Standards in this Framework
Standard | Description |
---|---|
9-12.CS.COMM | Explain layers within the OSI networking model. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the seven layers of the OSI model. In addition, students should be able to explain the roles of various network layers. |
9-12.CS.COMP | Create a diagram of a network utilizing appropriate network components. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of diagrams that include various network components such as access points, hubs/switches, routers, and user devices. |
9-12.CS.CC | Evaluate the risks and benefits of cloud computing. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of various risks and benefits of cloud computing. Examples of cloud computing include various “aaS” (as a service) references, such as IaaS (infrastructure as a service), PaaS (platform as a service), and SaaS (software as a service). Examples of benefits of cloud computing can include distributed storage to prevent data loss from environmental disasters, easily working with peers over long distances, and the ability to save costs by not purchasing servers that are not utilized (i.e. only pay for what is needed). Examples of risks of cloud computing can include unauthorized access through breach of cloud provider, permissions incorrectly granted to users, and data being inadvertently shared publicly. |
9-12.CS.PROT.1 | Compare and contrast the ports and protocols used for different services available online. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the various online protocols associated with TCP and UDP. Examples of TCP include HTTP, HTTPS (web), IMAP, and POP3 (email). Examples of UDP include audio/voice, DNS, DHCP, and gaming. |
9-12.CS.PROT.2 | Identify the risks associated with the different services available online. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the risks that various online protocols pose, including TCP and UDP. |
9-12.CS.LOSS | Develop a plan for risk mitigation that implements redundancy. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of redundancy such as backups and auxiliary power sources as tools to mitigate risk, along with the use of hot sites and cold sites in the event of an environmental disaster affecting operations. |
9-12.CS.HARD | Identify methods of mitigating risk associated with connecting devices. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of risk such as compromised network security or data loss due to malicious incidents. |
9-12.CS.IOT | Analyze the vulnerabilities of Internet of Things devices. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of IoT devices and the vulnerabilities associated with the connection and use of those devices. |
9-12.CS.OS | Create a plan for hardening an operating system. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of how hardening an operating system can include shutting down unnecessary services and ports, installing updates and/ or patches, removing unused programs, and reviewing user privileges. |
9-12.CS.SOFT | Compare the advantages and disadvantages of patching systems in real time. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of operating system patches such as those that are provided regularly to devices running Windows, MacOS, Linux, iOS, and Android. |
9-12.CS.PROG | Describe the role of scripting in cyber attacks and cyber defense. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the programming and/or scripting languages that can propagate a cyber attack and the defenses that are available to mitigate cyber attacks. |
9-12.CS.APPS | Discuss how software that exists on and across various platforms can be used to monitor, collect, and analyze information from those platforms. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate software examples such as firewalls, packet sniffers and analyzers, and network monitors. Discussions may also include SIEM (security information and event management) software. |
9-12.DC.CYBL | Prepare a plan to raise awareness of the effects of cyberbullying. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of actions that can serve to reduce and/or prevent cyberbullying. |
9-12.DC.FOOT | Examine the implications of both positive and negative digital footprints. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of ethical, societal, and financial implications. |
9-12.DC.PPI.1 | Explain the importance of social identity and the implications of online activity regarding private data, long-term career impacts, and the permanence of digital data. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the possible impacts of data-sharing in such areas as college admissions, cancel culture, careers, and relationships. |
9-12.DC.PPI.2 | Explain the individual risks of a data breach to an organization housing personal data. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of understanding that if an organization gets hacked, it can still harm the individual whose data was stolen. |
9-12.DC.THRT | Analyze the motives of threat actors. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of motives of threat actors such as financial, political, ideological, or simple malice. This analysis may occur in a variety of forms, such as supplying a scenario or case study from current events. |
9-12.DC.ETH | Discuss the role that cyber ethics plays in current society. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of how integrity and reputation can be affected by actions that are taken online. |
9-12.DC.LAW | Compare and contrast local, state, federal, and international cyber laws and regulations for individuals and businesses. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of local, state, federal, and international cyber laws and regulations, such as those mentioned above, as well as Children’s Online Privacy Protection Rule (COPPA) and General Data Protection Regulation (GDPR). |
9-12.DC.IP | Debate the importance of intellectual property laws. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of ideas around who owns content on video games with transferrable goods, copyright when content is remixed or parodied, and how fair use can help protect an author/creator’s rights while promoting the sharing of ideas. |
9-12.DC.AUP | Differentiate between the various agreements that protect individuals and organizations in their digital environments. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of global documents such as AUPs, TOSs, EULAs, and security policies. Do some documents favor the individual over the corporation and vice versa? |
9-12.SEC.CIA | Explain various interactions between the CIA Triad and the three states of data. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of interactions and how people, processes, and technology support those interactions. In addition, the three states of data refer to “data in use” (currently being accessed), “data at rest” (waiting to be accessed), and “data in motion” (moving from one location to another). |
9-12.SEC.ACC | Compare and contrast the concepts presented by access control principles, access control modules, and the principle of least privilege access. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of the concepts of identify, authenticate, and authorize as access control principles, as well as MAC, RBAC, and DAC as access control modules. |
9-12.SEC.DATA | Formulate a plan to apply security measures to protect data in all three states. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of protecting data in its three states. |
9-12.SEC.INFO | Distinguish the different types of attacks that affect information security for individuals and organizations. Clarification statement: At this level, student discussions should focus on previous standards as well as authentic, grade-appropriate examples of malware, malicious users, hacks, and poor security policies. |
9-12.SEC.CRYP | Analyze how modern advancements in computing have impacted encryption. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of modern advancements in encryption, such as symmetric vs. asymmetric, public key vs. private key, and encryption algorithms. Where appropriate, discussions may touch on how methods for encoding data, such as binary (base-2), decimal (base-10), and hexadecimal (base-16), can benefit encryption. |
9-12.SEC.AUTH | Evaluate authentication and authorization methods and the risks associated with failure. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of authentication and authorization methods, such as certificate, tokenbased, two-factor, multifactor, and biometric. |
9-12.SEC.COMP | Evaluate Defense in Depth strategies that can protect simple networks. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of layered strategies, such as firewalls, allow and block lists, changes to default passwords, access points, and network segmentation. |
9-12.SEC.NET | Analyze the different types of attacks that affect network security. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of attacks, such as malware, hacks, malicious users, and poor security policies. In addition, risk analysis and management can be introduced through discussions around monitoring and logging of attacks. |
9-12.SEC.PHYS | Analyze the different types of attacks that affect physical security. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of physical security attacks, such as social engineering, poor security policies, and malicious actors. |
9-12.SEC.CTRL | Justify the use of Defense in Depth and the need for physical access controls. Clarification statement: At this level, student discussions should focus on previous standards as well as grade-appropriate examples of various physical access controls, such as proximity badges, PIN codes, and man traps. |