Draft - CyberVA Curriculum - Draft
9 December 2019
Authors (alphabetical): Shannon Beck - Sharon McPherson - Linda Smith
In order to create career awareness, an overall more informed digital cyber-citizenship, and to infuse cybersecurity across the education portfolio, we have created an inclusive and approachable cybersecurity survey course, targeting 9th-12th grade students in Virginia.
We develop this content with the primary goal of providing an open source overview and survey of cybersecurity concepts. It presents key concepts at the 10,000 foot view providing students with knowledge of these concepts before advancing into a more technical course. A secondary goal is to make these concepts more accessible to a broader range of students.
VA HS Cyber Curriculum: Plan 1: Full school-year curriculum (36 weeks)
Target audience: High school (9-12th grade) – students with the cognitive development for ethics; restricted to upper level classes based on Bloom’s Taxonomy to be able to apply, analyze, evaluate and ultimately create tools and techniques as pertaining to cyber security. Utilizing Piaget’s Theory of Cognitive Development, students will need to work with abstract concepts and use critical evaluation skills for this course due to the sensitive subject. Focusing on our philosophy of learning, the learning process: is active, authentic, uses prior knowledge as a scaffold, occurs socially and contextually, and needs the participation and engagement of the learner to be effective.
We make a constructive effort based on the Code of Ethics for Educators to protect students from conditions that could be detrimental to them from the Association of American Educators.
This course pulls in from 2018/2019 State of Virginia Competency-Based Cybersecurity Fundamentals (6302), CSTA K-12 CS Standards, and is cross-walked with the High School Cybersecurity Curriculum Guidelines (HSCCG) from the Cyber Center for Education and Innovation, home of the National Cryptologic Museum.
Planned outcomes of this course are students that are more educated in cyber concepts that can protect themselves, and are empowered to share this knowledge with their families, friends and communities. Career awareness and the next steps for further technology development are important outcomes for this course.
We are changing expectations. This is unlike a networking course or current introductory cybersecurity courses traditionally found at many high schools and the college undergraduate level. The focus is use digitally-based problem solving to engage students from diverse backgrounds and interests. Problem solving and ethics are at the heart of every class. To be successful in cybersecurity, you have to be a capable problem solver.
Our approach to academic and career pathways is not only to identify them, but to capitalize on students' existing interest and build messages around cybersecurity and computer science. Interest building is centered around the concepts of 1) it's flexible, 2) it's stable 3) it's collaborative and 4) appeal to current interests and goals.
This course is meant to develop students’ critical thinking and problem solving skill set. The project-based learning concepts focus on:
Pose/provide a problem and tools to solve it, but don’t provide a set solution
Papers - problem solving paper writing, technical writing
Debate
Presentation
This is currently configured as a full academic school year course, running for an approximate 36 weeks. Future plans include a tailored ½ year course, as well as mico lessons for teachers in other subject areas to have about the intersection of their field and cybersecurity, such as history, English, science, art and more.
Introduction
Course Concepts and Vocabulary
Introduction to Ethics
HSCCG Big Idea: Ethics: Essential Questions - integrated across the modules
What is an ethical way to disclose vulnerabilities?
How do values shape the security considerations of designers?
How do values shape the security considerations of users?
How do core societal values shape the security considerations in what is allowed or encouraged to be created?
What is the Internet
How the Internet works
HSCCG Big Idea: Ubiquitous Connectivity: Essential Questions:
How is the Internet organized and what role do standards and protocols play in keeping networks secure?
World Wide Web
Browsers and search engines
How information travels on a network
Overview of protocols and packets
HSCCG Big Idea: Establishing Trust: Essential Questions
What is essential for establishing trust in cybersecurity?
Essential Question: What are the key hardware (Input/Output) components in a computer system? How do the hardware components interact with each other?
Introduction to hardware concepts
Basic architecture of computing systems
Processing (CPU)
Input/Output hardware
Memory and storage
Essential Question: What are the differences among operating systems?
What are software applications associated with information systems?
Introduction to software concepts
Systems software
The Operating System
What is it and what does it do?
Common Operating Systems
Device Drivers and Utility Programs
Application software
What is it and what does it do?
