Standards in this Framework
| Standard | Lessons |
|---|---|
|
130.428.1A
(A) identify and demonstrate employable work behaviors such as regular attendance, punctuality, maintenance of a professional work environment, and effective written and verbal communication; |
|
|
130.428.1B
(B) identify and demonstrate positive personal qualities such as authenticity, resilience, initiative, and a willingness to learn new knowledge and skills; |
|
|
130.428.1C
(C) solve problems and think critically; |
|
|
130.428.1D
(D) demonstrate leadership skills and function effectively as a team member; and |
|
|
130.428.1E
(E) demonstrate an understanding of ethical and legal responsibilities in relation to the field of cybersecurity. |
|
|
130.428.2A
(A) identify job and internship opportunities as well as accompanying duties and tasks; |
|
|
130.428.2B
(B) research careers in cybersecurity and information assurance along with the education and job skills required for obtaining a job in both the public and private sectors; |
|
|
130.428.2C
(C) identify and discuss certifications for cybersecurity-related careers; and |
|
|
130.428.2D
(D) research and develop resumes, digital portfolios, or professional profiles in the cybersecurity field. |
|
|
130.428.3A
(A) demonstrate and advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers; |
|
|
130.428.3B
(B) research local, state, national, and international cyber law such as the PATRIOT Act of 2001, General Data Protection Regulation, and Digital Millennium Copyright Act; |
|
|
130.428.3C
(C) research historic cases or events regarding cyber; |
|
|
130.428.3D
(D) demonstrate an understanding of ethical and legal behavior when presented with various scenarios related to cyber activities; |
|
|
130.428.3E
(E) define and identify techniques such as hacking, phishing, social engineering, online piracy, spoofing, and data vandalism; and |
|
|
130.428.3F
(F) identify and use appropriate methods for citing sources. |
|
|
130.428.4A
(A) identify motivations for hacking; |
|
|
130.428.4B
(B) identify and describe the impact of cyberattacks on the global community, society, and individuals; |
|
|
130.428.4C
(C) distinguish between a cyber attacker and a cyber defender; |
|
|
130.428.4D
(D) differentiate types of hackers such as black hats, white hats, and gray hats; |
|
|
130.428.4E
(E) determine possible outcomes and legal ramifications of ethical versus malicious hacking practices; and |
|
|
130.428.4F
(F) debate the varying perspectives of ethical versus malicious hacking. |
|
|
130.428.5A
(A) define cyberterrorism, state-sponsored cyberterrorism, and hacktivism; |
|
|
130.428.5B
(B) compare and contrast physical terrorism and cyberterrorism, including domestic and foreign actors; |
|
|
130.428.5C
(C) define and explain intelligence gathering and counterterrorism; |
|
|
130.428.5D
(D) identify the role of cyber defenders in protecting national interests and corporations; |
|
|
130.428.5E
(E) identify the role of cyber defense in society and the global economy; and |
|
|
130.428.5F
(F) explain the importance of protecting public infrastructures such as electrical power grids, water systems, pipelines, transportation, and nuclear plants. |
|
|
130.428.6A
(A) identify and understand the nature and value of privacy; |
|
|
130.428.6B
(B) analyze the positive and negative implications of a digital footprint and the maintenance and monitoring of an online presence; |
|
|
130.428.6C
(C) discuss the role and impact of technology on privacy; |
|
|
130.428.6D
(D) identify the signs, emotional effects, and legal consequences of cyberbullying and cyberstalking; and |
|
|
130.428.6E
(E) identify and discuss effective ways to prevent, deter, and report cyberbullying. |
|
|
130.428.7A
(A) define information security and cyber defense; |
|
|
130.428.7B
(B) identify basic risk management and risk assessment principles related to cybersecurity threats and vulnerabilities; |
|
|
130.428.7C
(C) explain the fundamental concepts of confidentiality, integrity, availability, authentication, and authorization; |
|
|
130.428.7D
(D) describe the inverse relationship between privacy and security; |
|
|
130.428.7E
(E) identify and analyze cybersecurity breaches and incident responses; |
|
|
130.428.7F
(F) identify and analyze security concerns in areas such as physical, network, cloud, and web; |
|
|
130.428.7G
(G) define and discuss challenges faced by cybersecurity professionals; |
|
|
130.428.7H
(H) identify common risks, alerts, and warning signs of compromised computer and network systems; |
|
|
130.428.7I
(I) understand and explore the vulnerability of network-connected devices; and |
|
|
130.428.7J
(J) use appropriate cybersecurity terminology. |
|
|
130.428.8A
(A) define malware, including spyware, ransomware, viruses, and rootkits; |
|
|
130.428.8B
(B) identify the transmission and function of malware such as Trojans, worms, and viruses; |
|
|
130.428.8C
(C) discuss the impact malware has had on the cybersecurity landscape; |
|
|
130.428.8D
(D) explain the role of reverse engineering for detecting malware and viruses; |
|
|
130.428.8E
(E) compare free and commercial antivirus software alternatives; and |
|
|
130.428.8F
(F) compare free and commercial anti-malware software alternatives. |
|
|
130.428.9A
(A) define system hardening; |
|
|
130.428.9B
