Introduction

My name is Duane Dunston and I will be updating the SIA curriculum. This course teaches real world security principles and provides hands-on exercises for you to become actively engaged in the learning process. This course is not watered down and you'll get a lot out of it, if you actively participate and read through the material and the Recommended Readings throughout the course.

LearnSIA is not apart of or affiliated with Carnegie Mellon, we've been granted permission to create a derivative of their SIA courses, which they've discontinued. You will need to contact them if you wish to make further derivatives of this curriculum.

SIA Curriculum Foundations

Today's organizations rely on networked systems powered by fast-changing technology. This reliance makes them more vulnerable to attacks and forces system administrators to seek new approaches to computer and network security. To help them, the CERT developed a downloadable three-course curriculum in survivability and information assurance (SIA). This curriculum offers a problem-solving methodology built on key SIA principles that are independent of specific technologies. These principles form the foundation of CERT's SIA Curriculum. A summary of the curriculum is provided below.

We based the SIA Curriculum on five key foundations. Each is detailed in Foundations of the SIA Curriculum:

  1. Principles of Survivability and Information Assurance: Making decisions through an organized thought process
  2. The Enterprise Network Supports the Mission of the Business: Understanding how technology choices and applications impact the mission of the business
  3. Survivable Functional Units: Reducing the complexity of the enterprise to a manageable size
  4. Inherit an Enterprise Network: Integrating seamlessly new functionality in the network while keeping mission and constraints of the business in focus
  5. Challenge Assumptions: Understanding first the assumptions, challenging them, and then making an informed decision
These foundations inform the courseware in the SIA Curriculum. Understanding them is the key to successfully teaching and implementing it.

SIA Curriculum Overview

The SIA Curriculum Overview explains the key features of the SIA curriculum: its audience, structure, the technology used, and the characteristics students and teachers should possess to be able to get the most out of the curriculum.

The curriculum consists of the following major topic areas, each of which corresponds to one course:

  1. Principles of Survivability and Information Assurance: This course presents in detail the ten principles of survivability and information assurance, on which the entire SIA curriculum is based.
  2. Information Assurance Networking Fundamentals: This course applies the ten principles to the concepts and an implementation of TCP/IP networking.
  3. Sustaining, Improving, and Building Survivable Functional Units (SFUs)

SIA Lab Overview

In addition to the three core courses, the SIA curriculum offers a companion lab that prepares students for the tasks they will undertake in each course. The SIA Lab Overview provides information about the hardware and the software required for the lab in general and for each specific course. Other topics include configuration management, user identity and privileges, and Internet connectivity.

Curriculum Development

The course material is being converted from word documents to Docbook. This allows editing one document that can then be converted for students and instructors. The primary workbook (reading material) is created for students. Marked sections are then created for the instructor comments. With a single command line switch, the instructor workbook can be easily created. Additionally, as I use this course for other projects, I can use Docbook's Marked Sections to create special notes and references for other places where the SIA curriculum will be taught. Accordingly, I edit one document and convert it for many uses.

After the Docbook is completed, an HTML file is generated for students and then for faculty. That HTML file is opened in MS Word or OpenOffice, depending on where I'm creating the material, and converted to OpenDocument format and then to PDF (docbook2pdf seems to have issues converting the images, that I need to look further into). The program docbook2scorm is used to create the SCORM package.

The development course code is being hosted on github where all updates will be made and is the official source for the LearnSIA course material.

Labs are created using Wink or Camstudio. It depends on whether voice or audio is better for the lesson plan.

Downloading the Curriculum

This course curriculum will continue to be developed and updated. However, you can download the latest stable curriculum documents here.

Volunteering

If you are interested in helping this project, please contact me at thedunston@gmail.com. This project will need proofreaders (text and tutorial material), assistance with document conversion (to SCORM packages and maybe other formats). Also, anyone interested in helping to develop an introductory Windows System administration course.

Current assistance needed:

  1. Read through the material and see what information needs to be updated. You'll notice a lot of references are from older documents '99 to '05. Quite honestly, much of the information hasn't changed. Sadly, the same issues known since '99, and before that, are still plaguing the industry today. However, newer information is always good to have. In Principle 2, for example, I went through and updated that information to reflect that DES is no longer the standard and that SHA1 was broken.
  2. I would like to use APA style citations throughout the course so making any notes on improving that would be great.
  3. In the faculty manuals, read through the faculty discussion notes and update discussion questions and exercises that students have to perform to help with their critical thinking on security. Most information is okay, but it can always be enhanced.
  4. Review the "exams" to see if it appropriately addresses the key points from the reading material.
  5. When it is time to start recording videos, transcribe the audio to text to assist those that are blind or hard of hearing. If there are any good technologies to make this happen faster, please let me know.
  6. Help create the video tutorials for Windows and Linux. (SIA II and SIA III)
  7. Help creating tutorials with comparable tools across multiple platforms.
  8. If you want to assist with taking a lesson and converting to Docbook, please look through the source files included in the file downloads to see the format I'm using. If you want to do this, then you'll need to install Git. Also, send me an SSH public key so I can add you to Github for you to upload your docbook source files. Those will be private until it is reviewed and then made public once it is in a "final" state.
  9. Look into using a free hosting provider to provide access to the course strictly via the web using Moodle or efront. The SCORM packages allow for easy maintenance in a learning management system (LMS).
  10. Convert documents for use on mobile devices (phones, tablets, etc.)
  11. Create a better layout for this site. Something very simple.
  12. Depending on how well received this course is, setup mirrors or switch it over completely to GitHub, where it also resides.

Volunteers

Erle Pereira

Erle Pereira is a passionate blend of technical and creative mindsets. A consultant in the GNU|Linux and Open Source solutions space, he enjoys helping organisations overcome the perceived risks of rapidly changing environments and methods which the IT industry has become renowned for. His background allows him to adapt the best of cutting edge practises and merge them alongside mainstream enterprise. Working in this space since the late 90's, he has gained a range of experience from embedded devices to web-enabled, process based workflow frameworks, involving a mix, from systems level code to script languages.

Rachel Oliver

Rachel is a freelance technical writer and published author who has provided valuable technical writing services to companies in the Washington, D.C. area. Among her many projects, she has conducted technical writing analysis for IT Security Certification & Accreditation Efforts, written Risk Analysis templates, constructed NIST Compliant documentation along with numerous other professional documents. In addition, she has been nationally recognized for her poetry writing abilities. Her poems have been chosen to be showcased by the National Library of Poetry in multiple volumes, and her poem "For Our Veterans" has been read aloud at Memorial Day ceremonies nationwide.