Security Principles & Foundations

Describe cybersecurity concepts and terminology and use correct vocabulary for specific scenarios. Describe the security life cycle and its use in securing an organization’s systems, Discuss the information security triad (confidentiality, integrity, availability), access control (identification, authentication, authorization), non-repudiation, and privacy, Describe the tension and balance needed between security measures and usability of an organization’s systems, Describe the principles of cybersecurity and their impact on organizational policies and procedures (including separation of domains and duties, isolation, encapsulation, modularity, simplicity of design, minimization of implementation (least common mechanism), open design, complete mediation, layering, least privilege, fail safe defaults, psychological acceptance, reluctance to trust, usability, and trust relationships, Identify the cybersecurity principles needed to address a given cybersecurity design scenario, Outline cyber defense tools, methods and components and explain how they can be used to secure a system against attacks, Explain common cybersecurity threats, vulnerabilities, and risks and how to manage each, including countermeasures, Compare human security, organizational security, and societal security for a given scenario, such as social engineering, Analyze a given security failure and identify design principles which were violated, Analyze a given cybersecurity scenario and describe actions to provide/improve system security, Describe a basic cybersecurity risk assessment for an organization’s information assets (hardware, systems, data, intellectual property, etc.), Describe (at an introductory level) potential data, network, and system threats and attacks, and actors which may perform them, Describe basic access control models (MAC (Mandatory Access Control), DAC (Discretionary Access Control), RBAC (Role Based Access Control), and Lattice).