Standards in this Framework
| Standard | Description |
|---|---|
| 1.1.1 | Maintain clear documentation and audit trails of all security activities, ensuring compliance requirements are met. |
| 1.1.2 | Operate strictly within defined scope and authorization boundaries, including proper handling of sensitive data and following escalation procedures when needed. |
| 1.1.3 | Communicate security findings and recommendations effectively to both technical and non-technical stakeholders, adapting language and detail level appropriately. |
| 1.1.4 | Apply project management methodologies to security initiatives, including resource planning, timeline management, and measuring success metrics against defined objectives. |
| 1.1.5 | Create and deliver a security awareness training session for a specific audience. |
| 1.1.6 | Analyze use cases and security considerations regarding Artificial Intelligence and Machine Learning. |
| 1.2.1 | Map cybersecurity careers to required skills and qualifications (e.g., using the NICE Cybersecurity Workforce Framework). |
| 1.2.2 | Analyze cybersecurity job market trends and requirements (e.g., studying local industry needs). |
| 1.2.3 | Compare and contrast common entry-level cybersecurity roles and their responsibilities (e.g., Junior SOC Analyst, Security Administrator, Information Security Analyst). |
| 2.1.1 | Identify and categorize common cyber threats using industry frameworks (e.g., MITRE ATT and CK for Beginners). |
| 2.1.2 | Analyze different types of attack vectors (e.g., phishing, malware, social engineering) and their potential impacts. |
| 2.1.3 | Create basic defense strategies for common cyber threats (e.g., implementing strong passwords, enabling multi-factor authentication, regularly patching software). |
| 2.2.1 | Diagram the steps (e.g., passive/active reconnaissance, privilege escalation) of common cyber attacks (e.g., password cracking, SQL injection). |
| 2.2.2 | Identify attack methods used in recent cybersecurity incidents. |
| 2.2.3 | Identify warning signs of potential cyber attacks (e.g., unusual network activity, phishing emails, unexpected system slowdowns). |
| 2.3.1 | Define scope of security test and obtain written consent (e.g., determine which systems will be tested, what types of tests will be performed, and secure formal authorization from the client). |
| 2.3.2 | Use vulnerability scanning tools to detect and identify known vulnerabilities (e.g., Nessus, OpenVAS, QualysGuard). |
| 2.3.3 | Document vulnerability findings through a process (e.g., creating vulnerability reports, researching CVE databases, writing security advisories). |
| 2.4.1 | Compare and contrast different types of threat intelligence (strategic, tactical, operational, technical) and their uses. |
| 2.4.2 | Analyze threat intelligence feeds and reports from various sources (e.g., ISACs, vendor reports, government advisories). |
| 2.4.3 | Practice using threat intelligence platforms and tools to gather, analyze, and share intelligence (e.g., MISP, ThreatConnect, Recorded Future). |
| 2.4.4 | Apply threat intelligence to enhance detection and prevention capabilities (e.g., block known malicious IP addresses, create custom detection rules, prioritize patching efforts based on current threats). |
| 3.1.1 | Apply classic ciphers and cryptographic concepts (e.g., Caesar Cipher, Vigenère Cipher). |
| 3.1.2 | Demonstrate symmetric cryptography principles (e.g., AES (Advanced Encryption Standard), DES (Data Encryption Standard)). |
| 3.1.3 | Implement asymmetric cryptography methods (e.g., RSA (Rivest-Shamir-Adleman), