published by rick on Wed, 01/30/2013 - 1:54pm
Have you ever replied to an email message by including the sender's email message? Did you ask for a license first?
I'm sorry, but you are guilty of copyright infringement, and may be liable for prosecution, as lovingly explained whenever we watch a prerecorded video.
Yes, it's true. Copyright is completely out of control in this country. It all started with "copyright reform" in 1976 and it's only gotten worse. Cautious publishers collect permission for EVERY image, photo, or quotation that might come from somewhere else. Never mind the notion of "fair use;" many publishers pretend it doesn't exist.
As a teacher, I rely heavily on "fair use" exemptions. Some classroom materials have a clear and simple licensing regime, but a lot of things are just "out there" without a clear process for licensing. It seriously interferes with education and even free speech when everything needs a license.
published by rick on Thu, 09/06/2012 - 5:17pm
I've deployed my training program at eisec.us.
Students can earn CPE credits and a US Government-endorsed training certificate in information security. They study the textbook (Elementary Information Security, of course), discuss topics with me on the book's discussion forums if they want, and take on-line tests on the material. Once they pass all exams, they earn the certificate.
published by rick on Thu, 05/03/2012 - 7:17pm
I am putting together a self-study program for working through my textbook Elementary Information Security.
When deployed, the program will give readers an opportunity to earn an NSTISSI 4011 training certificate, with the CNSS seal, via self-study. The program will break each chapter into two parts to be studied, and provide an on-line test to verify the reader's awareness of each part. Each successfully completed part should also qualify the student for 3 hours' worth of continuing professional education (CPE) credit.
published by rick on Thu, 03/08/2012 - 3:29pm
The U.S. government certifies courses of study in information security under the Information Assurance Courseware Evaluation (IACE) program. If a course is certified under one of the approved standards, then students are eligible to receive a certificate that carries the seal of the U.S. Committee on National Security Systems (CNSS, left) to indicate they have completed an approved course of study.
My new textbook, Elementary Information Security, has just earned certification that it conforms fully to the CNSS national training standard for information security professionals (NSTISSI 4011).
It can be challenging for an institution to get its course of study certified. Many of the topics are obvious ones for information security training, but others are relatively obscure. Several topics, like TEMPEST, COMSEC, and transmission security, have lurked in the domain of classified documents for decades.
This new text provides a comprehensive and widely available source for all topics required for NSTISSI 4011 certification. An institution can use the textbook along with the details of its NSTISSI 4011 topic mapping to establish its own certified course of study.
published by rick on Thu, 03/08/2012 - 3:01pm
Elementary Information Security has been certified to conform fully to to the Committee on National Security System’s national training standard for information security professionals (NSTISSI 4011). To do this, I had to map each topic required by the standard to the information as it appears in the textbook. Instructors who map their courses to the standard must map the topics to lectures, readings, or other materials used in those courses.
I have exported the textbook's mapping to an Excel spreadsheet file. Curriculum developers may use this information to develop a course of study that complies with NSTISSI 4011 and is eligible for certification. I'm describing the courseware mapping process in another post. Read that post first.
published by rick on Tue, 02/28/2012 - 9:47am
published by rick on Mon, 05/02/2011 - 9:46am
I started reading ebooks on my Palm III in 1998. Now that I have a tablet, paper books seem quaint and even annoying some times.
Two households in our family own hardcover copies of Clavell's Noble House
, an alarmingly thick novel from 1981. It weighs over 3.5 pounds. It makes good travel reading. I've read chapters out of different copies while on visits, but never managed to finish it. And I wasn't going to carry it on a plane. I finally bought the Kindle edition. It lives weightlessly alongside a few hundred other books on my 1.4 pound iPad.
published by rick on Mon, 02/07/2011 - 12:55pm
While writing Elementary Information Security, I wanted simple and obvious reasons to introduce various obscure security topics. Initially I wrote a series of stories about those famous cryptographic protagonists, Bob and Alice.
The actual stories never made it into the textbook, so I'm posting them on the web site.
There are eight or nine of them. I've posted two so far and will post the rest as time permits.
published by rick on Wed, 12/08/2010 - 8:48pm
I'm assembling an explanation of command injection for my upcoming textbook
Elementary Information Security. (yes, yes, it should be finished by now and in production, but things were delayed). This yielded a couple of diagrams that I've managed to squeeze onto a single sheet of 8.5 x 11 paper. Here's a JPEG preview:
It is also available as
a PDF file.
published by rick on Fri, 11/12/2010 - 8:43pm
I am finishing up a textbook on elementary information security. Unlike other books, this one targets freshmen and sophomores, and eschews memorization for problem-solving.
Sprinkled here and there are concepts we all should recognize as "basic principles" of information security: ideas that transcend programming, network design, and system administration. Now that I'm finished, here is a summary of the ones I covered. I've also noted how they compare to Saltzer and Schroeder's classic list from 1975 and, briefly, the NIST principles in SP800-14.
Pages
