At last month\u2019s conference of the Federal Information Systems Security Association, the Defense Information Systems Agency (DISA) of the U.S. Department of Defense presented the latest information assurance training and awareness products.I have used the free DISA CD-ROM courses for many years as adjuncts to undergraduate courses and have always been delighted with the technical quality of the information presented. The artwork and narration have also been excellent. Most of them can be used as Web-based training (WBT) or directly from the CD-ROM.Don\u2019t be put off by the Defense Department orientation of the materials; it doesn\u2019t take much effort for users to realize that Defense Department-specific references can be ignored if they are inappropriate. Except for the most specialized titles, the principles and most of the practical recommendations in these training aids are perfectly applicable to any system.Here are some of the highlights from the current catalog that will interest network and security administrators and information assurance trainers and educators.* Critical Infrastructure Protection v1.0: \u201cprovides baseline CIP [Critical Infrastructure Protection] awareness to enhance the knowledge of DOD personnel in the front lines of defense, DOD and other government CIP planners, infrastructure owners, managers, technicians and users.\u201d* Information Assurance Policy & Technology v1.0: \u201ccreated so that users of the program may successfully perform their duties as Information Assurance Officers\/Managers (IAO\/M) or System Administrators in accordance with DOD guidance pertaining to the defense of information systems.\u201d The descriptive text explains that topics include \u201cpolicy and oversight, inspection and audit\u2026 prevention, detection and eradication of viruses; execution and evaluation of system audit records; access control; disposition of Information Systems (IS) media; and development and compliance with the risk managed approval of system operations (certification and accreditation) plans.\u201d* Web Security: This course \u201ccovers legal issues, DOD policy and guidance, information protection, server side security and client side security.\u201d* Database Security v1.1: \u201cTopics\u2026 include database structures and management systems, Structured Query Language (SQL), administration tools, and database security methods. In addition, the course covers database concepts and terms, discusses privileges and roles used in controlling data access, and introduces profiles and tablespaces, which are used to limit system resources.\u201d* Active Defense: An Executive\u2019s Guide to Information Assurance v1.0: \u201cThis course presents the goals of an information assurance program, explains why meeting these goals is essential to success, and distinguishes [among] the roles and responsibilities of all members of the organization.\u201d The course also explains how to identify and manage risks to information systems. Valuable checklists are provided at the end of each section.Some of the products to which we can look forward include:* A set of network-building, attack and defense scenarios and simulations.* A cyberlaw course to be released in 2004.In addition to the newer products, there are dozens of older yet valuable titles, including videos that can spice up your information security awareness classes or your school, college or university classes in IA. In particular, my students seem to enjoy the video \u201cSolar Sunrise, Dawn of a New Threat \/ Risky Business.\u201d Both parts have fast TV-news-style action, pounding music tracks and lots of exciting images of military installations, FBI agents showing up to arrest hackers, and so on. They are especially suitable for younger people.