GUIs: Control, Conveyance, Continuity, and Context

Windows 8 Animated EvaluationI'm a sucker for basic principles distilled into pithy prescriptions.

A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8

I've just checked a few of my favorite usability resources (Don Norman, Alan Cooper's About Face, Ben Shneiderman), plus a bit of Googling, and I can't find a "recognized GUI authority" who reduces the problem to these four aspects.

Even so, I think Boyko has hit on something good. When I tried to distill a modern set of security-relevant design principles for my textbook, I had no concise statement about usable security that was backed up by extensive industry practice. In other words, there are accepted design principles for security, but not for usable security. There are a lot of principles that outline what's nice to have, but none that trump security traditions (like impossible-to-memorize passwords).

Post category: 

Quantum Computations, Crypto, and Chicken Little

UCSB qbit processorYet again, the sky is falling.

Researchers at UCSB have demonstrated a "quantum processor" that correctly operates "Schor's algorithm for factoring primes" all of 48% of the time (Photo left, courtesy of UCSB). This has produced all sorts of dire predictions about existing cryptographic mechanisms. 

This is nonsense. We don't know enough about quantum computing to believe that a practical quantum computer architecture can follow Moore's law. And so-called "quantum cryptography" is not the answer.

Post category: 

Cyber Security Self Study

NSTISSI 4011 trainingI've deployed my training program at eisec.us

Students can earn CPE credits and a US Government-endorsed training certificate in information security. They study the textbook (Elementary Information Security, of course), discuss topics with me on the book's discussion forums if they want, and take on-line tests on the material. Once they pass all exams, they earn the certificate.

Post category: 

Drupal Feed Importer Failures

Modern web site software - like Drupal - simply provides a web-based front end to a database. For a traditional web site, the front end retrieves articles and formats them on HTML pages. A more sophisticated web site allows more sophisticated access to the database.

If we embrace this vision, we build a new web site by importing databases. On Drupal, that means we use the Feed Importer. I have finally gotten the Feed Importer to work, after several hours of banging around.

Wordpress tag: 
Post category: 

A really simple Drupal 7 example module

DrupalA couple of months back I attended DrupalCamp Twin Cities, to try to improve my understanding of Drupal. It was a good event and, thanks to an enlightening talk by Tess Flynn, I now see how the incoming path is converted into code execution. 

This week I took the next step: I wrote the simplest possible Drupal 7 module from scratch. Although I had several examples to work from, it took several attempts to get things right. And now, here it is: Rick's Testie Drupal 7 Module (zip file). 

Wordpress tag: 
Post category: 

Information Security Self-Study Program

I am putting together a self-study program for working through my textbook Elementary Information Security. 

When deployed, the program will give readers an opportunity to earn an NSTISSI 4011 training certificate, with the CNSS seal, via self-study. The program will break each chapter into two parts to be studied, and provide an on-line test to verify the reader's awareness of each part. Each successfully completed part should also qualify the student for 3 hours' worth of continuing professional education (CPE) credit. 

Wordpress tag: 
Post category: 

Drupal 7 Conversion - Finally!

Drupalcon Chicago 2011Drupal 7 was released for "production" a little over a year ago at the Drupalcon Chicago. Upon returning from that event, I put a week or so into trying to convert from Drupal 6 to Drupal 7. This produced a series of disappointed-sounding blog entries as my attempts failed. I kept trying every few months, hoping that a new D7 release, or an improvement in my Drupal skills, would yield success.

I've finally succeeded.

I implemented an AMP stack on my Mac. "AMP" means "Apache," "MySQL," and "PHP;" it required me to install MySQL and hook it all together. Then I moved the laborious conversion process to my desktop. My efforts succeeded a few weeks ago, but I was stymied when I tried to deploy the converted site onto my GoDaddy hosting. I finally tracked the problem down - where else - in the .htaccess file defaults.

Wordpress tag: 
Post category: 

Earning IACE Certification Using a Certified Textbook

CNSS certified to conform to NSTISSI 4011The U.S. government certifies courses of study in information security under the Information Assurance Courseware Evaluation (IACE) program. If a course is certified under one of the approved standards, then students are eligible to receive a certificate that carries the seal of the U.S. Committee on National Security Systems (CNSS, left) to indicate they have completed an approved course of study.

My new textbook, Elementary Information Security, has just earned certification that it conforms fully to the CNSS national training standard for information security professionals (NSTISSI 4011).

It can be challenging for an institution to get its course of study certified. Many of the topics are obvious ones for information security training, but others are relatively obscure. Several topics, like TEMPEST, COMSEC, and transmission security, have lurked in the domain of classified documents for decades.

This new text provides a comprehensive and widely available source for all topics required for NSTISSI 4011 certification. An institution can use the textbook along with the details of its NSTISSI 4011 topic mapping to establish its own certified course of study.

Post category: 

Elementary Information Security Topic Mapping for NSTISSI 4011

Elementary Information SecurityElementary Information Security has been certified to conform fully to  to the Committee on National Security System’s national training standard for information security professionals (NSTISSI 4011). To do this, I had to map each topic required by the standard to the information as it appears in the textbook. Instructors who map their courses to the standard must map the topics to lectures, readings, or other materials used in those courses.

I have exported the textbook's mapping to an Excel spreadsheet file. Curriculum developers may use this information to develop a course of study that complies with NSTISSI 4011 and is eligible for certification. I'm describing the courseware mapping process in another post. Read that post first.

Post category: 

The First Textbook Certified by the NSA

CNSS LogoI received an email this morning announcing that Elementary Information Security has been certified by the NSA's Information Assurance Courseware Evaluation program as covering all topics required for training information security professionals. Here is the certification letter.

This is the first time thay have certified textbooks. In the past they've only certified training programs and degree programs.

The evaluation is based on the national training standard NSTISSI 4011. The book also covers the core learning outcomes for Information Assurance and Security listed in the Information Technology 2008 Curriculum Recommendations from the ACM and IEEE Computer Society.

Wordpress tag: 
Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer