"Protecting the Sandbox"

Information Assurance Associates Inc.

"It's All About The Information"

Our Company

Information Assurance Associates (IA2) is a service disabled, veteran owned small business that provides Committee on National Security Systems (CNSS) and National Institute of Standards and Technologies (NIST) fully compliant, comprehensive distance/independent learning as well as traditional instructor-led, podium based training for cybersecurity practitioners worldwide. 

Our Enhanced Training Methods

          It is generally agreed that "Instructor-Led", "'Podium" based instruction is the best method to train and learn.  At IA2 our goal is to provide our customers with highest quality of cybersecurity training at an affordable price.  Although "Instructor-Led", "Podium" based training is preferred, during this period where individual movement is controlled, social distancing is required and travel is restricted, the requirement to satisfy Cybersecurity training has become a significant challenge.  

        To satisfy these critical training requirements and ensure a knowledgeable, security aware and cybersecurity trained workforce, IA2 is offering the opportunity for  cybersecurity practitioners to earn CNSS certificates and achieve requisite professionalization standards as well as satisfy required Continuing Education Units (CEUs) through a fully compliant, academically structured, professionally focused and comprehensively administered self-paced Distance/Independent Learning Program.  Distance Learning is a convenient, flexible, cost effective and an emerging alternative to conventional “Instructor-Led” training, yet lacks the strong instructor-student interaction and professional relationship.  Accordingly, Distance/Independent Learning translates into increased freedom for each student, yet it also requires a higher degree of student focus to complete the curriculum and a higher measure of instructor oversight to manage and monitor student progress.  

        The enhanced freedom of Distance/Independent Learning is most clearly seen when students can complete the selected course material within their individual learning pace, personal/professional schedules and available resources. However, student discipline is required to achieve the learning objectives within each lesson. Although IA2 instructor staff will be available on-demand for consultation and collaboration, students will need to be self-motivated in order to satisfy course requirements, especially within a training environment that does not require students to be present at a specific location and at a specific time. 

Our fully compliant CNSS Certification courses include the following:

CNSS 4012

National Information Assurance Training Standards for Senior System Managers

CNSS 4014

National Information Assurance Training Standards for Information System Security Officers

CNSS 4015

National Information Assurance Training Standards for System Certifiers

CNSS 4016

National Information Assurance Training Standards for Risk Analysts

Our Instructors
The IA2 award winning instructor staff is certified as Fully Qualified Certification Agents, Certified Information System Security Professionals (CISSPs), Certified in Risk and Information System Control (CRISC), Certified Information Security Managers (CISMs), Certified in NSA Information System Security Assessment and Evaluation Methodologies (IAM/IEM), and Master Training Specialists. Additionally, each instructor has a minimum of thirty years experience as a functional DOD, national Intelligence Community (IC) or federal Information System Security Manager.  For IC applications, IA2 instructor staff members have been certified as NSA Adjunct Faculty and as NSA Accreditation Action Officers (AAOs).
 

Greg Welch

  • Over 30 Years Cybersecurity Experience.
  • Cybersecurity Certification:
    • CISSP (ISC)2
  • NSA Certified in Information Evaluation Methodologies (IEM) - (NSA)
  • Fully Qualified Navy Certification Agent (Validator)
  • Certified DoD/Federal Information System Security Manager (ISSM)
  • NSA Certified Signals Analyst
  • Master Training Specialist
  • Certified ISSM/ISSO Instructor
  • Certified in Instructional System Design (ISD) and Defense Single Standard Curriculum Development.
  • Original RMF Instructor for the Intelligence Community (IC).

Norm Beebe

  • 30 Years Cybersecurity /A&A Experience.
  • Cybersecurity Certifications:
    • CISSP (ISC)2, 
    • CISM (ISACA), 
    • CRISC (ISACA)
  • Certified in Information Assessment and Evaluation Methodologies (IAM/IEM) - National Security Agency (NSA)
  • Fully Qualified Navy Certification Agent (Validator)
  • Certified DoD/Federal Information System Security Manager (ISSM)
  • Master Training Specialist
  • CRISC Exam Prep Instructor
  • Served as NSA Adjunct Faculty
  • Served as NSA Accreditation Action Officer (AAO)
  • Served as adjunct member on the NSA Inspector General  (IG) Team
  • Served as a member of the National Science Foundation  Cybersecurity Curriculum Review Team.
  • Winner – AFCEA/Navy League Copernicus Award for Excellence in C4I.
  • Winner - National IA Leadership Award for Security Awareness, Training, and Education. (SATE)

Our CNSS/NIST Curriculum

IACE/CNSS Certification 

          IA2 curriculum has been certified by the Information Assurance Courseware Evaluation (IACE) Program under the direction of the National IA Education and Training Program.  The IA2 courseware meets all the National Information Assurance Training Standards established by the Committee on National Security Systems (CNSS) for cybersecuirity practitioners and cyber Risk Analysts.

          The IACE Program provides consistency in training and education for the cybersecurity skills that are critical to our nation. IA2 is proud to be one of the few companies that can provide this needed training.

CNSS 4014
National Information Assurance Training Standards for Information System Security Officers (ISSO's)

 

         This course focuses on the security planning and administrative security procedures for systems that process sensitive, classified and national intelligence data. Lesson topics define individual roles, responsibilities and obligations and outline special requirements consistent with maintaining a secure network centric environment.  

Special emphasis is placed in the following areas:

    -  Individual responsibilities and special obligations associated with cybersecurity and secure network operations; including specific responsibilities; the requirement to maintain and enhance information system security within a controlled environment; the significance of facility planning and management; and the construction and implementation of user focused policies, processes, procedures and protocols.

    -  The need to establish effective cybersecurity program planning including; describing and defining user based policies and procedures; establishing and enforcing system contingency, continuity and emergency plans; implementing, monitoring, analyzing and reporting unusual system activities. 

    -  Implementation and enforcement of user based access controls including; password maintenance, management and administration; Rule and Role based access controls; and the integration of administrative security measures including preparatory actions, implementation responsibilities and reporting requirements.

      Lesson Topics Include:
          -  Information System Security Planning and Organization;
          -  Implementation and Enforcement of Cybersecurity Policies, Processes and Procedures;
          -  Data Encryption Methods;
          -  Physical, System and Data Controls;
          -  Malicious Logic/MALWEAR - Prevention, Detection, Response, Recovery and Reporting;
          -  Configuration Management, Disaster Planning and Disaster Recovery;
          -  Threat and Vulnerability Analysis;
          -  Risk Response and Recovery;
          -  Network Security Analysis and Assessment;
          -  System/Network Assessment and Authorization (Risk Management Framework (RMF)).

      Student comprehension is measured by administering a cumulative progress check at the end of the last day of training. Topical reviews are conducted at the beginning and end of each training day to help to reinforce key learning objectives, reiterate essential subject areas and respond to individual student questions. Satisfactory completion and remedial requirements will be consistent with each customer training standards.
 

CNSS 4012
National Information Assurance Training Standards for Senior System Managers (SSM's)

          This course provides intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills, and abilities needed to define, design, integrate, and manage information system security policies, processes, practices, and procedures within DoD, IC and federally controlled information systems and networks. 
    
          This course addresses DoD Cybersecurity Workforce (CSWF) knowledge factors as well as educational and functional requirements, and provides an introduction to the DoD Risk Management Framework (RMF) processes, protocols and essential elements for facilitating risk centric system authorization.  

         Specific focus is directed on identifying, implementing and integrating management and administrative solutions for securing critical information infrastructures and establishing standards necessary to help protect the sensitivity, maintain the integrity and ensure the accessibility of sensitive and classified data, protected assets and critical organizational computing resources. 

          This IA2 CNSS-4012 course provides comprehensive training in establishing organizational cybersecurity and Information Security (INFOSEC) policies, developing internal processes, outlining critical procedures and implementing specially tailored protocols.  

         The focus of this course is to provide professionally centric training necessary to ensure effective security management and administration of DoD, IC, and federal information infrastructures that store, process, display or transmit sensitive, classified or national security system data.  

        Lesson Topics Include:
          - Information System Security Administration and Management;
          - Cybersecurity Program Implementation;
          - Threat and Vulnerability Identification; Risk Analysis, Response and Recovery;
          -  Legal Issues, Intrusion Forensics and Incident Response;
          -  Intrusion Prevention, Detection, Response, Recovery and Reporting;
          -  Physical, System and Data Access Control (Identity Management);
          -  Data Encryption Methods (Cryptology);
          -  Defending the Information Environment (Information Operations);
          -  Malicious Logic/MALWARE - Prevention, Detection, Reaction, Recovery and Reporting;
          -  Secure Configuration Management, Contingency and Disaster Recovery Planning (Business Continuity Planning (BCP)) and Operational Impact Analysis;
          -  Network Security Assessment (Certification, Test and Evaluation);
          -  Information System and Network Security Assessment and Authorization.

