Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - sadekur738

Pages: 1 2 [3] 4 5 ... 13
Self Improvement / 3 Ways Self-Improvement Can Change Your Life
« on: July 21, 2017, 06:03:17 PM »
I read my first 10 personal development books in three months. It was after that that I met the girl of my dreams. She was an author and she lived in Australia—and, today, I am happily living in Australia with her.

Focusing on self-improvement has presented many opportunities in our lives—like speaking at live events, writing for online publications and traveling the world.

This can happen for you, too.

But in order for things to change in your life, in order to get where you want to be, you have to grow into the person who is ready for that change. Personal development is vital to your success.

Related: Why Personal Development Is Critical to Success

Here are three specific ways focusing on self-improvement can change your life:
1. It presents you with new opportunities.

Growth in yourself eventually leads you to new opportunities, opportunities that don’t come about until you grow into the person who is ready for them. All you have to do is focus on self-improvement—start by reading personal development articles, books, blogs—and implement the things you learn into your own life.
2. It increases your self-esteem to new levels.

Self-confidence is ultimately the starting point to following your dreams—you have to believe in yourself and your dreams enough to go after them. As you grow, you’re building up that mindset, that belief.

When I picked up my very first personal development book—Think and Grow Rich by Napoleon Hill—that’s when my self-esteem started rising, when I really started to believe in myself and my goals. Reading success books was what pushed me to grow, to change, the motivation behind my goals.
3. It can help you become a better version of yourself.

Becoming a better version of yourself is the main goal of self-improvement—to improve in your job, your business, your relationships. Whatever area of your life you’re working on, that’s part of growing as a person. You have to constantly look at what you can improve and have the awareness to know what needs to be done to do it.

The most effective way of finding out how to get better is to ask the people around you to make a list of what you’re best at and where you could make improvements. Take the list of improvements and work on them one by one.


Chief security officers are the obvious point people to address a workforce’s cybersecurity concerns. While it is the obligation of a CSO or CISO to spearhead a company’s defense against cyber attacks, the responsibility cannot fall solely on the shoulders of a single person. With 43 percent of data breaches caused internally and the average data breach costing $4 million, fostering a companywide commitment to cybersecurity awareness becomes a shared responsibility. 

Given the technical nature of cybersecurity, the average employee may not have a full grasp of best cybersecurity practices. In fact, up to 90 percent of internet users haven’t had any recent cybersecurity training. To ensure that each employee helps fortify an organization against an attack, providing digestible, effective training is critical – and eLearning is making it easier than ever for companies to educate their employees.


Making Cybersecurity Digestible

The most successful training is accessible, entertaining and engaging. These qualities are especially critical when the content is complex and heady, and eLearning solutions can deliver these elements with a responsive, visual interface.

Like any subject matter, cybersecurity can be intimidating for those not already versed in it. While lectures on cybersecurity may dive into obscure topics or use jargon, it is critical to consider employees’ knowledge and utilize training techniques that align with and build off of their understanding. Though it may be tempting to discuss the nitty gritty details of a hack, consider what employees actually need to know to protect your company.

Given the weight of the topic, it’s also imperative to employ training methods that resonate with employees. While corporate training sessions historically may have caused employees’ eyes to glaze over, given the monetary loss associated with a breach, CSOs need to consider how the training will engage employees and encourage retention.

Considering today’s digitally savvy workforce, eLearning may be a more attractive option than more standard training fare when it comes to engagement. Audiences tend to receive educational content better when it’s visually and aurally stimulating, which can be fulfilled by the video capability of eLearning. Adult learners in particular tend to reap video’s benefits, with better engagement and retention.

Video is also the perfect medium for a compelling narrative, which is another key component of effective instruction – modules can introduce learners to characters who face similar scenarios. For example, a module could focus on a character who is trying to decipher whether an email is genuine or phishy, a scenario that your employees experience weekly if not daily. From there, the module can bring the user and the character together on a mission to learn the corresponding best practices.


Linking Conceptual Cybersecurity to Reality

The flexibility of eLearning makes it easy to render the training as relevant to users as possible, not only through storytelling but also through capabilities like course customization and responsive technology.

Along these lines, consider interactivity and having employees actually practice cybersecurity best practices in a low-stakes environment.

For instance, have employees practice creating strong passwords and provide real-time feedback. ELearning solutions can provide real-time feedback at scale, and feedback given “in the moment” is far more likely to improve performance. Interactions that directly adapt to the user allow for a more personalized learning experience, while teaching actionable lessons that can be applied to everyday situations.

Given demands on employees’ time, it is also worth considering offering training that is flexible, allowing your team to access the content and pace at their own convenience, while keeping in line with the company’s broader timeline goals.


Changing Company Cybersecurity Culture

Cybersecurity training not only provides employees with a wealth of information, but it can also arm CISOs and CSOs with valuable data about their workforce.

Maybe your workforce is well-versed in data storage and transmission practices, but has little knowledge about office tailgating, for instance. Software can show you broader company patterns that you may not have detected otherwise. With this information, your company can adjust the eLearning modules and general cybersecurity strategy accordingly.

Finally, ensure that the education you offer provides actionable next steps upon course completion. From there, employees can take the lessons learned and translate it into real-life best practices. With malware adapting to network security provisions, effective cybersecurity education is more critical now than ever. Because of its dynamic, responsive and flexible nature, eLearning presents an unparalleled opportunity to create a companywide ethos of cybersecurity knowledge and accountability.


Every day we are updated about the latest cybersecurity breaches – whether it's Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.

However, are employees and executives aligned with cybersecurity awareness? Are the risks and top discussions that happen in the break room similar to those that happen in the boardroom? The topics and concerns are farther apart than you could ever imagine.


The Break Room

As employees sit in the break room and discuss the latest cyber breaches in the news and how many records have been stolen, it’s not typically a major concern as they are not aware of the direct impact to their data or personal information. To them, it is just another cyber breach.

As thousands of records are stolen daily, the lack of direct impact means that many employees are not clear on the risk or the value of the data being stolen. Many companies have failed to educate employees on cybersecurity. While it is common to see companies creating complex IT policies, ensuring their employees understand their role and responsibility when it comes to security within the company is a good place to start.

Share with your employees that even a bad link clicked on a smartphone can lead to a cyberattack throughout the organization.

Companies fail to treat external breaches as cyber incidents and therefore reduces the severity or impact. Employees bring their own devices, connect them to the company’s network, store corporate data on them and very few companies check those devices for security compliance or that security protocols are enabled.

Employees believe it is the government’s, technology companies’ and their company’s responsibility to protect them from cyberattacks. The cybersecurity topic at the break room is more likely to be about the cyberattacks that influence the presidential election, the possibility of cyber terrorism against the government and critical infrastructure, and “did you recently change your password?”

In all seriousness, you should probably update your passwords. 


The Boardroom

Now just down the corridor, the executives are having their monthly meeting in the executive boardroom and after numerous topics, cybersecurity eventually gets brought up.  The main concern for the CEO is to know the business is running smoothly. While sales and operations are top of mind, the security of the company needs the same awareness and care. While juggling many business functions, CEOs don’t have the time to worry about small intricacies.

