國(guó)內(nèi)外信息安全學(xué)科發(fā)展

國(guó)外信息安全教學(xué)情況調(diào)研哈爾濱工業(yè)大學(xué)張宏莉2007.11.17報(bào)告提綱引言國(guó)外信息安全相關(guān)課程設(shè)置情況總體情況有代表性的大學(xué)辦學(xué)特點(diǎn)國(guó)外信息安全知識(shí)體系相關(guān)情況NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）ISC(2)的信息安全共同知識(shí)體系CBK引言2002年設(shè)立信息安全專業(yè)的課程調(diào)研2004年清華大學(xué)出版社信息安全知識(shí)點(diǎn)總結(jié)2007年教指委信息安全教學(xué)規(guī)范調(diào)研方式：INTERNET調(diào)研范圍：美英等知名高校20余所所發(fā)布的相關(guān)課程教學(xué)大綱、教學(xué)內(nèi)容等調(diào)研范圍PurdueUniversityCornellUniversityStanfordUniversityMITCMUOxfordUniversityNewYorkUniversityRiceUniversityFloridaStateUniversityPrincetonUniversityUCDavisUniversityofLondonGeorgeMasonUniversityOslouniversity,NorwayFloridaAtlanticUniversityGeorgiaInstituteofTechnpologyPortlandStateUniversity等學(xué)校

報(bào)告提綱引言國(guó)外信息安全相關(guān)課程設(shè)置情況總體情況有代表性的大學(xué)國(guó)外信息安全知識(shí)體系相關(guān)情況NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）ISC(2)的信息安全共同知識(shí)體系CBK辦學(xué)特點(diǎn)總體情況：1995年，美國(guó)國(guó)家安全局NationalSecurityAgency委任CMU成立信息安全學(xué)術(shù)人才中心，提高高校信息安全人才培養(yǎng)能力至2003年9月，有50多所教育機(jī)構(gòu)被認(rèn)定為這種中心，包括44所高等院校和4所國(guó)防院校，如CMU，GeogiaInstituteofTechnology,FlaridaStateUniversity,PurdueUniversity,GeorgeMasonUniversity4所學(xué)校設(shè)立信息安全專業(yè)本科專業(yè)，13所學(xué)校設(shè)立以信息安全為主的本科專業(yè)；在10所學(xué)校設(shè)立信息安全碩士專業(yè)，30所學(xué)校設(shè)立信息安全研究方向；半數(shù)以上學(xué)校開(kāi)設(shè)課程與NSTISSI的CNSS4011水平相當(dāng),20所學(xué)校開(kāi)展了NSTISSI的CNSS4011-4-15認(rèn)證有代表性的大學(xué)Purdueuniversity:信息安全滲透到很多已有學(xué)科UniversityofLondon：10門課程，PROJECTFloridaStateUniversity：始于2000，高質(zhì)量OxfordUniversity：計(jì)算機(jī)安全課程體系CC-getech:2個(gè)選修課系列PurdueUniversity

PurdueUniversityInformationSecurityCoursesComputerSciencesCS355IntrotoCryptographyCS426ComputerSecurityCS471IntrotoArtificialIntelligenceCS478IntroductiontoBioinformaticsCS490S

SecureNetworkProgrammingCS526InformationSecurityCS555CryptographyCS591SInformationSecurityandCybercrimeSeminar

CS626AdvancedInformationAssuranceCS655AdvancedCryptologyCS690SPrivacyOnlinePurdueUniversityComputerandInformationTechnology

C&IT227IntroductiontoBioinformaticsC&IT420BasicCyberForensics

C&IT455NetworkSecurityC&IT499CCyberForensics:AdvancedTechnicalIssuesC&IT499D

SmallScaleDigitalDeviceForensics

C&IT499FIntroductiontoComputerForensics

C&IT499NWirelessNetworkSecurityandManagementC&IT528InformationSecurityRiskAssessmentC&IT556IntrotoCyberForensics

