Printer Friendly

Note from the FM chief information officer.

Since the theme of this issue is education and training, I thought I would take the opportunity to remind you of the importance of our annual security and awareness training. This training is one of the requirements of the U.S. Federal Information Security Management Act (FISMA) of 2002, and is also referred to as Information Assurance (IA) and awareness training. The status of the annual IA awareness training is tracked as a significant FISMA metric and reported to Congress by Agency Chief Information Officers on an annual basis.

Last fiscal year, 95% of all Air Force end-users completed the annual IA awareness training just short of the AF-wide goal of 96%; and 68% of FM end-users completed the training. Because we strive for excellence in all we do, I am confident we will significantly increase the level of FM security awareness training completion during fiscal year 2008.

FISMA requires annual IA awareness training for all individuals with access to government networks and systems. This training is to inform all government and contract personnel who are users of the information systems supporting the operations and assets of:

A. information assurance risks associated with their activities

B. their responsibilities in complying with policies and procedures designed to reduce these risk

The Air Force utilizes the same IA awareness course for orientation and refresher training. The course takes about 40 minutes to complete including a comprehensive test, and covers the full spectrum of IA awareness topics required by law and DoD mandate. In 2007 the course was expanded to include an additional block covering personally identifiable information, Information Conditions (INFOCON), and encryption of data-at-rest.

The annual IA awareness training is accessible through the Advanced Distributed Learning System (ADLS), the authoritative source for all Air Force ancillary training. You can access the annual IA Awareness course through the ADLS web site at ADD LINK, and through the AF Portal (click on 2007 IA Awareness Course). Remember, completion of the annual IA Awareness course is mandatory for all personnel granted access to the network. Upon arrival and at least annually thereafter, all personnel receive training and familiarization to perform their assigned IA responsibilities, to include their prescribed roles in all IA-related plans such as incident response, configuration management, and COOP or disaster recovery.

Annual IA awareness training data is pulled directly from the ADLS for inclusion in the Air Force FISMA report. Failure of individuals to register in ADLS and take the annual IA Awareness course can result in FISMA non-compliance and have a negative impact on mission readiness, information assurance posture, and the Air Force's overall FISMA grade.

While annual security awareness training is required by law, protection of our information assets is another significant driver to ensure we are informed regarding our security role and responsibility to protect IA assets. In fact, one MIT survey shows that businesses with awareness training programs have been able to mitigate statistically significant, higher levels of risk in the areas of confidentiality, continuity, accuracy, and flexibility.

COPYRIGHT 2008 U.S. Air Force, Financial Management and Comptroller
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Davis, Audrey
Publication:Air Force Comptroller
Date:Mar 22, 2008
Previous Article:Notes from the director, strategic planning, communications, and support.
Next Article:Notes from the director, workforce management.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters