Standards in this Framework
| Standard | Description |
|---|---|
| 130.428.1A | (A) identify and demonstrate employable work behaviors such as regular attendance, punctuality, maintenance of a professional work environment, and effective written and verbal communication; |
| 130.428.1B | (B) identify and demonstrate positive personal qualities such as authenticity, resilience, initiative, and a willingness to learn new knowledge and skills; |
| 130.428.1C | (C) solve problems and think critically; |
| 130.428.1D | (D) demonstrate leadership skills and function effectively as a team member; and |
| 130.428.1E | (E) demonstrate an understanding of ethical and legal responsibilities in relation to the field of cybersecurity. |
| 130.428.2A | (A) identify job and internship opportunities as well as accompanying duties and tasks; |
| 130.428.2B | (B) research careers in cybersecurity and information assurance along with the education and job skills required for obtaining a job in both the public and private sectors; |
| 130.428.2C | (C) identify and discuss certifications for cybersecurity-related careers; and |
| 130.428.2D | (D) research and develop resumes, digital portfolios, or professional profiles in the cybersecurity field. |
| 130.428.3A | (A) demonstrate and advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers; |
| 130.428.3B | (B) research local, state, national, and international cyber law such as the PATRIOT Act of 2001, General Data Protection Regulation, and Digital Millennium Copyright Act; |
| 130.428.3C | (C) research historic cases or events regarding cyber; |
| 130.428.3D | (D) demonstrate an understanding of ethical and legal behavior when presented with various scenarios related to cyber activities; |
| 130.428.3E | (E) define and identify techniques such as hacking, phishing, social engineering, online piracy, spoofing, and data vandalism; and |
| 130.428.3F | (F) identify and use appropriate methods for citing sources. |
| 130.428.4A | (A) identify motivations for hacking; |
| 130.428.4B | (B) identify and describe the impact of cyberattacks on the global community, society, and individuals; |
| 130.428.4C | (C) distinguish between a cyber attacker and a cyber defender; |
| 130.428.4D | (D) differentiate types of hackers such as black hats, white hats, and gray hats; |
| 130.428.4E | (E) determine possible outcomes and legal ramifications of ethical versus malicious hacking practices; and |
| 130.428.4F | (F) debate the varying perspectives of ethical versus malicious hacking. |
| 130.428.5A | (A) define cyberterrorism, state-sponsored cyberterrorism, and hacktivism; |
| 130.428.5B | (B) compare and contrast physical terrorism and cyberterrorism, including domestic and foreign actors; |
| 130.428.5C | (C) define and explain intelligence gathering and counterterrorism; |
| 130.428.5D | (D) identify the role of cyber defenders in protecting national interests and corporations; |
| 130.428.5E | (E) identify the role of cyber defense in society and the global economy; and |
| 130.428.5F | (F) explain the importance of protecting public infrastructures such as electrical power grids, water systems, pipelines, transportation, and nuclear plants. |
| 130.428.6A | (A) identify and understand the nature and value of privacy; |
| 130.428.6B | (B) analyze the positive and negative implications of a digital footprint and the maintenance and monitoring of an online presence; |
| 130.428.6C | (C) discuss the role and impact of technology on privacy; |
| 130.428.6D | (D) identify the signs, emotional effects, and legal consequences of cyberbullying and cyberstalking; and |
| 130.428.6E | (E) identify and discuss effective ways to prevent, deter, and report cyberbullying. |
| 130.428.7A | (A) define information security and cyber defense; |
| 130.428.7B | (B) identify basic risk management and risk assessment principles related to cybersecurity threats and vulnerabilities; |
| 130.428.7C | (C) explain the fundamental concepts of confidentiality, integrity, availability, authentication, and authorization; |
| 130.428.7D | (D) describe the inverse relationship between privacy and security; |
| 130.428.7E | (E) identify and analyze cybersecurity breaches and incident responses; |
| 130.428.7F | (F) identify and analyze security concerns in areas such as physical, network, cloud, and web; |
| 130.428.7G | (G) define and discuss challenges faced by cybersecurity professionals; |
| 130.428.7H | (H) identify common risks, alerts, and warning signs of compromised computer and network systems; |
| 130.428.7I | (I) understand and explore the vulnerability of network-connected devices; and |
| 130.428.7J | (J) use appropriate cybersecurity terminology. |
| 130.428.8A | (A) define malware, including spyware, ransomware, viruses, and rootkits; |
| 130.428.8B | (B) identify the transmission and function of malware such as Trojans, worms, and viruses; |
| 130.428.8C | (C) discuss the impact malware has had on the cybersecurity landscape; |
| 130.428.8D | (D) explain the role of reverse engineering for detecting malware and viruses; |
| 130.428.8E | (E) compare free and commercial antivirus software alternatives; and |
| 130.428.8F | (F) compare free and commercial anti-malware software alternatives. |
| 130.428.9A | (A) define system hardening; |
| 130.428.9B | (B) demonstrate basic use of system administration privileges; |
| 130.428.9C | (C) explain the importance of patching operating systems; |
| 130.428.9D | (D) explain the importance of software updates; |
| 130.428.9E | (E) describe standard practices to configure system services; |
| 130.428.9F | (F) explain the importance of backup files; and |
| 130.428.9G | (G) research and understand standard practices for securing computers, networks, and operating systems. |
| 130.428.10A | (A) identify basic network addressing and devices, including switches and routers; |
| 130.428.10B | (B) analyze incoming and outgoing rules for traffic passing through a firewall; |
| 130.428.10C | (C) identify well known ports by number and service provided, including port 22 (ssh), port 80 (http), and port 443 (https); |
| 130.428.10D | (D) identify commonly exploited ports and services, including ports 20 and 21 (ftp) and port 23 (telnet); and |
| 130.428.10E | (E) identify common tools for monitoring ports and network traffic. |
| 130.428.11A | (A) define what constitutes a secure password; |
| 130.428.11B | (B) create a secure password policy, including length, complexity, account lockout, and rotation; |
| 130.428.11C | (C) identify methods of password cracking such as brute force and dictionary attacks; and |
| 130.428.11D | (D) examine and configure security options to allow and restrict access based on user roles. |
| 130.428.12A | (A) identify the different types of user accounts and groups on an operating system; |
| 130.428.12B | (B) explain the fundamental concepts and standard practices related to access control, including authentication, authorization, and accounting; |
| 130.428.12C | (C) compare methods for single- and dual-factor authentication such as passwords, biometrics, personal identification numbers (PINs), and security tokens; |
| 130.428.12D | (D) define and explain the purpose of an air-gapped computer; and |
| 130.428.12E | (E) explain how hashes and checksums may be used to validate the integrity of transferred data. |
| 130.428.13A | (A) explain the importance of digital forensics to law enforcement, government agencies, and corporations; |
| 130.428.13B | (B) identify the role of chain of custody in digital forensics; |
| 130.428.13C | (C) explain the four steps of the forensics process, including collection, examination, analysis, and reporting; |
| 130.428.13D | (D) identify when a digital forensics investigation is necessary; |
| 130.428.13E | (E) identify information that can be recovered from digital forensics investigations such as metadata and event logs; and |
| 130.428.13F | (F) analyze the purpose of event logs and identify suspicious activity. |
| 130.428.14A | (A) explain the purpose of cryptography and encrypting data; |
| 130.428.14B | (B) research historical uses of cryptography; and |
| 130.428.14C | (C) review simple cryptography methods such as shift cipher and substitution cipher. |
| 130.428.15A | (A) define and describe vulnerability, payload, exploit, port scanning, and packet sniffing as they relate to hacking; |
| 130.428.15B | (B) define and describe cyberattacks, including man-in-the-middle, distributed denial of service, and spoofing; |
| 130.428.15C | (C) explain how computer vulnerabilities leave systems open to cyberattacks; |
| 130.428.15D | (D) identify threats to systems such as back-door attacks and insider threats; |
| 130.428.15E | (E) differentiate types of social engineering attacks such as phishing, shoulder surfing, hoaxes, and dumpster diving; |
| 130.428.15F | (F) explain how users are the most common vehicle for compromising a system at the application level; and |
| 130.428.15G | (G) identify various types of application-specific attacks. |
| 130.428.16A | (A) identify internal and external threats to computer systems; |
| 130.428.16B | (B) identify the capabilities of vulnerability assessment tools, including open source tools; and |
| 130.428.16C | (C) explain the concept of penetration testing, tools, and techniques. |
| 130.428.17A | (A) compare risks associated with connecting devices to public and private wireless networks; |
| 130.428.17B | (B) explain device vulnerabilities and security solutions on a wireless network; |
| 130.428.17C | (C) compare wireless encryption protocols; |
| 130.428.17D | (D) debate the broadcasting or hiding of a wireless service set identifier (SSID); and |
| 130.428.17E | (E) research and discuss wireless threats such as MAC spoofing and war driving. |
| 130.428.18A | (A) define application security; |
| 130.428.18B | (B) identify methods of application security such as secure development practices; |
| 130.428.18C | (C) discuss methods of online spoofing such as web links in email, instant messaging, social media, and other online communication with malicious links; |
| 130.428.18D | (D) explain the purpose and function of vulnerability scanners; |
| 130.428.18E | (E) explain how coding errors may create system vulnerabilities; and |
| 130.428.18F | (F) analyze the risks of distributing insecure programs. |
| 130.428.19A | (A) describe the impact of granting applications unnecessary permissions; |
| 130.428.19B | (B) describe the risks of granting third parties access to personal and proprietary data on social media and systems; and |
| 130.428.19C | (C) describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements. |