Make cybersecurity a priority topic during meetings and define the business impact of a security breach.

New security breaches like ransomware make security a more pressing concern for enterprises now more than ever before. Most of the boardroom looks to the CISO for what the current state of the company’s cybersecurity is. However, many view it as a risk and therefore lack of business impact. The biggest topic that comes to the table is typically is whether the company is meeting government and industry regulatory compliance and will they pass the upcoming audit.

Establish a culture of cybersecurity responsibility throughout the C-Suite, not just the CISO.

The challenge in the past is that it is difficult to measure cybersecurity risk for many organizations and this has put the CISO in a tough situation as how to show business value. It was about keeping the existing security controls working, making continuous improvements where possible, and placing security on previously adopted technologies. Security has always been an afterthought and sometimes not possible to keep the same high level when security and privacy were not implemented by design. This means the risk always continues to get greater, making the CISO’s already tough job more challenging.

Since cybersecurity is a growing topic in the boardroom and the breakroom, the education in the boardroom needs to continue on the business impact of cybersecurity, clear metrics, cyber insurance and a clear recovery plan. Educating employees of the importance of security with BYOD and their own workstations will greatly mitigate the risk of a cyberattack.


Cyber-attacks can originate from anywhere, but there appears to be an unabated trend of pointing the finger on either "sophisticated attackers" or, more blatantly, naming and blaming nation-states like China and Russia (alright, maybe North Korea and Iran).

The truth about attribution (who is the attacker) is often overlooked for something more dramatic, especially in situations where sensitive information or brand reputation is at risk.  Specifically, we see businesses often try to save face by blaming attacks on state actors when they failed to make proper cybersecurity investments by “cutting corners.” While cyber-attacks can be quite damaging to an organization, especially in terms of:

Damage to organization’s brand;
Liability exposure for a “Class Action” lawsuit;
Loss of customer trust;
Significant financial penalties; and
Loss of jobs to make up for increased breach expenses and remediation.
The tactic is simple. Switch the focus from internal bad practices and shift the blame to “sophisticated, nation states and or criminal gangs.” Lazy, but effective.

Yet, there often isn’t concrete proof that backs up these claims. and time and again the victim business ends up with egg on their face as the attacker(s) turns out to be an unsophisticated and unrefined script kiddie. The amateur only succeeds because of bad cybersecurity hygiene for companies that don’t have their house in order.

The following looks at debunking some of the myths and misconceptions around why most cyber attacks succeed and offers some tips on what instead should be done to deny and disrupt attacks.

Myth #1: All Cyber Attacks are Sophisticated and Complex.

While it is easy to assume that all successful attacks are complex and require whole team of nationals, sitting in a room and coordinating with one another, this isn’t always the case. The reality of cyber-attacks is often far more straightforward.

The list of attack motivations can be quite long but there are probably a handful of reasons why many attacks succeed including:

The business’s executives refuse to acknowledge it’s a target.
The business ignores or does not focus on the basic tenets of cybersecurity.
Immature or non-existent cybersecurity and IT controls.
The next time you hear about a complex cyber-attack on a business, there is a better chance that it the attack succeeded not because it was conducted by a nation-state or clever attacker, but rather by one or small group of individuals taking advantage of bad cybersecurity hygiene.

The fact is that even cyber criminals would not want to admit about how easy it was to attack the breached company. A sophisticated attack sounds more serious, and if a business has cyber insurance, this is going to be the storyline to make a claim.

Myth #2: All Cyber Attackers are Professional and Highly Skilled.

While known hackers and foreign militaries clearly do carry out cyber attacks, it is safe to assume that most of the time, cyber attacks are carried out by individuals with little experience. I like to call this group the “bored but curious teenagers” (also known as “script kiddies”). These probing script kiddies are often either looking for weaknesses in systems and processes or they poke around just for the fun of it.

These folks don’t usually have a clock to work against, unless they’re trying to breach a highly-sophisticated defense system. Most of time they will look for the easiest way to hack into a system. Trying to break into a system that has an advanced defense system takes up too much time. They use a variety of methods to load up the malware or exploit a known vulnerability and bide their time.

Myth #3: Throwing Money at Cybersecurity is the Answer.

JPMorgan was on the receiving end of a successful cyber-attack despite having spent close to U.S. $250 million on cybersecurity in 2014.  Although they almost doubled the spending to U.S. $500 million, it’s safe to say that they could still be hacked!

Please repeat after me: Only throwing money at cybersecurity will not protect me.

Before spending a penny, or a dollar, more on any technology or employees, one must ask:

Have we got the basics right? It’s often the basic hygiene, the basic controls that are overlooked in the search for the panacea that does not exist. Most security breaches can be prevented by having layered cybersecurity controls throughout the enterprise. If a company has one weakness such as an unprotected development server, a hacker will find it and exploit the server – even if it is out-of-scope for the cookie-cutter audits such as SOX or PCI.
What are our GAPS? Have we carried out a GAP assessment and or external audit to determine the areas of weakness and strengths
Risk-based approach: Have we adopted a formal risk-based approach to information security to ensure services or products procured mitigate the most important and relevant risks?
It is a misconception that just throwing loads of money at cybersecurity will keep you safe.

Myth #4: Only People on the Outside are Launching Cyber Attacks.

Linking in with Myth #2, most people assume that cyber criminals are external to an organization. The race to blame an external source distracts from the truth. The truth that, regardless of the origin of the attacker, internal or external, most regular and complex attacks need the privileges or the access rights of an insider to succeed.

If you can properly manage the privileges and access rights of privileged insiders, you could deny success to a large number of cyber attacks.

A privileged insider can be anyone, often only linked with an IT person, who has the privileges and rights to carry out administrative tasks on critical systems and or access confidential data. Some examples of privileged users are:

Active Directory Enterprise or Domain Administrator;
Anyone who has the rights to backup system files; or
A business privileged user who has rights to access confidential data.
According to the 2016 Verizon Data Breach Investigations Report, the insider threat represented roughly 15% of breaches. Do note, these figures are only from those that are reported.

Myth #5: Companies State Nothing Could Prevent the Attack.

There may be some truth in this myth! We have heard and read the phrase about the two types of companies, one hacked and one clueless that it is hacked. That maxim still stands.

However, pleading powerless is not an excuse. There are simple steps that an organization that can take to significantly improve the organization’s chances of denying and disrupting an attack from either the script kiddie or a sophisticated attacker.

For instance, many companies may not have the proper cybersecurity controls in place such as logging, layering of security controls, having alerts established to detect an intruder, not filtering malicious traffic, improper DNS settings, etc.


Both the movies and the mainstream media make out cyber-attacks to be a glamorous and fairly complex activity confined to a few elite. If we were to believe the media then all hackers are super-smart and live and work in Russia, China or Iran. Yes, there are attacks that can be attributed to nation states like here and here, but the overall reality is far from what the media portrays as the truth.

Today, the availability of hacking tools and services, combined with 24/7 Internet connectivity means that there are as many possible cyber miscreants as there are humans on the planet. Even if we take away the newborns and the really old, we are left with over four billion potential cyber trespassers.

They don’t need to spend all their time exploring new ways to get into a system, when all they need to do is either compromise a system that has not been updated or steal and use privileged credentials from an IT power user. In some instances, organizations simply leave the “door to the crown jewels wide open,” again as a lack of implementing basic cybersecurity hygiene, making it easier for any attacker to succeed.

The reality is that most cyber criminals are out hunting in cyberspace to make a quick buck. In 2016, one ransomware creator is estimated to have made over U.S. $120 million! Imagine the global lure to make large amounts of money with little or no effort. The good news is that the majority of these potential wrongdoers can be stopped in their tracks if a business focuses on basic cybersecurity hygiene practices.

Start by focusing on the cybersecurity hygiene including, but not limited to:

Ensuring all your systems, servers and mobiles are updated with the latest software updates.
Encouraging the use of strong but easy to remember passwords and insisting on two-factor authentication for all the privileged users in your business.
Managing your privileged users by ensuring you are able to effectively monitor and control what administrative actions they can perform and when they can perform those actions.
Ensuring your endpoint devices are built to secure configuration standards and enforce least privilege security policies.
Knowing “who can do what”: Within your Active Directory, know what privileged actions each employee can perform. Focus on IT users, helpdesk users and service accounts. Do the same for other critical systems that are on-premise and or in the cloud.
Shifting focus from a binary “we are secured” way of thinking to a more proactive “we are prepared” mindset.


With the summer upon us, everyone is starting to prepare with scheduling their upcoming vacations. As working professionals begin making plans and decide on what to pack and bring with them, it is very likely that their bag will be full of technical gadgets, tablets, smartphones and both personal and work laptops – especially when their vacations include some work that just can’t wait.   

Many of those with demanding jobs know that even when on vacation they must remain connected to the world in more ways than one to answer emails and handle important business matters. With the increased use, online services by these traveling professionals, especially in unknown territory, those traveling can quickly become a target of cyber criminals and hackers. In this case, it is critically important to know how cyber criminals target their victims, what travelers can do to reduce the risk and make it more challenging for the attackers to steal their important company or personal information, identity or money.

So as professionals gear up to gear up to head out on vacation, they should follow the National Cyber Security Alliance’s (NCSA) online security campaign and Stop, Think and then Connect by following these fivebest practices below to stay safe online while traveling:


1.)    Don’t lose your data, stay protected and relax.

While on vacation, it is a common place for things to get lost, misplaced or stolen. It can happen in an instance by simply forgetting your laptop on the bus or the taxi, or by being distracted chasing after your children – all while someone else walking away with your tablet or laptop. This can lead to major security risks, whether it’s your personal or company laptop, sensitive data is now at risk. Realistically, this is the last thing you want ruining your vacation.

Tip #1:  Backup, Update and Encrypt. Before you leave for vacation, make sure you back up all devices and data. Double check that all security updates are applied, and finally check your security settings. For example, ensure your sensitive data is encrypted.


2.)    Beware of social logins and limit the use of application passwords:

Almost every service you sign up for while on vacation now requests s you connect using your social media accounts, to gain access to whatever it is you are trying to do. The problem with using your social media account for these services is that you are providing and sharing personal details about yourself. This means you are giving these services the ability to continuously access your location, updates and personal information.

Tip #2 - Use unique accounts, rather than social logins as those accounts get compromised, and cyber criminals could cascade to all the accounts using the social login.


3.)    Beware of what you do over Public Wi-Fi.

Always assume someone is monitoring your data over public Wi-Fi. Do not access your sensitive data, like financial information over public Wi-Fi.  Do not change your passwords and beware of entering credentials while using public Wi-Fi.  If you have a mobile device with a personal hotspot function use this over public Wi-Fi. During vacations, it can be expensive if you decide to use the highly expensive data roaming options from telecommunication companies so when using public Wi-Fi during vacation always make sure to use it with caution, securely and with the following tips in mind.

Tip #3: Do not use a public Wi-Fi network without VPN. Instead, use your cell network (3G/4G/LTE) when security is important.  When using public Wi-Fi, ask the vendor for the correct name of the Wi-Fi Access point and whether it has security., It is common for hackers to publish their own Wi-Fi SID with similar names. Disable Auto Connect Wi-Fi or Enable Ask to Join Networks. Many hackers will use Wi-Fi access points with common names like “Airport” or “Cafe” so your device will auto connect without your knowledge. Do not select to remember the Wi-Fi network.  Use the latest web browsers as they have improved security for fake websites, this prevents someone from hosting their own websites like Facebook waiting for you to enter your credentials. Do not click on suspicious links even via social chats like videos that contain your photos and beware of advertisements that could direct you to compromised websites. Use a least privileged user or standard user while browsing, as this will significantly reduce the possibility of installing malicious malware.


4.)    Beware of Credit Card Skimmers.

It is going to be common at some point during your vacation that you are going to need to take out cash from an ATM. As simple as it may appear, this can sometimes be a very damaging experience if caution is not taken. Cyber Criminals have targeted popular tourist locations for credit card skimmers. Credit Card skimmers are very small devices which steal your credit card number and PIN code, even though it requires physical access these are still very popular scams.

Tip #4: When on vacation or traveling, I usually find myself in l need of visiting an ATM to take out cash, which is actually my biggest concern while travelling. My tip is to use an ATM inside rather than an outside ATM. The reason behind that is because, the ATMs inside are less likely to be compromised and difficult for those shoulder surfers. Before placing your card into the ATM, check the card slot and PIN pad for any signs of tampering. Keep all receipts, and when you return home from your vacation change your credit card pin number and check your transactions. Try to use a credit card versus a debit card as you have better protection from fraud. These tips will help keep your money in your pocket and not put it into the cyber criminal’s pocket.     


5.)    Before “clicking,” stop, think and check if it is expected, valid and trusted.

We are a society of clickers; we like to click on things (like hyperlinks for example). Always be cautious of receiving any messages with a hyperlink. Before clicking, ask yourself – “Was this expected?”, “Do I know the person who is sending this?”. On occasions, check in with the actual person on if they actually did send you an email before you aimlessly click on something in which might be malware, ransomware, a remote access tool or a virus that could steal or access your data. Nearly 30 percent of people will click on malicious links, and we need to be more aware and cautious.   

Tip #5: Before clicking, stop and think. Check the URL, make sure the URL is using HTTPS, also that this URL is coming from a legitimate source. Discover where the hyperlink is taking you before you click on it as you might get a nasty surprise.       


Stay safe while on vacation with these best practices and avoid becoming the next victim of cybercrime. Vacations should be a time to relax and following these steps will help prevent you from vacation disasters.


Xinix, pronounced "zen-ics," is an innovative newcomer to the world of Linux distros.

Now in beta, this distro has been spearheaded by a single developer who slowly is bringing other programmers on board to move things along. Despite its early development status, Xinix has potential for Linux fans who like to experiment with new platform concepts and do not mind trying out an operating system that is not yet fully functional.

