Was Harriet Tubman a CISSP?

Black History Month Celebration

Was Harriet Tubman a CISSP?

This is my way to celebrate and honor the woman Harriet Tubman was. She is the African American woman I most admire for her courage and dedication to secure freedom for her people, despite the high risk of losing her life. The following Chart maps each Certified Information Systems Security Professional (CISSP) security domain with Harriet Tubman's life work of ensuring freedom for runaway slaves.

Mapping of Harriet Tubman Abolitionist Activities to the 10 CISSP Security Domain Principles

***Note***

If you are having problems viewing text in the table do the following from your browser:

1. From your browser Pull Down menu, choose View
2. Then Text > Smallest or Zoom In/Out, and adjust text size accordingly.
   

The 10 CISSP Security Domains	CISSP Security Usage	Harriet Tubman's Usage
Security management practices	The security management practices domain sets the foundation for security professionals by identifying key concepts, controls: Confidentiality, Integrity Availability (CIA) triad provides the three tenets for which security practices are measured.	Confidentiality – She never disclosed any on the methods or structure of the Underground Railroad until the Civil War was over. Integrity – Use of Secret codes, Songs with hidden meaning to communicate with other slaves. Accessibility – Tubman used her extensive network of people from different backgrounds who were dedicated to the cause of freeing slaves. Keeping this system available for slaves fleeing slavery was vital and was accessible for over 40 years
Access control systems and methodology	The key to access controls is declaring who you are when before entering a system and having the system verify that you are allowed access. This is known as identification and authentication. There are three way to authenticate users: Something you know (PIN, password, phrase, pass code) Something you have (smart card, ATM card, token) Something you are (retina scan, fingerprint, voice scan)	As and abolitionist in the Underground railroad, spy for the Union Army and having knowledge of the many safe houses and points along the Underground Rail Road, Tubman would be a master of this CISSP domain as it relates to her time and activities. Tools: extensive network of secrecy, hidden songs with codes, and disguises. Something he knew – Songs with hidden codes for runaway slaves. Location of safe houses for food and shelter. Something you have (smart card, ATM card, token) Something you are – As a spy she would of have
Telecommunications and networking security	The telecommunication and network security domain is one of the most technical, as it addresses the various structures for a network, methods of communication, formats for transporting data, and measures taken to secure the network and transmission.	Her use of the extensive network known as the Underground Railroad that transported and protected runaway slaves as they traveled to the North for freedom.
Cryptography	The cryptography domain addresses the security measures used to ensure that information transmitted is only read and understood by the appropriate individual. In layman's terms, this is commonly referred to as encryption. Encryption is the transformation of plaintext into an unreadable cipher text and is the basic technology used to protect the confidentiality and integrity of data	Her usage of slave songs with encrypted messages: wade in the water: Instructing slaves headed to the North to follow the water to freedom and wade in the water at night to prevent capture. Follow the drinking gourd: Song instructing slaves to follow the Big Dipper (star) that guided travelers north to freedom. Usage of quilts with made with patterns that had hidden meanings which instructed slaves on escaping from the South to freedom in the North.
Security architecture and models	Security professionals must be aware of the software development cycle to ensure that concerns are addressed throughout the process. Information security components should be addressed concurrently in the development cycle (conception, development, implementation, testing, and maintenance).	She also provided specific instructions for about fifty to sixty other fugitives who escaped to the north. Her dangerous work required tremendous ingenuity; she usually worked during winter months, to minimize the likelihood that the group would be seen. One admirer of Tubman said: "She always came in the winter, when the nights are long and dark, and people who have homes stay in them." Once she had made contact with escaping slaves, they left town on Saturday evenings, since newspapers would not print runaway notices until Monday morning. She used spirituals as coded messages, warning fellow travelers of danger or to signal a clear path.
Operations security	The operations security domain is concerned with implementing appropriate controls and protections on hardware, software, and resources; maintaining appropriate auditing and monitoring; and evaluating system threats and vulnerabilities.	The operations of the Underground "I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger." Harriet Tubman
Application and systems development security	System feasibility: Identify the security requirements, policies, standards, etc., that will be needed. Software plans and requirements: Identify the vulnerabilities, threats, and risks. Plan the appropriate level of protection. Complete a cost-benefit analysis. Product design: Plan for the security specifications in product design (access controls, encryption, etc.). Detailed design: Design the security controls in relationship to the business needs and legal liabilities. Coding: Develop the security-related software code and documentation. Integration product: Test security measures incorporated into software and make refinements. Implementation: Implement security measures and software and test before "going live." Operations and maintenance: Monitor security software for changes, test against threats, and implement appropriate changes when necessary.	Feasibility & Purpose The escape network was solely "underground" in the sense of being an underground resistance. Tubman used security standards of her time and like a well thought out application Separations of Duties as a Security control The Underground Railroad consisted of meeting points, secret routes, transportation, and safe houses, and Individuals were often organized in small, independent groups, which helped to maintain secrecy since some knew of connecting "stations" along the route but few details of their immediate area. Implementation & Production Escaped slaves would move along the route from one way station to the next, steadily making their way north. "Conductors" on the railroad came from various backgrounds and included free-born blacks, white abolitionists, former slaves (either escaped or manumitted), and Native Americans. Security Operations & Maintenance the underground railroad wad designed with security controls, which could adapt to threats and make appropriate changes to keep from being caught by bounty hunters others whose job was to catch runaway slaves.
Physical security	The physical security domain addresses the environment surrounding the information system and components. The key to this domain is identifying the threats and vulnerabilities and applying appropriate countermeasures to physically protect the system.	The systems she was involved in protecting was the Underground Railroad and helping the Union Army during the Civil war. Use of safe houses that provided security of slaves traveling the Underground Railroad. She even packed a gun and was not afraid to use it. For the Union Army she was a nurse, scout and spy. Tubman became the first woman to lead an armed assault during the Civil War
Business continuity and disaster recovery planning	Plans must also be in place to preserve business in the wake of a disaster or disruption of service. This domain addresses two types of planning: business continuity planning (BCP) and disaster recovery planning (DRP)	Harriet Tubman was one of many individuals involved to help slaves flee to the North for freedom, with multiple routes, numerous safe houses and changing plans on the fly to avoid capture.
Laws, investigation, ethics and compliance.	Certified security professionals are morally and legally held to a higher standard of ethical conduct.8 (ISC)2 establishes a code of ethics for credentialed security professionals which includes four main canons: Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession	The ISC code of conduct also gives CISSPs instruction on how to solve conflicts of interest with information security matters. They instruct us to you the code of conflict in order to resolve the conflict. Harriet Tubman Has conflict with cannon #2, because freeing slaves was illegal, but cannon #1 takes precedent over #2 for her heralding efforts to protect society. Later the Emancipation Proclamation was signed into law by President Lincoln freeing slaves, which fueled her passion more than ever in her efforts to lead slaves to their waiting freedom. Additionally, she served the Union Army during the Civil War and the Underground Railroad worked in reverse to bring slaves back to the south to fight for their freedom.

