Please enable JavaScript to use CodeHS

SC Cybersecurity Fundamentals Standards Framework

102 Standards in this Framework


Standard Description
A.1 Review school safety policies and procedures.
A.2 Review classroom safety rules and procedures.
A.3 Review safety procedures for using equipment in the classroom.
A.4 Identify major causes of work-related accidents in office environments.
A.5 Demonstrate safety skills in an office/work environment.
B.1 Identify the purpose and goals of a Career and Technology Student Organization (CTSO).
B.2 Explain how CTSOs are integral parts of specific clusters, majors, and/or courses.
B.3 Explain the benefits and responsibilities of being a member of a CTSO.
B.4 List leadership opportunities that are available to students through participation in CTSO conferences, competitions, community service, philanthropy, and other activities.
B.5 Explain how participation in CTSOs can promote lifelong benefits in other professional and civic organizations.
C.1 Demonstrate proficiency and skills associated with the use of technologies that are common to a specific occupation (e.g., keying speed).
C.2 Identify proper netiquette when using e-mail, social media, and other technologies for communication purposes.
C.3 Identify potential abuse and unethical uses of laptops, tablets, computers, and/or networks.
C.4 Explain the consequences of social, illegal, and unethical uses of technology (e.g., cyberbullying, piracy; illegal downloading; licensing infringement; inappropriate uses of software, hardware, and mobile devices in the work environment).
C.5 Discuss legal issues and the terms of use related to copyright laws, fair use laws, and ethics pertaining to downloading of images, photographs, documents, video, sounds, music, trademarks, and other elements for personal use.
C.6 Describe ethical and legal practices of safeguarding the confidentiality of business-and personal-related information.
C.7 Describe possible threats to a laptop, tablet, computer, and/or network and methods of avoiding attacks.
C.8 Evaluate various solutions to common hardware and software problems.
D.1 Demonstrate punctuality.
D.2 Demonstrate self-representation.
D.3 Demonstrate work ethic.
D.4 Demonstrate respect.
D.5 Demonstrate time management.
D.6 Demonstrate integrity.
D.7 Demonstrate leadership.
D.8 Demonstrate teamwork and collaboration.
D.9 Demonstrate conflict resolution.
D.10 Demonstrate perseverance.
D.11 Demonstrate commitment.
D.12 Demonstrate a healthy view of competition.
D.13 Demonstrate a global perspective.
D.14 Demonstrate health and fitness.
D.15 Demonstrate self-direction.
D.16 Demonstrate lifelong learning
E.1 Demonstrate effective speaking and listening skills.
E.2 Demonstrate effective reading and writing skills.
E.3 Demonstrate mathematical reasoning.
E.4 Demonstrate job-specific mathematics skills.
E.5 Demonstrate critical-thinking and problem-solving skills.
E.6 Demonstrate creativity and resourcefulness.
E.7 Demonstrate an understanding of business ethics.
E.8 Demonstrate confidentiality.
E.9 Demonstrate an understanding of workplace structures, organizations, systems, and climates.
E.10 Demonstrate diversity awareness.
E.11 Demonstrate job acquisition and advancement skills.
E.12 Demonstrate task management skills.
E.13 Demonstrate customer-service skills
F.1 Define terms related to cyber security, e.g. cyber security, information assurance, risk, risk management, cyber security services, etc
F.2 Explain the importance of information and internet security, e.g., browser, cloud, and network
F.3 Explain the concepts of confidentiality, integrity, and availability (CIA).
F.4 Identify the concepts of cyber security risk management.
F.5 Describe cyber security threats to an organization and why organizations need to manage risk.
F.6 Research potential consequences of various forms of security incidents.
F.7 Compare and contrast the various types of security, e.g., physical security, technological, and administrative.
F.8 Research national or industry standards/regulations that relate to cyber security and their impact on people, processes, and technology.
F.9 Investigate the origins and history of cyber security and its impact on society.
