National CAE Designated Institution
  • Classroom

This course introduces information assurance, cybersecurity policy development, legal compliance and lays a foundation for ethical decision-making by the cybersecurity professional. Students gain experience using non-technical measures to address cybersecurity threats to an organization. Cybersecurity professionals must be familiar with privacy and data protection requirements coming from HIPAA, FERPA, Sarbanes-Oxley, PCA and other federal and industry mandates. To better design penetration test scenarios, students are given the opportunity to work through ethically ambiguous scenarios that revolve around areas such as vulnerability discovery and responsible disclosure.

Learning Objectives

Outcomes for this course are drawn from NSA CAE Non-Technical Core Knowledge Unit outcomes and topics. Upon successful completion of the course, the student will be able to: Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms. Analyze common security failures and identify specific design principles that have been violated. Explain the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues. Describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it. Apply their knowledge to develop a security program, identifying goals, objectives and metrics. Describe the role of cybersecurity in supporting and encouraging ethics, as well as where cybersecurity practices can cause ethical conflicts.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):