8628 - DSN 735-8628 This three-day course is a comprehensive study of Risk Management and is given in a workshop type environment. This course will provide the attendee with a definition of what comprises Risk Management and will explain the different components of Risk Management. Instruction will consist of discussion on Risk Analysis, Contingency Planning, and Security Test and Evaluation (ST&E). Attendees will have a thorough understanding of each of these Risk Management phases and how to prepare them. Course will provide the attendee with actual hands-on exercises for each of these phases. Risk Analysis instruction will include preparation of a Risk Analysis using the three different methods. Also the Risk Analysis portion will include principles for performing a Risk Analysis on a Local Area Network (LAN). Strongly recommend completion of the ADPSO Concepts course before taking this course. This course is conducted at the NAVCOMTELSTA San Diego facility or at your command. COURSE TITLE: Recent Developments in Information Security COURSE LENGTH: 4.5 DAYS VENDOR: George Mason University Department of Information & Software Systems Engineering School of Information Technology and Engineering Fairfax, VA 22030-4444 Ravi Sandhu: (703) 993-1659 This intensive course presents a comprehensive approach to recent developments in Information Technology (IT) security. Technology and policy issues for secure operations employing both Computer Security (COMPUSEC) and Communications Security (COMSEC) components of Information Security (INFOSEC) are presented. Contemporary issues addressed include: encryption, key escrow, and key management for authentication, integrity, and confidentiality; proposed standards such as Digital Signature and Clipper; challenges in developing international criteria; database issues such as polyinstantiation, inference, and aggregation; and access control beyond the TCSEC (Orange Book). Discussions will include the use of empirical and theoretical computer and database system and network design approachers. Broader issues will also be presented, such as integrating security with computer, database, and network systems design and development requirements; and evaluating the degree of security available for a given computer, database and/or network system. Extensive practical advice for trusted system integration is provided. COURSE TITLE: Secure Systems Design and Program Management COURSE LENGTH: 2 DAYS VENDOR: Security Engineering Services, Inc. 5005 Bayside Road Chesapeake Beach, MD 20732 Bruce Gabrielson: (301) 855-4565 Participants learn technical rational and requirements that lead to formal management decision making regarding security issues. Topics Covered: Org. Security, Systems Security Engineering Management, Risk Management, Audit Controls, Contingency Planning, Risk Analysis, System Test and Evaluation, System Design, Network Administration, UNIX, Apple System 7, Config. Management, Life Cycle Management, Virus Protection, COMSEC, Control, TEMPEST Control and Vulnerability Assessments COURSE TITLE: Writing Security Plans COURSE LENGTH: 2 DAYS VENDOR: BoozAllen & Hamilton 8th Floor, Room 822 8283 Greensboro Drive McLean, VA 22102-3838 Butch Chaboudy: (703) 902-5265 This course is designed to provide the System Security Officer with the knowledge to develop an ADP security plan that will meet the requirements to PL 100-235 and D/CID 1/16. Practical exercises are provided allowing students to develop key sections of a security plan as part of a work group. Each exercise is conducted following appropriate instruction in "how to" write the plan. Upon completion of the course, the student will know what information is needed in the development of a security plan, what the plan should include, where that information can be obtained and how to write policy statements and security requirements. COURSE TITLE: Managing Org-Wide Information Security Program COURSE LENGTH: 3 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 This program examines key issues in building and maintaining a security program that serves more than one division...a program that cuts across traditional boundaries and must deal with geographically and organizationally distinct units. Practical, cost-effective ideas on how to structure a plan, tools for evaluating risks and safeguards, and ways to encourage participation and commitment from all levels of the organization. Legislative and regulatory pressures including but not limited to the Foreign Corrupt Practices Act, copyright protection, and the Computer Security Act of 1987. Take-home materials include articles, checklists, forms, and information sources. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: Building Information Security Awareness COURSE LENGTH: 2 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 This seminar shows how to "educate" managers, users, and DP personnel on the importance of protecting information resources. Top managers need to know in macro, bottom-line terms. Data security professionals need detailed technical training. Computer users, operators, and programmers must be shown what they can do on a day-to-day operational basis. This program delivers practical ideas and techniques on how to tailor a computer security training/orientation program to each of these diverse groups. You will learn how to plan a program. You will be shown what types of information should be gathered for presentation, how it should be logically organized for maximum impact, and which meeting and presentation techniques are most effective. And finally, you will be given specific ideas on how to measure the effectiveness of your security awareness program. As a "deliverable," you will develop an individualized training plan to be used in your own environment. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: Data Communications Security COURSE LENGTH: 2.5 DAYS VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 (301) 588-5922 This course provides an overview of network processing technologies, security threats, safeguards, and protection strategies. The data communications environments covered in this course include Local Area Networks, Wide Area Networks, Distributed Data Processing, and remote mainframe access. COURSE TITLE: Developing Computer Security Policies & Procedures COURSE LENGTH: 2 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 This seminar is for DP managers, data security managers, and security officers responsible for developing computer security policies and procedures and integrating them into a comprehensive data processing security manual. You will learn how to determine what policies are needed, what areas a manual should cover, and how to gather the necessary information. Two different approaches - step-by-step "cookbook" procedures vs. more generalized policy statements. How to establish working liaisons with support staff in other areas, what's needed to get your policies and manual reviewed and approved, and pitfalls that must be avoided. Critique actual samples of procedures and policies currently in use. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: LAN Security COURSE LENGTH: 2 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 Local area networks (LANs) are significantly impacting the way organizations do business. As more and more critical work migrates from mainframes to LANs, the need for better controls becomes apparent. Learn about the security and control issues involved with LANs; the types of critical and sensitive data now residing on LANs; the impact of loss, change or disclosure; and realistic remedies for identified vulnerabilities. How transition technologies, topologies, and architectures create complex security, recovery, and integrity problems. Security features of popular LAN systems software and add-on packages. The need for policies, procedures, and administrative controls. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: Protecting Networks & Small Systems COURSE LENGTH: 3 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 Widespread use of microcomputers and telecommunications technology offers greater opportunities for increasing white-collar productivity...and the risk that this technology will proliferate out of control. This seminar provides a security and control perspective of the opportunities and pitfalls in this new environment. It will be valuable for data processing management, communications management and specialists, office automation management, EDP auditors, security officers, and users of small systems. Participants are encouraged to bring a list of specific, relevant security problems currently being faced within their own organizations. Selected "cases" will be analyzed and discussed. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: Application Security Reviews COURSE LENGTH: 1 DAY VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 (301) 588-5922 This course examines the requirements and objectives of application security and describes the techniques and tools for conducting application security reviews. The course includes the planning process, review of the baseline security goals, sensitivity and criticality determination, data collection methods, and control weaknesses and safeguards determination. COURSE TITLE: Computer Security For Managers COURSE LENGTH: 1 DAY VENDOR: USDA, Graduate School 600 Maryland Ave, SW Washington, DC 20024 (202) 447-7124 This workshop will show you how to develop computer security awareness for end-users, and your role in program management, planning, personnel security, contingency planning, and the systems development life cycle. We will briefly review the Computer Security Act of 1987, and cover threats to, and vulnerabilities of, computer systems and appropriate safeguards, and various approaches to risk assessment. You will receive checklists and suggestions for becoming more aware of possible computer security problems in your office, and you will be able to get advice on how to deal with concerns that are specific to your agency or installation. COURSE TITLE: Continuity of Operations/Disaster Rec. Planning: Part II Workshop COURSE LENGTH: 3 DAYS VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 Ronald E. Freedman: (301) 588-0800 This course will be specifically tailored toward the individual course audiences' environment. To accomplish this, research questionnaires must be completed by course participants prior to attending. These questionnaires will provide the baseline hardware, software, physical, and operational environments critical to the development of a discreet COOP/DRP. COURSE TITLE: Physical Security for Data Processing COURSE LENGTH: 2 DAYS VENDOR: COMSIS 8737 Colesville Road, Suite 1100 Silver Spring, MD 20910 (301) 588-5922 This course provides essential training to personnel in the areas of physical and environmental security in both large scale (mainframes) and small scale (PC) processing environments. COURSE TITLE: Audit, Control, and Security of LAN and Mainframe Connectivity COURSE LENGTH: 3 DAYS VENDOR: MIS Training Institute 498 Concord Street Framingham, MA 01701-2357 Pam Bissett: (508) 879-7999 In this fast-paced, three seminar you will focus on the control, security, and management aspects that should be included in any LAN evaluation. After a general overview of a LAN environment, you will review the Open Systems and OSI "standardized" models of any computing/communication system and develop a layered audit/analysis work plan based on the models. With this work plan as a guide, you will investigate: LAN topologies; protocols; LAN interconnections to wide area networks (WANs); client-server and peer-to-peer LAN architectures; LAB Network Operating Systems; connecting LANs to mainframes; and many more related topics. Keeping jargon and technology in its proper perspective, emphasis will be placed on those aspects of LAN operation with the greatest audit and security concerns. A basic understanding of the fundamentals of microcomputers and PC-based applications such as spreadsheets and database management is strongly recommended. COURSE TITLE: Computer Viruses COURSE LENGTH: 3 HRS VENDOR: USDA Graduate School 600 Maryland Ave., S.W. Washington, D.C. 20024 (202) 447-7124 This briefing is designed to provide you with a basic understanding of the nature of computer viruses and suggested methods and procedures for identifying and dealing with them. The material will focus primarily on the microcomputer based environment but network and mini-computer virus issues will be discussed as well. COURSE TITLE: Computer Security COURSE LENGTH: 5 DAY VENDOR: GSA Training Center P.O. Box 15608 Arlington, VA 22215-0608 Joan Bender: (703) 603-3213 Participants learn about federal computer security regulations and guidelines and their implementation in government agencies. Topics include: a threat overview, national computer security policies, an overview of the National Institute of Standards and Technology and the National Computer Security Center, physical security considerations, microcomputer security considerations, introduction to risk assessment, qualitative risk assessment, quantitative risk assessment, other risk assessment methodologies, contingency planning, design reviews and system tests, and security certification and accreditation. COURSE TITLE: Information Security and Policy COURSE LENGTH: 1 SEMESTER VENDOR: George Washington University/GSAS 2000 G Street, NW Washington, DC 20077-2685 (202) 994-7061 Computer fraud and effective countermeasures for computer system security. The social and legal environment of information systems, including data privacy and ethics in database management. Information access policy, data security, contracts. Antitrust and other business implications of policies, transborder data flow, technology transfer, electronic funds transfer systems, criminal justice information systems, cross-cultural differences, computer infringement of copyright, and protection or property rights in software. Prerequisite: AdSc 202 and 203. COURSE TITLE: Planning an EDP Disaster Recovery Program COURSE LENGTH: 3 DAY VENDOR: Computer Security Institute 600 Harrison Street San Francisco CA 94107 (415) 905-2626 This seminar examines the critical components of the disaster recovery planning process in detail and offers a practical framework for implementing a disaster recovery program. A "big think" approach is required, because recovery planning is tedious, time-consuming, and requires management commitment plus cooperation from all levels of user personnel. Less than 20% of the top 1,000 U.S. firms have workable EDP disaster recovery plans that have been successfully tested. Indeed, many organizations today have no formal plans at all. Some have tried to formulate a plan but failed because they underestimated the scope and