Long before there were the CISSP 10 pillars of Information Security, Harriet Tubman embodied the essence of their principles to secure freedom for her people with 100% success per attempt. In her own words:
"I was conductor of the Underground Railroad for eight years, and I can say what most conductors can't say – I never ran my train off the track and I never lost a passenger."

Harriet Tubman, CISSP

A security professional abolitionist, & humanitarian

By

Julius Clark, MBA, CISSP, CISA

BDPA CIO , National BDPA

In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:

www.cybersecuritycareeradvisor.com 

References:

The 10 Security Domains (AHIMA Practice Brief) - American Health Information Management Association

Wikipeida.com

The Lighter Side of Information Security

Presidential Risk Management

Rid Yourself of Information Security Bad Habits

Improving on Your Information Security Bad Habits

First, I welcome 2009 amidst a multitude of perplexing world challenges. Second Technology is going to be more important than ever as more things are done with less people and with people trying to find more opportunities with limited time. Start the year off with better Information Security habits that will protect your physical wellbeing and database wellbeing. Adhere to the following suggestions and make measurable efforts to rid yourself of these Information Security bad habits:

Things to improve on

• Not respecting and adhering to your employer's computer security policies.
  
• Not changing your passwords with some frequency. If you have had your password for a while or if others know it, Change it!
  
• Sharing your login account name and passwords with others.
  
• Start using strong passwords comprising of numbers, upper & lower case letters and special keyboard characters.
  
• Stop using the same password for all of your online login activities.
  
• Not using or renewing the anti-virus product you use to keep receiving critical security updates to help protect your online computer activities and identity.
  