Essentially, Xinix is an interesting side project for serious Linux fans -- it definitely is not suitable for Linux newcomers.

You need a clear understanding of how to configure and troubleshoot on your own. The Xinix experience is highly reminiscent of the Linux home computer experience in the operating system's early days.

Developer Dave Henderson, who has 15 years experience as an IT administrator, sees Xinix as becoming the world's next generation of operating systems. It currently runs on conventional desktops and laptops, and mobile platforms will be coming in the future.

Expectations and Realities

Do not expect a fully developed Linux operating system when you crack open Xinix. By design, it is built to act more like firmware among devices.

The Xinix OS comes with just enough software for basic device operations. Users then take over and personalize their devices by installing any of the software or services located in the Software Shoppe.

Henderson has no long-term goals of entering the enterprise-level market, he told me. Instead, he plans to focus on embedded, personal and professional environments, ranging from small office/home office operations (SOHO) to medium-sized companies.

One of Henderson's primary goals is to keep Xinix small and efficient. He built in just enough framework to get the computing device into an environment where the users' work takes center stage.

What initially stoked my interest was the new in-house user interface,, a desktop environment based on Web standards such as HTML and javascript.

This style of interface has key advantages, Henderson said. For example, it provides optional built-in remote access capabilities, and it easily can be modified or customized.

Under the UI's Hood

Xinix is a Web-based distro with a very small footprint. The full GUI comes in at less than 100 MB. The embedded version is less than 44 MB.

Xinix originally forked from TinyCore Linux, reviewed here. Henderson is morphing Xinix into a distro in its own right, though.

He uses the software from the TinyCore repo but applies a different naming convention. That may cause some problems in adding titles to your local installation. Just remember that this is an early release and is a work in progress.

The UI has three themes available: OEM, Windows-esque, and Unity-esque. These themes reinforce the project's goal of engineering a user interface that is intuitive and simple to use.

Xinix OS has several promising characteristics that separate it from the growing pack of new Linux OS offerings. For example, the package manager (pax) is built from scratch and is unique to this distro. The same is true of the UI and related applications, like the Web browser and website tool.

Xinix text editor
XiniX OS comes with just enough software for basic device operations. Among the few preinstalled applications are a basic text editor, a terminal app and a bare-bones Web browser.
System maintenance is another nice touch. Xinix is not based on fixed releases. Instead, updates are continuing, or rolling, releases.

Look and Feel

The screen layout is much different than what you see in other Linux distros. There are few panels or notification areas. Docks, a settings panel, and a main menu are nonexistent.

Instead, Xinix is built around a system of task modules, of sorts. Along the left edge of the screen is a vertical area that holds tabs. Click one to open a window display in the center of the screen.

Xinix OS Desktop
The Xinix OS' Desktop tab shows installed applications in a window.
Xinix provides the following tab options: Access, State, Widgets, Desktop, Recent, Info, Connections and Epoch, which is a full-screen calendar display. Smaller windows associated with the tabs open on the right side of the screen, offering more user choices.

The closest thing to a menu is the Access display, which presents a list of browsing options (similar to using a file manager), software categories, scheduled events, and setting/configurations.

Xinix OS Access tab
Xinix has a unique layout for showing system details in the Access tab.
Using Xinix

You can install Xinix to storage devices for a totally portable computing experience. It is very fast, thanks to running entirely within RAM to make it very responsive.

The UI is clearly unique. I am not sure that it is intuitive, but it has a very small learning curve, nonetheless.

Xinix provides a non-standard -- but logical -- division between system and user. It uses several alternative directory names for consistency among newer versions of Windows and macOS. It lets users interact through multiple interfaces, including command line, graphical and Web.

Henderson has a catchy slogan for this Linux project, which is indicative of the simplicity that drives his UI design. In fact, his slogan might say it all: "Achieve Zen with Xinix."

Bottom Line

Normally, Linux Picks and Pans does not review such early new beta releases. However, the framework and unique features of Xinix OS make it such a radically different Linux distro that I kept coming back to tinker with it. The latest update was posted on June 15.

If you enjoy delving into unchartered territory with software, check out this latest version. It shows solid improvements over earlier efforts. Otherwise, wait for later upgrades as Xinix OS gets more developed.

Download Xinix OS here. The Vanilla Edition (VE) is for devices like desktops and laptops. The Embedded Edition (EE) is for routers and set-top boxes.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


Malware targeting Linux systems is growing, largely due to a proliferation of devices created to connect to the Internet of Things.

That is one of the findings in a report WatchGuard Technologies, a maker of network security appliances, released last week.

The report, which analyzes data gathered from more than 26,000 appliances worldwide, found three Linux malware programs in the top 10 for the first quarter of the year, compared with only one during the previous period.

"Linux attacks and malware are on the rise," wrote WatchGuard CTO Corey Nachreiner and Security Threat Analyst Marc Laliberte, coauthors of the report. "We believe this is because systemic weaknesses in IoT devices, paired with their rapid growth, are steering botnet authors towards the Linux platform."

However, "blocking inbound Telnet and SSH, along with using complex administrative passwords, can prevent the vast majority of potential attacks," they suggested.

New Avenue for Hackers

Linux malware began growing at the end of last year with the Mirai botnet, observed Laliberte. Mirai made a splash in September when it was used to attack part of the Internet's infrastructure and knock millions of users offline.

"Now, with IoT devices skyrocketing, a whole new avenue is opening up to attackers," he told LinuxInsider. "It's our belief that the rise we're seeing in Linux malware is going hand in hand with that new target on the Internet."

Makers of IoT devices haven't been showing a great deal of concern about security, Laliberte continued. Their goals are to make their devices work, make them cheap, and make them quickly.

"They really don't care about security during the development process," he said.

Trivial Pursuits

Most IoT manufacturers use stripped down versions of Linux because the operating system requires minimal system resources to operate, said Paul Fletcher, cybersecurity evangelist at Alert Logic.

"When you combine that with the large quantity of IoT devices being connected to the Internet, that equals a large volume of Linux systems online and available for attack," he told LinuxInsider.

In their desire to make their devices easy to use, manufacturers use protocols that are also user-friendly for hackers.

"Attackers can gain access to these vulnerable interfaces, then upload and execute the malicious code of their choice," Fletcher said.

Manufacturers frequently have poor default settings for their devices, he pointed out.

"Often, admin accounts have blank passwords or easy-to-guess default passwords, such as 'password123,'" Fletcher said.

The security problems often are "nothing Linux-specific per se," said Johannes B. Ullrich, chief research officer at the SANS Institute.

"The manufacturer is careless on how they configured the device, so they make it trivial to exploit these devices," he told LinuxInsider.

