Introduction to Cybersecurity for High School Students and K12 Educators
The goal of this course is to provide high school students and educators an introduction to the technological aspects of cyber security with hands on practice. This foundational course covers the following category of topics: legal and ethical issues; foundational knowledge required for cybersecurity and for hands on practice including: using the Linux command line, basics of computer networking and basics of web technology; steps in hacking including reconnaissance and exploits; cryptography; secure design of systems, and hardening operating systems.
For educators, the course includes a topic on resources available to help teach cybersecurity.
The course consists of five modules:
- Module 1: Teaching Cybersecurity
- Module 2: Cyber Ethics and Law
- Module 3: Foundations of Cybersecurity
- Module 4: Anatomy of an Attack
- Module 5: Cyber Defense and Cryptography
- Understand the basics of cybersecurity and its principles
- Enumerate resources required to teach cybersecurity
- Enumerate common cyber laws
- Understand the need and importance of ethics for responsible cyber citizenship
- Use basic Linux commands from the command line
- Enumerate common network protocols
- Describe layered network architecture
- Analyze network packets using packet sniffers such as Wireshark
- Perform basic reconnaissance using techniques such as search engine hacking and network enumeration
- Describe some common cybersecurity vulnerabilities and exploits
- Describe some common cybersecurity threats and vulnerabilities
- Enumerate the three types of cryptographic mechanisms: symmetric, asymmetric and secure hashes
- Explain the need for the three types of cryptographic mechanisms
- Enumerate secure design principles
- Harden general purpose operating systems such as Linux and Windows
Textbook: None required. However, if an educator has a need for a textbook, then there are several textbooks that cover foundational topics. Here is a list of them:
- CompTIA Security+ Guide to Network Security Fundamentals 6th Edition by Mark Ciampa, ISBN: ISBN-10: 1337288780 and ISBN-13: 978-1337288781
- This book is more suited for educators planning on expanding the content provided by the course to prepare students for the CompTIA Security+ certification.
- Security in Computing (5th Edition) 5th Edition by Charles P. Pfleeger (Author), Shari Lawrence Pfleeger (Author), Jonathan Margulies. ISBN-13: 978-0134085043 ISBN-10: 0134085043
- Comprehensive textbook.
Homework Assignments and Labs
Homework and assignments are provided for hands on experience in each of the modules. The assignments are usually in the form of capture the flag assessments. A flag is usually a name of a file or data that students need to find as part of the assessment.
NOTE: Instructors should note it is highly recommended that all the exercises in the course be completed using the virtual environment on the Virginia Cyber Range: K12 CYBER SECURITY CONCEPTS USING KALI LINUX, so if they plan to use multiple exercises from different modules, adding that environment to their course is sufficient for students to use for all of the labs.
It is left up to each instructor to determine how to grade the material in this course.
- K0003: * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- K0004: * Knowledge of cybersecurity principles.
- K0018: Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).
- K0019: Knowledge of cryptography and cryptographic key management concepts.
- K0025: Knowledge of digital rights management.
- K0044: Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- K0069: Knowledge of query languages such as SQL (structured query language).
- K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0119: Knowledge of hacking methodologies in Windows or Unix/Linux environment.
- K0129: Knowledge of Unix command line (e.g., mkdir, mv, ls, passwd, grep).
- K0206: Knowledge of ethical hacking principles and techniques.
- K0221: Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
- K0301: Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- K0331: Knowledge of network protocols (e.g., Transmission Critical Protocol (TCP), Internet Protocol (IP), Dynamic Host Configuration Protocol (DHCP)), and directory services (e.g., Domain Name System (DNS)).
- K0516: Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- K0555: Knowledge of TCP/IP networking protocols.
- K0608: Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
- S0046: Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- S0052: Skill in the use of social engineering techniques.
- S0089: Skill in one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).
- S0147: Skill in assessing security controls based on cybersecurity principles and tenets.
- S0156: Skill in performing packet-level analysis (e.g., Wireshark, tcpdump, etc.).
- A0106: Ability to think critically.
- A0110: Ability to monitor advancements in information privacy laws to ensure organizational adaptation and compliance.
- A0113: Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.
- Basic Scripting and Programming (BSP)
- Cybersecurity Principles (CSP)
- Basic Cryptography (BCY)
- Basic Networking (BNW)
- Operating Systems Hardening (OSH)
- Policy, Legal, Ethics, and Compliance (PLE)
- Vulnerability Analysis (VLA)