| (a) Implementation. The provisions of this section
shall be implemented by school districts beginning with the 2023-2024
school year.
(1) No later than August 1, 2023, the commissioner
of education shall determine whether instructional materials funding
has been made available to Texas public schools for materials that
cover the essential knowledge and skills identified in this section.
(2) If the commissioner makes the determination that
instructional materials funding has been made available this section
shall be implemented beginning with the 2023-2024 school year and
apply to the 2023-2024 and subsequent school years.
(3) If the commissioner does not make the determination
that instructional materials funding has been made available under
this subsection, the commissioner shall determine no later than August
1 of each subsequent school year whether instructional materials funding
has been made available. If the commissioner determines that instructional
materials funding has been made available, the commissioner shall
notify the State Board of Education and school districts that this
section shall be implemented for the following school year.
(b) General requirements. This course is recommended
for students in Grades 9-12.Students shall be awarded one credit for
successful completion of this course.
(c) Introduction.
(1) Career and technical education instruction provides
content aligned with challenging academic standards, industry and
relevant technical knowledge, and college and career readiness skills
for students to further their education and succeed in current and
emerging professions.
(2) The Science, Technology, Engineering, and Mathematics
(STEM) Career Cluster focuses on planning, managing, and providing
scientific research and professional and technical services such as
laboratory and testing services and research and development services.
(3) Cybersecurity is a critical discipline concerned
with safeguarding computers, networks, programs, and data from unauthorized
access. As a field, it has gained prominence with the expansion of
a globally connected society. As computing has become more sophisticated,
so too have the abilities of adversaries looking to penetrate networks
and access systems and sensitive information. Cybersecurity professionals
prevent, detect, and respond to minimize disruptions to governments,
organizations, and individuals.
(4) In the Foundations of Cybersecurity course, students
will develop the knowledge and skills needed to explore fundamental
concepts related to the ethics, laws, and operations of cybersecurity.
Students will examine trends and operations of cyberattacks, threats,
and vulnerabilities. Students will review and explore security policies
designed to mitigate risks. The skills obtained in this course prepare
students for additional study in cybersecurity. A variety of courses
are available to students interested in this field. Foundations of
Cybersecurity may serve as an introductory course in this field of
study.
(5) Students are encouraged to participate in extended
learning experiences such as career and technical student organizations
and other leadership or extracurricular organizations.
(6) Statements that contain the word "including" reference
content that must be mastered, while those containing the phrase "such
as" are intended as possible illustrative examples.
(d) Knowledge and skills.
(1) Employability skills. The student demonstrates
necessary skills for career development and successful completion
of course outcomes. The student is expected to:
(A) identify and demonstrate employable work behaviors
such as regular attendance, punctuality, maintenance of a professional
work environment, and effective written and verbal communication;
(B) identify and demonstrate positive personal qualities
such as authenticity, resilience, initiative, and a willingness to
learn new knowledge and skills;
(C) solve problems and think critically;
(D) demonstrate leadership skills and function effectively
as a team member; and
(E) demonstrate an understanding of ethical and legal
responsibilities and ramifications in relation to the field of cybersecurity.
(2) Professional awareness. The student identifies
various employment opportunities and requirements in the cybersecurity
field. The student is expected to:
(A) identify job and internship opportunities and accompanying
job duties and tasks;
(B) research careers in cybersecurity and information
security and develop professional profiles that match education and
job skills required for obtaining a job in both the public and private
sectors;
(C) identify and discuss certifications for cybersecurity-related
careers; and
(D) explain the different types of services and roles
found within a cybersecurity functional area such as a security operations
center (SOC).
(3) Ethics and laws. The student understands ethical
and current legal standards, rights and restrictions governing technology,
technology systems, digital media, and the use of social media. The
student is expected to:
(A) demonstrate and advocate for ethical and legal
behaviors both online and offline among peers, family, community,
and employers;
(B) investigate and analyze local, state, national,
and international cybersecurity laws such as the USA PATRIOT Act of
2001, General Data Protection Regulation, Digital Millennium Copyright
Act, Computer Fraud and Abuse Act, and Health Insurance Portability
and Accountability Act of 1996 (HIPAA);
(C) investigate and analyze noteworthy incidents or
events regarding cybersecurity;
(D) communicate an understanding of ethical and legal
behavior when presented with various scenarios related to cybersecurity
activities;
(E) define and identify tactics used in an incident
such as social engineering, malware, denial of service, spoofing,
and data vandalism; and
(F) identify and use appropriate methods for citing
sources.
(4) Ethics and laws. The student differentiates between
ethical and malicious hacking. The student is expected to:
(A) identify motivations and perspectives for hacking;
(B) distinguish between types of threat actors such
as hacktivists, criminals, state-sponsored actors, and foreign governments;
(C) identify and describe the impact of cyberattacks
on the global community, society, and individuals;
(D) differentiate between industry terminology for
types of hackers such as black hats, white hats, and gray hats; and
(E) determine and describe possible outcomes and legal
ramifications of ethical versus malicious hacking practices.
