Standards in this Framework
| Standard | Description |
|---|---|
| A.1 | Review school safety policies and procedures. |
| A.2 | Review classroom safety rules and procedures. |
| A.3 | Review safety procedures for using equipment in the classroom. |
| A.4 | Identify major causes of work-related accidents in office environments. |
| A.5 | Demonstrate safety skills in an office/work environment. |
| B.1 | Identify the purpose and goals of a Career and Technology Student Organization (CTSO). |
| B.2 | Explain how CTSOs are integral parts of specific clusters, majors, and/or courses. |
| B.3 | Explain the benefits and responsibilities of being a member of a CTSO. |
| B.4 | List leadership opportunities that are available to students through participation in CTSO conferences, competitions, community service, philanthropy, and other activities. |
| B.5 | Explain how participation in CTSOs can promote lifelong benefits in other professional and civic organizations. |
| C.1 | Demonstrate proficiency and skills associated with the use of technologies that are common to a specific occupation (e.g., keying speed). |
| C.2 | Identify proper netiquette when using e-mail, social media, and other technologies for communication purposes. |
| C.3 | Identify potential abuse and unethical uses of laptops, tablets, computers, and/or networks. |
| C.4 | Explain the consequences of social, illegal, and unethical uses of technology (e.g., cyberbullying, piracy; illegal downloading; licensing infringement; inappropriate uses of software, hardware, and mobile devices in the work environment). |
| C.5 | Discuss legal issues and the terms of use related to copyright laws, fair use laws, and ethics pertaining to downloading of images, photographs, documents, video, sounds, music, trademarks, and other elements for personal use. |
| C.6 | Describe ethical and legal practices of safeguarding the confidentiality of business-and personal-related information. |
| C.7 | Describe possible threats to a laptop, tablet, computer, and/or network and methods of avoiding attacks. |
| D.1 | Demonstrate creativity and innovation. |
| D.2 | Demonstrate critical thinking and problem-solving skills. |
| D.3 | Demonstrate initiative and self-direction. |
| D.4 | Demonstrate integrity. |
| D.5 | Demonstrate work ethic. |
| D.6 | Demonstrate conflict resolution skills. |
| D.7 | Demonstrate listening and speaking skills. |
| D.8 | Demonstrate respect for diversity. |
| D.9 | Demonstrate customer service orientation. |
| D.10 | Demonstrate teamwork. |
| E.1 | Demonstrate global or “big picture” thinking. |
| E.2 | Demonstrate career and life management skills and goal-making. |
| E.3 | Demonstrate continuous learning and adaptability skills to changing job requirements. |
| E.4 | Demonstrate time and resource management skills. |
| E.5 | Demonstrates information literacy skills. |
| E.6 | Demonstrates information security skills. |
| E.7 | Demonstrates information technology skills. |
| E.8 | Demonstrates knowledge and use of job-specific tools and technologies. |
| E.9 | Demonstrate job-specific mathematics skills. |
| E.10 | Demonstrates professionalism in the workplace. |
| E.11 | Demonstrate reading and writing skills. |
| E.12 | Demonstrates workplace safety. |
| F.1 | Define terms related to cyber security (e.g., cyber security, information assurance, risk, risk management, cyber security services). |
| F.2 | Explain the importance of information and internet security (e.g., browser, cloud, network). |
| F.3 | Explain the concepts of confidentiality, integrity, and availability (CIA). |
| F.4 | Identify the concepts of cyber security risk management. (e.g., vulnerability identification, management, and mitigation; active and passive reconnaissance; testing port scanning, automation). |
| F.5 | Explain vulnerability management (e.g., identification, management, mitigation, testing). |
| F.6 | Describe cyber security threats to an organization and why organizations need to manage risk. |
| F.7 | Research potential consequences of various forms of security incidents. |
| F.8 | Compare and contrast the various types of security (e.g., physical security, technological, administrative). |
| F.9 | Research national or industry standards/regulations that relate to cyber security and their impact on people, processes, and technology (e.g., news, reports, policies, subscriptions, incidents). |
| F.10 | Investigate the origins and history of cyber security and its impact on society. |
| F.11 | Describe the role that cyber security plays in the private or public sector. |
| F.12 | Discuss and develop a code of ethics as related to the field of cyber security. |
| G.1 | Describe the characteristics of cyber threats, attacks, and vulnerabilities |
| G.2 | Analyze types of current cyber threats (e.g., DDoS, Phishing, cracking, social engineering). |
| G.3 | Categorize sources/originators of different types of malicious attacks (e.g., nation states, cyber criminals, hacktivists, insiders). |
