Standard 1
Understand Careers and Professional organizations in Cybersecurity.

1. Identify careers in Cybersecurity.
   
2. Identify education and/or certifications needed to work in the Cybersecurity field.
   
3. Identify Cybersecurity professional organizations.
   

Standard 2
Understand Ethics of Cybersecurity

1. Understand the different categories of hacking including: authorized hacker, unauthorized hacker, semi­ authorized hacker.
   
2. Understand the purpose of an Acceptable Use Policy.
   
3. Understand the major events in Cybersecurity that have influenced the laws and governance of Cybersecurity.
   

Standard 1
Understand core security principles.

1. Understand the concepts of the cia triad (confidentiality, integrity, availability).
   
2. Understand how threat and risk impact principles; principles of least privilege.
   
3. Understand the purpose ofthe NIST Security Framework.
   
4. Understand what Personally Identifiable Information (PII) is and the importance of securing it.
   

Standard 2
Understand physical security.

1. Understand site security - tailgating, limited access, door locks, server locks, cable locks.
   
2. Understand device security -
   
   • Removable devices and drives - juice jacking and evil usbs
   • Access control - remote device wipe, password lockout, data recovery on lost/ stolen devices, and device destruction.
   • Reformatting a device - partial vs full write.

Standard 3
Understand Internet security.

1. Understand browser settings including things like password management, cookies, and storing personal information.
   
2. Understand the difference between http and https. How to identify if a website is secure.
   

Standard 1
Understand Social Engineering

1. Understand the definition and intent of social engineering.
   
2. Understand the principles of social engineering - authority, intimidation, consensus, scarcity, urgency, familiarity/ trust.
   

Standard 2
Understand types of Social Engineering

1. Understand the methods and prevention of the following social engineering methods - Phishing (and similar attacks), tailgating, shoulder surfing, dumpster diving, reconnaissance, and watering holes.
   

Standard 1
Understand user authentication.

1. Understand multifactor, smart cards, and RADIUS (Remote Authentication Dial-In User Service)
   
2. Understand the certificate chain, biometrics, Kerberos, and time skew using Run As to perform administrative tasks and password reset procedures.
   
3. Disable Log On Locally and guest accounts.
   

Standard 2
Understand permissions.

1. Understand the following: file; share; registry; Active Directory; enabling or disabling inheritance.
   
2. Understand behavior when copying and moving files within the same disk or onto another disk.
   
3. Understand basic and advanced user permissions; take ownership; delegation.
   
4. Understand multiple user groups and that users can belong to multiple groups.
   
5. Understand operating systems native encryption options.
   

Standard 3
Understand password policies.

1. Understand password policies: password complexity; account lockout; password length; password history; enforce by using group policies; and common attack methods; avoid common passwords or phrases.
   

Standard 1
Understand encryption.

1. Understand the history of encryption - Caesar, Enigma, Vigenere ciphers.
   
2. Understand public key and private keys and how they are implemented.
   
3. Understand the implementation and recognize the following encryption algorithms - MDS, SHA-256, AES, RSA.
   
4. Understand certificate properties; certificate services; PKI/ certificate services infrastructure; and token devices.
   

Standard 1
Understand malware.

1. Understand the major malware attacks throughout history - WannaCry, Stuxnet, Code Red, Morris worm, iloveyou.
   
2. Understand the difference between common pieces of malware - viruses, worms, Trojans, ransomware, spyware, adware, and rogue security software.
   

Standard 2
Understand vulnerabilities.

1. Understand the following vulnerabilities: buffer overflow, backdoors, Spectre, Meltdown, log4j.
   

Standard 3
Understand how to protect against malware & vulnerabilities.

1. Understand how vulnerabilities are prevented.
   
2. Understand how and why you should keep your software and devices up to date.
   
3. Understand antivirus software and how to remove a virus when a machine is infected and verify that the virus is removed.
   

Standard 1
Understand dedicated firewalls.

1. Understand the types of hardware firewalls and their characteristics.
   
2. Understand when to use a hardware firewall instead of a software firewall.
   
3. Understand the difference between stateful vs. stateless inspection.
   

Standard 2
Understand Network Access Protection (NAP).

1. Understand the purpose of NAP and when to use NAP.
   

Standard 3
Understand network isolation.

1. Understand network isolation: VLANs (Virtual Local Area Network); routing; NAT (Network Address Translation); VPN (Virtual Private Network); IPsec (Internet Protocol Security)
   
2. Understand device isolation: DMZ(Demilitarized zone); Server and Domain Isolation.
   
3. Understand the purpose of a honeypot.
   

Standard 4
Understand protocol security.

1. Understand the following: protocol spoofing; IPsec; tunneling; DNSsec (Domain Name System Security Extensions)
   
2. Understand how a network sniffer works and how to use one on a network.
   

Standard 5
Understand wireless security.

1. Understand advantages and disadvantages of specific security types; network keys, SSID (Service Set Identifier), and MAC (Message Authentication Code or Mandatory Access Code) filters.
   

Workplace Skills

1. Problem Solving
   
2. Critical Thinking
   
3. Legal Requirements/Expectations