Thursday, February 5, 2009

Was Harriet Tubman a CISSP?

Black History Month Celebration

Was Harriet Tubman a CISSP?
This is my way to celebrate and honor the woman Harriet Tubman was. She is the African American woman I most admire for her courage and dedication to secure freedom for her people, despite the high risk of losing her life. The following Chart maps each Certified Information Systems Security Professional (CISSP) security domain with Harriet Tubman's life work of ensuring freedom for runaway slaves.

Mapping of Harriet Tubman Abolitionist Activities to the 10 CISSP Security Domain Principles

If you are having problems viewing text in the table do the following from your browser:

  1. From your browser Pull Down menu, choose View
  2. Then Text > Smallest or Zoom In/Out, and adjust text size accordingly.

The 10 CISSP Security Domains
CISSP Security Usage
Harriet Tubman's Usage
Security management practices
The security management practices domain sets the foundation for security professionals by identifying key concepts, controls:

  • Confidentiality,
  • Integrity
  • Availability

(CIA) triad provides the three tenets for which security practices are measured.
Confidentiality – She never disclosed any on the methods or structure of the Underground Railroad until the Civil War was over.

Integrity – Use of Secret codes, Songs with hidden meaning to communicate with other slaves.

Accessibility – Tubman used her extensive network of people from different backgrounds who were dedicated to the cause of freeing slaves. Keeping this system available for slaves fleeing slavery was vital and was accessible for over 40 years
Access control systems and methodology
The key to access controls is declaring who you are when before entering a system and having the system verify that you are allowed access. This is known as identification and authentication. There are three way to authenticate users:

  1. Something you know (PIN, password, phrase, pass code)
  2. Something you have (smart card, ATM card, token)
  3. Something you are (retina scan, fingerprint, voice scan)
As and abolitionist in the Underground railroad, spy for the Union Army and having knowledge of the many safe houses and points along the Underground Rail Road, Tubman would be a master of this CISSP domain as it relates to her time and activities. Tools: extensive network of secrecy, hidden songs with codes, and disguises.

  1. Something he knew – Songs with hidden codes for runaway slaves. Location of safe houses for food and shelter.
  2. Something you have (smart card, ATM card, token)
  3. Something you are – As a spy she would of have
Telecommunications and networking security
The telecommunication and network security domain is one of the most technical, as it addresses the various structures for a network, methods of communication, formats for transporting data, and measures taken to secure the network and transmission.
Her use of the extensive network known as the Underground Railroad that transported and protected runaway slaves as they traveled to the North for freedom.
The cryptography domain addresses the security measures used to ensure that information transmitted is only read and understood by the appropriate individual. In layman's terms, this is commonly referred to as encryption. Encryption is the transformation of plaintext into an unreadable cipher text and is the basic technology used to protect the confidentiality and integrity of data
Her usage of slave songs with encrypted messages: wade in the water: Instructing slaves headed to the North to follow the water to freedom and wade in the water at night to prevent capture. Follow the drinking gourd: Song instructing slaves to follow the Big Dipper (star) that guided travelers north to freedom. Usage of quilts with made with patterns that had hidden meanings which instructed slaves on escaping from the South to freedom in the North.
Security architecture and models
Security professionals must be aware of the software development cycle to ensure that concerns are addressed throughout the process. Information security components should be addressed concurrently in the development cycle (conception, development, implementation, testing, and maintenance).
She also provided specific instructions for about fifty to sixty other fugitives who escaped to the north. Her dangerous work required tremendous ingenuity; she usually worked during winter months, to minimize the likelihood that the group would be seen. One admirer of Tubman said: "She always came in the winter, when the nights are long and dark, and people who have homes stay in them." Once she had made contact with escaping slaves, they left town on Saturday evenings, since newspapers would not print runaway notices until Monday morning. She used spirituals as coded messages, warning fellow travelers of danger or to signal a clear path.
Operations security
The operations security domain is concerned with implementing appropriate controls and protections on hardware, software, and resources; maintaining appropriate auditing and monitoring; and evaluating system threats and vulnerabilities.
The operations of the Underground
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger." Harriet Tubman
Application and systems development security
System feasibility: Identify the security requirements, policies, standards, etc., that will be needed. Software plans and requirements: Identify the vulnerabilities, threats, and risks. Plan the appropriate level of protection. Complete a cost-benefit analysis. Product design: Plan for the security specifications in product design (access controls, encryption, etc.). Detailed design: Design the security controls in relationship to the business needs and legal liabilities. Coding: Develop the security-related software code and documentation. Integration product: Test security measures incorporated into software and make refinements. Implementation: Implement security measures and software and test before "going live." Operations and maintenance: Monitor security software for changes, test against threats, and implement appropriate changes when necessary.

