ISSO Orientation

5 days

This course is intended for officials in government or private industry working in the area of Information Security, wishing to become Information System Security Officer, or needing to advance their skills and knowledge in managing systems and organization security.


This five-day overview program is based upon the National Security Agency’s Directive for National Training Standard. This standard is issued by the Committee on National Security Systems (CNSS) as specified in CNSSI No. 4014; Information System Security Officer (ISSO).

This course addresses the entry level standards which cover the fundamentals of Information Systems from a top- down approach. Various topics addressed in the course include IT Governance, certification and accreditation, public key infrastructures, configuration management, intrusion detection and incident response. Given a series of system security breaches, the ISSO will identify system vulnerabilities and recommend security solutions required to return the system to an operational level of assurance.

Participants will be able to:

  • Explain the importance of IT governance as part of the role of the ISSO responsibility.
  • Define Confidentiality, Integrity and Availability for Information Systems Security.
  • Describe the certification and accreditation and explain their importance for an organization and the ISSO.
  • Describe the necessities in implementing a site Security Policy and its importance to the Department of National Defence and to other organizations.
  • Explain the importance of reporting the status of site security for the ISSO.

Introduction to ISSO

  • Introductions
  • Security Experience
  • Course Format
  • Security Mindset
  • Security References

Setting the Foundation

  • Security Concepts
  • Security Practices
  • Security Policies

Understanding your Role

  • ISSO Defined
  • Common Responsibilities
  • Types of ISSO
  • Type-specific Responsibilities

Understanding Site Security

  • Confidentiality, Integrity and Availability for Sites
  • Site Security Principles
  • The Role of Site Security Policy
  • Site Security Policies

Site Security Implementation and Operations

  • Plans and Procedures
  • Facility Approval
  • Operational Management
  • Access Control
  • Incident Response

Understanding System Security

  • Confidentiality, Integrity and Availability for Systems
  • System Security Principles
  • The Role of System Security Policy
  • System Security Policies

System Security Implementation and Operations

  • Know Your Enemy
  • Security Breach Impacts
  • Plans and Procedures
  • Security Mechanisms and Methods
  • Access Control
  • Operational Management
  • Media Handling
  • Policy Integration
  • Incident Response

System Development Life Cycle Basics

  • System Development Lifecycle Methodology
  • Threats and Vulnerabilities
  • Software Protection Mechanisms

Cryptography Basics

  • Types of Cryptography Systems
  • Symmetric and Asymmetric Cryptography
  • PKI and Key Management Issues
  • Crypto Attacks

Understanding Site and System Reporting

  • Report Categories
  • Measurement
  • Reporting Roles and Responsibilities
  • Reporting Audiences

Developing Incident and Continuous Reporting

  • Report Planning
  • Reporting Formats and Conventions
  • Reporting to Management
  • Legal Considerations

Achieving a Security Certification and Accreditation Posture

  • Certification and Accreditation
  • Certification Practices
  • Certification Elements
  • Personnel Accreditation
  • Systems Accreditation (Type Accreditation)
  • Accreditation Activities

“Well done, very good overview!”

“In general course provided excellent information. the DND/CAF section actually put everything in perspective as for what my responsibilities are. Thank you for all the information.”

“All aspects were covered well and information all pertinent to subject.”

“Excellent knowledge base. The book will be a great reference!”

“Modules relating to DND/CAF information, regulations were well done.”

“Overall very good intro to the ISSO world.”

“Great course to raise our awareness of vulnerability of IT systems and provide good material to sensibilize our co-worker.”

“Glen is a very pleasent instructor who creates a casual, comfortable learning environment. He has a lot of relevant experience that benefits the learning of the material.”

“Well structured material presented in a logical manner.”

“Glen is knowledgable, effective at pointing out the necessary information about security and data privacy evolution.”

“Looking forward to attending future courses.”

“This course provides a very good overview of what the world of security entails.”