Malware in Top 10

These Linux malware programs cracked the top 10 in WatchGuard's tally for the first quarter:

Linux/Exploit, which catches several malicious trojans used to scan systems for devices that can be enlisted into a botnet.
Linux/Downloader, which catches malevolent Linux shell scripts. Linux runs on many different architectures, such as ARM, MIPS and traditional x86 chipsets. An executable compiled for one architecture will not run on a device running a different one, the report explains. Thus, some Linux attacks exploit dropper shell scripts to download and install the proper malicious components for the architecture they are infecting.
Linux/Flooder, which catches Linux distributed-denial-of-service tools, such as Tsunami, used to perform DDoS amplification attacks, as well as DDoS tools used by Linux botnets like Mirai. "As the Mirai botnet showed us, Linux-based IoT devices are a prime target for botnet armies," the report notes.
Web Server Battleground

A shift in how adversaries are attacking the Web has occurred, the WatchGuard report notes.

At the end of 2016, 73 percent of Web attacks targeted clients -- browsers and supporting software, the company found. That radically changed during the first three months of this year, with 82 percent of Web attacks focused on Web servers or Web-based services.

"We don't think drive-by download style attacks will go away, but it appears attackers have focused their efforts and tools on trying to exploit Web server attacks," report coauthors Nachreiner and Laliberte wrote.

There's been a decline in the effectiveness of antivirus software since the end of 2016, they also found.

"For the second quarter in a row, we have seen our legacy AV solution miss a lot of malware that our more advanced solution can catch. In fact, it has gone up from 30 percent to 38 percent," Nachreiner and Laliberte reported.

"Nowadays, cyber criminals use many subtle tricks to repack their malware so that it evades signature-based detection," they noted. "This is why so many networks that use basic AV become victims of threats like ransomware."


In 2016, global outbound travel exceeded $2 trillion, for the first time ever.[1] Despite a marked increase in security threats, people all around the world still desired to travel and take vacations. However, the sheer volume of people crossing through borders daily has made it very difficult for immigration security analysts to do their jobs of investigating crime at or across borders.

In the age of big data, authorities tasked with border security have too much information to deal with, yet are responsible for quickly finding threats before they affect their country. Trained, experienced analysts are essential yet scarce resources. Training a new analyst is a process that spans months and years, and that requires significant investment on the part of the border security authority.

The answer to this has traditionally been to provide the analysts with ever more complex tools. These analytic systems provide the equivalent of a “workshop, materials, and tools” for a trained, seasoned, and practicing analyst who can then “build anything they want” from the available data.

For a new analyst, however, these systems can be overwhelming, as they present huge amounts of data and palettes of analytics to choose from, usually with little supporting training or tutorials. Even for a trained analyst, knowing which analytics to use to answer a question is daunting – and leads to analysis paralysis.

We need a way to provide all analysts with a guided path to their objective, while enabling advanced analysts to operate unguided based on their developed tradecraft.

Principles of guided analytics
Systems developed with guided analytics focus on aiding border security officials with a clear set of starting points and then steering them towards a set objective. Guided analytics is built upon the following four principles:

Start with the objective, not the data
We interact with a system with a purpose in mind. It’s easy to lose that purpose when confronted with data – do we start with the traveller that matches our narcotrafficking profile, or the organization that they may belong to, or the address of the hotel they stayed at while in country? With guided analytics, security officials must first define their end goal. The system then suggests data that helps meet that objective saving officials from scouring through hundreds of data points to connect.

Set realistic limits and expectations
Guided analysis isn’t going to magically produce an answer in all cases. For example, trying to establish a connection between travellers, a jihadist organization and prison radicalization will logically need intermediate data such as prison visitation records so that correlations can be made.

Automate a common path
Experienced analysts will develop tradecraft – ways of reliably getting from their question to an answer. These can be identified and automate into the guided analytics system. The best path is one which reliably produces an answer with data that we are likely to have. As a best practice, there should not be too many options or customizations to prevent confusion.

Provide an off-ramp
An experienced user may discover their own path to the objective, or even identify a completely new objective, while being guided. The system should provide a way to pursue this new objective, and if possible mark the point of departure so that the user can return to the guided path.

The ease of international travel has led to greater flow of information, goods, people and business across borders. Inadvertently, these advancements have also made it easier for criminals to exploit security gaps to their advantage. While technology continues to provide officials with more intelligence, a guided analytics system presents a smarter, more efficient way for immigration officials to navigate the mounting swamp of data at border controls so that any anomalies can be detected swiftly and more accurately.


Q. Are those free PC antivirus programs safe to use?

A. The web is full of choices, but if you are looking for free protection for your computer, go with a program from an established security software company. You can find roundups and reviews online and the site has a list of well-known software creators. Programs that pepper your screen with pop-ups or try to convince you that your computer is full of worms and viruses are often spyware or scams themselves.


Avast is among software companies that offer free antivirus programs to scan the computer and block threats. Credit The New York Times
Several companies offer free basic versions of their more complete security suites to home users — including Avast, AVG, Bitdefender, Sophos and ZoneAlarm. As the range of malicious software has expanded to other computing platforms, some companies now offer free tools for the Mac and mobile platforms as well; Malwarebytes Anti-Malware for Mac is among the options. Free apps that specifically protect against ransomware (like Bitdefender’s Anti-Ransomware Tool for Windows) can also be found.

When browsing for software, make sure you are actually getting a copy of the company’s free antivirus tool — and not just the free trial version of a more comprehensive paid program. Depending on the program, you may be asked to share user data for research or see ads and upgrade offers within the free software. Paid versions typically provide more comprehensive protections, like network or game scanning.

Newsletter Sign UpContinue reading the main story
Interested in all things tech?
The daily Bits newsletter will keep you updated on the latest from Silicon Valley and the technology industry, plus exclusive analysis from our reporters and editors.

Enter your email address
 Sign Up

You agree to receive occasional updates and special offers for The New York Times's products and services.

Microsoft makes its own antivirus software for its Windows systems. If it is not already installed, Windows 7 users can download the Microsoft Security Essentials program from the company’s site. The current version of Windows 10 comes with the Windows Defender Security Center for blocking viruses and other threats; go to the Settings app and open the Update & Security icon to check your coverage. (Apple builds in protective features like app-screening and anti-phishing alerts into its Mac OS software, but a third-party program goes further.)

Security software can help block malicious code from invading your computer, but be on guard for more socially engineered attacks from email and other online sources. has a guide to spam and phishing lures, and other threats to avoid.


It’s a refrain I’ve been hearing for the past 18 months from clients all over the world: “We need more skilled people for our security team.”

The need is real and well-documented. A report from Frost & Sullivan and (ISC)2 found that the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020. But the security industry is a fast-growing market, with IDC pegging it as becoming a $101 billion opportunity by 2020. So what’s causing the talent shortage?

One of the big reasons is that security businesses tend to look for people with traditional technology credentials — college degrees in tech fields, for example. But security is truly everyone’s problem; virtually every aspect of personal and professional data is at risk. So why are we limiting security positions to people with four-year degrees in computer science, when we desperately need varied skills across so many different industries? Businesses should open themselves up to applicants whose nontraditional backgrounds mean they could bring new ideas to the position and the challenge of improving cybersecurity.


