Elementary Information Security has been certified to conform fully to to the Committee on National Security System’s national training standard for information security professionals (NSTISSI 4011). To do this, I had to map each topic required by the standard to the information as it appears in the textbook. Instructors who map their courses to the standard must map the topics to lectures, readings, or other materials used in those courses.
I have exported the textbook's mapping to an Excel spreadsheet file. Curriculum developers may use this information to develop a course of study that complies with NSTISSI 4011 and is eligible for certification. I'm describing the courseware mapping process in another post. Read that post first.
The topic mapping for Elementary Information Security relates a single “course,” the textbook itself, to the required topics in the NSTISSI 4011 standard. The mapping is made available in a spreadsheet. The first column contains row numbers. The next three columns, Subsection, Element, and Topic, contain topic identifiers from the standard. The Chapters column lists the chapters by number that cover a particular topic. The column may also contain the letter “B” to point to Appendix B.
The Notes column points directly to each topic by section number and page number. These were placed in the “Additional Comments” field of the mapping. This is because the textbook focuses primarily on readability and an appropriate progression of topics. Detailed comments were provided to ensure that appropriate information about every topic appeared in the mapping.
Most mappings should not require additional comments, or at least require this level of detail. If the course and topic mappings link to files in which the material is easily found, then additional comments shouldn't be required.
The phrase “summary justification” is used when an earlier or higher-level topic covers several subtopics as well. The mapping web site allows summary justification for selected topics. When used, the mapping only needs to specify the earlier or higher-level topic. The subsequent, related topics are then filled in automatically and locked from editing.
The Elementary Information Security mapping may be downloaded in spreadsheet form, and used as a starting point for mapping the institution's curriculum. However, this particular spreadsheet maps all topics to a single “course,” the Elementary Information Security textbook. Mapping is by chapter numbers in the Chapters column.
In a curriculum containing several courses, the spreadsheet should be modified to allow mapping of multiple courses and the topics they contain. One approach is to include a column with two-part entries, one part indicates a course and the other part selects a particular course topic. Another approach is to provide a separate column for each course. If a particular course covers a particular required topic, then the course's column identifies the corresponding course topic.