NSA IAM TRAINING

This year’s conference offers an optional 2 days of training and certification
August 23 - 24, 2008
by Security Horizon for the National Security Agency’s (NSA)
Information Security (INFOSEC) Assessment Methodology (IAM) Training

What is IAM?

The IAM is a detailed and systematic way of examining cyber vulnerabilities and was developed by experienced NSA and Commercial INFOSEC assessors. NSA is providing the IAM to assist both INFOSEC assessment suppliers and consumers requiring assessments. This market was originally created by the PDD-63 requirement for vulnerability assessments of automated information systems that support the U.S. infrastructure. In addition to assisting the governmental and private sectors, an important result of supplying baseline standards for INFOSEC assessments is fostering a commitment to improve organizations' security posture.

Individuals will be trained in the IAM so they can use their INFOSEC analysis skills along with the IAM training to provide the standardized IAM assessment service. Since the IAM is a baseline methodology, the final results of the assessment service are highly dependent on the INFOSEC and analytic skills of the assessors. For this reason it is suggested that individuals have either the proper experience or take additional INFOSEC training prior to taking the IAM course. Currently, companies and government organizations looking for outside help assessing the security posture of their information systems can choose from dozens of commercial firms that advertise INFOSEC assessment capabilities. Although these contractors all provide INFOSEC assessment services, their processes, terminology, scope and costs vary widely. The IAM course was developed for the benefit of organizations trying to obtain an INFOSEC assessment which meets their needs.

The IAM is a two-day course for experienced Information Systems Security analysts who conduct, or are interested in conducting INFOSEC assessments of information systems. The course teaches NSA's INFOSEC assessment process, a high-level, non-intrusive process for identifying and correcting security weaknesses in information systems and networks.

• NSA must approve all attendees expecting to receive the NSA certificate. In order to accomplish this, Security Horizon needs completed Registration Packages from all attendees ASAP. It is HIGHLY recommended that all attendees provide their registration packets to Security Horizon no later than 15 days prior to the course start date, to assure completion of NSA processing. Otherwise, no guarantee of NSA review and approval can be made.

To qualify for an IAM certificate of completion, students must:

• Gain qualification approval from NSA (coordinated by Security Horizon);

• Attend all of the two-day class;

• Demonstrate an understanding of the IAM through group exercises and class discussions;

• Obtain a passing grade (at least 70 percent) on the IAM test.

Direct any questions to Security Horizon at info@securityhorizon.com or call 719.488.4500