(5) Ethics and laws. The student identifies and defines
cyberterrorism and counterterrorism. The student is expected to:
(A) define cyberterrorism, state-sponsored cyberterrorism,
and hacktivism;
(B) compare and contrast physical terrorism and cyberterrorism,
including domestic and foreign actors;
(C) define and explain intelligence gathering;
(D) explain the role of cyber defense in protecting
national interests and corporations;
(E) explain the role of cyber defense in society and
the global economy; and
(F) explain the importance of protecting public infrastructures
such as electrical power grids, water systems, pipelines, transportation,
and power generation facilities from cyberterrorism.
(6) Digital citizenship. The student understands and
demonstrates the social responsibility of end users regarding significant
issues related to digital technology, digital hygiene, and cyberbullying.
The student is expected to:
(A) identify and understand the nature and value of
privacy;
(B) analyze the positive and negative implications
of a digital footprint and the maintenance and monitoring of an online
presence;
(C) discuss the role and impact of technology on privacy;
(D) identify the signs, emotional effects, and legal
consequences of cyberbullying and cyberstalking; and
(E) identify and discuss effective ways to deter and
report cyberbullying.
(7) Digital citizenship. The student understands the
implications of sharing information and access with others. The student
is expected to:
(A) define personally identifiable information (PII);
(B) evaluate the risks and benefits of sharing PII;
(C) describe the impact of granting applications unnecessary
permissions such as mobile devices accessing camera and contacts;
(D) describe the risks of granting third parties access
to personal and proprietary data on social media and systems; and
(E) describe the risks involved with accepting Terms
of Service (ToS) or End User License Agreements (EULA) without a basic
understanding of the terms or agreements.
(8) Cybersecurity skills. The student understands basic
cybersecurity concepts and definitions. The student is expected to:
(A) define cybersecurity and information security;
(B) identify basic risk management and risk assessment
principles related to cybersecurity threats and vulnerabilities, including
the Zero Trust model;
(C) explain the fundamental concepts of confidentiality,
integrity, and availability (CIA triad);
(D) describe the trade-offs between convenience and
security;
(E) identify and analyze cybersecurity breaches and
incident responses;
(F) identify and analyze security challenges in domains
such as physical, network, cloud, and web;
(G) define and discuss challenges faced by cybersecurity
professionals such as internal and external threats;
(H) identify indicators of compromise such as common
risks, warning signs, and alerts of compromised systems;
(I) explore and discuss the vulnerabilities of network-connected
devices such as Internet of Things (IoT);
(J) use appropriate cybersecurity terminology;
(K) explain the concept of penetration testing, including
tools and techniques; and
(L) explore and identify common industry frameworks
such as MITRE ATT&CKTM , MITRE Engage TM , and Cyber Kill Chain, and the Diamond Model.
(9) Cybersecurity skills. The student understands and
explains various types of malicious software (malware). The student
is expected to:
(A) define malware, including spyware, ransomware,
viruses, and rootkits;
(B) identify the transmission and function of malware
such as trojan horses, worms, and viruses;
(C) discuss the impact of malware and the model of
"as a service";
(D) explain the role of reverse engineering for the
detection of malware and viruses; and
(E) describe free and commercial antivirus and anti-malware
software also known as Endpoint Detection and Response software.
(10) Cybersecurity skills. The student understands
and demonstrates knowledge of techniques and strategies to prevent
a system from being compromised. The student is expected to:
(A) define system hardening;
(B) use basic system administration privileges;
(C) explain the importance of patching operating systems;
(D) explain the importance of software updates;
(E) describe standard practices to configure system
services;
(F) explain the importance of backup files;
(G) research and explain standard practices for securing
computers, networks, and operating systems, including the concept
of least privilege; and
(H) identify vulnerabilities caused by a lack of cybersecurity
awareness and training such as weaknesses posed by individuals within
an organization.
(11) Cybersecurity skills. The student understands
basic network operations. The student is expected to:
(A) identify basic network devices, including routers
and switches;
(B) define network addressing;
(C) analyze incoming and outgoing rules for traffic
passing through a firewall;
(D) identify well known ports by number and service
provided, including port 22 (Secure Shell Protocol/ssh), port 80 (Hypertext
Transfer Protocol/http), and port 443 (Hypertext Transfer Protocol
Secure/https);
(E) identify commonly exploited ports and services,
including ports 20 and 21 (File Transfer Protocol/ftp), port 23 (telnet
protocol), and port 3389 (Remote Desktop Protocol/rdp); and
(F) identify common tools for monitoring ports and
network traffic.
(12) Cybersecurity skills. The student identifies standard
practices of system administration. The student is expected to:
(A) define what constitutes a secure password;
(B) create a secure password policy, including length,
complexity, account lockout, and rotation;
(C) identify methods of password cracking such as brute
force and dictionary attacks; and
Cont'd... |
