Cybersecurity Foundations (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Cybersecurity Foundations Knowledge Unit is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high level introduction or familiarization of the topics, not a deep dive into specifics.

Outcomes[edit]

To complete this KU, students should be able to:

  1. Properly use the vocabulary associated with cyber security.
  2. Describe the fundamental concepts of the cyber security discipline.
  3. Explain how people, processes, and systems are combined to build cybersecurity.
  4. Review potential cyber attacks and the actors that might perform them.
  5. Describe common cyber defense tools, methods and components.
  6. Outline appropriate measures to be taken should a system compromise occur.
  7. Review concepts in ethics, legal, and privacy areas related to cybersecurity.

Topics[edit]

To complete this KU all topics must be covered

  1. Security Concepts
    • Confidentiality, Integrity, Availability
    • Access
    • Identification, Authentication, Authorization, Non-Repudiation
    • Privacy
    • Critical infrastructures
    • Security Models (Bell-La Padula, Biba, Clark Wilson, Brewer Nash, Multi-level security)
  2. People and security
    • Social engineering
    • Cyber Defense Partnerships (Federal, State, Local, Industry)
  3. Security Processes
    • Basic Risk Assessment/Management
    • Security Life-Cycle
  4. Threats and Adversaries (threat actors, malware, natural phenomena)
    • External
    • Internal
  5. Vulnerabilities
    • Vulnerability Scanning (core)
    • Vulnerability Windows (0-day to patch availability)
    • Data Vulnerabilities (in transmission, at rest, in processing)
  6. Common Attacks
    • Forms of Attack
  7. Appropriate Countermeasures
    • Security Mechanisms (e.g., Identification/Authentication, Audit)
    • Network Security Components (Data Loss Prevention, VPNs / Firewalls)
    • Intrusion Detection and Prevention Systems,
    • Malicious activity detection# Concepts of the applications of Cryptography and PKI
    • Physical and environmental security concerns
    • Access Control Models (MAC, DAC, RBAC, Lattice)
  8. Exception Management
    • Incident Response
  9. Legal issues
  10. Ethics (Ethics associated with cybersecurity profession)

Skills[edit]

Vocabulary[edit]

Advanced persistent threat (APT), attacker, Block ciphers, DoS, DDoS, malware, mitigations, residual risk, risk, stream ciphers, vulnerability

NICE Framework Categories[edit]

Specialization Areas[edit]

Because it is a Foundational KU, it is by default in all Specialization Areas.

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

For a strong technical approach:

  • Security in Computing, 5th edition by Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, February 2015, Prentice Hall.

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

CSF