• Not inspecting the content of your Childs social networking profiles. Your children can fall prey to others if they reveal information that others can use to steal from them, find them or hijack their identities.
  
• Stop signing up for everything online that you receive via email. The less information you give out about yourself the less you have to worry about protecting.
  
• Not backing up your data routinely. Once it is lost is gone!
  
• Not respecting an entities copy write rights.
  

Happy New Year!

Julius Clark, MBA, CISSP, CISA

10 Essential Information Security Strategies to reduce Technology Risks for Small Business

10 Essential Information Security Strategies to reduce Technology Risks for Small Business

by

Julius Clark

1. Consider these basic measures to secure your business' desktop/ laptop computers:
   
   • Install or configure a built-in software firewall product.
     
   • Install an antivirus program, set it up to update automatically and scan often. Installing a few malware/ spyware programs is a good idea as well.
     
2. Keep up with patching for your Operating System and all installed software applications.
   
3. Secure your desktop login by using a password that is difficult to be guessed or cracked with a password cracking program and don't ever share it. Changing it often (every 90 days) will offer more protection.
   
4. Consider the following basic measures to secure your wireless network to protect the computers behind it lower the risk of being hacked:
   
   • Change the "Default Settings" on your wireless router.
     
   • Enable the hardware firewall features on your wireless router. This will reject anonymous requests for information sent from the internet and block unauthorized traffic.
     
   • Enable built-in encryption (WPA-2 recommended) on your wireless router. Follow the guidance in step 3 to create a strong passphrase that should be kept secret.
     
   • Disable wireless router from broadcasting its signal. This will prevent your network from showing up as a wireless access point on others computers that are in close proximity.
     
5. Securely store your laptop out of site when not in use. If you can't take it with you then lock it up in your car trunk. If your vehicle doesn't have a trunk, don't attempt to cover it up under a seat just take it with you. Additionally, the data contained on your laptop is far more valuable than the hardware.
   
6. Consider using encryption technology to protect your confidential data.
   
   • Use software that encrypts the entire laptop hard drive if you store credit card or social security numbers, health records or any other confidential/ sensitive information. A secret key will be required to decrypt the laptop's hard drive to boot it up, and the contents of the laptop can't be accessed; even the hard drive is taken out and place it into another device, the data will remain protected from unauthorized access. Note, laptop encryption protects the contents of your computer prior to start up. Encryption gets turned off once you login with secret key to decrypt or when your laptop is in sleep or suspended mode. Completely log off and shut down your laptop for encryption to be engaged again.
     
   • Encrypt your email communications if you transmit confidential information over the internet.
     
   • Use an encrypted flash drive that you have to authenticate to when accessing the files.
     
7. Routinely backup your most critical data on to a flash/ thumb drive and keep it offsite. If managing offsite data regularly is not ideal, consider using an online data backup service. If any of your files are lost due to deletion, hard drive failure or if a laptop is lost/ stolen, the data can be easily restored over the internet and onto another computer once you provide the correct credentials.
   
8. Setup a password to login to your mobile phone, just in case your phone is lost or stolen. This could prevent a person from accessing its contents.
   
9. GPS or car Navigation units should not be preset with addresses to your business, home or locations where your children and parents are at.
   
10. Implement Security Awareness practices for your business:
    
    • Create an information security policy that employees are expected to follow.
      
    • Become knowledgeable of Federal, State, Regulations and Laws pertaining to your industry regarding the safeguarding of confidential records.
      
    • Be on wary of individuals asking suspicious questions over the phone or in person regarding the technology your business uses. The information an attacker gains could be used to figure out a way to compromise your data/network assets.
      
    • Be conscious of your surroundings at airports, cyber cafes, etc. Individuals can use a social engineering technique called "shoulder surfing" to steal your user IDs and passwords. If possible, have your back facing a wall and give yourself a better view of all in front of you; consider purchasing a laptop privacy filter/ screen.
      
    • Shred confidential information before throwing it in the trash.
      
    • If you suspect that an unlawful criminal activity has occurred involving your business computers or internet activity, report it to law enforcement immediately.
      

Finally, if you are not computer savvy enough to implement these security strategies yourself, contact a qualified Information Security consultant.

"There is a world of difference between a certified computer technician and a certified information security professional."

