Black Hat® Japan 2008 Briefings & Training

Black Hat Japan Training 2008 NSA InfoSec Assessment Methodology Course (IAM) - Level 1 米国国家安全保障局(NSA)INFOSECアセスメント方法論(IAM) - レベル1 Security Horizon

Register Now / オンライン登録

Overview - 概要 :

Note: This NSA IEM certification course has recently been updated. We strongly urge you to register for this course as quickly as possible as it has sold out in past years and seats are limited.

This course presents the methodologies used by the National Security Agency when conducting information security assessments on organizations. This is a tools-based course that walks students through the use of tools and manual processes designed to provide a baseline of activities for comprehensive security evaluations.

Specific Learning Objectives - 講座で学ぶこと

  1. This is a methodology course. Although this course *does* utilize software tools and applications, our primary focus is the methodology being used to perform the evaluation. NSA provides this course as guidance for organizations wanting to ensure that all technical aspects of information security are addressed during the evaluation.
    本講座は方法論の講座だが、ソフトウェアツールやアプリケーションも活用し、エバリュエーション実施の際に使われるメソッドに焦点を当てている。米国国家 安全保障局(NSA)は、エバリュエーション時に情報セキュリティのすべての技術的アスペクトを使って問題に対処していることを確実にしたい組織へのガイ ダンスとして、このコースを民間に提供している。
  2. The NSA IEM is comprehensive. Students will work within 10 different baseline activities, including port scans, vulnerability scans, password cracking, wireless enumeration, network sniffing, host evaluations, and high assurance device evaluations.
    NSA IEM は総合能力試験である。受講生には、例えばポートスキャン、脆弱性スキャン、パスワードクラッキング、ワイヤレスエニュメレーション、ネットワークスニッ フィング、ホストエバリュエーション、高信頼性が求められるデバイスエバリュエーション等を含む、10個以内の異なるベースラインアクティビティに取り組 んでもらう。
  3. A complete methodology. Students will work through everything involved in a comprehensive evaluation, from the customer request, the vetting process, how to scope the work, and instruction on providing a final product to the customer that is prioritized, understandable, and simple.
    完成されたメソドロジー。受講生には、顧客要求、ベッティングプロセス(入念な審査処理)、仕事のスコープの仕方などから完全なエバリュエーションに伴う すべてを理解した後、優先順位が高く理解度も高くシンプルな顧客に最終プロダクトを提供するインストラクションまで取り組んでもらう。
  4. Complete with metrics. How many times have you been asked by a customer, “How did we do?” Customers are constantly looking for a grade; a way to measure success. This course provides two simple metrics that can be used to provide an answer to customers and help them track their progress over multiple evaluations.
    マトリックスによって完成させる。あなたは顧客から「我々はどうやってこうしたんだ?」と何度尋ねられたことがありますか?顧客は常にグレード(大きな成 功への方法)を期待します。本講座では、複数のエバリュエーションの顧客の進歩状況をトラックを助け、顧客に答えを与える、二つのシンプルマトリックスを 提供します。
  5. Real world examples. This course will provide insight into some of the issues that arise when this type of work is conducted. Examples range from the educational world, the Department of Defense, the federal arena, utilities, healthcare, and financial.
  6. This is a certification course. Some students may be eligible to receive National Security Agency (NSA) certification on the IEM material. Attendees who feel they may meet the requirements outlined below will need to submit the appropriate registration documents proving eligibility.

What to Expect - 本講座に期待できること :

Students will be involved in this course right from the start. Five separate exercises will walk the students through conducting the NSA IEM from start to finish.All hardware and software will be provided by Security Horizon. Students are only expected to bring themselves.

Hardware for the course - 本コース受講に必要なハードウェア:

Course laptops are dual boot, Windows潤・XP/Fedora Core潤・ The tools provided include commercial and freeware products on each operating system.

How It Will Work - 講座の進め方 :

Students will learn the NSA IEM by walking through the individual sections of the methodology within a group environment. Each group will be assigned a scenario organization (utility, healthcare, finance, military, research, etc) that they will use to perform the NSA IEM upon during the course. The students will start at the beginning of the process, conducting the scoping efforts, building a project plan, conducting the technical evaluation, and providing a first order prioritization of findings back to the customer.

The final test will be given at the end of the 2nd day of class.

Certification - 認定証 :

NOTE: Certification is *not* required to attend this course, but attendance is limited, so enroll now.

Students wishing the NSA certificate must have completed the NSA IAM certificate class and demonstrate at least 6 months of security evaluation tool usage by filling out the application for the course. This course is also open to non-IAM certified individuals on a non-certification basis. Students are required to submit a registration package to NSA, via Security Horizon, in advance of the class. Submission of paperwork no later than 30 days prior to the class is highly recommended to ensure all paperwork is approved and the certification exam is issued by the National Security Agency.

Students wishing to be certified must meet the following requirements - 認定証希望者の必須条件 :

  • U.S. citizenship or Japanese citizenship. It is recommended that anyone attending the course apply for certification and let NSA decide if they meet the qualifications. This includes the Citizenship Requirement.
  • Five years of demonstrated experience in the field of INFOSEC, COMSEC or computer security, with 2 of the 5 years of experience directly involved in analyzing computer system/network vulnerabilities and security risks.

We strongly urge that you register for this class no later than September 10 if you are seeking to be certified since all paperwork for certification must be approved PRIOR to the class. On-site or late registration for this class will not ensure that the necessary paperwork will be completed for certification.

After registering for this course with Black Hat, you can begin your NSA registration process by contact You will be sent the registration packet for this course which must be completed and faxed back to Security Horizon. For questions on the NSA registration paperwork or course content, please contact For information on payment for the course, please contact Black Hat directly.

Course Length - コースの長さ :

Two days. All course materials, lunch and coffee breaks will be provided. A Certificate of Completion will be offered in addition to IAM Certification (if you qualify). This course is required prior to taking the level two course, the NSA IEM.

We strongly urge that you register for this class no later than September 10 if you are seeking to be certified since all paperwork for certification must be approved PRIOR to the class. On-site or late registration for this class will not ensure that the necessary paperwork will be completed for certification.

Non-US Citizens or Japanese Citizens who do not qualify for NSA Certification will receive a Certificate of Completion from Security Horizon and Black Hat.

Trainer - 講師紹介(予定)

Ed Fuller, COO, Security Horizon, Inc.
Greg Miles, President, Security Horizon, Inc.
Brian Kirouac, CTO, Security Horizon, Inc.

Register Now / オンライン登録
Price Line
EarlyBird Ends:10-Sep
早期割引 登録締切:9/10
Regular Ends:10-Oct
通常価格 登録締切:10/1
Onsite Accept:7-Oct Only
当日価格 登録受付:10/7のみ
Price (with Tax)
¥ JPY 277,000 ¥ JPY 320,700 ¥ JPY 364,000
  • * Group discounts for 2 or more is available. Please contact [ blackhatregistration at ] to apply.
  • * グループ割引は2名様以上から適用可能です。インターネット協会会員割引、スポンサー割引をご用意しています。お申し込み希望者およびお問い合わせは[ bh at japan døt name ] までご連絡ください。