Feasibility & Purpose
The escape network was solely "underground" in the sense of being an underground resistance. Tubman used security standards of her time and like a well thought out application

Separations of Duties as a Security control
The Underground Railroad consisted of meeting points, secret routes, transportation, and safe houses, and Individuals were often organized in small, independent groups, which helped to maintain secrecy since some knew of connecting "stations" along the route but few details of their immediate area.

Implementation & Production
Escaped slaves would move along the route from one way station to the next, steadily making their way north. "Conductors" on the railroad came from various backgrounds and included free-born blacks, white abolitionists, former slaves (either escaped or manumitted), and Native Americans.

Security Operations & Maintenance
the underground railroad wad designed with security controls, which could adapt to threats and make appropriate changes to keep from being caught by bounty hunters others whose job was to catch runaway slaves.

Physical security
The physical security domain addresses the environment surrounding the information system and components. The key to this domain is identifying the threats and vulnerabilities and applying appropriate countermeasures to physically protect the system.
The systems she was involved in protecting was the Underground Railroad and helping the Union Army during the Civil war.

Use of safe houses that provided security of slaves traveling the Underground Railroad. She even packed a gun and was not afraid to use it.

For the Union Army she was a nurse, scout and spy.

Tubman became the first woman to lead an armed assault during the Civil War
Business continuity and disaster recovery planning
Plans must also be in place to preserve business in the wake of a disaster or disruption of service. This domain addresses two types of planning: business continuity planning (BCP) and disaster recovery planning (DRP)
Harriet Tubman was one of many individuals involved to help slaves flee to the North for freedom, with multiple routes, numerous safe houses and changing plans on the fly to avoid capture.
Laws, investigation, ethics and compliance.
Certified security professionals are morally and legally held to a higher standard of ethical conduct.8 (ISC)2 establishes a code of ethics for credentialed security professionals which includes four main canons:

  1. Protect society, the commonwealth, and the infrastructure
  2. Act honorably, honestly, justly, responsibly, and legally
  3. Provide diligent and competent service to principals
  4. Advance and protect the profession
The ISC code of conduct also gives CISSPs instruction on how to solve conflicts of interest with information security matters. They instruct us to you the code of conflict in order to resolve the conflict. Harriet Tubman Has conflict with cannon #2, because freeing slaves was illegal, but cannon #1 takes precedent over #2 for her heralding efforts to protect society. Later the Emancipation Proclamation was signed into law by President Lincoln freeing slaves, which fueled her passion more than ever in her efforts to lead slaves to their waiting freedom. Additionally, she served the Union Army during the Civil War and the Underground Railroad worked in reverse to bring slaves back to the south to fight for their freedom.

Long before there were the CISSP 10 pillars of Information Security, Harriet Tubman embodied the essence of their principles to secure freedom for her people with 100% success per attempt. In her own words:
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger."

Harriet Tubman, CISSP

A security professional abolitionist, & humanitarian


Julius Clark, MBA, CISSP, CISA

BDPA CIO , National BDPA

In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:


The 10 Security Domains (AHIMA Practice Brief) - American Health Information Management Association


Tuesday, February 3, 2009

ChaCha The Human Assisted Mobile Phone Search Engine

ChaCha the Human Guided Search Engine

  • Have you ever wondered how many vehicles are in the US?
  • Want to get stats of your favorite football player?
  • Have you ever been in a heated debate over Michael Jordan Statistics on the basketball court?
  • Ever need the recipe to make toll house cookies?
  • Have you ever had a need to get answers to any thought, but all you have available is your cell phone?

Then Meet ChaCha! ChaCha has taken the search engine to the next level by using a human search engine to do the searching for you and spit you back your answer (or as close to your answer as possible). Brought to you by Scott A. Jones, digital voice-mail inventor and holder of numerous voice-mail storage patents.

Registration Required

Go to www.chacha.com and register your mobile phone number online.


  • The ChaCha service does not work from a land line phone only a mobile phone.
  • You can only have 4 guided questions within 72 hours.
  • The service makes a best effort to answer your message you texted in.
  • Answers are not instantaneous can take up to 10 minutes.
  • Service is free to use, but subject to the terms and conditions of your cell phone messaging plan.

My Test of ChaCha

Text from my cell to 242242:

What is the BDPA?

Reply text to my cell:

BDPA stands for Black Data Processing Associates. They help spur professional growth & technical development in the IT industry.

Not bad!

Enjoy ,


Get Expert Advice!