Principles of Cyber Defense and Ethics
Printable Version (pdf)
Course Introduction
This course will provide a comprehensive view of Cybersecurity across an organization. You will learn how to use features of modern operating systems to enhance an organization's security, understand inherent weaknesses in wireless and wired networks, and be better equipped to protect your employer's and your own information. As a prerequisite to advanced topics in ethical hacking, incident response and digital forensics, you will also learn about Cybersecurity career paths and how to further develop your skills in these areas.
Core Standards of the Course
Strand 1
Understanding Security Layers.
Standard 1
Understand core security principles.
-
Understand the concepts of confidentiality, integrity, availability.
-
Understand how threat and risk impact principles; principles of least privilege; social engineering; and attack surface.
Standard 2
Understand physical security.
-
Understand site security, computer security, removable devices and drives, access control, mobile device security, disable Log On Locally, and key loggers.
Standard 3
Understand internet security.
-
Understand browser settings, zones, and secure Web sites.
Standard 4
Understand wireless security.
-
Understand advantages and disadvantages of specific security types; keys, SSID, and MAC filters.
Strand 2
Understanding Operating System Security.
Standard 1
Understand user authentication.
-
Understand multifactor, smart cards, RADIUS, and Public Key Infrastructure (PKI).
-
Understand the certificate chain, biometrics, Kerberos, and time skew using Run Asto perform administrative tasks and password reset procedures.
Standard 2
Understand permissions.
-
Understand the following: file; share; registry; Active Directory; NTFS vs. FAT; enabling or disabling inheritance; behavior when copying or moving files within the same disk or onto another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; and delegation.
Standard 3
Understand password policies.
-
Understand the following: password complexity; account lockout; password length; password history; time between password changes; enforce by using group policies; and common attach methods.
Standard 4
Understand audit policies.
-
Understand the following: types of auditing; what can be audited; enabling auditing; what to audit for specific purposes; where to save audit information; and how to secure audit information.
Standard 5
Understand encryption.
-
Understand the following: EFS; how EFS-encrypted folders impact moving and copying files; BitLocker (ToGo); Trusted Platform Module (TPM); software-based encryption; MAIL encryption and signing and other uses; VON; public key and private key; encryption algorithms; certificate properties; certificate services; PKI/certificate services infrastructure; and token devices.
Standard 6
Understand malware.
-
Understand the following: buffer overflow; worms; Trojans; and spyware.
Strand 3
Understanding Network Security.
Standard 1
Understand dedicated firewalls.
-
Understand the types of hardware firewalls and their characteristics.
-
Understand when to use a hardware firewall instead of a software firewall and stateful vs. stateless inspection.
Standard 2
Understand Network Access Protection (NAP).
-
Understand the purpose of NAP and the requirements for NAP.
Standard 3
Understand network isolation.
-
Understand the following: VLANs; routing; honeypot; DMZ; NAT; VPN; IPsec; and Server and Domain Isolation.
Standard 4
Understand protocol security.
-
Understand the following: protocol spoofing; IPsec; tunneling; DNSsec; network sniffing; and common attack methods.
Strand 4
Understand Security Software.
Standard 1
Understand client protection.
-
Understand the following: anti-virus; User Account Control (UAC); keeping client operating system and software updated; encrypting offline folders; software restriction policies.
Standard 2
Understand e-mail protection.
-
Understand the following: anti-spam; anti-virus; spoofing; phishing and pharming; client vs. server protection; SPF records; and PTR records.
Standard 3
Understand server protection.
-
Understand the following: separation of services; hardening; keeping server updated; secure dynamic DNS updates; disabling unsecure authentication protocols; Read-Only Domain Controllers; separate management VLAN; Microsoft Baseline Security Analyzer (SBA).
Strand 5
Understand Security Careers and Ethics.
Standard 1
Identify careers in Cybersecurity.
-
Identify education and/or certifications needed to work in the Cybersecurity field.
-
Identify Cybersecurity professional organizations.
Workplace Skills
- Problem Solving
- Critical Thinking
- Legal Requirements/Expectations
http://www.uen.org - in partnership with Utah State Board of Education
(USBE) and Utah System of Higher Education
(USHE). Send questions or comments to USBE
Specialist -
Kristina
Yamada
and see the CTE/Computer Science & Information Technology website. For
general questions about Utah's Core Standards contact the Director
-
THALEA
LONGHURST.
These materials have been produced by and for the teachers of the
State of Utah. Copies of these materials may be freely reproduced
for teacher and classroom use. When distributing these materials,
credit should be given to Utah State Board of Education. These
materials may not be published, in whole or part, or in any other
format, without the written permission of the Utah State Board of
Education, 250 East 500 South, PO Box 144200, Salt Lake City, Utah
84114-4200.