Cryptosmith

I am putting together a self-study program for working through my textbook Elementary Information Security. 

When deployed, the program will give readers an opportunity to earn an NSTISSI 4011 training certificate, with the CNSS seal, via self-study. The program will break each chapter into two parts to be studied, and provide an on-line test to verify the reader's awareness of each part. Each successfully completed part should also qualify the student for 3 hours' worth of continuing professional education (CPE) credit. 

Drupal 7 was released for "production" a little over a year ago at the Drupalcon Chicago. Upon returning from that event, I put a week or so into trying to convert from Drupal 6 to Drupal 7. This produced a series of disappointed-sounding blog entries as my attempts failed. I kept trying every few months, hoping that a new D7 release, or an improvement in my Drupal skills, would yield success.

I've finally succeeded.

I implemented an AMP stack on my Mac. "AMP" means "Apache," "MySQL," and "PHP;" it required me to install MySQL and hook it all together. Then I moved the laborious conversion process to my desktop. My efforts succeeded a few weeks ago, but I was stymied when I tried to deploy the converted site onto my GoDaddy hosting. I finally tracked the problem down - where else - in the .htaccess file defaults.

The U.S. government certifies courses of study in information security under the Information Assurance Courseware Evaluation (IACE) program. If a course is certified under one of the approved standards, then students are eligible to receive a certificate that carries the seal of the U.S. Committee on National Security Systems (CNSS, left) to indicate they have completed an approved course of study.

My new textbook, Elementary Information Security, has just earned certification that it conforms fully to the CNSS national training standard for information security professionals (NSTISSI 4011).

It can be challenging for an institution to get its course of study certified. Many of the topics are obvious ones for information security training, but others are relatively obscure. Several topics, like TEMPEST, COMSEC, and transmission security, have lurked in the domain of classified documents for decades.

This new text provides a comprehensive and widely available source for all topics required for NSTISSI 4011 certification. An institution can use the textbook along with the details of its NSTISSI 4011 topic mapping to establish its own certified course of study.

Elementary Information Security has been certified to conform fully to  to the Committee on National Security System’s national training standard for information security professionals (NSTISSI 4011). To do this, I had to map each topic required by the standard to the information as it appears in the textbook. Instructors who map their courses to the standard must map the topics to lectures, readings, or other materials used in those courses.

I have exported the textbook's mapping to an Excel spreadsheet file. Curriculum developers may use this information to develop a course of study that complies with NSTISSI 4011 and is eligible for certification. I'm describing the courseware mapping process in another post. Read that post first.

I received an email this morning announcing that Elementary Information Security has been certified by the NSA's Information Assurance Courseware Evaluation program as covering all topics required for training information security professionals. Here is the certification letter.

This is the first time thay have certified textbooks. In the past they've only certified training programs and degree programs.

The evaluation is based on the national training standard NSTISSI 4011. The book also covers the core learning outcomes for Information Assurance and Security listed in the Information Technology 2008 Curriculum Recommendations from the ACM and IEEE Computer Society.

I've migrated to the Danland Drupal theme. Danland is stable and it looks great right out of the box. Moreover, I find I have trouble with themes that use a dark-color background instead of a light or white one. The off-color looks fine when things work well, but fails miserably when anything goes wrong. I'm enough of a tinkerer to appreciate expressive error messages.

I just received a couple of spam emails from a friend who had had her email account hacked. The hacker sent the spam to everyone on her contact list. Here's what I told her:

First, replace your old password!

Second, choose a password that can't be guessed based on text in your emails!

Third, write down the password. Keep that piece of paper till you remember the password without looking.

The web site now sports an incomplete custom theme. My earlier theme was rendered obsolete by a Drupal upgrade.

And that was atop unexpected down time: the upgrade process went poorly and I had to roll things back and try again.

This morning I received a flurry of unexpected email messages from Best Buy's "Reward Zone," one of those preferred customer programs. I was reading email when the messages arrived, so I immediately tried to log in to the account and check its status. I couldn't log in, so I immediately called Best Buy.

I took my site off line for roughly 24 hours as part of the Net-wide strike against impending US Congressional action. As a published author I applaud efforts made to protect my income from piracy. However, the current legislative efforts put the operation and culture of today's Internet at risk. They also undermine the concept of due process.