-

 



U.S. DEPARTMENT OF LABOR
Employment and Training Administration
Washington, D. C. 20210

CLASSIFICATION

UI

CORRESPONDENCE SYMBOL

TEUDPR

ISSUE DATE

August 11, 1998

RESCISSIONS

None

EXPIRATION DATE

August 11, 1999

DIRECTIVE

:

UNEMPLOYMENT INSURANCE PROGRAM LETTER NO. 40-98

 

TO

:

ALL STATE EMPLOYMENT SECURITY AGENCIES

 

FROM

:

GRACE A. KILBANE
Director
Unemployment Insurance Service

 

SUBJECT

:

RiskWatch Software Refresher Training

 

  1. Purpose. To provide information to State Employment Security Agencies (SESAs) on RiskWatch software refresher training.

  2. References.

    1. ETA Handbook No. 376, Guidelines for Internal Security in UI Operations.

    2. Unemployment Insurance Program Letter (UIPL) No. 30-98, User Group Forums.

    3. UIPL No. 08-97, Risk Analysis Training.

    4. UIPL No. 12-95, Risk Analysis Project.

    5. UIPL No. 34-87, Unemployment Insurance (UI) Internal Security Risk Analysis (Vulnerability Assessment).

  3. Background. Since fiscal year 1982, the Department of Labor has allocated resources for the Internal Security (IS) program. In concert with the IS program, the Employment and Training Administration requires that SESAs complete a risk analysis of the UI program covering the vulnerability of all UI program operations whenever major system changes occur but not less than once every three years.

    A risk analysis provides information for SESA management on the economic balance between the impact of risks and the costs of protective measures. In performing a risk analysis, the Internal Security Unit must identify assets, threats to the system (both program and computer related), vulnerabilities, and cost effective safeguards.

    To aide the SESAs in performing the required UI risk analysis, RiskWatch software (an automated risk analysis software package) was purchased and provided to SESAs who did not already have a copy. During 1997 and 1998, six UI risk analysis training classes (basic, intermediate, and advanced) were conducted for SESA staff involved in risk analysis. These classes included training on the use of RiskWatch software in conducting risk analyses.

  4. RiskWatch Software Refresher Training. RiskWatch staff will conduct two three-day refresher training sessions at their Annapolis, Maryland facility. The first will be held September 23-25, 1998 and the second, October 14-16, 1998.

    Participation is limited to one person per state. The training is designed to provide individuals who have a general familiarity with the RiskWatch software with a review of the basics of using the software in completing a risk analysis. While completion of the earlier risk analysis training would be desirable, it is not a prerequisite for attending this refresher training. However, nominees should have an understanding of the risk analysis process and methodology, some experience with risk analysis such as participation in completing a risk analysis (full or partial), and general familiarity with the RiskWatch software.

    The address of RiskWatch facility is 900 Bestgate Road, Suite 210, Annapolis, MD. 21401, Telephone Number (410)224-4773. Travel arrangements and all associated costs (other than the cost of training) are the responsibility of the attendee.

  5. Action Required. All SESA Administrators are requested to:

    1. Provide copies of this UIPL to appropriate IS staff and other appropriate personnel.

    2. Provide the regional IS coordinator and Barbara Hendricks of RiskWatch at(800)448-4666 or(410)224-4773 with the name of the SESA's attendee and session preference by August 28, 1998.

  6. Inquiries. Inquiries should be made directly to Elaine Schock at (916) 654-7929 and appropriate Regional Office IS coordinator.