Foundational Cybersecurity

Why Foundational Cybersecurity Matters

  • Cybersecurity touches every part of our digital world from personal devices and cloud systems to national defense and critical infrastructure.
  • Cybersecurity is constantly adapting to new technologies and emerging threats.
  • The security of one organization, nation, or individual depends on countless others.

A broad foundational cybersecurity education is essential due to the interconnectedness, the dynamic conditions, and the interdependence of cybersecurity. Students entering this field must understand not only technical concepts like networks, encryption, and threat detection, but also the ethical, human, and organizational dimensions that shape how security is maintained. A strong foundation allows students to adapt to emerging technologies, think critically about complex problems, and pursue specialized career paths ranging from cyber defense and digital forensics to policy, governance, and AI-driven security. By grounding learners in core principles rather than narrow tools, foundational cybersecurity education prepares them to protect systems, data, and people across a wide variety of industries and roles.

Foundational Cybersecurity and Careers

Foundational cybersecurity instruction equips students with the essential knowledge and mindset to navigate their career choices. By integrating cybersecurity concepts early, teachers help students understand how data, systems, software, and human behavior intersect. Foundational concepts and skills are relevant across all careers, not just in technical fields. A strong foundation prepares students to be informed citizens and adaptable professionals in an increasingly connected society. 

Supplement to CSEC 2017 (January, 2025)

This report provides a supplement to CSEC 2017 that outlines foundational content that should be included in Cyber I and Cyber II courses to adequately prepare learners for subsequent study and mastery in a cybersecurity program of study. The foundational content is expressed as knowledge areas, topics, learning outcomes, and cross-cutting concepts.

 

Available for download here: https://doi.org/10.1145/3715982

CSEC Six Foundational Knowledge Areas

Figure 1 summarizes six foundational knowledge areas and 13 foundational topics. The outer circle identifies the cross-cutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, systems thinking, and defense in depth.

Figure 1

CSEC Knowledge Areas

Knowledge Areas, Topics, Learning Outcomes in CSEC

The foundational learning outcomes are organized by knowledge area, followed by topic area. The knowledge areas align with the structure of the CSEC 2017 knowledge areas, while the topic areas aid in organizing content for curriculum development. Each section includes a topical grouping with a high level summary learning outcome, suitable for inclusion in course syllabi. The component learning outcomes, which serve as the core focus for instruction, are labeled with unique IDs for easy reference.

You will note that some topics have more learning outcomes than others. Note that the proportion of LOs does not imply weights of instruction.

Related Work

The ARC (Assessment Resources for Cybersecurity) project is based upon the CSEC framework. Curriculum & Assessment Guides, multiple choice questions, and open-ended assessment items were developed for each of the six knowledge area.  Learn about ARC.

Prior Work

The High School Cybersecurity Curriculum preceded the CSEC Supplement (2025).  It was designed by educators from high school and higher education, who collectively have vast experience teaching computer science and cybersecurity. The development of the Cybersecurity Curriculum Guidelines was funded by The National Cryptologic Foundation (NCF)