ARC Project

Assessment Resources for Cybersecurity (ARC)

A project to develop Assessment Resources for foundational Cybersecurity courses.

OVERVIEW

The ARC project addresses the need for evidence-centered design and development processes for educational assessment. To do so, our team partners with subject matter experts and educators to create assessment guides and bank of cybersecurity assessment items. 

The assessment guides and items are aligned with foundational cybersecurity content based on ACM’s CSEC 2017Curriculum Guide.  The 2017 CSEC Guide was updated in 2025 to outline what knowledge is foundational and therefore should be taught in high school or lower division college.  The update is entitled: 2025 Supplement to CSEC 2017: Foundational Cybersecurity Content and Instructional Guidance for Secondary and Postsecondary Cybersecurity Education.  

The CSEC Supplement has six knowledge areas:  Data Security, Network Security, System Security, Software Security, Organizational Security and Societal Security.  There are 74 learning outcomes across these six knowledge areas.  The Assessment Guides include detailed knowledge statements principles, concepts, and practices pertinent to each learning outcome. 

The ARC resources are available at no charge to registered educators of Teach Cyber. Registration is free.

This work is ongoing; revised guides and additional assessment items will be posted in Fall, 2025, after a teacher focus group completes a review.

This material is based upon work supported by the National Science Foundation under Grant No. 2117073.

Cybersecurity Resources:

  • Curriculum and Assessment Guides
  • Multiple Choice Items
  • Free Response Items

Organized by Knowledge Areas:

  • Data Security
  • Network Security
  • System Security
  • Software Security
  • Organizational Security
  • Societal Security

Alignment to Foundational Cybersecurity Content

METHODOLOGY

The Supplement to CSEC 2017: Foundational Cybersecurity Content and Instructional Guidance for Secondary and Postsecondary Cybersecurity Education | ACM Other Books (Jan 2025) is available here.  This supplement to CSEC 2017 provides a basis for instructors who wish to focus on those fundamental principles to develop teaching materials and appropriate learning objectives. The foundational content is expressed as knowledge areas, topics, learning outcomes, and cross-cutting concepts.  The following diagram illustrates knowledge area, topics, and cross-cutting concepts.

CSEC Knowledge Areas
Foundational Knowledge areas and Cross-cutting concepts

The team uses Evidence Centered Design (ECD), a well-established methodology for developing valid assessments. ECD begins by clearly defining what students should know and be able to do—including the subject matter and the depth of thinking and reasoning involved. It then focuses on designing assessment tasks—whether closed-ended questions, open-ended prompts, or performance-based activities—that give students opportunities to demonstrate that knowledge. Finally, ECD establishes guidelines for what “counts” as evidence of knowing, so that student responses can be interpreted in a consistent and meaningful way. This structured approach makes ECD especially valuable for creating innovative assessments in complex, hard-to-measure fields like cybersecurity. In ECD, the assessment guides (aka Design Patterns) also support the scalable development of assessment items and scoring rubrics.

Curriculum & Assessment Guides

DELIVERABLES

Expand each knowledge area below to access the curriculum and assessment guides. You must be logged in to access the guides. These resources are available at no charge to registered educators.

A list of reference documents used in preparing the Assessment Guides is provided here: ARCResource

Data Security

Topics include cryptography, access control, and data security.

Download the PDF document here: Data Security Curriculum & Assessment Guide

Updated 10/8/2025

Network Security

Topics include network architecture, attacks, and defense

Download the PDF document here: Network Security Curriculum & Assessment Guide

This guide was updated 10/8/2025

System Security

Topics include security principles, access control, and system controls.

Download the PDF document here: System Security Curriculum & Assessment Guide

Updated 10/8/2025

Software Security

Topics include the secure software development life cycle, software defense and attacks

Download the PDF document here: Software Security Curriculum & Assessment Guide

Updated 10/8/2025

Organizational Security

Topics include Governance, Law, Policy, and Risk Management

Download available here: Organizational Security Curriculum & Assessment Guide

Updated 10/8/2025

Societal Security

Topics include Social engineering, attacks, adversaries, ethics, privacy, governance, law, policy, and human security.

This guide is coming soon.

Assessment Items

Multiple Choice Items

Access to assessment items is restricted to registered users only.

Download here: Multiple Choice Items

Excel spreadsheet

Free Response Items

–Coming Soon–

STAY UP TO DATE

Sign up for our mailing list! Learn about the latest resources & events in cybersecurity education. Get the Teach Cyber Byte and the Teach Cyber Megabyte delivered to your inbox.

By signing up, you agree to receive our materials and agree with our Privacy Policy. You may unsubscribe at any time.

OUR COMMITMENT

Teach Cyber is a non-profit dedicated to developing, supporting, and stewarding excellent cybersecurity education at the secondary level.

Our mission is to provide resources, training, and support to secondary school educators teaching cybersecurity.

NAVIGATE

About Us 

Our Team

Contact Us

Privacy Policy

Curriculum Guidelines

Planning & Pacing Guides

Lessons

Archived Newsletters

 © 2021 TeachCyber.org – All Materials Subject to Creative Commons BY-NC-SA License