       Student comprehension is measured by administering a cumulative progress check at the end of the last day of training. Topical reviews are conducted at the beginning and end of each training day to help to reinforce key learning objectives, reiterate essential subject areas and respond to individual student questions. Satisfactory completion and remedial requirements will be consistent with each customer training standards. 
 

CNSS/NSTISSI 4015
National Information Assurance Training Standards for System Certifiers

          The IA2 Certification Agent course curriculum was specifically designed for individuals responsible for the comprehensive evaluation of the technical and non-technical security features inherent within federal interest, Department of Defense (DOD), or Geographic Combatant Command, Service or Agency (CC/S/A) information infrastructures that store, process, display or transmit classified or sensitive data.  

          This Certification Agent course provides one week of intense, highly concentrated, non-technical professional training necessary to achieve the in-depth knowledge, skills and abilities needed to enforce cybersecurity requirements, apply information protect methodologies and facilitate Assessment and Authorization (AA) activities. 

           Additionally, this course addresses professional and functional requirements necessary for certifiers to identify specific assurance levels achieved in meeting applicable security policies, standards and requirements to ensure Accrediting Authorities have the information required to determine if a system or network is operating within the bounds of specified requirements at an acceptable level of risk.

          Specific focus is directed on analyzing, evaluating, and assessing information system security policies, processes and procedures necessary to perform the comprehensive multi-disciplined assessment of technical and non-technical security features and other safeguards of an information system in an operational configuration as well as identifying, implementing and integrating management and administrative solutions for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of classified data, sensitive data and critical organizational computing resources. 

      Lesson Topics Include:
          -  Documenting and Determining the Mission Needs;
          -  Conducting Registration;
          -  Identifying, Measuring, Mitigating (or Compensating) and Managing Information System and Network Threats, Vulnerabilities and Associated Risks;
          -  Legal Issues Concerns, Requirements and Restrictions (regulatory and statutory);
          -  Intrusion, Prevention Detection, Response, Recovery and Reporting;
          -  Physical, System, Data and Requisite Security Control;
          -  Life-Cycle Security, Control and Management;
          -  Defending the Information Environment (Information Operations);
          -  Malicious Logic - Prevention, Detection, Reaction, Recovery and Reporting;
          -  Configuration Management, Business Continuity Planning, COOP, Contingency and Disaster Recovery Planning;
          - Network Security and Certification Evaluation;
          -  Assessment and Authorization and the Risk Management Framework (RMF).
        
          Student comprehension is measured by administering a cumulative progress check at the end of the last day of training. Topical reviews are conducted at the beginning and end of each training day to help to reinforce key learning objectives, reiterate essential subject areas and respond to individual student questions. Satisfactory completion and remedial requirements will be consistent with each customer training standards.

CNSS 4016
National Information Assurance Training Standards for Risk Analysts 

          The IA2 Risk Analyst course provides four days of intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills and abilities needed to analyze, assess, control, determine, mitigate and manage risks within computer systems that store, process, display or transmit classified or sensitive (including Personally Identifiable Information (PII)) information. 

          This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses specific Advanced Risk Analysis tasks. 

          Specific focus is directed on: 
                     -  identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources that store, process, display or transmit organizationally sensitive or National Security System information  within a Risk Management Framework (RMF).  
    
              Lesson Topics Include:
          -  Fundamentals of Cybersecurity Threat/ Vulnerability Analysis and Risk Management;
          -  Information System Security Controls and the System Development Life-Cycle (SDLC);
          -  A Comprehensive Review of The Risk Management Framework (RMF);
          -  Risk Planning in Consequence Management and Protection Strategies;
          -  Risk Continuous Monitoring and Countermeasure Controls;
          -  Risk Identification, Assessment, Evaluation and Secure Configuration Management (SCM);
          -  Synthesis of Risk Analysis;
          -  Risk Assessment, Measurement, Testing and Evaluation;
          -  Threat and Adversary Analysis;
          -  Organization and Asset Risk Mitigation/Compensation and Management;
          -  Vulnerabilities and Attack Avenues Analysis;
          -  Risk Training, Policies, Legal, Regulatory and Statutory Issues. 

         Student comprehension is measured by administering a cumulative progress check at the end of the last day of training. Topical reviews are conducted at the beginning and end of each training day to help to reinforce key learning objectives, reiterate essential subject areas and respond to individual student questions. Satisfactory completion and remedial requirements will be consistent with each customer training standards.

© Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.