Please enable JavaScript to use CodeHS

Standards Mapping

for Ohio Cyber Defense and Reinforcement

93

Standards in this Framework

49

Standards Mapped

52%

Mapped to Course

Standard Lessons
1.12.2.
Differentiate between appropriate and inappropriate information.
1.12.3.
Interpret security policies through job specific training and training updates.
  1. 7.3 Level 3: Incident Response
1.12.4.
Apply secure password behavior.
  1. 3.6 Access Control
1.12.5.
Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating).
  1. 3.2 Environmental Controls
2.1.2.
Describe authentication, authorization, and auditing.
  1. 3.6 Access Control
2.1.4.
Identify security risks and describe associated safeguards and methodologies (e.g., auditing).
2.1.5.
Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing).
  1. 5.2 Malware Types and Prevention
2.1.10.
Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement.
2.1.11.
Identify the need for personal security in digital information and describe how personal information can be safeguarded.
  1. 3.5 Mobile Devices
2.1.12.
Practice information security per job requirements.
  1. 4.1 Communication is Key!
  2. 6.1 Project Security Assessment Report
2.1.13.
Describe privacy security compliance on systems (e.g., Health Insurance Portability and Accountability Act [HIPAA], Payment Card Industry [PCI], Sarbanes Oxley Act [SOX], Americans with Disabilities Act [ADA], General Data Protection Regulation [GDPR], European Union Data Protection Regulation [EUDPR]).
  1. 7.4 Level 4: Data and Licenses
3.1.1.
Differentiate between authentication and authorization.
  1. 3.6 Access Control
3.1.2.
Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards).
  1. 3.2 Environmental Controls
  2. 3.6 Access Control
3.2.1.
Identify and implement data and application security.
3.2.4
Provide user authentication (e.g., assign and reset user accounts and passwords).
3.2.5
Install, test, implement, and update virus and malware detection and protection software.
  1. 5.2 Malware Types and Prevention
3.2.6
Identify sources of virus and malware infection and remove viruses and malware.
  1. 5.2 Malware Types and Prevention
3.2.7
Provide documentation, training, and support to users on established security procedures.
3.3.1.
Describe network security policies (e.g., acceptable use policy).
3.3.5.
Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization.
  1. 8.3 Risk Response
3.3.7
Train users in network security procedures
  1. 7.2 Level 2: User Training
3.4.2
Analyze system log files to identify security risks.
3.4.4.
Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training).
  1. 7.2 Level 2: User Training
3.5.1.
Describe wireless security risks (e.g., unauthorized access) and how to mitigate them.
  1. 3.4 Private Networks
3.5.2
Compare methods of increasing the security of wireless networks and devices (e.g., Media Access Control [MAC] address filtering, Wi-Fi Protected Access [WPA], 802.1x, Remote Authentication Dial In User Service [RADIUS]).
  1. 3.4 Private Networks
3.5.3
Research security enhancements provided by Institute of Electrical and Electronics Engineers (IEEE).
3.5.4
Describe practices and policies for preventing and detecting installation of rogue networks.
3.5.5.
Describe security practices and policies for personal devices.
  1. 3.5 Mobile Devices
3.5.6.
Implement and test the security of a wireless network.
4.5.6.
Secure the wireless network.
4.6.2
Identify the advantages of protocols (e.g., Domain Name System [DNS], File Transfer Protocol [FTP], Hypertext Transfer Protocol [HTTP], Telecommunications Network [Telnet], Remote Desktop Protocol [RDP]], Secure Shell [SSH] ) and associated port numbers.
4.6.7.
Describe a Virtual Private Network (VPN) and identify associated protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Point-to-Point Tunneling Protocol [PPTP]).
  1. 3.4 Private Networks
4.11.2
Provision cloud services (e.g., Software as a Service [SaaS], Platform as a Service [PaaS], Infrastructure as a Service [IaaS], Security as a Service).
4.13.1.
Differentiate between disaster recovery and business continuity.
  1. 7.3 Level 3: Incident Response
4.13.2.
Identify common backup devices.
4.13.3.
Identify the criteria for selecting a backup system.
4.13.4.
Establish a process for archiving files.
4.13.5.
Develop a disaster recovery plan
  1. 7.3 Level 3: Incident Response
9.1.1.
Identify the goals, objectives and purposes of cybersecurity.
9.1.2.
Describe the concepts of malware attack vectors.
  1. 5.2 Malware Types and Prevention
9.1.3
Maintain data security using data labeling, handling and, disposal as prescribed by policy and law.
9.1.4
Mitigate threats by remaining abreast of industry information.
9.1.5.
Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative).
9.2.1
Perform authorization control (e.g., least privilege, separation of duties, mandatory access, discretionary access, rule-based access control, role-based access control, time of day restrictions, location distractions).
9.2.2
Implement authentication techniques (e.g., Tokens, Common access card, Smart card, Multifactor authentication, Single sign-on, Biometrics, Personal identification verification card, Username, Federation, Transitive trust/authentication).
  1. 3.2 Environmental Controls
9.2.3
Use authentication factors (e.g., Something you are, Something you have, Something you know).
  1. 3.6 Access Control
9.2.4
Mitigate security implications of third party connectivity and access.
9.2.5
Implement Data Loss Prevention (DLP).
  1. 5.6 Internal Threats
9.2.6
Implement perimeter security (e.g., Fencing, Proximity readers, Access list, Proper lighting, Mantraps, Video Surveillance, Signs, Guards, Barricades, Biometrics, Protected distribution (cabling), Alarms, Motion detection).
  1. 3.2 Environmental Controls
9.2.7
Inventory devices.
9.3.1.
Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution).
  1. 5.5 Cross-site Scripting
  2. 8.2 Assessing Risks
9.3.2
Mitigate application attacks (e.g., SANS, OWASP).
9.3.3
Implement secure coding concepts (e.g., Error and exception handling, Input validation, Cross-site scripting prevention, Cross-site Request Forgery, (XSRF) prevention, OWASP).
  1. 8.2 Assessing Risks
9.3.4
Implement secure application configuration (e.g., Application hardening, Application patch management).
9.3.5
Discover and mitigate common database vulnerabilities and attacks.
9.3.6.
Differentiate between Server-side vs. client-side validation.
9.4.1
Setup and maintain secure roles and system management techniques (e.g., password, group, and user privilege policies and monitoring).
9.4.2
Secure use of network Protocols (e.g., IPSec, SNMP, SSH, DNS, TLS, SSL, TCP/IP, FTPS, HTTPS, SCP, ICMP).
  1. 3.3 Protocols and Standards
9.4.3
Apply principles of IPv4 and IPv6 securely.
9.4.4
Apply wireless security configurations (e.g., Disable SSID broadcast, TKIP, CCMP, Antenna placement, Power level controls).
9.4.5
Manage PKI and certificates (Transport encryption, Non-repudiation, Hashing, Key escrow, Steganography, Digital signatures).
  1. 1.3 Advanced Cryptography
  2. 1.4 Hash Functions
  3. 1.6 Asymmetric Encryption
  4. 1.7 Digital Certificates
9.4.6
Use of algorithms/protocols with transport encryption (e.g., SSL, TLS, IPSec, SSH, HTTPS).
  1. 1.2 Encryption Algorithms
  2. 1.3 Advanced Cryptography
  3. 1.7 Digital Certificates
9.4.7
Install and configure network devices (firewalls, switches, load balancers, proxies, web security gateways, VPN concentrators).
  1. 3.1 Network Administrator
9.4.8
Install and configure network security devices. (Protocol analyzers, Spam filter, UTM security appliances, URL filter, Content inspection, Malware inspection).
9.4.9
Implement port security.
  1. 3.3 Protocols and Standards
9.4.10
Monitor and manage network Unified Threat Management.
  1. 3.1 Network Administrator
9.4.11
Mitigate network threats (e.g., Flood guards, Loop protection, Implicit deny, Network separation, Log analysis, Unified threat management, peripheral and removable media).
9.4.12
Apply the principles of secure Network Design (e.g., DMZ, Subnetting, NAT/PAT, Remote access, Telephony, Virtualization).
  1. 3.1 Network Administrator
9.5.1.
Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware).
  1. 5.4 Additional Attacks
  2. 8.2 Assessing Risks
9.5.2.
Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks).
  1. 5.4 Additional Attacks
9.5.3
Configure defenses for Password attacks (e.g., Brute Force, Dictionary attacks, Hybrid, Birthday attacks, Rainbow tables).
9.5.4.
Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole).
  1. 3.2 Environmental Controls
9.6.1
Adhere to licensing and intellectual property laws (e.g., copyright, trademark, digital-rights management).
  1. 7.4 Level 4: Data and Licenses
9.6.2
Adhere to regulatory and industry standards (e.g., PCIDSS, PADSS).
9.7.1.
Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting).
  1. 8.4 Penetration Testing
9.7.4.
Collect digital evidence according to established policies and protocols (e.g., system image, packet captures).
  1. 8.1 Identifying Risks
  2. 8.2 Assessing Risks
9.8.1
Design and implement network segmentation.
9.8.2.
Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard).
  1. 3.1 Network Administrator
9.8.3.
Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner).
  1. 8.1 Identifying Risks
9.8.4
Create, edit and use roles and system management tools.
9.8.5
Implement endpoint security.
9.8.6
Implement Access Control Lists (ACL).
9.8.7
Deploy a server hardening plan.
9.8.8
Implement a Network Access Control (NAC) plan.
9.8.9
Interpret alarms and alert trends.
9.8.10
Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach).
  1. 7.3 Level 3: Incident Response
9.8.11
Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box).
  1. 8.4 Penetration Testing
9.9.1
Describe the concepts of Risk Management (e.g., Business continuity concepts, Business impact analysis, Identification of critical systems and components, Removing single points of failure).
  1. 8.3 Risk Response
9.9.2
Describe the concepts of Risk assessment (e.g., Disaster recovery plan, IT contingency planning - Succession planning, Redundancy).
  1. 8.2 Assessing Risks
  2. 8.3 Risk Response
9.9.3
Describe and plan Fault tolerance (e.g., Hardware, RAID, Clustering, Load balancing, Disaster recovery concepts, Backup plans/policies, Backup execution/frequency).
9.10.1
Enforce concepts related to threat vectors and probability/threat likelihood.
  1. 8.3 Risk Response
9.10.2
Identify concepts of risk calculation (Likelihood, ALE, Impact, SLE, ARO, MTTR, MTTF, MTBF).
  1. 8.3 Risk Response
9.10.3
Implement Governance, risk management and Compliance Management processes (risk mitigation, govern compliance).