Cybersecurity Foundations (2020)
The intent of the Cybersecurity Foundations Knowledge Unit is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high level introduction or familiarization of the topics, not a deep dive into specifics.
- 1 Outcomes
- 2 Topics
- 3 Skills
- 4 Vocabulary
- 5 NICE Framework Categories
- 6 Specialization Areas
- 7 See also
- 8 Further reading
- 9 Sample knowledge test
- 10 Sample skills test
- 11 Sample abilities test
- 12 Additional notes or materials
- 13 Contacts
- 14 Reference ID
To complete this KU, students should be able to:
- Properly use the vocabulary associated with cyber security.
- Describe the fundamental concepts of the cyber security discipline.
- Explain how people, processes, and systems are combined to build cybersecurity.
- Review potential cyber attacks and the actors that might perform them.
- Describe common cyber defense tools, methods and components.
- Outline appropriate measures to be taken should a system compromise occur.
- Review concepts in ethics, legal, and privacy areas related to cybersecurity.
To complete this KU all topics must be covered
- Security Concepts
- Confidentiality, Integrity, Availability
- Identification, Authentication, Authorization, Non-Repudiation
- Critical infrastructures
- Security Models (Bell-La Padula, Biba, Clark Wilson, Brewer Nash, Multi-level security)
- People and security
- Social engineering
- Cyber Defense Partnerships (Federal, State, Local, Industry)
- Security Processes
- Basic Risk Assessment/Management
- Security Life-Cycle
- Threats and Adversaries (threat actors, malware, natural phenomena)
- Vulnerability Scanning (core)
- Vulnerability Windows (0-day to patch availability)
- Data Vulnerabilities (in transmission, at rest, in processing)
- Common Attacks
- Forms of Attack
- Appropriate Countermeasures
- Security Mechanisms (e.g., Identification/Authentication, Audit)
- Network Security Components (Data Loss Prevention, VPNs / Firewalls)
- Intrusion Detection and Prevention Systems,
- Malicious activity detection# Concepts of the applications of Cryptography and PKI
- Physical and environmental security concerns
- Access Control Models (MAC, DAC, RBAC, Lattice)
- Exception Management
- Incident Response
- Legal issues
- Ethics (Ethics associated with cybersecurity profession)
Advanced persistent threat (APT), attacker, Block ciphers, DoS, DDoS, malware, mitigations, residual risk, risk, stream ciphers, vulnerability
NICE Framework Categories
Because it is a Foundational KU, it is by default in all Specialization Areas.
Related Knowledge Units
For a strong technical approach:
- Security in Computing, 5th edition by Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, February 2015, Prentice Hall.
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials