Note: This NSA certification course has recently been updated. We strongly urge you to register for this course as quickly as possible as it has sold out in past years and seats are limited.
This course presents the methodologies used by the National Security Agency when conducting information security assessments on organizations. It focuses primarily on the mission of the customer organization, the critical information that drives that mission, and the regulations or legislation about how that information should be protected. The InfoSec Assessment Methodology (IAM) is independent of any particular regulation and provides tremendous flexibility for use within any organization. It is intended to be used as a baseline for conducting level 1 assessments.
Specific Learning Objectives:
- This is a methodology course. You should not take this course if you expect to learn specific business process that you can implement. This course is about establishing a repeatable process, across the INFOSEC industry so that customers of these services will know what to expect, regardless of the vendor they decide to utilize.
- The NSA IAM focuses on critical information. Students will learn how to identify the organization’s mission, the information critical to that mission, where the information exists, and what happens to the organization if they lose that information.
- The NSA IAM course is *not* tools based. The level 1 methodology from NSA focuses on policies, procedures, and information flow. Assessments processes used in this course include documentation review, interview techniques, and other methods of interaction directly with the management/people perspective of an organization. The tools piece is discussed in detail during the level 2 NSA methodology, the INFOSEC Evaluation Methodology (IEM).
- Real world examples. This course will provide insight into some of the issues that arise when this type of work is conducted. Examples range from the educational world, the Department of Defense, the federal arena, utilities, healthcare, and financial.
- Taught by Practitioners. Learn the NSA methodologies from instructors that have been involved in this NSA program since inception. This course is provided from the viewpoint of “How do we approach this work,” “Why does it matter,” and “What should you be on the lookout for?”
- This is a certification course. Some students may be eligible to receive National Security Agency (NSA) certification on the IAM material. Attendees who feel they may meet the requirements outlined below will need to submit the appropriate registration documents proving eligibility.
What to expect:
Students can expect to be involved from the first hour of class. Every professional brings with them a variety of experience, knowledge, and background. The NSA courses are interactive and informal. Highly relevant discussions occur in this course and students should be prepared to provide their opinions. In fact, it’s not unusual to find these same conversations continuing after class over a drink.
How it will work:
Students will learn the NSA IAM by walking through the individual sections of the methodology within a group environment. Each group will be assigned a scenario organization (utility, healthcare, finance, military, research, etc) that they will use to perform the NSA IAM upon during the course. There are 3 group exercises provided over the 2 day period. Course material is presented using PowerPoint slides, lecture, and digital movies.
The final test will be given at the end of the 2nd day of class. Students moving on to the level 2 IEM course (bootcamp style) will have their tests graded prior to leaving the course to ensure they’re eligible for the next course.
NOTE: Certification is *not* required to attend this course, but attendance is limited, so enroll now.
In order to become NSA IAM certified, students are required to submit a registration package to NSA, via Security Horizon, in advance of the class. Submission of paperwork no later than 30 days prior to the class is highly recommended to ensure all paperwork is approved and the certification exam is issued by the National Security Agency.
Students wishing to be certified must meet the following requirements:
- U. S. citizenship. It is recommended that anyone attending the course apply for certification and let NSA decide if they meet the qualifications. This includes the US Citizen Requirement.
- Five years of demonstrated experience in the field of INFOSEC, COMSEC or computer security, with 2 of the 5 years of experience directly involved in analyzing computer system/network vulnerabilities and security risks.
- Attend two days full course, and passed the exam at the end of this class.
We strongly urge that you register for this class no later than September 21 if you are seeking to be certified since all paperwork for certification must be approved PRIOR to the class. On-site or late registration for this class will not ensure that the necessary paperwork will be completed for certification.
After registering for this course with Black Hat, you can begin your NSA registration process by contact firstname.lastname@example.org. You will be sent the registration packet for this course which must be completed and faxed back to Security Horizon. For questions on the NSA registration paperwork or course content, please contact email@example.com. For information on payment for the course, please contact Black Hat directly.