Cybersecurity Foundations (2020)

From CyberEdWiki
Revision as of 22:07, 21 November 2019 by GeralynUH (talk | contribs) (Text replacement - "To complete this KU, students should be able to:" to "After completing the KU, students will be able to:")
Jump to: navigation, search

The intent of the Cybersecurity Foundations Knowledge Unit is to provide students with a basic understanding of the fundamental concepts behind cybersecurity. This is a high level introduction or familiarization of the topics, not a deep dive into specifics.


After completing the KU, students will be able to:

  1. Describe the fundamental concepts of the cyber security discipline using correct vocabulary.
  2. Formulate how people, processes, and systems are combined to build cybersecurity.
  3. Assess potential cyber attacks and the actors that might perform them.
  4. Evaluate the use of common cyber defense tools, components, and measures to be taken should system compromise occur.
  5. Examine concepts in ethics, legal, and privacy areas related to cybersecurity.


To complete this KU all topics must be covered

  1. People and security
    • Social engineering
    • Cyber Defense Partnerships (Federal, State, Local, Industry)
  2. Security Processes
    • Basic Risk Assessment/Management
    • Security Life-Cycle
  3. Threats and Adversaries (threat actors, malware, natural phenomena)
    • External
    • Internal
  4. Vulnerabilities
    • Vulnerability Scanning (core)
    • Vulnerability Windows (0-day to patch availability)
    • Data Vulnerabilities (in transmission, at rest, in processing)
  5. Common Attacks
    • Forms of Attack
  6. Appropriate Countermeasures
    • Security Mechanisms (e.g., Identification/Authentication, Audit)
    • Network Security Components (Data Loss Prevention, VPNs / Firewalls)
    • Intrusion Detection and Prevention Systems,
    • Malicious activity detection
  7. Concepts of the applications of Cryptography and PKI
    • Physical and environmental security concerns
    • Access Control Models (MAC, DAC, RBAC, Lattice)
  8. Exception Management
    • Incident Response
  9. Legal issues
  10. Ethics (Ethics associated with cybersecurity profession)
    • Professional Ethics and Codes of Conduct
    • Social Responsibility
    • Ethical Hacking



Advanced persistent threat (APT), attacker, Block ciphers, DoS, DDoS, malware, mitigations, residual risk, risk, stream ciphers, vulnerability

NICE Framework Categories

CSEC 2017 Categories

Specialization Areas

Because it is a Foundational KU, it is by default in all Specialization Areas.

See also

Related Knowledge Units

Further reading

Suggested textbooks

For a strong technical approach:

  • Security in Computing, 5th edition by Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, February 2015, Prentice Hall.

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials


Reference ID