Unit 5 – Lesson 5 – “Physical Controls”
2 Days
This lesson focuses on physical controls as the first layer of a defense-in-depth strategy for data protection in cyberspace. Students will have the opportunity to review and examine physical access control policy and identify the common physical controls used for policy implementation and enforcement.
Cybersecurity Terms and Acronyms
Unit 4 – “Data, Software, Hardware, and Network Security”
25 Days
In this unit, students delve deep into the technical aspects of cybersecurity including data states and data controls, as well as vulnerabilities and exploits in software, hardware, networks, cyber-physical systems, and human use of data. Students in this unit acquire both theoretical understanding and practical, hands-on experience of cybersecurity as a complex set of systems, networks, and human interaction that is vulnerable to numerous exploits and needs to be protected.
Unit 4 – Lesson 9 – “Data – Humans”
2 Days
The easiest way for an adversary to misuse a system is to deceive and lure people to unwittingly yield their credentials or install malicious software. Targeting people to give access to an adversary without them knowing about it is called social engineering. Social engineering takes advantage of the fact that people do not always know what is the proper security behavior in a situation. Therefore, system designers work to create usable security adaptations to systems to help people intuitively recognize a social engineering attempt or any malicious attempt by an adversary. This lesson will explore the weakest link in cybersecurity – humans – and provide hands-on experience in creating social engineering campaigns.
Unit 4 – Lesson 8 – “Data – Cyber-Physical Systems”
3 Days
Cyber-Physical Systems (CPS) allow people to act in the physical space by using cyberspace to decide and often automate the best possible action. Smart grids, industrial control systems (heating, cooling, factory automation), critical infrastructure (hospitals, financial sector, transportation, water systems) and Internet-of-Things or IoT (smart televisions, digital assistants, smart appliances) are examples of CPS. Because an adversary can cause harm both in the physical world and in cyberspace, it is important to understand the vulnerabilities, attacks, and consequences of insecure controls and policies for cyber-physical systems. This lesson will explore common vulnerabilities in cyber-physical systems and provide hands-on experiences in exploring IoT vulnerabilities.
Unit 4 – Lesson 7 – “Data – Networks”
4 Days
Data in transit is also a target for adversaries. The adversary can misuse this data at every level of the protocol stack that implements the network over which the data is transiting. Protections must be in place to prevent adversaries from creating malicious traffic and exploiting systems using this malicious traffic. This lesson will explore common network vulnerabilities and provide hands-on experiences in advanced port scanning, and email tracking.
Unit 4 – Lesson 6 – “Data – Hardware”
3 Days
To run software, hardware is essential in every data state. As with software, the hardware can behave unexpectedly. Adversaries try to misuse the hardware by taking advantage of the hardware’s unexpected behavior, bypassing security controls, or use of side channels. This lesson will explore common hardware vulnerabilities and provide hands-on experiences in creating backdoor programs.
Unit 3 – Lesson 3 – “Network Fundamentals”
5 Days
This lesson takes students on a deeper dive into networking. Students will learn how devices communicate across the Internet while exploring the OSI and TCP/IP layered networking models. A hands-on cyber range activity provides experience with Linux and Wireshark.
Unit 4 – Lesson 5 – “Data – Software”
6 Days
In every data state, software is essential for authorized access, data control, and policy compliance. Software is a complex set of inputs, instructions, and outputs that could behave unexpectedly and allow unauthorized people to bypass the controls and violate the security policies. This unexpected behavior, or a vulnerability, could result during the design, during the development, or during an unanticipated use of software. Adversaries’ objective is to exploit these vulnerabilities. Patching vulnerabilities is imperative to prevent exploits and help to restore the highest level of data protection in a system. This lesson will explore common software vulnerabilities and provide hands-on experiences in vulnerability scanning, SQL injection, and buffer overflow.
Unit 4 – Lesson 2 – “Data – Principles”
1 Day
Data is misused in multiple ways. An adversary could “disclose” the data and reveal its contents to unauthorized people (breaching confidentiality). An adversary could alter the data without authorization and “deceive” authorized people (breaking integrity). And an adversary could “disrupt,” “destruct,” and “usurp,” the data, rendering it unavailable to people who are authorized to use it at all times (denying availability). This lesson addresses data security concerns and methods to overcome those concerns focusing on confidentiality, integrity, and availability.