Cybersecurity Foundations (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Cybersecurity Foundations Knowledge Unit is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high level introduction or familiarization of the topics, not a deep dive into specifics.

Outcomes[edit]

After completing the KU, students will be able to:

  1. Describe the fundamental concepts of the cybersecurity discipline using correct vocabulary.
  2. Formulate how people, processes, and systems are combined to build cybersecurity.
  3. Assess potential cyber attacks and the actors that might perform them.
  4. Evaluate the use of common cyber defense tools, components, and measures to be taken should system compromise occur.
  5. Examine concepts in ethics, legal, and privacy areas related to cybersecurity.

Topics[edit]

To complete this KU all topics must be covered

  1. People and security
    • Social engineering
    • Cyber Defense Partnerships (Federal, State, Local, Industry)
  2. Security Processes
    • Basic Risk Assessment/Management
    • Security Life-Cycle
  3. Threats and Adversaries (threat actors, malware, natural phenomena)
    • External
    • Internal
  4. Vulnerabilities
    • Vulnerability Scanning (core)
    • Vulnerability Windows (0-day to patch availability)
    • Data Vulnerabilities (in transmission, at rest, in processing)
  5. Common Attacks
    • Forms of Attack
  6. Appropriate Countermeasures
    • Security Mechanisms (e.g., Identification/Authentication, Audit)
    • Network Security Components (Data Loss Prevention, VPNs / Firewalls)
    • Intrusion Detection and Prevention Systems,
    • Malicious activity detection
  7. Concepts of the applications of Cryptography and PKI
    • Physical and environmental security concerns
    • Access Control Models (MAC, DAC, RBAC, Lattice)
  8. Exception Management
    • Incident Response
  9. Legal issues
  10. Ethics (Ethics associated with cybersecurity profession)
    • Professional Ethics and Codes of Conduct
    • Social Responsibility
    • Ethical Hacking

Skills[edit]

Vocabulary[edit]

Advanced persistent threat (APT), attacker, Block ciphers, DoS, DDoS, malware, mitigations, residual risk, risk, stream ciphers, vulnerability

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

Because it is a Foundational KU, it is by default in all Specialization Areas.

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

For a strong technical approach:

  • Security in Computing, 5th edition by Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, February 2015, Prentice Hall.

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

CSF