Monday, December 22, 2008

Free Information Security Training (and it is good!)

 FEMA, the people we think of when disaster strikes in the US, has a lot of good emergency preparedness training resources- which you would expect.  Check out their Emergency Management Institute for the course catalog of on-site and self-study courses for disaster prep; you can find general purpose training for individuals here.

What you might not expect is that FEMA would offer Cyber Security training- but they do, and it is good.  Information is at the Act Online site, including schedules for on-site training and the list of self-study courses.  From the site:

"ACT Online is an evolution of the Information Assurance program offered by the University of Memphis Center for Information Assurance. A partnership with Vanderbilt University and SPARTA, Inc. expands the proven classroom instruction into a fully capable web based method of instruction.

ACT Online provides a unique combination of expertise and capabilities and we leverage the background of a successful academic program in information assurance uniquely recognized by US Department of Homeland Security.  Our nationwide program uses a comprehensive approach to prepare professionals in identifying assets, recognizing vulnerabilities, prioritizing assets and implementing protection measures in cyber infrastructure."

They currently have four courses up and five more are in various stages of development.  The course catalog lists courses for general/non-technical, IT technical/professional and business professionals- from basics to ethics and forensics. 

OK, I need to pause here- yes, it is the same FEMA that underwhelmed us in the aftermath of Hurricane Katrina.  And yes, they are under DHS, the same folks who oversee TSA- the folks who run airport "security" in the US.  Don't hold that against them, FEMA is really trying to do some good work, and this is only one example of the new face of FEMA.  It is good stuff, and they are good people.

There is real content in these courses, and the testing isn't simple- the "Information Security Basics" pre-qualifying test made me think about things I haven't considered since taking my CISSP exam.  You can actually learn valuable things, and you can even turn trainable end-users (if there is such a thing) loose on the "Information Security for Everyone" course and raise their awareness.  The courses can also be used for running your own formal training sessions with the available training coordinator and reporting functions.

Note: You must be a US citizen to take advantage of this training.  I suppose you could lie about your citizenship, but if you do- I suggest you to skip the Cyber Ethics course.