F.10 Describe the role that cyber security plays in the private or public sector.
F.11 Discuss and develop a code of ethics as related to the field of cyber security.
G.1 Describe the characteristics of cyber threats, attacks, and vulnerabilities.
G.2 Analyze types of current cyber threats.
G.3 Categorize sources/originators of different types of malicious attacks, e.g., nation states, cyber criminals, hacktivists, insiders, etc.
G.4 Compare and contrast cyber-attack surfaces of differing organizations.
G.5 Explain types of malware, e.g., viruses, polymorphic viruses; worms, Trojan horses, spyware, ransomware, and adware.
G.6 Explain types of attacks, e.g., wireless, application, social engineering, buffer overflow attacks, backdoor, etc.
G.7 Define strategies necessary to prevent attacks.
H.1 Define terms related to computer networking, e.g., LAN, WAN, wireless, protocols, topology, firewalls, etc.
H.2 Compare and contrast wired versus wireless networks.
H.3 Examine the concept of the internet as a network of connected systems.
H.4 Design a basic network topology.
I.1 Define terms related to network security, e.g., routing, perimeter networks, security layering, Virtual Private Network (VPN), isolation.
I.2 Explain the concepts of protocol security, e.g., protocol spoofing, tunneling, network sniffing, denial of service.
I.3 Determine the importance of security layering.
I.4 Identify vulnerabilities and common attack methods.
I.5 Define strategies necessary to prevent network attacks.
I.6 Identify tools and techniques used for security layering.
I.7 Determine characteristics of firewalls (hardware and software) and when to use them.
I.8 Set up Port/Network Address Translation (NAT/PAT).
I.9 Use a basic command line interface (Windows and Linux) to configure communications, e.g., ipconfig, ifconfig, and net config.
J.1 Compare and contrast common operating systems (e.g., Windows, Linux, OS X).
J.2 Identify best practices for protecting operating systems, e.g. access control, separation of duties, and least privilege.
J.3 Compare and contrast common file systems, e.g. FAT, NTFS, HFS, etc.
J.4 Describe the various types of file permissions, e.g., registry, Active Directory, basic, and advanced.
J.5 Analyze the purpose, types, and procedures concerning audit policies.
J.6 Explain the purpose and location of security and auditing logs.
J.7 Define virtualization and identify its advantages and disadvantages.
J.8 Define strategies necessary to prevent operating system attacks.
K.1 Define terms related to identity, authorization, and authentication, e.g., passwords, biometrics, multi-factor, certificates, etc.
K.2 Describe the various types of permissions, e.g., basic, administrative, and elevated.
K.3 Identify types of access control, e.g., role-based access control (RBAC), mandatory access control, and discretionary-based control.
K.4 Describe the importance of Multifactor authentication.
K.5 Analyze best practices for end-user password development and usage.
K.6 Identify the system administrator’s role in setting system policies and procedures.
K.7 Compare and contrast backup and restore methods.
K.8 Secure servers, e.g., DNS/BIND, web, email, messaging, FTP, directory services, DHCP, and file and print servers.
L.1 Define cryptology and its related terms, e.g., encryption, decryption, public key, and private key
L.2 Identify encryption methods, e.g., symmetric and asymmetric.
L.3 Determine appropriate uses for encrypting data and connections, e.g., mail, network, files, VPN.
L.4 Explain how the design and functionality of various encryption methods support the security of data.
L.5 Demonstrate various encryption techniques, e.g., encryption algorithms, public and private keys, token devices, Public Key Infrastructure (PKI), Encrypting File System (EFS), Trusted Platform Module (TPM), etc.
M.1 Analyze and differentiate between types of system attacks, e.g., operating systems, files, and applications.
M.2 Implement security patches and updates, e.g., Active X and Java.
M.3 Implement strategies necessary to prevent attacks, e.g., input validation, scripting, buffer overflow, and application.