(B) demonstrate basic use of system administration privileges; |
|
|
130.428.9C
(C) explain the importance of patching operating systems; |
|
|
130.428.9D
(D) explain the importance of software updates; |
|
|
130.428.9E
(E) describe standard practices to configure system services; |
|
|
130.428.9F
(F) explain the importance of backup files; and |
|
|
130.428.9G
(G) research and understand standard practices for securing computers, networks, and operating systems. |
|
|
130.428.10A
(A) identify basic network addressing and devices, including switches and routers; |
|
|
130.428.10B
(B) analyze incoming and outgoing rules for traffic passing through a firewall; |
|
|
130.428.10C
(C) identify well known ports by number and service provided, including port 22 (ssh), port 80 (http), and port 443 (https); |
|
|
130.428.10D
(D) identify commonly exploited ports and services, including ports 20 and 21 (ftp) and port 23 (telnet); and |
|
|
130.428.10E
(E) identify common tools for monitoring ports and network traffic. |
|
|
130.428.11A
(A) define what constitutes a secure password; |
|
|
130.428.11B
(B) create a secure password policy, including length, complexity, account lockout, and rotation; |
|
|
130.428.11C
(C) identify methods of password cracking such as brute force and dictionary attacks; and |
|
|
130.428.11D
(D) examine and configure security options to allow and restrict access based on user roles. |
|
|
130.428.12A
(A) identify the different types of user accounts and groups on an operating system; |
|
|
130.428.12B
(B) explain the fundamental concepts and standard practices related to access control, including authentication, authorization, and accounting; |
|
|
130.428.12C
(C) compare methods for single- and dual-factor authentication such as passwords, biometrics, personal identification numbers (PINs), and security tokens; |
|
|
130.428.12D
(D) define and explain the purpose of an air-gapped computer; and |
|
|
130.428.12E
(E) explain how hashes and checksums may be used to validate the integrity of transferred data. |
|
|
130.428.13A
(A) explain the importance of digital forensics to law enforcement, government agencies, and corporations; |
|
|
130.428.13B
(B) identify the role of chain of custody in digital forensics; |
|
|
130.428.13C
(C) explain the four steps of the forensics process, including collection, examination, analysis, and reporting; |
|
|
130.428.13D
(D) identify when a digital forensics investigation is necessary; |
|
|
130.428.13E
(E) identify information that can be recovered from digital forensics investigations such as metadata and event logs; and |
|
|
130.428.13F
(F) analyze the purpose of event logs and identify suspicious activity. |
|
|
130.428.14A
(A) explain the purpose of cryptography and encrypting data; |
|
|
130.428.14B
(B) research historical uses of cryptography; and |
|
|
130.428.14C
(C) review simple cryptography methods such as shift cipher and substitution cipher. |
|
|
130.428.15A
(A) define and describe vulnerability, payload, exploit, port scanning, and packet sniffing as they relate to hacking; |
|
|
130.428.15B
(B) define and describe cyberattacks, including man-in-the-middle, distributed denial of service, and spoofing; |
|
|
130.428.15C
(C) explain how computer vulnerabilities leave systems open to cyberattacks; |
|
|
130.428.15D
(D) identify threats to systems such as back-door attacks and insider threats; |
|
|
130.428.15E
(E) differentiate types of social engineering attacks such as phishing, shoulder surfing, hoaxes, and dumpster diving; |
|
|
130.428.15F
(F) explain how users are the most common vehicle for compromising a system at the application level; and |
|
|
130.428.15G
(G) identify various types of application-specific attacks. |
|
|
130.428.16A
(A) identify internal and external threats to computer systems; |
|
|
130.428.16B
(B) identify the capabilities of vulnerability assessment tools, including open source tools; and |
|
|
130.428.16C
(C) explain the concept of penetration testing, tools, and techniques. |
|
|
130.428.17A
(A) compare risks associated with connecting devices to public and private wireless networks; |
|
|
130.428.17B
(B) explain device vulnerabilities and security solutions on a wireless network; |
|
|
130.428.17C
(C) compare wireless encryption protocols; |
|
|
130.428.17D
(D) debate the broadcasting or hiding of a wireless service set identifier (SSID); and |
|
|
130.428.17E
(E) research and discuss wireless threats such as MAC spoofing and war driving. |
|
|
130.428.18A
(A) define application security; |
|
|
130.428.18B
(B) identify methods of application security such as secure development practices; |
|
|
130.428.18C
(C) discuss methods of online spoofing such as web links in email, instant messaging, social media, and other online communication with malicious links; |
|
|
130.428.18D
(D) explain the purpose and function of vulnerability scanners; |
|
|
130.428.18E
(E) explain how coding errors may create system vulnerabilities; and |
|
|
130.428.18F
(F) analyze the risks of distributing insecure programs. |
|
|
130.428.19A
(A) describe the impact of granting applications unnecessary permissions; |
|
|
130.428.19B
(B) describe the risks of granting third parties access to personal and proprietary data on social media and systems; and |
|
|
130.428.19C
(C) describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements. |
|