C&IT581AAdvancedTopicsinCyberforensics

C&IT581BBiometricDataAnalysisC&IT581CAppliedCryptographyC&IT581FExpertWitness&ScientificTestimony

C&IT581SInformationSecurityManagement

C&IT581VSpecialTopicsinCyberforensicsC&IT581ZWebServicesSecurity

PurdueUniversityComputerSecurity：

Asurveyofthefundamentalsofinformationsecurity.Risksandvulnerabilities,policyformation,controlsandprotectionmethods,databasesecurity,encryption,authenticationtechnologies,host-basedandnetwork-basedsecurityissues,personnelandphysicalsecurityissues,issuesoflawandprivacy.

InformationSecurity:

Basicnotionsofconfidentiality,integrity,availability;authenticationmodels;protectionmodels;securitykernels;secureprogramming;audit;intrusiondetectionandresponse;operationalsecurityissues;physicalsecurityissues;personnelsecurity;policyformationandenforcement;accesscontrols;informationflow;legalandsocialissues;identificationandauthenticationinlocalanddistributedsystems;classificationandtrustmodeling;andriskassessment

PurdueUniversityCommunicationsSecurityAndNetworkControls:

Thiscoursewillprovidestudentswithanoverviewofthefieldofinformationsecurityandassurance.Studentswillexplorecurrentencryption,hardware,software,andmanagerialcontrolsneededtooperatenetworksandcomputersystemsinasafeandsecuremanner

AdvancedNetworkSecurity:

Thiscourseprovidesstudentswiththein-depthstudyandpracticeofadvancedconceptsinappliedsystemsandnetworkingsecurity,includingsecuritypolicies,accesscontrols,IPsecurity,authenticationmechanismsandintrusiondetectionandprotection.

PurdueUniversitySystemsAssurance:

Thiscoursecoverstheimplementationofsystemsassurancewithcomputingsystems.Topicsincludeconfidentiality,integrity,authentication,non-repudiation,intrusiondetection,physicalsecurity,andencryption.Extensivelaboratoryexercisesareassigned

DisasterRecoveryAndPlanning

:

Thiscoursecoversriskmanagementandbusinesscontinuity.Topicsincludedisasterrecoverystrategies,mitigationstrategies,riskanalysisanddevelopmentofcontingencyplansforunexpectedoutagesandcomponentfailures.Extensivelaboratoryexercisesareassigned

.

PurdueUniversityInformationAssuranceRiskAssessment

:

Thiscoursecoversindustryandgovernmentrequirementsandguidelinesforinformationassuranceandauditingofcomputingsystems.Topicsincluderiskassessmentandimplementationofstandardizedrequirementsandguidelines

SoftwareAssurance

:

Thiscoursecoversdefensiveprogrammingtechniques,boundsanalysis,errorhandling,advancedtestingtechniques,detailedcodeauditing,andsoftwarespecificationinatrustedassuredenvironment.Extensivelaboratoryexercisesareassigned

.

PurdueUniversityComputerForensics

:

Thiscoursecoversthetechniquesusedintheforensicanalysisofcomputerizedsystemsforgatheringevidencetodetailhowasystemhasbeenexploitedorused.Extensivelaboratoryexercisesareassigned

SecureProgramming

:

Shellandenvironment,Bufferoverflows,Integeroverflows,Formatstrings,Meta-charactervulnerabilities(codeinjection)andInputValidation,WebApplicationissues(includingcross-sitescriptingvulnerabilities),Raceconditions,Filesystemissues,Randomness

FloridaStateUniversity

FloridaStateUniversityNetworkSecurity

Class1.

Fundamentalsofnetworksecurity.

Class2and3.

Securechannelsviaencryption.

Class4and5.

Blockciphersandencryptionmodes.

Class6.

MessageAuthenticationCodes.

Class7.

Streamciphers.Class8.

