Information Assurance Officer (IAO) Course (CNSS-4014E)

Information Assurance Associates (IA2)

Register Now for Black Hat DC 2011

DC 2011 Training Session // january 16 - 17


The CNSS-4014 (Information System Security Officer/Information Assurance Officer (ISSO/ISSM) curriculum was specifically designed for ISSMs/IAOs that exercise system level security control over Federal Interest information infrastructures that store, process, display or transmit classified and sensitive data. This course provides two days of comprehensive, non-technical, entry level professional training necessary to achieve the fundamental knowledge, skills, and abilities necessary to facilitate and integrate requisite system level security policies, processes, practices, procedures and protocols within federally controlled information systems and networks. This ISSM/IAO training focuses on planning, identifying, implementing, enforcing and maintaining data center and information system security as well as integrating technical and non-technical solutions for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of sensitive data and critical organizational computing resources. This course focuses on the follow topical areas:

  • Information System Security Planning and Organization.
    This lesson focuses on the security planning and administrative security procedures for systems that process sensitive, classified and national intelligence data. The lesson establishes individual roles, responsibilities and obligations and defines special requirements consistent with maintaining a secure network centric environment.
  • Implementation and Enforcement of Information System Security Policies and Practices.
    This lesson discusses a myriad of issues that relate directly to the operation, use, maintenance, disposition and control of information systems consistent with federal laws, national standards and organizations policies, practices and procedures.
  • Data Encryption (Cryptology).
    This lesson provides a basic overview of data encryption including the integration and application of encryption philosophies and standards.
  • Physical, System and Data Access Control.
    This lesson focuses on issues, concerns and requirements that determine the administration and management of physical, system and data access controls based on the sensitivity of the data processed and the corresponding authorization requirements of individual users.
  • Malicious Logic/MALWARE - Prevention, Detection, Reaction, Recovery and Reporting
    This lesson addresses the threat posed by malicious software as well as the proper methods for downgrading, declassifying and/or destroying hardware, software and memory components used to process sensitive, classified or national intelligence data.
  • Configuration Management, Contingency Planning and Disaster Recovery.
    This lesson topic focuses on protecting the integrity of “trusted” computing baselines as well as enforcing changes through the implementation of control measures that manage enhancements or modifications to system hardware, software, firmware, and documentation throughout its operational life-cycle. This lesson also addresses contingency planning actions, Defense in depth, and recovery processes necessary to ensure availability of critical information infrastructures.
  • Threat and Vulnerability Assessment; Risk Response and Recovery Actions.
    This lesson focuses on the identification, analysis, assessment and evaluation of information system threats and vulnerabilities and their impact on an organization’s critical information infrastructures.
  • Information System and Network Security Certification and Accreditation (C&A).
    This lesson offers an overview as well as a contrast and comparison of the DIACAP, NISCAP and NIACAP C&A processes.

Student Requirements, experience/expertise:

Students should have a fundamental understanding as well as practical knowledge and experience in enforcing Information Assurance requirements, applying information system security methodologies and facilitating certification and accreditation activities.

What you get

  • Student Training Manual
  • Exercise Work-Booklet
  • Student Course CD – One Per Student
  • Certification - CNSS-4014E Information Assurance Officer (IAO) Graduation Certificate vice

What to bring:

Students should have a fundamental understanding as well as practical knowledge and experience in enforcing Information Assurance requirements, applying information system security methodologies and facilitating certification and accreditation activities.


Norman Beebe has over 25 years of managing information security within federal interest computer systems and networks that store, process, transmit or display sensitive, classified or national intelligence information. Mr. Beebe’s technical certifications include: Certified Information System Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2); Certified Information Security Manager (CISM), Information Systems Audit and Control Association; National Security Agency (NSA) Information System Security Assessment and Evaluation Methodologies (IAM/IEM); and he is endorsed as a “Fully Qualified” Certification Agent. He has extensive experience in defining and designing risk analysis methodologies within federal information infrastructures and served as an NSA Adjunct Faculty member and as an NSA Accreditation Action Officer (AAOs). Mr. Beebe is a recipient of the prestigious Copernicus Award for excellence and special achievement in Command, Control, Communication, Computer and Intelligence (C4I) and winner of the National Information Assurance Leadership Award for Security Education, Training and Awareness.

Gregory Welch has extensive experience in training, curriculum development, and Information Assurance (IA). Coming from a background of cryptology and signals analysis, he has used this capability to design, develop, and map multiple training courses to the Committee of National Security Systems (CNSS) requirements. He has developed and delivered numerous presentations at seminars and conferences; most recently as a guest presenter at the National Security Institute (NSI) during the Impact 2008 conference. He has provided Certification and Accreditation (C&A) efforts and training to DoD and Federal agencies including: FBI, NSA, DHS, Coast Guard, NGA, DOI, DOJ, and all branches of the armed forces. Mr. Welch is a Certified Information System Security Professional (CISSP), and a “Fully Qualified Certification Agent”. He is certified in National Security Agency (NSA) Information System Security Assessment and Evaluation Methodologies (IAM/IEM) and has received the “Advanced Signals Analyst” designation.

Jeff Moulton In September 2008, Mr. Moulton joined Georgia Tech Research Institute (GTRI) as Lead, Information Operations. GTRI is a leading university-affiliated applied research and development center. In this key area, Mr. Moulton provides strategic direction and leadership and is responsible for focusing research, business development, building technical teams, and coordinating information operations across the university and institute. Mr. Moulton has in-depth experience within the intelligence communities assessing and defining corporate-level and globally deployable network security solutions. His technical certifications include: Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2), Project Management Professional (PMP), Project Management Institute, National Security Agency (NSA) Information Assurance Manager (IAM), National Security Agency (NSA) INFOSEC Evaluation Methodology (IEM), Open Source Professional Security Analyst (OPSA), and Malware Forensics Investigator (MFI), Wetstone.

Before joining GTRI, Mr. Moulton served as the Information Assurance Assistant Program Manager at the Naval Surface Warfare Center. In this role he established an Information Assurance (IA) Division for the Deployable Joint Command and Control (DJC2) Joint Program Office. He provided leadership and direction for all information assurance facets of the $566M Joint Program of Record and managed the many facets of a major DoD acquisition program. He recruited and built the first joint integrated IA team across government and military service branches, with members from DIA, NSA, SPAWAR, NETWARCOM, OSD NII, JITC, USJFCOM, USPACOM, USEUCOM, USSOUTHCOM, and other Department of Defense (DoD) IA stakeholders. Mr. Moulton authored the DJC2 IA Strategy, Technology Readiness Assessments, Analysis of Alternatives, and other DoD acquisition documents required by public law. Mr. Moulton continues to represent the DJC2 Joint Program Office as the IA subject matter expert with DoD intelligence agencies (NSA, CIA, and DIA). In addition, Mr. Moulton serves on the Department of the Navy Network Warfare Command (NETWARCOM) IA Working Group.

Super Early:
Ends Oct 15

Ends Nov 15

Ends Dec 15

Ends Jan 15