Getting Cybersecurity Right
Safeguarding your company in a complex world.
Other burgeoning industries have been in similar positions throughout history. In 1951 the U.S. accounting industry was poised for growth but was predominantly male, with only 500 female certified public accountants in the country. After recognizing the problem, leaders across the accounting field teamed with industry associations and academic institutions to solve the issue through awareness campaigns and hiring initiatives. Today there are over 800,000 female CPAs in the U.S. Security businesses need to follow this example, taking a hard look at themselves to see what’s holding them back.

There are no signs that the bad guys are limiting their talent pool — and cybercrime is now a $445 billion business. The average company handles a bombardment of 200,000 security events per day. Cybercriminals are becoming increasingly more organized and aggressive, while the teams defending against these attacks are struggling to fill their ranks.

One way IBM is addressing the talent shortage is by creating “new collar” jobs, particularly in cybersecurity. These roles prioritize skills, knowledge, and willingness to learn over degrees and the career fields that gave people their initial work experience. Some characteristics of a successful cybersecurity professional simply can’t be taught in a classroom: unbridled curiosity, passion for problem solving, strong ethics, and an understanding of risks. People with these traits can quickly pick up the technical skills through on-the-job training, industry certifications, community college courses, and modern vocational and skills education programs.

We began using this approach about two years ago, and its success has been clear: 20% of our U.S. hiring in cybersecurity since 2015 has consisted of new collar professionals. Other organizations can use a similar approach by establishing apprenticeship opportunities, emphasizing certification programs, exploring new education models, supporting programs at community colleges or polytechnic schools, and looking for talent in new places. Some of our recent additions to the security team came from unexpected career fields such as retail, education, entertainment, and law. The two things they all had in common? They were curious about security and motivated to learn the skills.

Building a pool of talent to fill these new collar jobs is also an important part of the equation. A great example of this is the P-TECH educational model (Pathways in Technology Early College High School), which provides a training avenue for students to jumpstart their careers in cybersecurity. Public high school and college students in grades 9-14 get hands-on experience with the most sought-after technical skills. By combining specific elements of high school curricula, community college courses, hands-on skills training, and professional mentoring, these students are primed for successful entry into highly technical career fields. The P-TECH model has expanded to over 50 U.S. schools and 300 industry partners, with the goal of expanding to 80+ schools in 2017.

Of course, cutting-edge technology is going to be at the center of these new collar jobs. Artificial intelligence, for example, is being used in the workplace in a wide range of ways, and in cybersecurity it is already creating opportunities for new collar positions. AI not only provides a way to help overcome the skills shortage, but is also an important step forward in the way employees will work and companies will defend themselves. We’ve found that by using AI to gather and correlate the insights from the 60,000 security-related blog posts each month, security professionals can digest the relevant information much more efficiently, allowing organizations to upskill their employee base. Companies are already using Watson for Cyber Security to connect obscure data points humans can’t possibly identify on their own, enabling employees to find security threats 60x faster than manual investigations.

Companies that are interested in using a new collar approach to fill security positions should consider the following:

Re-examine your workforce strategy: Do you know what skills you need today and tomorrow to run a successful security program? Realize that skills and experience can come from a variety of places, and adjust your hiring efforts accordingly.
Improve your engagement and outreach: Don’t limit yourself to the same old career fairs and recruiting programs of yesteryear. Get involved in community colleges, P-TECH schools, and other educational programs to start building your recruiting base.
Build a local cybersecurity ecosystem: Connect with government organizations, educational institutions, and other groups. Sponsor Capture the Flag security events, and work with local middle and high schools to generate interest in the field. These groups are always looking for willing experts and mentors.
Have a robust support program for new hires: Mentorships, rotational assignments, shadowing, and other opportunities help new cybersecurity hires gain experience and learn. Remember, not everyone knows what they want to do right away. Keep new hires engaged by giving them the creative freedom to work on different projects and explore new technologies and services.
Focus on continuous learning and upskilling: To retain your new talent, keep employees current on the latest skill sets through classes, certifications, and conferences. Cybersecurity is a highly dynamic field, requiring ongoing education and exploration. And be open to employees from other areas of your business who express interest in cybersecurity career paths. Remember that AI provides employees with more intelligence and contextual recommendations at a speed and scale previously unimagined, so upskilling your workforce is a completely different ballgame these days.
Cybersecurity is a complex career field with extraordinarily challenging problems, but with a diverse pool of experiences and ideas, we stand a much greater chance of successfully defending our assets.


Teaching & Research Forum / Art Teacher
« on: July 20, 2017, 02:28:25 PM »
In order to provide a thorough education for students across the country, the No Child Left Behind Act of 2001 made art a mandatory part of public school curricula. As a compliment to the sciences and humanities taught throughout the elementary, middle and high school levels, art is a way to further develop a student’s understanding of different disciplines, and expose them to new and engaging topics. For many students, art classes provided in school are the primary source of art education and are therefore an essential part of public school core curriculum. In many schools, art programs seek to establish skills in crafts, design, painting and other forms of visual expression.

For elementary school students, art classes seek to foster interest as well as skill in many different forms of art. The art teacher usually has the freedom to design their own classes, but in general, classes will include basic drawing, painting and crafts. In middle school, classes continue to help students improve basic artistic skills, while introducing concepts in art history. At this level, lessons are still basic and intended to establish a solid foundation in skill and history. In high school, art classes expand to include other visual medium, such as video, photography and even graphic design. Art theory is also introduced at this level, and the subject becomes more of a serious academic study than an activity.

Teaching Dance

Dance, although a form of art, is not a mandatory subject as stipulated by No Child Left Behind. Still, it is equally important to the development of a well-rounded student. Dance is usually offered as an elective, and a number of new initiatives have helped to strengthen the place of dance in schools and have led to an increase in extracurricular dance clubs. Dance can additionally be taught as part of a physical education program.

Teaching Drama

Like dance, drama is a form of art that is not a mandatory part of the curriculum, but still can play a very important roll in the development of students. Drama, or theater, is usually offered as an elective or an extracurricular activity, and is concerned with instilling students with an aptitude for acting in a variety of styles, methods and techniques. Drama teachers train students to communicate, control and project their voices, and present themselves. The responsibilities of a drama educator may include creating lesson plans, teaching students about plays and theater history, assisting students in creating their own dramatic pieces, organizing and managing the learning environment, directing performance rehearsals, helping to set-up and manage lighting and sets, and assessing students’ performance.

In elementary school, drama usually takes the form of school pageants or skits organized by teachers to educate students about teamwork, creativity and oftentimes literature. Classes can also play theater games for fun, while channeling a child’s creativity, imagination and performance skills. In middle school or high schools, full-length plays or musicals are orchestrated by students and their drama teachers in cooperation. Here, students can be exposed to drama as an elective or as part of an English class. Many drama clubs are supervised by an instructor who teaches in another subject and volunteers for the role. This is often an English teacher or other educator who has a measure of experience with literature and drama. Some schools, however, employ a drama teacher on a full-time basis.