Authenticationmechanisms.Class9.Thebirthdayparadoxandapplications.Class10.Kerberos.Classes11,12,13and14.Publickeycryptography.Class15.Publickeyinfrastructure.Class16.Examreview.Class17.MidtermClass18.RSAscheme.Class19.SSLscheme.Class20.IPSECscheme.Class21.IPSEC-IKEscheme.Classes22,23,and24.Studentpresentations.Class25.Internetprotocolsreview,andintroductiontopacketfiltering.Class26.BuildingInternetfirewalls.Class27.Intrusiondetectionsystems.Class28.Finalreview.UniversityofLondon

UniversityofLondonSecuritymanagement[690IC01]：

Thismodulewillemphasisetheneedforgoodsecuritymanagement.Itsaimsaretoidentifytheproblemsassociatedwithsecuritymanagementandtoshowhowvarious(major)organisationssolvethoseproblems.

Anintroductiontocryptographyandsecuritymechanisms[690IC02]:

Theapproachofthismoduleisnon-technical.Themainobjectiveistointroducethestudentstothemaintypesofcryptographicmechanism,tothesecurityserviceswhichtheycanprovide,andtotheirmanagement,includingkeymanagement.Themathematicalcontentofthismoduleisminimal.Supportmaterialsfortheelementarymathematicsneededforthismodulewillbeprovided.

UniversityofLondonNetworksecurity[690IC03]

：

Thismoduleisconcernedwiththeprotectionofdatatransferredovercommercialinformationnetworks,includingcomputerandtelecommunicationsnetworks.Afteraninitialbriefstudyofcurrentnetworkingconcepts,avarietyofgenericsecuritytechnologiesrelevanttonetworksarestudied,includinguseridentificationtechniques,authenticationprotocolsandkeydistributionmechanisms.Thisleadsnaturallytoconsiderationofsecuritysolutionsforavarietyoftypesofpracticalnetworks,includingLANs,WANs,proprietarycomputernetworks,mobilenetworksandelectronicmail.UniversityofLondonComputersecurity[690IC04]

：Thiscoursedealswiththemoretechnicalmeansofmakingacomputingsystemsecure.Thisprocessstartswithdefiningthepropersecurityrequirements,whichareusuallystatedasasecuritypolicy.Securitymodelsformalisethosepoliciesandmayserveasareferencetocheckthecorrectnessofanimplementation.Themainsecurityfeaturesandmechanismsinoperatingsystemswillbeexaminedaswellassecurity-relatedissuesofcomputerarchitecture.Specificwell-knownoperatingsystemsarethenstudiedascasestudies.Otherareasinvestigatedincludethesecurityofmiddleware,softwareprotectionandwebsecurity.UniversityofLondonSecureelectroniccommerceandotherapplications[690OPT5]：Thismoduleaimstoputtheroleofsecurityintoperspectiveanddemonstratehowitformspartofasecuritysystemwithinanapplication.Theaimistoillustrate,usuallybytheuseofcasestudies,howaparticularsituationmaymakecertainaspectsofsecurityimportantandhowanentiresystemmightfittogether.Standardsandevaluationcriteria[690OPT7]：Overthelastfewyears,avarietyofsecurity-relatedstandardshavebeenproducedbyinternationalstandardsbodies.Thismoduleexaminessomeofthemostimportantofthesestandardsindetail.Indoingsoitillustrateshowinternationalstandardsnowcovermanyaspectsoftheanalysisanddesignofsecuresystems.Thematerialcoveredalsoputscertainotheraspectsofthedegreecourseinamorestructuredsetting.Themodulealsocoversexistingsecurityevaluationcriteria,thecurrentprocessforevaluatingsecuresystems,andguidelinesformanagingITsecurity

