Cybersecurity Foundations (2020)
The intent of the Cybersecurity Foundations Knowledge Unit is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high level introduction or familiarization of the topics, not a deep dive into specifics.
- 1 Outcomes
- 2 Topics
- 3 Skills
- 4 Vocabulary
- 5 NICE Framework Categories
- 6 CSEC 2017 Categories
- 7 Specialization Areas
- 8 See also
- 9 Further reading
- 10 Sample knowledge test
- 11 Sample skills test
- 12 Sample abilities test
- 13 Additional notes or materials
- 14 Contacts
- 15 Reference ID
After completing the KU, students will be able to:
- Describe the fundamental concepts of the cyber security discipline using correct vocabulary.
- Formulate how people, processes, and systems are combined to build cybersecurity.
- Assess potential cyber attacks and the actors that might perform them.
- Evaluate the use of common cyber defense tools, components, and measures to be taken should system compromise occur.
- Examine concepts in ethics, legal, and privacy areas related to cybersecurity.
To complete this KU all topics must be covered
- People and security
- Social engineering
- Cyber Defense Partnerships (Federal, State, Local, Industry)
- Security Processes
- Basic Risk Assessment/Management
- Security Life-Cycle
- Threats and Adversaries (threat actors, malware, natural phenomena)
- Vulnerability Scanning (core)
- Vulnerability Windows (0-day to patch availability)
- Data Vulnerabilities (in transmission, at rest, in processing)
- Common Attacks
- Forms of Attack
- Appropriate Countermeasures
- Security Mechanisms (e.g., Identification/Authentication, Audit)
- Network Security Components (Data Loss Prevention, VPNs / Firewalls)
- Intrusion Detection and Prevention Systems,
- Malicious activity detection
- Concepts of the applications of Cryptography and PKI
- Physical and environmental security concerns
- Access Control Models (MAC, DAC, RBAC, Lattice)
- Exception Management
- Incident Response
- Legal issues
- Ethics (Ethics associated with cybersecurity profession)
- Professional Ethics and Codes of Conduct
- Social Responsibility
- Ethical Hacking
Advanced persistent threat (APT), attacker, Block ciphers, DoS, DDoS, malware, mitigations, residual risk, risk, stream ciphers, vulnerability
NICE Framework Categories
CSEC 2017 Categories
Because it is a Foundational KU, it is by default in all Specialization Areas.
Related Knowledge Units
For a strong technical approach:
- Security in Computing, 5th edition by Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, February 2015, Prentice Hall.
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials