Standards in this Framework
| Standard | Description |
|---|---|
| CSCS.Y3.1.1 | Leverage adversarial thinking and risk concepts to solve complex cybersecurity problems |
| CSCS.Y3.1.2 | Explore and demonstrate tactics adversaries use to respond to system defenses to accomplish an objective |
| CSCS.Y3.1.3 | Explore and utilize level-appropriate collaborative methods used to operate an organization at various scales (e.g., local, regional, national, global) |
| CSCS.Y3.1.4 | Research and implement forensic investigation and intrusion detection techniques to detect adversarial behavior |
| CSCS.Y3.2.7 | Demonstrate the use of steganography in a program or a digital file (e.g., audio, document, image, video) |
| CSCS.Y3.3.4 | Utilize SEIM platforms (e.g., Elastic Stack, Graylog, Splunk) or network traffic analysis tools (e.g., NetworkMiner, Wireshark) and analyze their ability to graphically represent the data they collect |
| CSCS.Y3.3.5 | Perform level-appropriate data analysis using computing tools |
| CSCS.Y3.4.1 | Research and describe the origins of Operational Security (OPSEC) programs and the role OPSEC plays in both offensive and defensive security programs |
| CSCS.Y3.4.2 | Identify and research the various local and regional cybersecurity communities |
| CSCS.Y3.4.3 | Recommend and implement level-appropriate mitigations to common attacks on hardware, software, and networks |
| CSCS.Y3.4.5 | Perform and document a level-appropriate cybersecurity assessment against an application or system |
| CSCS.Y3.5.1 | Design and implement algorithms that solve level-appropriate, student-identified problems |
| CSCS.Y3.5.4 | Utilize a systematic approach to identify and mitigate common security errors in code (e.g., buffer overflows, cleartext password handling, input validation) |
| CSCS.Y3.6.1 | Create programs to solve problems of level-appropriate complexity that obtain data from external sources |
| CSCS.Y3.6.5 | Use a systematic approach to detect logic, runtime, and syntax errors within a program |
| CSCS.Y3.6.6 | Perform level-appropriate tasks that alter the execution of a program, subvert protections, or otherwise manipulate a file |
| CSCS.Y3.8.1 | Identify potential mitigation strategies to prevent unnecessary information disclosure about the internal design or architecture of a network |
| CSCS.Y3.8.3 | Research and describe network security and monitoring devices or concepts including, but not limited to, alerting versus logging, intrusion detection systems (IDS), intrusion prevention systems (IPS), and wireless intrusion detection systems (WIDS) |
| CSCS.Y3.8.4 | Analyze network traffic for suspicious or malicious activity using a protocol analyzer (e.g., NetworkMiner, Wireshark, Zeek) |
| CSCS.Y3.9.1 | Create a functionally equivalent program of level-appropriate complexity in two or more programming languages |
| CSCS.Y3.9.3 | Research and describe tactics utilized by malware to resist removal from a system |
| CSCS.Y3.10.1 | Identify and construct threat models |
| CSCS.Y3.10.2 | Research and describe issues related to creating and enforcing cyber-related laws and regulations (e.g., ethical challenges, policy vacuum, privacy versus security, unintended consequences) |
| CSCS.Y3.10.4 | Identify the ethical implications encountered in the curation, management, and monetization of data (e.g., harvesting, information overload, knowledge management repositories, sharing, summarizing) |
| CSCS.Y3.10.7 | Create and maintain a professional digital portfolio comprised of self-created work |
| CSCS.Y3.11.1 | Communicate level-appropriate technical information effectively to diverse audiences including, but not limited to, non-technical audience members |
| CSCS.Y3.11.2 | Describe and utilize the concepts of storytelling within forensic investigations and incident response |
| CSCS.Y3.11.3 | Correct for or mitigate common types of bias in technical reports |
| CSCS.Y3.11.4 | Correct for misinterpretations between causation and correlation |
| CSCS.Y3.11.5 | Interpret data, from the perspective of a business risk assessment or cybersecurity assessment, to draw inferences and implications about system security |