Teaching & Research Forum / Music Teacher
« on: July 20, 2017, 02:27:25 PM »
Music is an important part of the education of a well-rounded student. As one of the arts, it balances the study of sciences and humanities to give students a creative outlet and exposes them to another sphere of learning. Music is taught from elementary to high school, and there are many different components to the subject. Classes can teach students to read and write music, to sing and play instruments, or focus on the history of music. This instruciton seeks to develop children’s musical skills, expand their interpretative abilities and increase their overall appreciation of music.

In elementary school, students learn to play simple instruments such as recorders and keyboards, sing in small choruses and learn the basics elements of music. In middle school, music education will usually continue to be a requirement, but extracurricular activities, such as joining the school chorus or band, are also options. Most schools offer clubs such as these for children to expand their knowledge and appreciation of music. Some school districts also offer more specialized classes in middle or high school, such as music history, music theory, etc. The range of music courses can focus on a variety of subjects, including instruction on basic vocal and instrumental lessons, exposure to different musical styles, introduction to the basics of musical theory and study of music history.


Chorus is a portion of music education focused on the vocal skills of students, improving these skills through performance, memorization and reading of music. Chorus can be a requirement for elementary school students in many school districts, though it is often offered as an elective or extracurricular activity through middle and high school. In elementary school, teachers introduce students to notes, pitch, rhythm and other basic choral concepts. Often, the music instructors will teach children short songs with few notes to introduce the art of singing. Middle School choirs begin to sing more difficult songs and introduce harmony, a method which will be built upon in high school.


Instrumental instruction is a area of music education dedicated to teaching students how to play an instrument through the reading of sheet music, learning of notes and practice. Students are usually introduced to basic instruments, such as the recorder, in elementary school and then decide whether or not they wish to pursue instrumental lessons in middle and high school. Each level of instrumental lessons becomes more involved and skillfully demanding. Most high schools offer band as an elective for the arts, and for students who are more dedicated to playing an instrument, many schools have selective bands that participate in performances and competitions. Instrumental teachers may also serve as general music education instructors and / or chorus teachers.


Teaching & Research Forum / English and Language Arts Teacher
« on: July 20, 2017, 02:26:48 PM »
English and language arts are two of the most basic and widely taught subjects in United States schools. The American National Council of Teachers of English separates English and language arts into five basic categories: reading, writing, speaking, listening and viewing.

In elementary school, language arts classes focus on basic reading, writing and linguistic / communication skills. Periods of silent sustained reading, cursive writing, syntax, thematic writing and vocabulary are all major focal points of elementary lessons. Through these exercises, children are expected to develop reading and writing skills at an early age.

In middle school, the English curriculum evolves and expands to include more complicated reading comprehension, such as fiction, poetry and essays. In addition, grammar and semantics become a focal point of lessons, and students begin to foster writing skills that encompass poetry, expository writing and creative writing. Students in middle school are expected to expand vocabularies and develop a mature grasp of the five categories of language arts.

High school students take mandatory English classes in which they are expected to develop analytical skills. Classes generally revolve around reading novels, essays and other forms of literature, and require students to analyze, interpret and dissect written material in order to compare, contrast and discuss elements, like theme, characters and plot. Proficient writing skills are necessary at this point as these discussions of literature typically manifest in the form of an essay or research paper. High school English is a comprehensive study, combining the five skills of language arts in order to understand literature and its value.

English is also a crucial component of college preparation, getting students ready for the extensive research and analytical skills they will be expected to utilize throughout their college careers.


Whereas language arts classes in elementary school introduce students to grammar and composition, reading classes aid students in developing their comprehension and and analytical skills. Reading classes also instruct students in vocabulary and spelling, and help them build their skills through instruction, practice and testing. The degree of reading skill increases with each grade level and prepares students for middle school and high school English, where they will apply their basic reading skills to form more complex and analytical comprehension of literature.


Teaching & Research Forum / Gifted Education
« on: July 20, 2017, 02:25:58 PM »
Understanding Gifted Education

Gifted education, also referred to as Gifted and Talented Education (GATE) or Talented and Gifted (TAG), refers to the broad set of practices, pedagogy and theories used when teaching students who have been identified as “gifted” or “talented.” While there is no universal definition of what it means to be a student who is gifted and/or talented, the National Association for Gifted Children (NAGC) defines “gifted” children and youth as those who “demonstrate outstanding levels of aptitude (defined as an exceptional ability to reason and learn) or competence (documented performance or achievement in top 10% or rarer) in one or more domains.

Domains include any structured area of activity with its own symbol system (e.g., mathematics, music, language) and/or set of sensorimotor skills (e.g., painting, dance, sports).” Unlike special education programs, gifted education programs are not federally regulated, causing services, funds and legislation to be determined by state and/or local budget restrictions. The state-regulation of gifted education services causes the definition of giftedness to vary from state to state. Visit the NAGC’s State Definitions of Giftedness for a comprehensive list of accepted definitions.

Identifying Gifted Students

TAG students demonstrate an outstanding or above-average aptitude and/or competence in one or more areas. NAGC identifies those areas of giftedness into the following six domains:
General Intellectual Ability
High IQ scores, a wide-range of general knowledge and high levels of vocabulary, memory and abstract reasoning
Specific Academic Aptitude
Outstanding performance on achievement and/or aptitude tests in one specific content area, such as math or science
Creative and Productive Thinking
Synthesize new ideas by bringing together seemingly abstract, independent or dissimilar elements. Student characteristics include preference for complexity, positive self-image and openness to experience
Leadership Ability
Successfully direct individuals or groups to a common goal or decision and capable of negotiating in difficult situations. Student characteristics include self-confidence, tendency to dominate and ability to adapt to new situations.
Visual and Performing Arts
Demonstrate special talents in art, music, dance, drama and similar studies
Psychomotor Ability
Kinesthetic learners with strong practical, spatial and mechanical skills
Twice-Exceptional (2e) Students

The term “twice-exceptional” or “2e” (also referred to as “GT/LD”) refers to students who have above-average intelligence and are identified as having one (or more) disability. Micaela Bracamonte is the principal and founder of The Lang School, a New York City private school designed exclusively for twice-exceptional students. Her article, “2e Students: Who They Are and What They Need,” discusses the typical 2e student profile, acknowledging that inconsistency in test results and overall performance is one of the “hallmarks” of twice exceptionality. She explains, “2e students typically perform at very high levels on some, but not all, of the gifted screening tests used by public schools. On the other hand, they tend to simultaneously perform very poorly on one or more of the local, state, or national standardized assessments used to measure individual student progress.” Bracamonte outlines the remaining hallmarks as including:
Evidence of a discrepancy between expected and actual achievement
Evidence of an outstanding talent or ability
Coincident evidence of a processing deficit
Gifted and Talented Education (GATE) Program Options

