| (a) General requirements. Students shall be awarded
one credit for successful completion of this course. This course is
recommended for students in Grades 11 and 12. Recommended prerequisite:
Foundations of Cybersecurity.
(b) Introduction.
(1) Career and technical education instruction provides
content aligned with challenging academic standards and relevant technical
knowledge and skills for students to further their education and succeed
in current or emerging foundations.
(2) The Science, Technology, Engineering, and Mathematics
(STEM) Career Cluster focuses on planning, managing, and providing
scientific research and professional and technical services, including
laboratory and testing services, and research and development services.
(3) Cybersecurity is an evolving discipline concerned
with safeguarding computers, networks, programs, and data from unauthorized
access. As a field, it has gained prominence with the emergence of
a globally-connected society. As computing has become more sophisticated,
so too have the abilities of malicious agents looking to penetrate
networks and seize private information. By evaluating prior incidents,
cybersecurity professionals have the ability to craft appropriate
responses to minimize disruptions to corporations, governments, and
individuals.
(4) In the Cybersecurity Capstone course, students
will develop the knowledge and skills needed to explore advanced concepts
related to the ethics, laws, and operations of cybersecurity. Students
will examine trends and operations of cyberattacks, threats, and vulnerabilities.
Students will develop security policies to mitigate risks. The skills
obtained in this course prepare students for additional study toward
industry certification. A variety of courses are available to students
interested in the cybersecurity field. Cybersecurity Capstone may
serve as a culminating course in this field of study.
(5) Students are encouraged to participate in extended
learning experiences such as career and technical student organizations
and other leadership or extracurricular organizations.
(6) Statements that contain the word "including" reference
content that must be mastered, while those containing the phrase "such
as" are intended as possible illustrative examples.
(c) Knowledge and skills.
(1) Employability skills. The student demonstrates
necessary skills for career development and successful completion
of course outcomes. The student is expected to:
(A) identify and demonstrate employable work behaviors
such as regular attendance, punctuality, maintenance of a professional
work environment, and effective written and verbal communication;
(B) identify and demonstrate positive personal qualities
such as authenticity, resilience, initiative, and a willingness to
learn new knowledge and skills;
(C) solve problems and think critically;
(D) demonstrate leadership skills and function effectively
as a team member; and
(E) demonstrate an understanding of ethical and legal
responsibilities in relation to the field of cybersecurity.
(2) Employability skills. The student identifies various
employment opportunities in the cybersecurity field. The student is
expected to:
(A) develop a personal career plan along with the education,
job skills, and experience necessary to achieve career goals;
(B) develop a resume or a portfolio appropriate to
a chosen career plan; and
(C) illustrate interview skills for successful job
placement.
(3) Ethics and laws. The student evaluates ethical
and current legal standards, rights and restrictions governing technology,
technology systems, digital media and information technology, and
the use of social media in the context of today's society. The student
is expected to:
(A) analyze and apply to a scenario local, state, national,
and international cyber law such as David's Law and Digital Millennium
Copyright Act;
(B) evaluate historic cases or events regarding cyber;
and
(C) explore compliance requirements such as Section
508 of the Rehabilitation Act of 1973, Family Educational Rights and
Privacy Act of 1974 (FERPA), Health Insurance Portability and Accountability
Act of 1996 (HIPAA), and Gramm-Leach-Bliley Act (GLBA).
(4) Digital citizenship. The student understands and
demonstrates the social responsibility of end users regarding significant
issues relating to digital technology, safety, digital hygiene, and
cyberbullying. The student is expected to:
(A) debate the relationship between privacy and security;
and
(B) identify ethical or unethical behavior when presented
with various scenarios related to cyber activities.
(5) Cybersecurity skills. The student explains the
importance and process of penetration testing. The student is expected
to:
(A) define the phases of penetration testing, including
plan, discover, attack, and report;
(B) develop a plan to gain authorization for penetration
testing;
(C) identify commonly used vulnerability scanning tools
such as port scanning, packet sniffing, and password crackers;
(D) develop a list of exploits based on results of
scanning tool reports; and
(E) prioritize a list of mitigations based on results
of scanning tool reports.
