Black History Month Celebration
Was Harriet Tubman a CISSP?
This is my way to celebrate and honor the woman Harriet Tubman was. She is the African American woman I most admire for her courage and dedication to secure freedom for her people, despite the high risk of losing her life. The following Chart maps each Certified Information Systems Security Professional (CISSP) security domain with Harriet Tubman's life work of ensuring freedom for runaway slaves.
Mapping of Harriet Tubman Abolitionist Activities to the 10 CISSP Security Domain Principles
***Note***
If you are having problems viewing text in the table do the following from your browser:- From your browser Pull Down menu, choose View
- Then Text > Smallest or Zoom In/Out, and adjust text size accordingly.
The 10 CISSP Security Domains
|
CISSP Security Usage
|
Harriet Tubman's Usage
|
Security management practices
|
The security management practices domain sets the foundation for security professionals by identifying key concepts, controls:
(CIA) triad provides the three tenets for which security practices are measured.
|
Confidentiality – She never disclosed any on the methods or structure of the Underground Railroad until the Civil War was over.
Integrity – Use of Secret codes, Songs with hidden meaning to communicate with other slaves.
Accessibility – Tubman used her extensive network of people from different backgrounds who were dedicated to the cause of freeing slaves. Keeping this system available for slaves fleeing slavery was vital and was accessible for over 40 years
|
Access control systems and methodology
|
The key to access controls is declaring who you are when before entering a system and having the system verify that you are allowed access. This is known as identification and authentication. There are three way to authenticate users:
|
As and abolitionist in the Underground railroad, spy for the Union Army and having knowledge of the many safe houses and points along the Underground Rail Road, Tubman would be a master of this CISSP domain as it relates to her time and activities. Tools: extensive network of secrecy, hidden songs with codes, and disguises.
|
Telecommunications and networking security
|
The telecommunication and network security domain is one of the most technical, as it addresses the various structures for a network, methods of communication, formats for transporting data, and measures taken to secure the network and transmission.
|
Her use of the extensive network known as the Underground Railroad that transported and protected runaway slaves as they traveled to the North for freedom.
|
Cryptography
|
The cryptography domain addresses the security measures used to ensure that information transmitted is only read and understood by the appropriate individual. In layman's terms, this is commonly referred to as encryption. Encryption is the transformation of plaintext into an unreadable cipher text and is the basic technology used to protect the confidentiality and integrity of data
|
Her usage of slave songs with encrypted messages: wade in the water: Instructing slaves headed to the North to follow the water to freedom and wade in the water at night to prevent capture. Follow the drinking gourd: Song instructing slaves to follow the Big Dipper (star) that guided travelers north to freedom. Usage of quilts with made with patterns that had hidden meanings which instructed slaves on escaping from the South to freedom in the North.
|
Security architecture and models
|
Security professionals must be aware of the software development cycle to ensure that concerns are addressed throughout the process. Information security components should be addressed concurrently in the development cycle (conception, development, implementation, testing, and maintenance).
|
She also provided specific instructions for about fifty to sixty other fugitives who escaped to the north. Her dangerous work required tremendous ingenuity; she usually worked during winter months, to minimize the likelihood that the group would be seen. One admirer of Tubman said: "She always came in the winter, when the nights are long and dark, and people who have homes stay in them." Once she had made contact with escaping slaves, they left town on Saturday evenings, since newspapers would not print runaway notices until Monday morning. She used spirituals as coded messages, warning fellow travelers of danger or to signal a clear path.
|
Operations security
|
The operations security domain is concerned with implementing appropriate controls and protections on hardware, software, and resources; maintaining appropriate auditing and monitoring; and evaluating system threats and vulnerabilities.
|
The operations of the Underground
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger." Harriet Tubman
|
Application and systems development security
|
System feasibility: Identify the security requirements, policies, standards, etc., that will be needed. Software plans and requirements: Identify the vulnerabilities, threats, and risks. Plan the appropriate level of protection. Complete a cost-benefit analysis. Product design: Plan for the security specifications in product design (access controls, encryption, etc.). Detailed design: Design the security controls in relationship to the business needs and legal liabilities. Coding: Develop the security-related software code and documentation. Integration product: Test security measures incorporated into software and make refinements. Implementation: Implement security measures and software and test before "going live." Operations and maintenance: Monitor security software for changes, test against threats, and implement appropriate changes when necessary.
|
Feasibility & Purpose
The escape network was solely "underground" in the sense of being an underground resistance. Tubman used security standards of her time and like a well thought out application
Separations of Duties as a Security control
The Underground Railroad consisted of meeting points, secret routes, transportation, and safe houses, and Individuals were often organized in small, independent groups, which helped to maintain secrecy since some knew of connecting "stations" along the route but few details of their immediate area.
