Skip to main content
  ADL USERS ONLY PLEASE SIGN IN Sign In
Go SearchAdvanced Search
Home
Who We Are
What We Do
News and Events
Work With Us
Help
Contact Us
Home > What We Do > Research & Evaluation > Library > Case Studies > Case Study- Broad Dissemination of Information Assurance Awareness  


Case Study- Broad Dissemination of Information Assurance Awareness

Research & Evaluation

Introduction
As the Department of Defense (DoD) increasingly relies on computers and networks for day-to-day operations, maintaining the safety and security of these systems has become paramount. The Federal Information Security Management Act (FISMA) requires that computer users receive annual training on information systems security. In 2006 the Defense Information Systems Agency (DISA) teamed up with SAIC and Carney, Inc. to develop an information assurance awareness (IAA) course to help DoD organizations comply with FISMA. More than 5 million DoD active duty Service members, reservists, civilians, and contractors take the course annually.  In 2009, the IAA course won the award for best training exercise from the Federal Information Systems Security Educators’ Association (FISSEA, 2009) as well as a Brandon Hall Excellence in Learning Award (Brandon Hall, 2009).

The Training Course
The one-hour, online course provides interactive training on a variety of topics related to information assurance including Internet hoaxes, identity theft, and computer viruses. The content is designed to meet requirements set by the Office of Management and Budget (OMB) and codified in DoD Instruction 8750 (DoD, 2008). 

The course has an introduction followed by a set of lessons. Learners select lessons by clicking on rooms within a model of an office building. Lessons are scenarios that trainees are likely to encounter in the workplace. They are presented as a seamless set of Flash movies that combine animation, narration, and learner interaction (generally multiple choice knowledge checks with feedback).

Screen Shot

The course gives learners control while ensuring that key content is not skipped. Specifically, lessons combine core sections, which must be played in their entirety, with optional sections containing further examples. Although learners can take lessons in any order, they must complete them all to finish the training.

This type of interactive training is more expensive to develop; estimates for complex asynchronous instruction range from a ratio of 220 (Chapman, 2006) to 276 (eLearning Guild, 2002) development hours per instructional hour, and average 117 for simple asynchronous content (eLearning Guild, 2002).  However, since mandatory training reaches such a broad audience, the per-learner cost is relatively low.

Standardized Content with Flexible Deployment
The course was designed to be easy to update with the new policies and refreshed scenarios that arise from changing information security threats. The DoD community consists of a range of organizations including the Services, Defense Agencies, Combatant Commands, and Joint Service Schools and the course is deployed throughout them. Although content cannot be removed from the course, organizations using the course have the source code and may choose to include additional modules. The OMB requirements do not mandate a post-training test for this course, but the Services may choose to include the provided test bank of questions.

Deployment to Multiple LMSs
While some of DoD organizations access the course directly from the DISA Web site, most host the course on their own LMSs. To facilitate this, Carney, Inc. ensured that the IAA course was Sharable Content Object Reference Model (SCORM) conformant.

Without SCORM, deploying the course across DoD would have required customization to accommodate more than 20 different LMSs. Each customization would have required additional resources to scope the requirements,  and program, test, and deploy the course. ADL estimates a cost savings of between $30,000 and $100,000 for each major version of the course, with additional savings due to simplified annual updates. The broad deployment of the IAA course also highlights how SCORM has enabled content reuse across DoD.

Conclusion
DISA’s Information Assurance Awareness course has become the predominant solution for mandatory IAA training within DoD. The course uses interactive multimedia to engage an audience of busy active duty Service members, reservists, and civilians on a core set of topics every year. Costs for deployment across more than 20 LMSs were kept low by conforming to SCORM , while making the source content  available free of charge for individual Services to extend the course to cover their specific requirements. 


References
Brandon Hall (2009). Retrieved November 25, 2009 from http://www.brandon-hall.com/awards/award_winners/
2009_winners.shtml

Chapman, B. (2006). PowerPoint to e-learning development tools: Comparative analysis of 20 leading systems. Sunnyvale, CA: Brandon Hall Research.

Department of Defense. (2008). Directive Number 8750, Updated May 2008. Retrieved December 16, 2009 from http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

eLearning Guild. (2002). The e-Learning Development Time Ratio Survey 2002. Santa Rosa, CA: The eLearning Guild. Retrieved October 27, 2007 from http://www.elearningguild.com/pdf/1/time%20to%20develop%20Survey.pdf

FISSEA. (2009). Retrieved October 2, 2009 from http://csrc.nist.gov/organizations/fissea/FISSEA-contest/previous-winners.shtml
Site Map | ADL FAQ | Registered Users | Contact ADL | FOIA | Privacy Policy | Web Site Policies & Notices USA.gov is the U.S. government's official web portal to all federal, state, and local government web resources and services.
Sponsored by the Office of the Under Secretary of Defense for Personnel and Readiness (OUSD P&R)
This is an official website of the U.S. Government © Advanced Distributed Learning