Security concerns drive feds to training program

With 2000 just more than six months away, many federal and industry organizations have begun to turn their Year 2000 efforts away from ensuring that systems are compliant and toward protecting systems from cyberattacks and abuse by employees.

But the technology in the information security arena is changing so quickly that information technology managers have a difficult time keeping up to date.

To help managers, George Washington University and Science Applications International Corp.'s Center for Information Security Education teamed up to offer a graduate certificate program focused not so much on security technology but more on helping IT managers understand security issues and policies.

"It's more of management; it's not just technology that is good for one or two years," said Maria Escoto, GWU's representative for the Graduate Certificate Program in Information Security Management.

The program has been in place for several years, but federal agencies are showing increasing interest, especially the Defense Department, Escoto said.

More federal IT personnel have shown interest in the class since last May, when President Clinton issued Presidential Decision Directive 63, which requires agencies to protect their critical computer infrastructure.

The program includes six three-semester-hour courses. The first course, "Management of Information and Systems Security," offers a look at the development and management of information, personnel and physical security systems.

The other five courses are based on the first course. "Information Management and (Protection of) Information Systems" builds on the information protection concept and also discusses the impact of how organizations use information as a resource. The next course, "Cryptographic Systems: Application, Management and Policy," offers more on the policy development for specific systems and covers cryptography, key management and encryption algorithms.

The legal, ethical and moral issues behind all information security policies affect privacy, freedom of speech and other civil liberties. The "Engineering Law (Information Ethics, Law and Policy)" course focuses on these issues. "Crisis Management, Disaster Recovery and Organizational Continuity" looks at the recovery of information and communication systems.

"Problems in Engineering Management (Detection and Correction of Information Security Management Problems)" enables students to apply the lessons taught in the previous five courses.

The next session starts in September, and program officials plan to hold in May and June at SAIC free information briefings to describe the program.

For more information, go to www.ocp.gwu.edu.