Please enable JavaScript to use CodeHS

Texas Foundations of Cybersecurity Framework


Standard Description
130.428.1A (A) identify and demonstrate employable work behaviors such as regular attendance, punctuality, maintenance of a professional work environment, and effective written and verbal communication; Lessons
130.428.1B (B) identify and demonstrate positive personal qualities such as authenticity, resilience, initiative, and a willingness to learn new knowledge and skills; Lessons
130.428.1C (C) solve problems and think critically; Lessons
130.428.1D (D) demonstrate leadership skills and function effectively as a team member; and Lessons
130.428.1E (E) demonstrate an understanding of ethical and legal responsibilities in relation to the field of cybersecurity. Lessons
130.428.2A (A) identify job and internship opportunities as well as accompanying duties and tasks; Lessons
130.428.2B (B) research careers in cybersecurity and information assurance along with the education and job skills required for obtaining a job in both the public and private sectors; Lessons
130.428.2C (C) identify and discuss certifications for cybersecurity-related careers; and Lessons
130.428.2D (D) research and develop resumes, digital portfolios, or professional profiles in the cybersecurity field. Lessons
130.428.3A (A) demonstrate and advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers; Lessons
130.428.3B (B) research local, state, national, and international cyber law such as the PATRIOT Act of 2001, General Data Protection Regulation, and Digital Millennium Copyright Act; Lessons
130.428.3C (C) research historic cases or events regarding cyber; Lessons
130.428.3D (D) demonstrate an understanding of ethical and legal behavior when presented with various scenarios related to cyber activities; Lessons
130.428.3E (E) define and identify techniques such as hacking, phishing, social engineering, online piracy, spoofing, and data vandalism; and Lessons
130.428.3F (F) identify and use appropriate methods for citing sources. Lessons
130.428.4A (A) identify motivations for hacking; Lessons
130.428.4B (B) identify and describe the impact of cyberattacks on the global community, society, and individuals; Lessons
130.428.4C (C) distinguish between a cyber attacker and a cyber defender; Lessons
130.428.4D (D) differentiate types of hackers such as black hats, white hats, and gray hats; Lessons
130.428.4E (E) determine possible outcomes and legal ramifications of ethical versus malicious hacking practices; and Lessons
130.428.4F (F) debate the varying perspectives of ethical versus malicious hacking. Lessons
130.428.5A (A) define cyberterrorism, state-sponsored cyberterrorism, and hacktivism; Lessons
130.428.5B (B) compare and contrast physical terrorism and cyberterrorism, including domestic and foreign actors; Lessons
130.428.5C (C) define and explain intelligence gathering and counterterrorism; Lessons
130.428.5D (D) identify the role of cyber defenders in protecting national interests and corporations; Lessons
130.428.5E (E) identify the role of cyber defense in society and the global economy; and Lessons
130.428.5F (F) explain the importance of protecting public infrastructures such as electrical power grids, water systems, pipelines, transportation, and nuclear plants. Lessons
130.428.6A (A) identify and understand the nature and value of privacy; Lessons
130.428.6B (B) analyze the positive and negative implications of a digital footprint and the maintenance and monitoring of an online presence; Lessons
130.428.6C (C) discuss the role and impact of technology on privacy; Lessons
130.428.6D (D) identify the signs, emotional effects, and legal consequences of cyberbullying and cyberstalking; and Lessons
130.428.6E (E) identify and discuss effective ways to prevent, deter, and report cyberbullying. Lessons
130.428.7A (A) define information security and cyber defense; Lessons
130.428.7B (B) identify basic risk management and risk assessment principles related to cybersecurity threats and vulnerabilities; Lessons
130.428.7C (C) explain the fundamental concepts of confidentiality, integrity, availability, authentication, and authorization; Lessons
130.428.7D (D) describe the inverse relationship between privacy and security; Lessons
130.428.7E (E) identify and analyze cybersecurity breaches and incident responses; Lessons
130.428.7F (F) identify and analyze security concerns in areas such as physical, network, cloud, and web; Lessons
130.428.7G (G) define and discuss challenges faced by cybersecurity professionals; Lessons
130.428.7H (H) identify common risks, alerts, and warning signs of compromised computer and network systems; Lessons
130.428.7I (I) understand and explore the vulnerability of network-connected devices; and Lessons
130.428.7J (J) use appropriate cybersecurity terminology. Lessons
130.428.8A (A) define malware, including spyware, ransomware, viruses, and rootkits; Lessons
130.428.8B (B) identify the transmission and function of malware such as Trojans, worms, and viruses; Lessons
130.428.8C (C) discuss the impact malware has had on the cybersecurity landscape; Lessons
130.428.8D (D) explain the role of reverse engineering for detecting malware and viruses; Lessons
130.428.8E (E) compare free and commercial antivirus software alternatives; and Lessons
130.428.8F (F) compare free and commercial anti-malware software alternatives. Lessons
130.428.9A (A) define system hardening; Lessons
130.428.9B (B) demonstrate basic use of system administration privileges; Lessons
130.428.9C (C) explain the importance of patching operating systems; Lessons
130.428.9D (D) explain the importance of software updates; Lessons
130.428.9E (E) describe standard practices to configure system services; Lessons
130.428.9F (F) explain the importance of backup files; and Lessons
130.428.9G (G) research and understand standard practices for securing computers, networks, and operating systems. Lessons
130.428.10A (A) identify basic network addressing and devices, including switches and routers; Lessons
130.428.10B (B) analyze incoming and outgoing rules for traffic passing through a firewall; Lessons
130.428.10C (C) identify well known ports by number and service provided, including port 22 (ssh), port 80 (http), and port 443 (https); Lessons
130.428.10D (D) identify commonly exploited ports and services, including ports 20 and 21 (ftp) and port 23 (telnet); and Lessons
130.428.10E (E) identify common tools for monitoring ports and network traffic. Lessons
130.428.11A (A) define what constitutes a secure password; Lessons
130.428.11B (B) create a secure password policy, including length, complexity, account lockout, and rotation; Lessons
130.428.11C (C) identify methods of password cracking such as brute force and dictionary attacks; and Lessons
130.428.11D (D) examine and configure security options to allow and restrict access based on user roles. Lessons
130.428.12A (A) identify the different types of user accounts and groups on an operating system; Lessons
130.428.12B (B) explain the fundamental concepts and standard practices related to access control, including authentication, authorization, and accounting; Lessons
130.428.12C (C) compare methods for single- and dual-factor authentication such as passwords, biometrics, personal identification numbers (PINs), and security tokens; Lessons
130.428.12D (D) define and explain the purpose of an air-gapped computer; and Lessons
130.428.12E (E) explain how hashes and checksums may be used to validate the integrity of transferred data. Lessons
130.428.13A (A) explain the importance of digital forensics to law enforcement, government agencies, and corporations; Lessons
130.428.13B (B) identify the role of chain of custody in digital forensics; Lessons
130.428.13C (C) explain the four steps of the forensics process, including collection, examination, analysis, and reporting; Lessons
130.428.13D (D) identify when a digital forensics investigation is necessary; Lessons
130.428.13E (E) identify information that can be recovered from digital forensics investigations such as metadata and event logs; and Lessons
130.428.13F (F) analyze the purpose of event logs and identify suspicious activity. Lessons
130.428.14A (A) explain the purpose of cryptography and encrypting data; Lessons
130.428.14B (B) research historical uses of cryptography; and Lessons
130.428.14C (C) review simple cryptography methods such as shift cipher and substitution cipher. Lessons
130.428.15A (A) define and describe vulnerability, payload, exploit, port scanning, and packet sniffing as they relate to hacking; Lessons
130.428.15B (B) define and describe cyberattacks, including man-in-the-middle, distributed denial of service, and spoofing; Lessons
130.428.15C (C) explain how computer vulnerabilities leave systems open to cyberattacks; Lessons
130.428.15D (D) identify threats to systems such as back-door attacks and insider threats; Lessons
130.428.15E (E) differentiate types of social engineering attacks such as phishing, shoulder surfing, hoaxes, and dumpster diving; Lessons
130.428.15F (F) explain how users are the most common vehicle for compromising a system at the application level; and Lessons
130.428.15G (G) identify various types of application-specific attacks. Lessons
130.428.16A (A) identify internal and external threats to computer systems; Lessons
130.428.16B (B) identify the capabilities of vulnerability assessment tools, including open source tools; and Lessons
130.428.16C (C) explain the concept of penetration testing, tools, and techniques. Lessons
130.428.17A (A) compare risks associated with connecting devices to public and private wireless networks; Lessons
130.428.17B (B) explain device vulnerabilities and security solutions on a wireless network; Lessons
130.428.17C (C) compare wireless encryption protocols; Lessons
130.428.17D (D) debate the broadcasting or hiding of a wireless service set identifier (SSID); and Lessons
130.428.17E (E) research and discuss wireless threats such as MAC spoofing and war driving. Lessons
130.428.18A (A) define application security; Lessons
130.428.18B (B) identify methods of application security such as secure development practices; Lessons
130.428.18C (C) discuss methods of online spoofing such as web links in email, instant messaging, social media, and other online communication with malicious links; Lessons
130.428.18D (D) explain the purpose and function of vulnerability scanners; Lessons
130.428.18E (E) explain how coding errors may create system vulnerabilities; and Lessons
130.428.18F (F) analyze the risks of distributing insecure programs. Lessons
130.428.19A (A) describe the impact of granting applications unnecessary permissions; Lessons
130.428.19B (B) describe the risks of granting third parties access to personal and proprietary data on social media and systems; and Lessons
130.428.19C (C) describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements. Lessons