complexity of the task. Although a 3-day seminar cannot provide all the details necessary for a comprehensive program, this seminar will give you a firm grounding in the knowledge and skills needed for a successful disaster recovery planning effort. NOTE: Ask about available discount for government hosted classes. COURSE TITLE: Security in Software Applications COURSE LENGTH: 3 HRS VENDOR: USDA Graduate School 600 Maryland Ave., S.W. Washington, D.C. 20024 (202) 447-7124 This briefing is designed to provide participants with a basic understanding of features and techniques for incorporating computer security into the design and development of software applications. The material covered explores a variety of computer security design and programming techniques to enable programmers and system designers to build security into their applications. COURSE TITLE: Introduction to Secure Systems COURSE LENGTH: 2 DAYS VENDOR: BoozAllen & Hamilton 8th Floor, Room 822 8283 Greensboro Drive McLean, VA 22102-3838 Butch Chaboudy: (703) 902-5265 This class provides the student with an understanding of the basic principles to follow in the development and operation of secure systems--that is, systems that we can trust to protect sensitive or classified information. This course provides the fundamentals of determining security requirements for trusted systems, determination of mode of operation, calculation of the level of trusted needed for a system, and an understanding of the collective impact of security features on a system. COURSE TITLE: UPS: Design, Selection and Specification COURSE LENGTH: 2 DAY VENDOR: University of Wisconsin, Milwaukee 929 North 6th Street Milwaukee, WI 53203 (800) 222-3623 Program objectives of this institute will have been accomplished if, upon completion, the attendee can answer satisfactorily the following questions: Where is UPS needed? When is UPS needed? Should the system be redundant? How should components be chosen? How is a system designed? What level of protection is appropriate? What are the system maintenance requirements? What grounding and noise problems need consideration? How can satisfactory performance be achieved while satisfying the NEC? NOTE:Previous attendees will find that material has been added to the program since they last attended. COURSE TITLE: Computer Security In Application Software COURSE LENGTH: 2 DAY VENDOR: Booz-Allen & Hamilton Inc. 8283 Greensboro Drive McLean, VA 22102-3838 (703) 902-5201 This course presents a logical sequence of overall computer security activities during the application development life cycle. The course will assist application developers, sponsors, and owners in identifying security activities that should be considered for applications, whether they are being developed, significantly enhanced, or routinely debugged. This course is primarily intended for application software managers and support personnel. NOTE:Contact the vendor for information concerning specialized agency training. COURSE TITLE: Computer Security COURSE LENGTH: 1 SEM VENDOR: Montgomery College 51 Mannakee Street Rockville, MD 20850 (301) 279-5185 This course surveys major topics in assessment and development of security procedures for a variety of computer system. Emphasis is on analysis of security needs, risk assessment and practical measures for security management. topics include LAN security, protection for personal computers, physical security, hardware and software protection and products, virus countermeasures and the human aspects of computer security. COURSE TITLE: Micro Security for Information Systems Security Analysts COURSE LENGTH: 32 HRS VENDOR: DATAPRO Educational Services 600 Delran Parkway Delran, NJ 08076 (609) 764-0100 Security Analysts and functional Security coordinators will develop basic microcomputer security skills and understand the integral role they play in successful protection of system-wide data. Participants will learn various methods for proper disk handling and secure storage, determine proper data backup techniques and learn techniques for controlling access to data hardware and software. They will learn how to evaluate the present contingency plan and develop a risk analysis formula and also will develop a project plan for contingency implementations of hardware and software. COURSE TITLE: Network Auditing (M2034) COURSE LENGTH: 2.5 Days VENDOR: Skill Dynamics - An IBM Company One IBM Plaza, 19th Floor Chicago, IL 60611 (800) IBM-TEACh (800) 426-8322 This course teaches you the fundamentals of performing a security audit on a computer network. The course will begin with a review of positive and negative aspects of today's most commonly used networks. The security facts and assumptions of each network topology are explored in lecture and classroom exercises. This examination of networks includes all elements of network security (the node, the media, and the control unit). Different data exchange protocols and their be