You are here

rick's blog

Elementary Information Security Topic Mapping for NSTISSI 4011

Elementary Information SecurityElementary Information Security has been certified to conform fully to  to the Committee on National Security System’s national training standard for information security professionals (NSTISSI 4011). To do this, I had to map each topic required by the standard to the information as it appears in the textbook. Instructors who map their courses to the standard must map the topics to lectures, readings, or other materials used in those courses.

I have exported the textbook's mapping to an Excel spreadsheet file. Curriculum developers may use this information to develop a course of study that complies with NSTISSI 4011 and is eligible for certification. I'm describing the courseware mapping process in another post. Read that post first.

Post category: 

The First Textbook Certified by the NSA

CNSS LogoI received an email this morning announcing that Elementary Information Security has been certified by the NSA's Information Assurance Courseware Evaluation program as covering all topics required for training information security professionals. Here is the certification letter.

This is the first time thay have certified textbooks. In the past they've only certified training programs and degree programs.

The evaluation is based on the national training standard NSTISSI 4011. The book also covers the core learning outcomes for Information Assurance and Security listed in the Information Technology 2008 Curriculum Recommendations from the ACM and IEEE Computer Society.

Wordpress tag: 
Post category: 

The Danland Theme

I've migrated to the Danland Drupal theme. Danland is stable and it looks great right out of the box. Moreover, I find I have trouble with themes that use a dark-color background instead of a light or white one. The off-color looks fine when things work well, but fails miserably when anything goes wrong. I'm enough of a tinkerer to appreciate expressive error messages.

Wordpress tag: 
Post category: 

Replacing a Hacked Password

HackI just received a couple of spam emails from a friend who had had her email account hacked. The hacker sent the spam to everyone on her contact list. Here's what I told her:

First, replace your old password!

Second, choose a password that can't be guessed based on text in your emails!

Third, write down the password. Keep that piece of paper till you remember the password without looking.

Post category: 

A Temporary New Look

The web site now sports an incomplete custom theme. My earlier theme was rendered obsolete by a Drupal upgrade.

And that was atop unexpected down time: the upgrade process went poorly and I had to roll things back and try again.

Wordpress tag: 
Post category: 

A Hack at Best Buy?

This morning I received a flurry of unexpected email messages from Best Buy's "Reward Zone," one of those preferred customer programs. I was reading email when the messages arrived, so I immediately tried to log in to the account and check its status. I couldn't log in, so I immediately called Best Buy.

Wordpress tag: 
Post category: 

The Strike

CopyrightI took my site off line for roughly 24 hours as part of the Net-wide strike against impending US Congressional action. As a published author I applaud efforts made to protect my income from piracy. However, the current legislative efforts put the operation and culture of today's Internet at risk. They also undermine the concept of due process.

Post category: 

OS X Lion: No encrypted RAID after all

Full disk encryptionI installed Lion last night and spent today figuring out what does - and does not - work. As a huge fan of full-disk encryption (FDE), I'm disappointed in their drive encryption.

RAID may have been improved, but Lion's encryption features, including Time Machine encryption, are not compatible with Apple's RAID.

The diagram at right (from Elementary Information Security) shows how full-disk encryption (FDE) typically integrates into the system software. The diagram doesn't show where the RAID software might reside. I'd expect it to be very closely tied to the device driver. However, it appears instead that Apple placed the FDE below the RAID software. Perhaps this improves performance, or perhaps the choice was driven by design decisions invisible outside Cupertino.

The Time Machine improvement: they have explicitly documented how to switch in a new mirrored drive for an old one. I haven't tried their suggested process since the upgrade. I'd tried the suggested process a couple of years ago, only to have it fail. So we'll see how it goes.

Post category: 

Summer Broadband Usage

This is the Comcast report on our broadband usage last summer, after Alex and Courtney moved back home while they looked for an apartment.

Summer Broadband Usage

Comcast did not provide the annotations in red. The heavy dashed line is Comcast's 250GB "limit" on monthly broadband usage. I'm relieved that the limit is an advisory thing, so far, and not something they necessarily enforce.

Wordpress tag: 
Post category: 

The Five Worst User Interfaces

Call Lost - Redial?Bad user interfaces really annoy me. At best, a bad interface costs us time and effort. At worst, it can trick us into breaking something. A bad user interface is an assurance problem just waiting to happen.

Here are my nominations for the five worst user interfaces:

  • Recovering a lost phone call
  • Voicemail
  • Adding high-quality sound to a TV
  • Electronic calendars and time zones
  • Setting a watch

I've probably forgotten a few that are much more common and much, much worse. When you've lived with a bad interface for a really long time you adapt to it and forget how much trouble it causes.

Post category: 


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer