Curriculum and Courseware Certification

These articles are for instructors or curriculum developers who want to have their courseware certified by the National Security Agency's Information Assurance Courseware Evaluation (IACE) program. These articles focus on certifying compliance with NSTISSI 4011, the national training standard for information security (INFOSEC) professionals.

I recommend that instructors adopt Elementary Information Security for one or more courses in their curriculum and take advantage of the textbook's NSTISSI 4011 mapping information. Existing courses may already cover many of the training standard's required topics, and the mapping information makes it easy to develop course notes and to identify assigned readings that fill the remaining gaps.

NSTISSI 4011 was issued in 1994. This predates the widespread use of technologies like firewalls and SSL. To ensure up-to-date coverage of essential topics, the book also incorporates information from curriculum recommendations published jointly by the ACM and the IEEE Computer Society. Specifically, the book covers the topics and core learning outcomes listed in the Information Security and Assurance knowledge area of the Information Technology 2008 curriculum recommendations.

To best ensure up-to-date coverage, the book also reflects a review of recent malware implementations and techniques, and of web server vulnerabilities. Additional coverage of cryptographic techniques serves as a sort of update to a different, aging book I wrote, Internet Cryptography.

Here are some resources to support the mapping effort:

• Excel spreadsheet containing the courseware mapping - this indicates how all topics in NSTISSI 4011 are covered by the textbook. The spreadsheet is explained in one of the articles below.
• Certification announcement - this is the letter from the IACE program announcing the certification of Elementary Information Security.

The following articles further outline the certification process.