| G.4 | Compare and contrast cyber-attack surfaces of differing organizations. |
| G.5 | Explain types of malware (e.g., viruses, polymorphic viruses; worms, Trojan horses, spyware, ransomware, adware). |
| G.6 | Demonstrate familiarity with malware removal (e.g. scanning systems, reviewing scan logs, malware remediation). |
| G.7 | Explain types of attacks (e.g., wireless, application, social engineering, buffer overflow attacks, backdoor). |
| G.8 | Define strategies necessary to prevent attacks. |
| H.1 | Define terms related to computer networking (e.g., LAN, WAN, wireless, protocols, topology, firewalls). |
| H.2 | Compare and contrast OSI and TCP/IP models and encapsulation concepts. |
| H.3 | Compare and contrast wired versus wireless networks. |
| H.4 | Examine the concept of the internet as a network of connected systems. |
| H.5 | Design a basic network topology. |
| I.1 | Define terms related to network security (e.g., routing, perimeter networks, security layering, Virtual Private Network (VPN), isolation). |
| I.2 | Explain the concepts of protocol security (e.g., protocol spoofing, tunneling, network sniffing, denial of service). |
| I.3 | Analyze and implement security layering. |
| I.4 | Identify vulnerabilities and common attack methods. |
| I.5 | Use strategies necessary to prevent network attacks. |
| I.6 | Identify tools and techniques used for security layering. |
| I.7 | Determine characteristics of firewalls (hardware and software) and when to use them. |
| I.8 | Set up Port/Network Address Translation (NAT/PAT). |
| I.9 | Explain how network addresses impact network security (e.g., IPv4 and IPv6 addressing, CIDR notation, public vs private networks. |
| I.10 | Use a basic command line interface (Windows and Linux) to configure communications (e.g., ipconfig, ifconfig, and net config, ping). |
| J.1 | Compare and contrast common operating systems (e.g., Windows, Linux, iOS, Android). |
| J.2 | Identify best practices for protecting operating systems (e.g., access control, separation of duties, least privilege). |
| J.3 | Compare and contrast common file systems (e.g., FAT, NTFS, HFS). |
| J.4 | Describe the various types of file permissions (e.g., registry, Active Directory, basic and advanced). |
| J.5 | Implement group and audit policies. |
| J.6 | Explain the purpose and location of security and auditing logs. |
| J.7 | Define virtualization and identify its advantages and disadvantages. |
| J.8 | Define strategies necessary to prevent operating system attacks. |
| K.1 | Define terms related to identity, authorization, and authentication (e.g., passwords, biometrics, multi-factor, certificates). |
| K.2 | Describe the various types of permissions (e.g., basic, administrative, elevated). |
| K.3 | Identify types of access control (e.g., role-based access control (RBAC), mandatory access control, discretionary-based control). |
| K.4 | Describe the importance of Multifactor authentication. |
| K.5 | Analyze best practices for end-user password development and usage. |
| K.6 | Identify the system administrator’s role in setting system policies and procedures. |
| K.7 | Compare and contrast backup and restore methods. |
| K.8 | Explain the importance of disaster recovery and business continuity planning (e.g., disaster recovery plans and controls, business continuity plans, backups). |
| K.9 | Secure servers (e.g., DNS/BIND, web, email, messaging, FTP, directory services, DHCP, file and print servers). |
| L.1 | Define cryptography and its related terms (e.g., encryption, decryption, public key, and private key). |
| L.2 | Identify encryption methods (e.g., symmetric and asymmetric). |
| L.3 | Determine appropriate uses for encrypting data and connections (e.g., email, files, network, VPN). |
| L.4 | Explain how the design and functionality of various encryption methods support the security of data. |
| L.5 | Demonstrate various encryption techniques (e.g., encryption algorithms, Encrypting File System (EFS), hashing, public and private keys, Public Key Infrastructure (PKI), token devices, Trusted Platform Module (TPM), Transport Layer Security (TLS). |
| M.1 | Analyze and differentiate between types of system attacks (e.g., operating systems, files, and applications). |
| M.2 | Implement security patches and updates (e.g., Active X, Java). |
| M.3 | Implement strategies necessary to prevent attacks (e.g., buffer overflow, application, input validation, scripting). |
| N.1 | Monitor security events and know when escalation is required (e.g., role of SIEM and SOAR, packet captures, log file entries, identifying suspicious events). |
| N.2 | Explain digital forensics and attack attribution processes (cyber kill chain, sources of evidence, evidence handling). |
| N.3 | Explain the impact of compliance frameworks on incident handling (e.g., compliance frameworks (GDPR, HIPAA, PCI-DSS, FERPA, FISMA), reporting and notification requirements). |
| N.4 | Describe the elements of cybersecurity incident response (e.g., policy plan procedure elements, incident response lifecycle stages). |
