Standards in this Framework
| Standard | Description |
|---|---|
| 8.1.1 | Describe the steps of the cybersecurity lifecycle (e.g., people, process and tools) |
| 8.1.2 | Write a set of principles, rules, and practices to provide guidance and direction |
| 8.1.3 | Follow appropriate decision-making model to determine correct response procedures |
| 8.2.1 | Plan, prepare, and develop scope for a Cyber Incident Response Plan |
| 8.2.2 | Determine correct detection, mitigation, and reporting processes |
| 8.2.3 | Evaluate assessment and decision-making steps when handling an incident or event |
| 8.2.4 | Determine correct investigative procedures |
| 8.2.5 | Gather intelligence from a variety of sources including open source and others |
| 8.2.6 | Document intelligence gathering efforts including who, what, when, where, why, and how |
| 8.2.7 | Determine extent of event or incident scope including severity |
| 8.2.8 | Determine correct containment steps based on the type of incident or event encountered |
| 8.2.9 | Implement the correct eradication response and processes |
| 8.2.10 | Determine next steps post investigation (post breach) from legal, HR, news media response |
| 8.3.1 | Determine the appropriate security control, technique or process based on the property, system or data you are protecting |
| 8.3.2 | Explain the importance of security controls, techniques, and threat risk assessments |
| 8.3.3 | Select the appropriate solution to eliminate vulnerabilities and establish a security baseline |
| 8.3.4 | Develop plans to protect a variety of property, systems, or data |
| 8.3.5 | Implement the appropriate controls to ensure security of property, systems, or data |
| 8.3.6 | Compare and contrast alternative methods to mitigate security risks for data in transit and data at rest |
| 8.4.1 | Describe the digital chain of custody process for tracking data and equipment (legal evidence) |
| 8.4.2 | Describe all steps to capture and maintain evidence |
| 8.4.3 | Follow chain of custody procedures |
| 8.4.4 | Maintain detailed records (e.g., chain of custody forms, evidence collection forms, etc.) |
| 8.4.5 | Track digital evidence (e.g., how it has been gathered, tracked, and protected) |
| 8.4.6 | Describe a chain of custody |
| 8.4.7 | Develop a plan for data transport, encryption to avoid alteration of data and legal holds |
| 8.4.8 | Develop a plan for recovery, disposal of evidence, and follow up |
| 8.4.9 | Write a forensics summary report |
| 9.1.1 | Summarize basic forensic concepts and practices including eDiscovery, documentation, chain of custody, and data transport |
| 9.1.2 | Determine a first responder’s logical approach during an investigation with objective, evidence-based research |
| 9.1.3 | Review the First Responder steps and processes for proper documentation |
| 9.1.4 | Explain what eDiscovery is including the contextual process for electronic evidence collection (Electronically Stored Information ESI) |
| 9.1.5 | Observe and discuss legal restrictions, stipulations, regulatory compliance, and confidentiality when gathering evidence |
| 9.1.6 | Summarize Chain of Custody processes during investigations |
| 9.2.1 | Explain the proper use of penetration testing versus vulnerability scanning |
| 9.2.2 | Explain the many types of vulnerabilities, exploits, and cyber threats a First Responder encounters |
| 9.2.3 | Discover the common types of cyber threat actors including Cybercriminals, Attention-Seekers, Hacktivists, Jihadi Hackers, and Nation States |
| 9.2.4 | Explain and summarize the common cybersecurity attacks including the preferred tactics, techniques, and procedures (TTPS) of threat actors |
| 9.2.5 | Examine and summarize the targets of cyber threat actors including governments, military agencies, non-profits, and businesses across sectors including retail, legal, energy, healthcare, technology, entertainment, and telecommunications |
| 9.2.6 | Review and examine geopolitical flashpoints (e.g., U.S.-China Relations, Iranian Nuclear Accord, Economic Sanctions on Russia, Syrian Conflict, ISIS-related Activity, North Korean Policy, StateSponsored Cyber Activity, Cybersecurity Regulations) |
| 9.3.1 | Describe and demonstrate various methods and tools for threat detection and eDiscovery |
| 9.3.2 | Describe and demonstrate vulnerability management methods, practices, and scanning tools |
| 9.3.3 | Describe and demonstrate various practices, methods, and tools for penetration testing |
| 9.3.4 | Identify encryption methods and demonstrate tools to decipher encrypted data |
| 9.3.5 | Review basic cryptography concepts, methods, and its relationship to forensics |
| 9.3.6 | Identify Web application exploits, vulnerabilities |
| 9.3.7 | Describe and demonstrate Web Application Security and Scanning methods and tools |
| 9.3.8 | Identify methods or tools to eliminate cloud exploits and vulnerabilities |
| 9.3.9 | Describe and demonstrate a working knowledge of phishing attacks and mitigation steps |
| 9.4.1 | Explain what malware is including its history |
| 9.4.2 | Review and define the most common malware terminologies |
| 9.4.3 | Describe the ways and methods malware is spread |
| 9.4.4 | Review the types of malware specifically examining viruses, worms, trojan horses, rootkits ransomware, keyloggers, and grayware attack |
| 9.4.5 | Choose one malware scenario and select the appropriate type of mitigation and deterrent techniques |
| 9.4.6 | Use appropriate tools and techniques to eliminate malware from spreading |
| 10.1.1 | Explain Artificial Intelligence (AI), potential applications, concerns, and opportunities in relation to security issues |
| 10.1.2 | Describe machine learning and potential applications, concerns, and opportunities |
| 10.1.3 | Explain the role of ethics as it relates to security and emerging technologies |
| 10.2.1 | Describe job skills needed for potential careers in new and emerging technologies |
| 10.2.2 | Explore potential uses for and industries that may use emerging technologies |