(6) Cybersecurity skills. The student understands common
cryptographic methods. The student is expected to:
(A) evaluate symmetric and asymmetric algorithms such
as substitution cipher, Advanced Encryption Standard (AES), Diffie-Hellman,
and Rivest-Shamir-Adleman (RSA);
(B) explain the purpose of hashing algorithms, including
blockchain;
(C) explain the function of password salting;
(D) explain and create a digital signature; and
(E) explain steganography.
(7) Cybersecurity skills. The student understands the
concept of cyber defense. The student is expected to:
(A) explain the purpose of establishing system baselines;
(B) evaluate the role of physical security;
(C) evaluate the functions of network security devices
such as firewalls, intrusion detection systems (IDS), intrusion prevention
systems (IPS), and intrusion detection prevention systems (IDPS);
(D) analyze log files for anomalies; and
(E) develop a plan demonstrating the concept of defense
in depth.
(8) Cybersecurity skills. The student demonstrates
an understanding of secure network design. The student is expected
to:
(A) explain the benefits of network segmentation, including
sandboxes, air gaps, and virtual local area networks (VLAN);
(B) investigate the role of software-managed networks,
including virtualization;
(C) discuss the role of honeypots and honeynets in
networks; and
(D) create an incoming and outgoing network policy
for a firewall.
(9) Cybersecurity skills. The student integrates principles
of digital forensics. The student is expected to:
(A) identify cyberattacks by their signatures;
(B) explain proper data acquisition;
(C) examine evidence from devices for suspicious activities;
and
(D) research current cybercrime cases involving digital
forensics.
(10) Cybersecurity skills. The student explores emerging
technology. The student is expected to:
(A) describe the integration of artificial intelligence
and machine learning in cybersecurity;
(B) investigate impacts made by predictive analytics
on cybersecurity; and
(C) research other emerging trends such as augmented
reality and quantum computing.
(11) Cybersecurity skills. The student uses various
operating system environments. The student is expected to:
(A) issue commands via the command line interface (CLI)
such as ls, cd, pwd, cp, mv, chmod, ps, sudo, and passwd;
(B) describe the file system structure for multiple
operating systems;
(C) manipulate and edit files within the CLI; and
(D) determine network status using the CLI with commands
such as ping, ifconfig/ipconfig, traceroute/tracert, and netstat.
(12) Cybersecurity skills. The student clearly and
effectively communicates technical information. The student is expected
to:
(A) collaborate with others to create a technical report;
(B) create, review, and edit a report summarizing technical
findings; and
(C) present technical information to a non-technical
audience.
(13) Risk assessment. The student analyzes various
types of threats, attacks, and vulnerabilities. The student is expected
to:
(A) differentiate types of attacks, including operating
systems, software, hardware, network, physical, social engineering,
and cryptographic;
(B) explain blended threats such as combinations of
software, hardware, network, physical, social engineering, and cryptographic;
(C) discuss risk response techniques, including accept,
transfer, avoid, and mitigate;
(D) develop a plan of preventative measures to address
cyberattacks;
(E) describe common web vulnerabilities such as cross-site
scripting, buffer overflow, injection, spoofing, and denial of service;
(F) describe common data destruction and media sanitation
practices such as wiping, shredding, and degaussing; and
(G) develop an incident response plan for a given scenario
or recent attack.
(14) Risk assessment. The student understands risk
management processes and concepts. The student is expected to:
(A) describe various access control methods such as
mandatory access control (MAC), role-based access control (RBAC),
and discretionary access control (DAC);
(B) develop and defend a plan for multi-factor access
control using components such as biometric verification systems, key
cards, tokens, and passwords; and
(C) review a disaster recovery plan (DRP) that includes
backups, redundancies, system dependencies, and alternate sites.
(15) Risk assessment. The student investigates the
role and effectiveness of environmental controls. The student is expected
to:
(A) explain commonly used physical security controls,
including lock types, fences, barricades, security doors, and mantraps;
and
(B) describe the role of embedded systems such as fire
suppression; heating, ventilation, and air conditioning (HVAC) systems;
security alarms; and video monitoring.
|