Due to their outstanding levels of aptitude and/or competence, gifted and talented students often find the general education curriculum unmotivating and unchallenging. There are several program delivery models available to gifted and talented students that allow these students to remain motivated and stimulated in their learning and that are aligned with students’ levels of competence and interests. While many gifted students do remain in classes with their general education peers, it is important to explore all possible options when seeking the best education for these students.
Gifted students remain in general education classes with their peers but are assigned additional/higher-level material.
Students are advanced to a higher-level class that covers material more suited to their abilities and preparedness. May include skipping grades or completing curriculum in a shorter amount of time.
Gifted students are assigned to a class with a special curricular focus outside the regular classroom for two to six hours per week.
Full Time/Self Contained
Gifted students are taught full time in a separate class or independent school, such as Long Island School for the Gifted.
Summer Enrichment
Summer programs for gifted students often focus on one particular area of study and are offered through colleges/universities, non-profit organizations and local summer camps.
Though a controversial method, families of gifted students may opt to homeschool their children if they believe the school district and/or school system does not meet the needs of their children.
Equal Rights and Advocacy

There are over 3 million academically gifted students in the United States alone, yet there are no federally mandated requirements for gifted and talented students. Currently, the Jacob Javits Gifted and Talented Students Education Act is the only federal program for gifted and talented children. This program does not establish rights for gifted children (as IDEA does for Special Education); instead, it focuses on research and advocacy for gifted children in underserved populations. This program funds the National Research Center on the Gifted and Talented and is awarded approximately $7.5 million dollars per year. According to the NAGC, funding for the Javits program is “in jeopardy each year.” It is the responsibility of state, local and federal programs to “develop new policies supporting gifted education, to remove obstacles, and to ensure adequate funding.”


Teaching & Research Forum / What is Special Education?
« on: July 20, 2017, 02:25:15 PM »
Special Education programs are designed for those students who are mentally, physically, socially and/or emotionally delayed. This aspect of “delay,” broadly categorized as a developmental delay, signify an aspect of the child's overall development (physical, cognitive, scholastic skills) which place them behind their peers. Due to these special requirements, students’ needs cannot be met within the traditional classroom environment. Special Education programs and services adapt content, teaching methodology and delivery instruction to meet the appropriate needs of each child. These services are of no cost to the family and are available to children until they reach 21 years of age. (States have services set in place for adults who are in need of specialized services after age 21.)

The Individuals with Disabilities Act (IDEA) defines Special Education as “specially designed instruction, at no cost to the parents, to meet the unique needs of a child with a disability,” but still, what exactly is Special Education? Often met with an ambiguous definition, the umbrella term of Special Education broadly identifies the academic, physical, cognitive and social-emotional instruction offered to children who are faced with one or more disabilities.

Under the IDEA, these disabilities are categorized into the following areas:

Autism Spectrum Disorder (ASD)

Autism Spectrum Disorder refers to a developmental disability that significantly affects communication (both verbal and nonverbal) and social interaction. These symptoms are typically evident before the age of three and adversely affect a child’s educational performance. Other identifying characteristics of those with ASD are engagement in repetitive activities/stereotyped movements, resistance to change in environment and daily routine and unusual responses to sensory stimuli.

Multiple disabilities

Children with multiple disabilities are those with concomitant impairments such as intellectual disability + blindness or intellectual disability + orthopedic impairment(s). This combination causes severe educational needs that cannot be met through programs designed for children with a single impairment. (Deaf-blindness is not identified as a multiple disability and is outlined separately by IDEA.)

Traumatic Brain Injury (TBI)

Traumatic brain injury refers to an acquired injury to the brain caused by external physical forces. This injury is one that results in a partial or complete functional disability and/or psychosocial impairment and must adversely affect the child’s educational performance. TBI does not include congenital or degenerative conditions or those caused by birth-related trauma.

TBI applies to injuries that result in impairments in one or more of the following areas:



Psychosocial behavior


Abstract thinking

Physical functions



Information processing




Speech/Language Impairment

Speech or language impairments refer to communications disorders such as stuttering, impaired articulation or language/voice impairments that have an adverse affect on a child’s educational performance.

Intellectual Disability

Intellectual disability is defined as a significantly below average functioning of overall intelligence that exists alongside deficits in adaptive behavior and is manifested during the child’s developmental period causing adverse affects on the child’s educational performance.

Visual Impairment (including Blindness)

Visual impairment, which includes blindness, refers to impairment in one’s vision that, even after correction, adversely affects a child’s educational performance. The term “visual impairment” is inclusive of those with partial sight and blindness.

Deaf; Hearing Impairment

Deafness means a child’s hearing impairment is so severe that it impacts the processing of linguistic information with or without amplification and adversely affects a child’s educational performance. Hearing impairment refers to an impairment (fluctuating or permanent) that adversely affects a child’s educational performance.


Deaf-blindness refers to concomitant visual and hearing impairments. This combination causes severe communication, developmental and educational needs that cannot be accommodated through special education programs solely for those children with blindness or deafness.

Developmental Delay

Developmental delay is a term designated for children birth to age nine, and is defined as a delay in one or more of the following areas: cognitive development, physical development, socio-emotional development, behavioral development or communication.

Emotional Disturbance

Emotional disturbance refers to a condition that exhibits one or more of the following characteristics both over an extended period of time and to an exceptional degree that adversely affects a child’s educational performance:

An inability to learn that cannot be explained by intellectual, sensory or health factors

An inability to build and/or maintain satisfactory interpersonal relationships with peers and teachers

Inappropriate types of behavior or feelings under normal circumstances

A general pervasive mood of unhappiness/depression

A tendency to develop physical symptoms or fears associated with personal or school problems

Emotional disturbance does not apply to children who are socially maladjusted unless they are determined to have an emotional disturbance as per IDEA’s regulations.

Specific Learning Disability

Specific learning disability refers to a range of disorders in which one or more basic psychological processes involved in the comprehensive/usage of language — both spoken or written — establishes an impairment in one’s ability to listen, think, read, write, spell and/or complete mathematical calculations. Included are conditions such as perceptual disabilities, dyslexia (also dyscalculia, dysgraphia), brain injury, minimal brain dysfunction and developmental aphasia. Specific learning disabilities do not include learning problems that are the result of visual, auditory or motor disabilities, intellectual disability, emotional disturbance or those who are placed at an environmental/economic disadvantage.

Orthopedic Impairment

Orthopedic impairment(s) refer to severe orthopedic impairments that adversely affect a child’s academic performance. Orthopedic impairment(s) include those caused by congenital anomalies and diseases, as well impairments by other causes (i.e. Cerebral Palsy).

Other Health Impairment(s)

Other health impairments refer to a limitation in strength, vitality or alertness, resulting in limited alertness to one’s educational environment. These impairments are often due to chronic or acute health problems — including ADD/ADHD, epilepsy, and Tourette’s syndrome — and adversely affect the child’s educational performance.

In order to be deemed eligible for state Special Education services, IDEA states that a student’s disability must adversely affect his or her academic achievement and/or overall educational performance. While defining these adverse effects are dependent on a student’s categorical disability, eligibility is determined through a process of evaluations by professionals such as a child’s pediatrician/specialists, school psychologists and social workers. After a student is deemed able to receive such services, their progress is annually reviewed. Read more about evaluations and IEP reviews here.


Pages: 1 2 [3] 4 5 ... 13