Implementation & Production
Escaped slaves would move along the route from one way station to the next, steadily making their way north. "Conductors" on the railroad came from various backgrounds and included free-born blacks, white abolitionists, former slaves (either escaped or manumitted), and Native Americans.
Security Operations & Maintenance
the underground railroad wad designed with security controls, which could adapt to threats and make appropriate changes to keep from being caught by bounty hunters others whose job was to catch runaway slaves.
|
Physical security
|
The physical security domain addresses the environment surrounding the information system and components. The key to this domain is identifying the threats and vulnerabilities and applying appropriate countermeasures to physically protect the system.
|
The systems she was involved in protecting was the Underground Railroad and helping the Union Army during the Civil war.
Use of safe houses that provided security of slaves traveling the Underground Railroad. She even packed a gun and was not afraid to use it.
For the Union Army she was a nurse, scout and spy.
Tubman became the first woman to lead an armed assault during the Civil War
|
Business continuity and disaster recovery planning
|
Plans must also be in place to preserve business in the wake of a disaster or disruption of service. This domain addresses two types of planning: business continuity planning (BCP) and disaster recovery planning (DRP)
|
Harriet Tubman was one of many individuals involved to help slaves flee to the North for freedom, with multiple routes, numerous safe houses and changing plans on the fly to avoid capture.
|
Laws, investigation, ethics and compliance.
|
Certified security professionals are morally and legally held to a higher standard of ethical conduct.8 (ISC)2 establishes a code of ethics for credentialed security professionals which includes four main canons:
|
The ISC code of conduct also gives CISSPs instruction on how to solve conflicts of interest with information security matters. They instruct us to you the code of conflict in order to resolve the conflict. Harriet Tubman Has conflict with cannon #2, because freeing slaves was illegal, but cannon #1 takes precedent over #2 for her heralding efforts to protect society. Later the Emancipation Proclamation was signed into law by President Lincoln freeing slaves, which fueled her passion more than ever in her efforts to lead slaves to their waiting freedom. Additionally, she served the Union Army during the Civil War and the Underground Railroad worked in reverse to bring slaves back to the south to fight for their freedom.
|
Long before there were the CISSP 10 pillars of Information Security, Harriet Tubman embodied the essence of their principles to secure freedom for her people with 100% success per attempt. In her own words:
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger."
Harriet Tubman, CISSP
A security professional abolitionist, & humanitarian
By
Julius Clark, MBA, CISSP, CISA
BDPA CIO , National BDPA
In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:
References:
The 10 Security Domains (AHIMA Practice Brief) - American Health Information Management Association
Wikipeida.com
Remarkable way to tie together your IT passion for security with Black History month. Harriet Tubman is truly a powerful image for all Americans...
ReplyDeletepeace, Villager
Remarkable linkage to the past. This proves that security is intrinsic to life... as a fellow security professional... my mission is to look at security as a way of life... an attitude... not something that must be done just to follow rules... As a veteran, security will drilled into us from day one. And finally... as a native NYer... I can't help thinking about security in just about everything I do!!!
ReplyDeleteRon
To Villager:
ReplyDeleteTubman was a security person before being a security person was cool, but she performed so as a fugitive from slavery.
To Ron:
I wrote this to inspire other African Americans to pursue careers in technology and it makes me feel good that I can energize seasoned security professionals such as yourself.
I very much enjoyed reading this blog on the parallels of the CISSP domains to Harriet Tubman and her desire to assist people during adversity. I vaguely remember her name from history books, but until I read Julius' thoughts, I was not fully aware of her contributions to our country. My hat is off to you Julius for opening another perspective on life.
ReplyDeleteI actually enjoyed reading through this posting.Many thanks.
ReplyDeleteCISSP