Sources of application software
Date files and program files
Essential Question: Explain and identify basic networking concepts and different network structures.
What is the importance of standards to the IT industry?
Introduction to networking concepts
Types of networks
WAN, LAN, CAN, PAN, VPN
Intranet, Extranet, VPN, Firewalls
Network architecture
Network topology
Wired networks
Wires and cables
Wireless networks
Wi-fi
Mobile
5 types of wireless communications media
HSCCG Big Idea: Ubiquitous Connectivity: Essential Questions:
How does an adversary leverage connected networks to serve their purposes?
How do network security technologies keep our systems and data secure?
Essential Questions:
What are risk management processes and concepts?
What is the best balance between protecting data and allowing access?
Should a business be allowed to tell an employee what can or cannot be posted on social media?
CIA triad (Confidentiality, Integrity, Availability)
HSCCG Big Idea: Establishing Trust: Essential Questions
How are confidentiality, integrity, and availability interconnected?
Risk, Vulnerabilities, and Threats
Definitions
Causes of Risk
Vulnerability vs Threat
Types of Threats
Malware - malicious software
Spyware
Adware
Other actors
HSCCG Big Idea: Risk: Essential Questions:
What is the difference between a risk, vulnerability, and a threat?
How is cybersecurity risk modeled?
How does the presence of an adversary contribute to the complexity of cybersecurity risk?
How does the logical malleability of computers contribute to the complexity of cybersecurity risk?
How does the dynamic, distributed, and ubiquitous nature of computing contribute to the complexity of cybersecurity risk?
Legal requirements
Existing laws: FERPA, HIPAA, GLBA, CFAA, SOX, ECPA
HSCCG Big Idea: Adversarial Thinking: Essential Questions: Can also be included, in part, in Modules 6 & 7, with running examples related to personal devices and social media
How are systems disrupted by both intentional attacks and unintentional events?
How does a cybersecurity life cycle/kill chain capture how an adversary approaches compromising a system?
How is the presence of opposing forces considered when creating a system’s defense?
Operating system hardening
System vulnerabilities
HSCCG Big Idea: Establishing Trust: Essential Questions
How are simplicity and restriction overarching ideas for cybersecurity principles? Systems / OS
How do we know a system is well-defended?
HSCCG Big Idea: System Security (can fit into Software module (post-hardware module)
How do hardware and software work together to achieve an objective?
What are security flaws/vulnerabilities in hardware and software?
Why do hardware and software have security vulnerabilities?
What are the consequences of less secure hardware and software?
Essential Question:
How has wireless technology contributed to security issues facing users and businesses?
Securing your mobile phone
Privacy and social media
Strong passwords
Personally Identifiable Information (PII)
Essential Question:
What is the importance of standards to the IT industry?
Review protocols (TCP/IP)
IP v4 vs v6
Network security and threats
DDoS, ping sweeps
Intrusion detection system (IDS/IPS)
Essential Questions:
What are the ethical implications related to hiding data and other objects?
What is the impact of public key infrastructure on digital commerce?
Is it better to fully encrypt a local drive or to selectively encrypt files and folders?
Definitions and uses
Protecting information in transit
Stenography
Digital Signatures
Certificates and Certificate Authorities
Databases
Attacks and data breaches
Privacy
HSCCG Big Idea: Data Security: Essential Questions:
What actions can be taken to validate that data has been unaltered by an unauthorized source?
What policies and procedures are in place to keep data safe?
How is the integrity of data being transported over networks safeguarded?
What are the ways in which data can be encrypted?
Why is privacy essential for individuals, groups, and governments?
Essential Question:
How important are soft skills to a career in cybersecurity?
What importance should a business place on addressing community and environmental issues?
What are careers in cybersecurity?
NIST NICE Careers information
Career and Workplace considerations
OSHA
Diversity Awareness
Next step ideas
Educational pathways (courses, CyberPatriot)
Clubs
Career and Technical Student Organizations
Social, Economic and Political issues and concerns
HSCCG Big Idea: Implications: Essential Questions:
How have historical cybersecurity ideas and events impacted society?
How has the expansion of the threat environment been addressed in society?
How do risk management and economic trade-offs impact cybersecurity decisions?
Draft - CyberVA Curriculum - Draft