This course introduces information assurance, cybersecurity policy development, legal compliance and lays a foundation for ethical decision-making by the cybersecurity professional. Students gain experience using non-technical measures to address cybersecurity threats to an organization. Cybersecurity professionals must be familiar with privacy and data protection requirements coming from HIPAA, FERPA, Sarbanes-Oxley, PCA and other federal and industry mandates. To better design penetration test scenarios, students are given the opportunity to work through ethically ambiguous scenarios that revolve around areas such as vulnerability discovery and responsible disclosure.
Learning Objectives
Outcomes for this course are drawn from NSA CAE Non-Technical Core Knowledge Unit outcomes and topics. Upon successful completion of the course, the student will be able to: Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms. Analyze common security failures and identify specific design principles that have been violated. Explain the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues. Describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it. Apply their knowledge to develop a security program, identifying goals, objectives and metrics. Describe the role of cybersecurity in supporting and encouraging ethics, as well as where cybersecurity practices can cause ethical conflicts.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.