UniversityofLondonAdvancedcryptography[690OPT8]：Thismodulefollowsonfromtheintroductorycryptographymodule.Inthatmodulecryptographicalgorithmswereintroducedaccordingtothepropertiestheypossessedandhowtheymightfitintoalargersecurityarchitecture.Inthisunitwelookinsidesomeofthemostpopularandwidelydeployedalgorithmsandwehighlightdesignandcryptanalytictrendsoverthepasttwentyyears.Thiscourseis,bynecessity,somewhatmathematicalandsomebasicmathematicaltechniqueswillbeused.However,despitethisrelianceonmathematicaltechniques,theemphasisofthemoduleisonunderstandingthemorepracticalaspectsoftheperformanceandsecurityofsomeofthemostwidelyusedcryptographicalgorithms.UniversityofLondonDatabasesecurity[690OPT9]：Thismodulecoversseveralaspectsofdatabasesecurityandtherelatedsubjectofconcurrencycontrolindistributeddatabases.Wewilldiscussmethodsforconcurrencycontrolandfailurerecoveryindistributeddatabasesandtheinteractionbetweenthosemethodsandsecurityrequirements.Wewillalsoexaminehowaccesscontrolpoliciescanbeadaptedtorelationalandobject-orienteddatabases.UniversityofLondonInformationcrime[690OPT10]：Thismodulecomplementsothermodulesbyexaminingthesubjectfromthecriminalangleandpresentingastudyofcomputercrimeandthecomputercriminal.Wewilldiscussitshistory,causes,developmentandrepressionthroughstudiesofsurveys,typesofcrime,legalmeasures,andsystemandhumanvulnerabilities.Wewillalsoexaminetheeffectsofcomputercrimethroughtheexperiencesofvictimsandlawenforcementandlookatthemotivesandattitudesofhackersandothercomputercriminals.UniversityofLondonProject[6900011]：

Theprojectisamajorindividualpieceofwork.ItcanbeofacademicnatureandaimatacquiringanddemonstratingunderstandingandtheabilitytoreasonaboutsomespecificareaofInformationSecurity.Alternatively,theprojectworkmaydocumenttheabilitytodealwithapracticalaspectofInformationSecurityStanford/seclab/courses.htmlSecurityLabintheComputerScienceDepartmentCourses:CS155:ComputerandNetworkSecurity.CS255:IntroductiontoCryptographyandComputerSecurity.CS259:SecurityAnalysisofNetworkProtocolsCS355:TopicsinCryptography.CS99J:Sophomoreseminar:Computersecurityandprivacy.CS55N:Freshmanseminar:TenIdeasinComputerSecurityandCryptography.（講座）OxfordComputerSecurity：融入計(jì)算機(jī)系統(tǒng)的設(shè)計(jì)開(kāi)發(fā)，形成實(shí)踐能力OxfordSecurityPrinciples(SPR)Thiscoursecombinesatreatmentofthefundamentalprinciplesofcryptographyandsecurityprotocolswithapracticaltreatmentofcurrentbestpractice.Itexplainstheneedforcomputersecurity,andthescopeoftheavailabletechnicalsolutions;presentstechniquesforevaluatingsecuritysolutions;andprovidesanoverviewofthecurrentleadingtechnologiesandstandardsinthesecurityarena.OxfordSecurityRiskAnalysisandManagement(RIS)

Securityisapropertyofanentiresystemincontext,ratherthanofasoftwareproduct,soathoroughunderstandingofsystemsecurityriskanalysisisnecessaryforasuccessfulproject.Thiscourseintroducesthebasicconceptsandtechniquesofsecurityriskanalysis,andexplainshowtomanagesecurityrisksthroughtheprojectlifecycle.Participantsshouldhaveabasicunderstandingoftopicsinsecurity,asprovidedbytheSecurityPrinciples(SPR)course.PeopleandSecurity(PAS)

Averyhighproportionoffailuresinsecuritycanbeattributedtomisunderstanding,mis-information,orfailuretograsptheimportanceoftheprocessesindividualsareexpectedtofollow.Thiscoursedrawsonworkfromhuman-computerinteraction,andmorewidelyfrompsychology,relatingtheissuesraisedbacktohardtechnicalimplementationdecisions.Familiaritywithbasicsecurityprinciplesandstandardmechanisms,ascoveredinSecurityPrinciples(SPR),isassumed.

