(D) examine and configure security options to allow
and restrict access based on user roles.
(13) Cybersecurity skills. The student demonstrates
necessary steps to maintain user access on the system. The student
is expected to:
(A) identify different types of user accounts and groups
on an operating system;
(B) explain the fundamental concepts and standard practices
related to access control, including authentication, authorization,
and auditing;
(C) compare methods for single- and multi-factor authentication
such as passwords, biometrics, personal identification numbers (PINs),
secure tokens, and other passwordless authentication methods;
(D) define and explain the purpose and benefits of
an air-gapped computer; and
(E) explain how hashes and checksums may be used to
validate the integrity of transferred data.
(14) Cybersecurity skills. The student explores the
field of digital forensics. The student is expected to:
(A) explain the importance of digital forensics to
organizations, private citizens, and the public sector;
(B) identify the role of chain of custody in digital
forensics;
(C) explain the four steps of the forensics process,
including collection, examination, analysis, and reporting;
(D) identify when a digital forensics investigation
is necessary;
(E) identify information that can be recovered from
digital forensics investigations such as metadata and event logs;
and
(F) analyze the purpose of event logs and identify
suspicious activity.
(15) Cybersecurity skills. The student explores the
operations of cryptography. The student is expected to:
(A) explain the purpose of cryptography and encrypting
data;
(B) research historical uses of cryptography;
(C) review and explain simple cryptography methods
such as shift cipher and substitution cipher;
(D) define and explain public key encryption; and
(E) compare and contrast symmetric and asymmetric encryption.
(16) Vulnerabilities, threats, and attacks. The student
understands vulnerabilities, threats, and attacks. The student is
expected to:
(A) explain how computer vulnerabilities leave systems
open to cyberattacks;
(B) explain how users are the most common vehicle for
compromising a system at the application level;
(C) define and describe vulnerability, payload, exploit,
port scanning, and packet sniffing;
(D) identify internal threats to systems such as logic
bombs and insider threats;
(E) define and describe cyberattacks, including man-in-the-middle,
distributed denial of service, spoofing, and back-door attacks;
(F) differentiate types of social engineering techniques
such as phishing; web links in email, instant messaging, social media,
and other online communication with malicious links; shoulder surfing;
and dumpster diving; and
(G) identify various types of application-specific
attacks such as cross-site scripting and injection attacks.
(17) Vulnerabilities, threats, and attacks. The student
evaluates the vulnerabilities of networks. The student is expected
to:
(A) compare vulnerabilities associated with connecting
devices to public and private networks;
(B) explain device vulnerabilities and security solutions
on networks such as supply chain security and counterfeit products;
(C) compare and contrast protocols such as HTTP versus
HTTPS;
(D) debate the broadcasting or hiding of a wireless
service set identifier (SSID); and
(E) research and discuss threats such as mandatory
access control (MAC) spoofing and packet sniffing.
(18) Vulnerabilities, threats, and attacks. The student
analyzes threats to computer applications. The student is expected
to:
(A) define application security;
(B) identify methods of application security such as
secure development policies and practices;
(C) explain the purpose and function of vulnerability
scanners;
(D) explain how coding errors may create system vulnerabilities
such as buffer overflows and lack of input validation; and
(E) analyze the risks of distributing insecure programs.
(19) Risk assessment. The student understands risk
and how risk assessment and risk management defend against attacks.
The student is expected to:
(A) define commonly used risk assessment terms, including
risk, asset, and inventory;
(B) identify risk management strategies, including
acceptance, avoidance, transference, and mitigation; and
(C) compare and contrast risks based on an industry
accepted rubric or metric such as Risk Assessment Matrix.
|