Black History Month Celebration
- From your browser Pull Down menu, choose View
- Then Text > Smallest or Zoom In/Out, and adjust text size accordingly.
The 10 CISSP Security Domains
CISSP Security Usage
Harriet Tubman's Usage
Security management practices
The security management practices domain sets the foundation for security professionals by identifying key concepts, controls:
(CIA) triad provides the three tenets for which security practices are measured.
Confidentiality – She never disclosed any on the methods or structure of the Underground Railroad until the Civil War was over.
Integrity – Use of Secret codes, Songs with hidden meaning to communicate with other slaves.
Accessibility – Tubman used her extensive network of people from different backgrounds who were dedicated to the cause of freeing slaves. Keeping this system available for slaves fleeing slavery was vital and was accessible for over 40 years
Access control systems and methodology
The key to access controls is declaring who you are when before entering a system and having the system verify that you are allowed access. This is known as identification and authentication. There are three way to authenticate users:
As and abolitionist in the Underground railroad, spy for the Union Army and having knowledge of the many safe houses and points along the Underground Rail Road, Tubman would be a master of this CISSP domain as it relates to her time and activities. Tools: extensive network of secrecy, hidden songs with codes, and disguises.
Telecommunications and networking security
The telecommunication and network security domain is one of the most technical, as it addresses the various structures for a network, methods of communication, formats for transporting data, and measures taken to secure the network and transmission.
Her use of the extensive network known as the Underground Railroad that transported and protected runaway slaves as they traveled to the North for freedom.
The cryptography domain addresses the security measures used to ensure that information transmitted is only read and understood by the appropriate individual. In layman's terms, this is commonly referred to as encryption. Encryption is the transformation of plaintext into an unreadable cipher text and is the basic technology used to protect the confidentiality and integrity of data
Her usage of slave songs with encrypted messages: wade in the water: Instructing slaves headed to the North to follow the water to freedom and wade in the water at night to prevent capture. Follow the drinking gourd: Song instructing slaves to follow the Big Dipper (star) that guided travelers north to freedom. Usage of quilts with made with patterns that had hidden meanings which instructed slaves on escaping from the South to freedom in the North.
Security architecture and models
Security professionals must be aware of the software development cycle to ensure that concerns are addressed throughout the process. Information security components should be addressed concurrently in the development cycle (conception, development, implementation, testing, and maintenance).
She also provided specific instructions for about fifty to sixty other fugitives who escaped to the north. Her dangerous work required tremendous ingenuity; she usually worked during winter months, to minimize the likelihood that the group would be seen. One admirer of Tubman said: "She always came in the winter, when the nights are long and dark, and people who have homes stay in them." Once she had made contact with escaping slaves, they left town on Saturday evenings, since newspapers would not print runaway notices until Monday morning. She used spirituals as coded messages, warning fellow travelers of danger or to signal a clear path.
The operations security domain is concerned with implementing appropriate controls and protections on hardware, software, and resources; maintaining appropriate auditing and monitoring; and evaluating system threats and vulnerabilities.
The operations of the Underground
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger." Harriet Tubman
Application and systems development security
System feasibility: Identify the security requirements, policies, standards, etc., that will be needed. Software plans and requirements: Identify the vulnerabilities, threats, and risks. Plan the appropriate level of protection. Complete a cost-benefit analysis. Product design: Plan for the security specifications in product design (access controls, encryption, etc.). Detailed design: Design the security controls in relationship to the business needs and legal liabilities. Coding: Develop the security-related software code and documentation. Integration product: Test security measures incorporated into software and make refinements. Implementation: Implement security measures and software and test before "going live." Operations and maintenance: Monitor security software for changes, test against threats, and implement appropriate changes when necessary.
Feasibility & Purpose
The escape network was solely "underground" in the sense of being an underground resistance. Tubman used security standards of her time and like a well thought out application
Separations of Duties as a Security control
The Underground Railroad consisted of meeting points, secret routes, transportation, and safe houses, and Individuals were often organized in small, independent groups, which helped to maintain secrecy since some knew of connecting "stations" along the route but few details of their immediate area.
Implementation & Production
Escaped slaves would move along the route from one way station to the next, steadily making their way north. "Conductors" on the railroad came from various backgrounds and included free-born blacks, white abolitionists, former slaves (either escaped or manumitted), and Native Americans.
Security Operations & Maintenance
the underground railroad wad designed with security controls, which could adapt to threats and make appropriate changes to keep from being caught by bounty hunters others whose job was to catch runaway slaves.
The physical security domain addresses the environment surrounding the information system and components. The key to this domain is identifying the threats and vulnerabilities and applying appropriate countermeasures to physically protect the system.
The systems she was involved in protecting was the Underground Railroad and helping the Union Army during the Civil war.
Use of safe houses that provided security of slaves traveling the Underground Railroad. She even packed a gun and was not afraid to use it.
For the Union Army she was a nurse, scout and spy.
Tubman became the first woman to lead an armed assault during the Civil War
Business continuity and disaster recovery planning
Plans must also be in place to preserve business in the wake of a disaster or disruption of service. This domain addresses two types of planning: business continuity planning (BCP) and disaster recovery planning (DRP)
Harriet Tubman was one of many individuals involved to help slaves flee to the North for freedom, with multiple routes, numerous safe houses and changing plans on the fly to avoid capture.
Laws, investigation, ethics and compliance.
Certified security professionals are morally and legally held to a higher standard of ethical conduct.8 (ISC)2 establishes a code of ethics for credentialed security professionals which includes four main canons:
The ISC code of conduct also gives CISSPs instruction on how to solve conflicts of interest with information security matters. They instruct us to you the code of conflict in order to resolve the conflict. Harriet Tubman Has conflict with cannon #2, because freeing slaves was illegal, but cannon #1 takes precedent over #2 for her heralding efforts to protect society. Later the Emancipation Proclamation was signed into law by President Lincoln freeing slaves, which fueled her passion more than ever in her efforts to lead slaves to their waiting freedom. Additionally, she served the Union Army during the Civil War and the Underground Railroad worked in reverse to bring slaves back to the south to fight for their freedom.
Long before there were the CISSP 10 pillars of Information Security, Harriet Tubman embodied the essence of their principles to secure freedom for her people with 100% success per attempt. In her own words:
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger."
Harriet Tubman, CISSP
A security professional abolitionist, & humanitarian
Julius Clark, MBA, CISSP, CISA
BDPA CIO , National BDPA
In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:
The 10 Security Domains (AHIMA Practice Brief) - American Health Information Management Association