<<Prev Rule

Texas Administrative Code

Next Rule>>
RULE §127.792Foundations of Cybersecurity (One Credit), Adopted 2022

    (D) examine and configure security options to allow and restrict access based on user roles.

  (13) Cybersecurity skills. The student demonstrates necessary steps to maintain user access on the system. The student is expected to:

    (A) identify different types of user accounts and groups on an operating system;

    (B) explain the fundamental concepts and standard practices related to access control, including authentication, authorization, and auditing;

    (C) compare methods for single- and multi-factor authentication such as passwords, biometrics, personal identification numbers (PINs), secure tokens, and other passwordless authentication methods;

    (D) define and explain the purpose and benefits of an air-gapped computer; and

    (E) explain how hashes and checksums may be used to validate the integrity of transferred data.

  (14) Cybersecurity skills. The student explores the field of digital forensics. The student is expected to:

    (A) explain the importance of digital forensics to organizations, private citizens, and the public sector;

    (B) identify the role of chain of custody in digital forensics;

    (C) explain the four steps of the forensics process, including collection, examination, analysis, and reporting;

    (D) identify when a digital forensics investigation is necessary;

    (E) identify information that can be recovered from digital forensics investigations such as metadata and event logs; and

    (F) analyze the purpose of event logs and identify suspicious activity.

  (15) Cybersecurity skills. The student explores the operations of cryptography. The student is expected to:

    (A) explain the purpose of cryptography and encrypting data;

    (B) research historical uses of cryptography;

    (C) review and explain simple cryptography methods such as shift cipher and substitution cipher;

    (D) define and explain public key encryption; and

    (E) compare and contrast symmetric and asymmetric encryption.

  (16) Vulnerabilities, threats, and attacks. The student understands vulnerabilities, threats, and attacks. The student is expected to:

    (A) explain how computer vulnerabilities leave systems open to cyberattacks;

    (B) explain how users are the most common vehicle for compromising a system at the application level;

    (C) define and describe vulnerability, payload, exploit, port scanning, and packet sniffing;

    (D) identify internal threats to systems such as logic bombs and insider threats;

    (E) define and describe cyberattacks, including man-in-the-middle, distributed denial of service, spoofing, and back-door attacks;

    (F) differentiate types of social engineering techniques such as phishing; web links in email, instant messaging, social media, and other online communication with malicious links; shoulder surfing; and dumpster diving; and

    (G) identify various types of application-specific attacks such as cross-site scripting and injection attacks.

  (17) Vulnerabilities, threats, and attacks. The student evaluates the vulnerabilities of networks. The student is expected to:

    (A) compare vulnerabilities associated with connecting devices to public and private networks;

    (B) explain device vulnerabilities and security solutions on networks such as supply chain security and counterfeit products;

    (C) compare and contrast protocols such as HTTP versus HTTPS;

    (D) debate the broadcasting or hiding of a wireless service set identifier (SSID); and

    (E) research and discuss threats such as mandatory access control (MAC) spoofing and packet sniffing.

  (18) Vulnerabilities, threats, and attacks. The student analyzes threats to computer applications. The student is expected to:

    (A) define application security;

    (B) identify methods of application security such as secure development policies and practices;

    (C) explain the purpose and function of vulnerability scanners;

    (D) explain how coding errors may create system vulnerabilities such as buffer overflows and lack of input validation; and

    (E) analyze the risks of distributing insecure programs.

  (19) Risk assessment. The student understands risk and how risk assessment and risk management defend against attacks. The student is expected to:

    (A) define commonly used risk assessment terms, including risk, asset, and inventory;

    (B) identify risk management strategies, including acceptance, avoidance, transference, and mitigation; and

    (C) compare and contrast risks based on an industry accepted rubric or metric such as Risk Assessment Matrix.

Source Note: The provisions of this §127.792 adopted to be effective August 7, 2022, 47 TexReg 4522

Previous Page

Link to Texas Secretary of State Home Page | link to Texas Register home page | link to Texas Administrative Code home page | link to Open Meetings home page