没有合适的资源?快使用搜索试试~ 我知道了~
Federal agencies and organizations cannot protect the integrity, confidentiality, and availability of information in today’s highly networked systems environment without ensuring that each person involved understands their roles and responsibilities and is adequately trained to perform them. The human factor is so critical to success that the Computer Security Act of 1987 (Public Law [P.L.] 100-235) required that, “Each agency shall provide for the mandatory periodic training in computer security awareness and accepted computer practices of all employees who are involved with the management, use, or operation of each Federal computer system within or under the supervision of that agency.”
资源推荐
资源详情
资源评论
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![](https://csdnimg.cn/release/download_crawler_static/12153667/bg1.jpg)
NIST Special Publication 800-
16
U.S. DEPARTMENT OF
Mark Wilson — Editor
COMMERCE
Dorothea E. de Zafra
Technology Administration
Sadie I. Pitcher
National Institute of Standards
John D. Tressler
and Technology
John B. Ippolito
Information Technology Security
Training Requirements:
A Role- and Performance-Based Model
![](https://csdnimg.cn/release/download_crawler_static/12153667/bg2.jpg)
T
he National Institute of Standards and Technology was established in 1988 by Congress to ‘‘assist industry in
the development of technology...needed to improve product quality, to modernize manufacturing processes,
to ensure product reliability...and to facilitate rapid commercialization...of products based on new scientific
discoveries.’’
NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry’s
competitiveness; advance science and engineering; and improve public health, safety, and the environment. One
of the agency’s basic functions is to develop, maintain, and retain custody of the national standards of
measurement, and provide the means and methods for comparing standards used in science, engineering,
manufacturing, commerce, industry, and education with the standards adopted or recognized by the Federal
Government.
As an agency of the U.S. Commerce Department’s Technology Administration, NIST conducts basic and
applied research in the physical sciences and engineering, and develops measurement techniques, test
methods, standards, and related services. The Institute does generic and precompetitive work on new and
advanced technologies. NIST’s research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303.
Major technical operating units and their principal activities are listed below. For more information contact the
Publications and Program Inquiries Desk, 301-975-3058.
Office of the Director
• National Quality Program
• International and Academic Affairs
Technology Services
• Standards Services
• Technology Partnerships
• Measurement Services
• Technology Innovation
• Information Services
Advanced Technology Program
• Economic Assessment
• Information Technology and Applications
• Chemical and Biomedical Technology
• Materials and Manufacturing Technology
• Electronics and Photonics Technology
Manufacturing Extension Partnership
Program
• Regional Programs
• National Programs
• Program Development
Electronics and Electrical Engineering
Laboratory
• Microelectronics
• Law Enforcement Standards
• Electricity
• Semiconductor Electronics
• Electromagnetic Fields
1
• Electromagnetic Technology
1
• Optoelectronics
1
Chemical Science and Technology
Laboratory
• Biotechnology
• Physical and Chemical Properties
2
• Analytical Chemistry
• Process Measurements
• Surface and Microanalysis Science
Physics Laboratory
• Electron and Optical Physics
• Atomic Physics
• Optical Technology
• Ionizing Radiation
• Time and Frequency
1
• Quantum Physics
1
Materials Science and Engineering
Laboratory
• Intelligent Processing of Materials
• Ceramics
• Materials Reliability
1
• Polymers
• Metallurgy
• NIST Center for Neutron Research
Manufacturing Engineering
Laboratory
• Precision Engineering
• Automated Production Technology
• Intelligent Systems
• Fabrication Technology
• Manufacturing Systems Integration
Building and Fire Research
Laboratory
• Structures
• Building Materials
• Building Environment
• Fire Safety Engineering
• Fire Science
Information Technology Laboratory
• Mathematical and Computational Sciences
2
• Advanced Network Technologies
• Computer Security
• Information Access and User Interfaces
•
High Performance Systems and Services
• Distributed Computing and Information Services
• Software Diagnostics and Conformance Testing
1
At Boulder, CO 80303.
2
Some elements at Boulder, CO.
![](https://csdnimg.cn/release/download_crawler_static/12153667/bg3.jpg)
U
N
I
T
E
D
M
E
R
I
C
A
D
E
P
A
R
E
R
C
E
NIST Special Publication 800-16
Information Technology Security Training Requirements:
A Role- and Performance-Based Model
Mark Wilson — Editor
Dorothea E. de Zafra
Sadie I. Pitcher
John D. Tressler
John B. Ippolito
COMPUTER SECURITY
Information Technology Laboratory
National Institute of Standards
and Technology
Gaithersburg, MD 20899-0001
Supersedes Special Publication 500-172
April 1998
T
M
E
N
T
O
F
C
O
M
M
S
T
A
T
E
S
O
F
A
U.S. Department of Commerce
William M. Daley, Secretary
Technology Administration
Gary R. Bachula, Acting Under Secretary for Technology
National Institute of Standards and Technology
Raymond G. Kammer, Director
![](https://csdnimg.cn/release/download_crawler_static/12153667/bg4.jpg)
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure for information technology. ITL develops tests, test methods,
reference data, proof of concept implementations and technical analyses to advance the development and
productive use of information technology. ITL’s responsibilities include the development of technical, phys-
ical, administrative, and management standards and guidelines for the cost-effective security and privacy
of sensitive unclassified information in federal computer systems. This Special Publication 800 series
reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative
activities with industry, government, and academic organizations.
National Institute of Standards and Technology Special Publication 800-16
Natl. Inst. Stand. Technol. Spec. Publ. 800-16, 200 pages (Apr. 1998)
CODEN: NSPUE2
U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON: 1998
For sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402
![](https://csdnimg.cn/release/download_crawler_static/12153667/bg5.jpg)
Information Technology Security Training Requirements
FOREWORD
In 1997 the General Accounting Office (GAO) identified information technology (IT) security as
“a new high-risk area that touches virtually every major aspect of government operations” (report
# GAO/HR-97-30). In doing so, GAO went beyond dozens of specific recommendations in its
prior reports to identify underlying factors. Several are people factors, not technological factors,
e.g., “insufficient awareness and understanding of information security risks among senior
agency officials,” “poorly designed and implemented security programs,” “a shortage of
personnel with the technical expertise needed to manage controls,” and “limited oversight of
agency practices.”
The key to addressing people factors or competencies is awareness, training, and education.
Certainly the need for government-wide attention to this area of IT security has never been
greater, so issuance of this publication, Information Technology Security Training Requirements:
A Role- and Performance-Based Model, (Training Requirements) is especially timely. This
document has been designed as a “living handbook” to have the longest useful life possible as the
foundation of and structure for “do-able” training by Federal agencies. To meet this objective,
the following elements have been included in this document’s design:
� Dates, references, or other items that would quickly outdate the Training Requirements
have been excluded. Excluded also are “terms du jour” and items which may be specific
to a given agency or Department. Technical jargon changes rapidly—even though the
meanings are not significantly different. Thus, to avoid unnecessary outdating, the
document uses terminology that is most consistent across Federal agencies and broadest
in scope to encompass all information processing, storage, and transmission resources
and technologies—for example, “Information Technology.” A glossary of key terms is
provided in an appendix.
� An extensible set of knowledges, skills, and abilities (KSAs) structure the Training
Requirements and are linked to the document through generic IT Security Body of
Knowledge, Topics and Concepts categories as shown in Exhibit 4-4. Thus, new
technologies and associated terminology may be added to the KSAs (which are to be
maintained in a separate database), and will be tracked forward through the generic IT
Security Body of Knowledge, Topics and Concepts categorization to recommended
instructional blocks defined in Chapter 4. This linkage precludes a need to continually
revise or supersede the key chapter that addresses training criteria with respect to security
requirements affected by the ongoing evolution of information technology.
� Finally, the emphasis of the Training Requirements is on training criteria or standards,
rather than on specific curricula or content. The training criteria are established according
to trainees’ role(s) within their organizations, and are measured by their on-the-job
performance. This emphasis on roles and results, rather than on fixed content, gives the
Training Requirements flexibility, adaptability, and longevity.
Foreword iii
剩余187页未读,继续阅读
资源评论
![avatar-default](https://csdnimg.cn/release/downloadcmsfe/public/img/lazyLogo2.1882d7f4.png)
![avatar](https://profile-avatar.csdnimg.cn/83238073b72f4329a312d208e1a70521_samsho2.jpg!1)
艾米的爸爸
- 粉丝: 738
- 资源: 314
上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助
![voice](https://csdnimg.cn/release/downloadcmsfe/public/img/voice.245cc511.png)
![center-task](https://csdnimg.cn/release/downloadcmsfe/public/img/center-task.c2eda91a.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![dialog-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/green-success.6a4acb44.png)