Julius Clark, MBA, CISSP, CISA

Information Security Professional

Nice & Intelligent Business Solutions

www.niceandintelligent.com

BDPA Charlotte IT Assessment Project

"From the Classroom to the Boardroom"

BDPA Charlotte is proud to announce the creation of the BDPA Information Technology (IT) Assessment Project:

A collaboration between area Corporate IT professionals and Computer Science students to assess the Information Technology needs of Charlotte area Community Computer Centers.

EXECUTIVE OVERVIEW

BDPA Charlotte

IT Assessment Project

Project Purpose

The purpose of the BDPA Charlotte Information Technology (IT) assessment project is help local Charlotte organizations with community computer centers identify IT gaps. Community computer centers provide vital IT resources to citizens in underserved communities, but they often lack the personnel with skills to adequately assess their technology needs. BDPA Charlotte is looking for Charlotte area organizations, which have small to medium size community computer labs to conduct a complementary IT computer assessment. BDPA, the premier organization for African-Americans in IT, can fill this knowledge gap for organizations in our community, by providing the thought leadership and expertise to accomplish this noteworthy goal. As Microsoft phases out its most successful Operating System (OS) Windows XP, the BDPA's IT assessment project will make coordinators of community computer centers knowledgeable of the hardware requirements needed to run Microsoft's new OS Windows Vista. Additionally, it will identify risks and threats existing in their desktop computing environment.

Supporting Statistics

• 89.6% of all the worlds' computers run some flavor of Microsoft Windows. Source: http://marketshare.hitslink.com
  
• Currently, 66% of computers still run the Microsoft Windows XP OS version. Source: http://marketshare.hitslink.com
  
• 98 out of every 100 computers have 1 or more unsecure applications installed. Source: www.computerworld.com
  

Project Details

The following steps outline the actions performed as part of the IT Assessment Project.


Services Performed

* Security Vulnerability Assessment to identify risks and threats that exist on existing desktop/laptop computers.

* Assess the ability of existing computer hardware to meet the upgrade requirements to run the Microsoft Windows Vista Operation System.

Goal

Approximately four weeks after assessment, BDPA Charlotte will provide the community computer center with a formal report. The IT assessment will provide a road map to assist community computer centers for identifying and prioritizing their needs. This will empower community computer centers to provide higher quality of services to our students, job seekers, and seniors in our community. Additionally, the report information can be useful for grant applications.

Funding Requirements

The IT Assessment Project is FREE to local community computer centers, which grant BDPA Charlotte volunteers permission to perform the assessment.



BDPA Charlotte Qualifications

BDPA Charlotte is a non-profit 501(c) (3) organization comprised of professionals working in the IT field or anyone having an interest in computers. BDPA Charlotte is member of the National BDPA organization that has over 57 Chapters nationwide. Our membership is diverse and composed of IT executives, managers, consultants, entrepreneurs, project managers, developers, network engineers, programmers, web developers, instructors, and students.

BDPA is a global member focused organization that positions its members at the forefront of the IT industry. BDPA is committed to delivering IT excellence to our members, strategic partners, and community.

BDPA Charlotte strives to accomplish our mission by serving the Charlotte community, keeping our members educated and employed.

BDPA Charlotte Board


Charles Moore
President

Julius Clark Sr.
President-Elect & VP of Business Management

Lawrence Belton Jr.
VP of Finance

Cassandra Seibles
VP of Membership Services

Sherri Sonnier
VP of Membership

John Hoffler
VP of Student Information Technology & Scholarship Program

Aaron Johnson
High School Computer Competition Coordinator

Background of Project Manager

Julius Clark Sr.

Information Assurance Professional

julius.clark.sr@gmail.com


Education

Salem International University

MBA, 2004 - 2006

University of Fairfax

MSIS, Information Security, 2004 - 2006

Wentworth Institute of Technology

BS, Electronic Engineering, 1994 - 1997


Honors and Awards

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Microsoft Certified Systems Engineer (MCSE)


Specialties

Server & Network Architecture, Information Security, Information Technology Audit, Career Mentoring

and Non-profit Management.


Experience

* Security Compliance Monitoring & Reporting Engineer at Wachovia Bank
* President Elect, VP of Business Management at BDPA Charlotte Chapter
* Information Technology Auditor at Wachovia
* Director of Education at BDPA Charlotte Chapter
* Implementation Coordinator at Wachovia
* Sr. Systems Engineer at Wachovia
* Network Analyst at Piedmont Natural Gas
* Network & Telecom Analyst at Homesite Home Insurance Corporation
* Sr. Systems Engineer at American Student Assistance