[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
National Cryptologic School
DAW provided this URL:
http://csrc.nist.gov/training/in170.zip
1996-04-29 Introduction to Computer Security
National Cryptologic School
Interactive Courseware Trainee Guide
(formerly, CP-133) (37 zipped files, DOS program)
We've had a look at this course, a primer on CompSec
and a required course for all DoD employees. It takes
some fiddling to get past the sign-on block. Hint: after
unzipping execute "student.exe" and enter "CP" as the
lesson. Repeat for other listed files, CPxxx - CPxxx.
It's basic stuff but worthwhile for its claims, these among
others:
1. Most hackers are employees of the target.
2. Negligence, accidents and sloppy sys-administration are
prime causes of disruptions, perhaps more than deliberate
attacks.
3. Environmental weaknesses are often overlooked by
security experts too focussed on computer systems.
It lists these security documents as references:
EO 12356 [superceded by EO 12958]
DCID 1/16 [Director of Central Intelligence Directive]
DoDDir 5200.28
DoD 5200.28 STD
Public Law 100-235
NSA/CSS Dir 10-27
NSA/CSS Manual 130-1 (NSAM 130-1)
NSA/CSS Manual 130-2 (NSAM 130-2)
NSA/CSS Reg 130-2
NTISSAM COMPSEC 1-87
The Rainbow Series
OMB A-130
Does anyone know of a source for the DCID series and the
NSA/CSS series? Some of the others are available on the Web
-- see AltaVista.
While looking for these we ran across an informative implementation
of infosec and compsec:
Information Systems Accreditation Document, 4 Volumes
System Security Requirements for the
Department of Defense Intelligence Information System
Automated Message Handling System (AMHS) V2.x
By: McDonnell Douglas Aerospace
For: Electronic Systems Center, Air Force Materiel Command
Which we've put at:
http://jya.com/amhs.htm