OxfordDesignforSecurity(DES)

Capabilityinthedesignofsystemswhichwillmeetsecuritygoalsisanincreasinglyimportantskill.Thiscoursewillexplorehowsuitablelevelsofassurancecanbeachievedthroughcombiningarchitecturaldetail,operatingsystemandmiddlewareplatforms,andapplicationsecuritymeasures.Centraltotheseconsiderationsisconcernforwhichrequirementsaremetwithwell-establishedtools,whichriskscanbeaddressedthoughnoveltechnologies,andwhichmustbemitigatedbyothermeans.Participantsshouldhaveabasicunderstandingoftopicsinsecurity,asprovidedbytheSecurityPrinciples(SPR)course.PlatformsforSecurity(PLA)

Inordertobuildsecuresystems,appropriatemethodologiesmustbeusedthroughoutthelifecycle,notleastinthedetailedimplementationstage.Thiscoursetakesacasestudyapproachtotopicssuchasbufferoverflows,cryptographiclibraries,sandboxing,codesigning,networksecurity,andcodecorrectness,tobuildtowardsatoolkitofsoundprinciples.Participantsshouldhaveabasicunderstandingoftopicsinsecurity,asprovidedbytheSecurityPrinciples(SPR)course.CC-getech

InformationSecurityFixedCoreCourses(23semesterhours):IntroductiontoInformationSecurityAppliedCryptographySecureComputerSystemsNetworkSecurityInformationSecurityLaboratoryInformationSecurityStrategiesandPoliciesPracticum/Project/Research(5credithours)CC-getechConcentrationI(TechnologyCentric-9CreditHours)，ChoosethreecoursesfromthefollowingIntroductiontoNumberTheoryTheoryIIAdvancedOperatingSystemsComputerNetworksFormalModelsandMethodsforInformationAssuranceSoftwareDevelopmentProcessDatabaseSystemsConceptsadnDesignInternetworkingArchitectureandProtocolsCC-getechConcentrationII(PolicyCentric-9CreditHours)Choosethreecoursesfromthefollowing.TechnologyForecastingandAssessmentScience,TechnologyandPublicPolicyCostandBenefitAnalysisManagementInformationSystemsBusinessProcessAnalysis&Design(SAP)SecurityandPrivacyofInformation&InformationSystems(GSU)國(guó)外辦學(xué)特色總結(jié)辦學(xué)思路方面：信息安全科研活躍的高效設(shè)立相關(guān)課程、但體系性不強(qiáng)信息安全知識(shí)滲透到已有各個(gè)專業(yè)講解細(xì)致、事例豐富低年級(jí)涉及專業(yè)的目的意義，并通過(guò)動(dòng)手實(shí)踐能力的培養(yǎng)激發(fā)學(xué)生興趣賓州大學(xué)的一年級(jí)的課程，（UndergraduateResearch/IndependentStudy，InformationTechnologyandItsImpactonSociety）芝加哥大學(xué)的WebDesign:Aesthetics/lang高年級(jí)注重學(xué)生知識(shí)面的拓展，開(kāi)辦講座（約2小時(shí)），研究方向研討會(huì)等課程方面：基本課程計(jì)算機(jī)安全、密碼、網(wǎng)絡(luò)安全、安全管理、數(shù)據(jù)庫(kù)安全、計(jì)算機(jī)/網(wǎng)絡(luò)取證特色課程人員安全、安全編程（PU）、無(wú)線網(wǎng)絡(luò)安全（PU）、PROJECT、信息犯罪、網(wǎng)絡(luò)協(xié)議安全性分析、講座/專題、網(wǎng)絡(luò)攻防（NYU）成績(jī)?cè)u(píng)分方式平時(shí)作業(yè)（30-50%）、工程實(shí)踐（30-50%）、期中期末考試(30-40%)、出勤(5%左右)等教學(xué)方式方面：網(wǎng)絡(luò)成為師生溝通的橋梁，在教學(xué)中起重要作用，相關(guān)信息在網(wǎng)上都查得到，包括：每學(xué)期各專業(yè)的開(kāi)課情況、課程介紹、任課教師、參考書目、教師要求、評(píng)分方式、教師的講義（ppt）等等。聘請(qǐng)外校專家講授課程或課程的部分章節(jié)。多名教師或研究生共同教授同一門課，各有分工。布置學(xué)生閱讀大量參考文獻(xiàn)并討論（stanford），一定的交流討論課時(shí)（1/3）

