Standards in this Framework
| Standard | Description |
|---|---|
| C.1 | Demonstrate proficiency and skills associated with the use of technologies that are common to a specific occupation (e.g., keying speed). |
| C.2 | Identify proper netiquette when using e-mail, social media, and other technologies for communication purposes. |
| C.3 | Identify potential abuse and unethical uses of laptops, tablets, computers, and/or networks. |
| C.4 | Explain the consequences of social, illegal, and unethical uses of technology (e.g., cyberbullying, piracy; illegal downloading; licensing infringement; inappropriate uses of software, hardware, and mobile devices in the work environment). |
| C.5 | Discuss legal issues and the terms of use related to copyright laws, fair use laws, and ethics pertaining to downloading of images, photographs, documents, video, sounds, music, trademarks, and other elements for personal use. |
| C.6 | Describe ethical and legal practices of safeguarding the confidentiality of business-and personal-related information. |
| C.7 | Describe possible threats to a laptop, tablet, computer, and/or network and methods of avoiding attacks. |
| D.8 | Demonstrate respect for diversity. |
| E.1 | Demonstrate global or “big picture” thinking. |
| E.5 | Demonstrates information literacy skills. |
| E.6 | Demonstrates information security skills. |
| E.7 | Demonstrates information technology skills. |
| E.12 | Demonstrates workplace safety. |
| F.1 | Define terms related to cyber security (e.g., cyber security, information assurance, risk, risk management, cyber security services). |
| F.2 | Explain the importance of information and internet security (e.g., browser, cloud, network). |
| F.3 | Explain the concepts of confidentiality, integrity, and availability (CIA). |
| F.8 | Compare and contrast the various types of security (e.g., physical security, technological, administrative). |
| F.9 | Research national or industry standards/regulations that relate to cyber security and their impact on people, processes, and technology (e.g., news, reports, policies, subscriptions, incidents). |
| F.11 | Describe the role that cyber security plays in the private or public sector. |
| F.12 | Discuss and develop a code of ethics as related to the field of cyber security. |
| G.1 | Describe the characteristics of cyber threats, attacks, and vulnerabilities |
| G.2 | Analyze types of current cyber threats (e.g., DDoS, Phishing, cracking, social engineering). |
| G.3 | Categorize sources/originators of different types of malicious attacks (e.g., nation states, cyber criminals, hacktivists, insiders). |
| G.5 | Explain types of malware (e.g., viruses, polymorphic viruses; worms, Trojan horses, spyware, ransomware, adware). |
| G.6 | Demonstrate familiarity with malware removal (e.g. scanning systems, reviewing scan logs, malware remediation). |
| G.7 | Explain types of attacks (e.g., wireless, application, social engineering, buffer overflow attacks, backdoor). |
| G.8 | Define strategies necessary to prevent attacks. |
| H.1 | Define terms related to computer networking (e.g., LAN, WAN, wireless, protocols, topology, firewalls). |
| H.2 | Compare and contrast OSI and TCP/IP models and encapsulation concepts. |
| H.3 | Compare and contrast wired versus wireless networks. |
| H.4 | Examine the concept of the internet as a network of connected systems. |
| H.5 | Design a basic network topology. |
| I.1 | Define terms related to network security (e.g., routing, perimeter networks, security layering, Virtual Private Network (VPN), isolation). |
| I.3 | Analyze and implement security layering. |
| I.7 | Determine characteristics of firewalls (hardware and software) and when to use them. |
| I.9 | Explain how network addresses impact network security (e.g., IPv4 and IPv6 addressing, CIDR notation, public vs private networks. |
| I.10 | Use a basic command line interface (Windows and Linux) to configure communications (e.g., ipconfig, ifconfig, and net config, ping). |
| J.1 | Compare and contrast common operating systems (e.g., Windows, Linux, iOS, Android). |
| J.2 | Identify best practices for protecting operating systems (e.g., access control, separation of duties, least privilege). |
| J.4 | Describe the various types of file permissions (e.g., registry, Active Directory, basic and advanced). |
| J.5 | Implement group and audit policies. |
| J.6 | Explain the purpose and location of security and auditing logs. |
| J.7 | Define virtualization and identify its advantages and disadvantages. |
| J.8 | Define strategies necessary to prevent operating system attacks. |
| K.1 | Define terms related to identity, authorization, and authentication (e.g., passwords, biometrics, multi-factor, certificates). |
| K.2 | Describe the various types of permissions (e.g., basic, administrative, elevated). |
| K.3 | Identify types of access control (e.g., role-based access control (RBAC), mandatory access control, discretionary-based control). |
| K.4 | Describe the importance of Multifactor authentication. |
| K.5 | Analyze best practices for end-user password development and usage. |
| K.6 | Identify the system administrator’s role in setting system policies and procedures. |
| K.7 | Compare and contrast backup and restore methods. |
| L.1 | Define cryptography and its related terms (e.g., encryption, decryption, public key, and private key). |
| L.2 | Identify encryption methods (e.g., symmetric and asymmetric). |
| L.4 | Explain how the design and functionality of various encryption methods support the security of data. |
| L.5 | Demonstrate various encryption techniques (e.g., encryption algorithms, Encrypting File System (EFS), hashing, public and private keys, Public Key Infrastructure (PKI), token devices, Trusted Platform Module (TPM), Transport Layer Security (TLS). |
| M.1 | Analyze and differentiate between types of system attacks (e.g., operating systems, files, and applications). |
| M.2 | Implement security patches and updates (e.g., Active X, Java). |
| N.3 | Explain the impact of compliance frameworks on incident handling (e.g., compliance frameworks (GDPR, HIPAA, PCI-DSS, FERPA, FISMA), reporting and notification requirements). |
