This module provides an overview of the cybersecurity field and its related concepts. An introduction to cybersecurity terminology, best practices, principles, and standards, planning and management of cybersecurity functions and assets are included. This module will provide a foundation for understanding common threats and attacks and the methods and tools to defend and protect against them, an overview of human, organizational, social, and legal issues related to cybersecurity. and concepts which meet national standards in cybersecurity.
Describe cybersecurity concepts and terminology and use correct vocabulary for specific scenarios. Describe the security life cycle and its use in securing an organization’s systems, Discuss the information security triad (confidentiality, integrity, availability), access control (identification, authentication, authorization), non-repudiation, and privacy, Describe the tension and balance needed between security measures and usability of an organization’s systems, Describe the principles of cybersecurity and their impact on organizational policies and procedures (including separation of domains and duties, isolation, encapsulation, modularity, simplicity of design, minimization of implementation (least common mechanism), open design, complete mediation, layering, least privilege, fail safe defaults, psychological acceptance, reluctance to trust, usability, and trust relationships, Identify the cybersecurity principles needed to address a given cybersecurity design scenario, Outline cyber defense tools, methods and components and explain how they can be used to secure a system against attacks, Explain common cybersecurity threats, vulnerabilities, and risks and how to manage each, including countermeasures, Compare human security, organizational security, and societal security for a given scenario, such as social engineering, Analyze a given security failure and identify design principles which were violated, Analyze a given cybersecurity scenario and describe actions to provide/improve system security, Describe a basic cybersecurity risk assessment for an organization’s information assets (hardware, systems, data, intellectual property, etc.), Describe (at an introductory level) potential data, network, and system threats and attacks, and actors which may perform them, Describe basic access control models (MAC (Mandatory Access Control), DAC (Discretionary Access Control), RBAC (Role Based Access Control), and Lattice).