報(bào)告提綱引言國(guó)外信息安全相關(guān)課程設(shè)置情況總體情況有代表性的大學(xué)國(guó)外信息安全知識(shí)體系相關(guān)情況NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）ISC(2)的信息安全共同知識(shí)體系CBK辦學(xué)特點(diǎn)NSTISSI（NationalSecurityTelecommunicationsandInformationSystemSecurityI）的CNSS4011-4015CNSS4011：國(guó)家信息系統(tǒng)安全專業(yè)人才培訓(xùn)標(biāo)準(zhǔn)NationalTrainingStandardforInformationSystemsSecurity(INFOSEC)ProfessioinalsCNSS4012:國(guó)家高級(jí)系統(tǒng)管理員信息安全培訓(xùn)標(biāo)準(zhǔn)NationalInformationAssuranceTrainingStandardforSeniorSystemsManagersCNSS4013:國(guó)家系統(tǒng)管理員信息安全培訓(xùn)標(biāo)準(zhǔn)NationalInformationAssuranceTraningStandardforSystemAdministratorsCNSS4014:國(guó)家信息系統(tǒng)安全官員安全培訓(xùn)標(biāo)準(zhǔn)InformationAssuranceTrainingStandardforInformationSystemsSecurityOfficersCNSS4015:國(guó)家系統(tǒng)證書培訓(xùn)標(biāo)準(zhǔn)NationalTrainingStandardforSystemCertifiersCNSS4011培訓(xùn)標(biāo)準(zhǔn)培訓(xùn)課程采用信息安全綜合模型，向受培訓(xùn)者提供兩個(gè)層面的相關(guān)知識(shí)認(rèn)知層面：對(duì)于國(guó)家信息信息系統(tǒng)威脅和弱點(diǎn)，要建立起敏感的認(rèn)知。認(rèn)識(shí)到保護(hù)數(shù)據(jù)、信息和信息處理手段的需求及意義；具有從事信息安全工作的原理和實(shí)踐知識(shí)實(shí)踐層面：培訓(xùn)INFOSEC安全過(guò)程和實(shí)踐的設(shè)計(jì)、執(zhí)行和評(píng)估技能。對(duì)這個(gè)層面的理解可以確保學(xué)員有能力對(duì)他們?cè)趯?shí)踐過(guò)程中遇到的安全概念加以應(yīng)用CNSS4011培訓(xùn)標(biāo)準(zhǔn)教學(xué)計(jì)劃：1、通信基礎(chǔ)（認(rèn)知層面）教學(xué)內(nèi)容：現(xiàn)代通信系統(tǒng)的演化過(guò)程，傳輸介質(zhì)學(xué)習(xí)成果：通信系統(tǒng)發(fā)展年代表，匹配傳輸特性和描述符主要內(nèi)容：歷史和當(dāng)前方法對(duì)比；各種通信系統(tǒng)的能力和局限性2、自動(dòng)化信息系統(tǒng)AIS基礎(chǔ)（認(rèn)知層面）教學(xué)內(nèi)容：提供AIS語(yǔ)言；結(jié)合AIS實(shí)例描述AIS環(huán)境；綜述AIS中硬件、軟件、固定組件結(jié)合后文中信息系統(tǒng)安全外貌/行為學(xué)習(xí)成果：AIS術(shù)語(yǔ)解釋；可執(zhí)行功能解釋；描述AIS組件間相互關(guān)系主要內(nèi)容：歷史和當(dāng)前技術(shù)對(duì)比；硬件；軟件；存儲(chǔ)器；介質(zhì)；網(wǎng)絡(luò)CNSS4011培訓(xùn)標(biāo)準(zhǔn)教學(xué)計(jì)劃：3、安全基礎(chǔ)（認(rèn)知層面）教學(xué)內(nèi)容：應(yīng)用信息系統(tǒng)安全廣泛模型，提出重要信息屬性、信息狀態(tài)、安全測(cè)量標(biāo)準(zhǔn)學(xué)習(xí)成果：學(xué)生應(yīng)列出并表述AIS安全中的要素，對(duì)保護(hù)系統(tǒng)AIS的安全訓(xùn)練進(jìn)行總結(jié)，能舉例說(shuō)出重要信息的決定性主要內(nèi)容：INFOSEC概述，操作安全OPSEC，信息安全I(xiàn)NFOSEC4、NSTISS基礎(chǔ)（認(rèn)知層面）教學(xué)內(nèi)容：組件描述，包括國(guó)家策略、威脅和弱點(diǎn)，對(duì)策，風(fēng)險(xiǎn)管理，系統(tǒng)生命周期管理，信任，操作模式，組織單元角色，NSTISS各方面等實(shí)例學(xué)習(xí)成果：概括出國(guó)家NSTISS策略；驗(yàn)證AIS弱點(diǎn)和潛在威脅，舉例說(shuō)明NISS策略，國(guó)產(chǎn)和實(shí)踐的代理實(shí)現(xiàn)主要內(nèi)容：國(guó)家策略和指導(dǎo)，系統(tǒng)弱點(diǎn)和威脅，法律要素，對(duì)策，風(fēng)險(xiǎn)管理，系統(tǒng)生命周期管理，信任，運(yùn)行模式，多種組織人員的角色，NSTISS各方面CNSS4011培訓(xùn)標(biāo)準(zhǔn)教學(xué)計(jì)劃：5、系統(tǒng)運(yùn)行環(huán)境（認(rèn)知層面）教學(xué)內(nèi)容：勾畫出機(jī)構(gòu)的具體自動(dòng)信息系統(tǒng)和通信系統(tǒng)；描述機(jī)構(gòu)的控制點(diǎn)，以便購(gòu)買和維護(hù)自動(dòng)信息系統(tǒng)和通信系統(tǒng)；評(píng)論自動(dòng)信息系統(tǒng)和通信系統(tǒng)的安全策略學(xué)習(xí)成果：總結(jié)出機(jī)構(gòu)中自動(dòng)信息系統(tǒng)和通信系統(tǒng)；給出淡青機(jī)構(gòu)的自動(dòng)信息系統(tǒng)或通信系統(tǒng)和配置的示例，和維護(hù)的可操作點(diǎn)主要內(nèi)容：自動(dòng)信息系統(tǒng)，通信系統(tǒng)，各機(jī)構(gòu)具體的安全策略，各機(jī)構(gòu)具體的自動(dòng)通信系統(tǒng)或通信系統(tǒng)的策略6、NSTISS計(jì)劃和管理（實(shí)踐層面）教學(xué)內(nèi)容：討論涉及安全措施和編碼過(guò)程中的實(shí)際行動(dòng)，介紹常見(jiàn)的安全計(jì)劃指南/文檔學(xué)習(xí)成果：針對(duì)教師提供的自動(dòng)信息系統(tǒng)和通信系統(tǒng)建立安全計(jì)劃主要內(nèi)容：安全計(jì)劃，風(fēng)險(xiǎn)管理，系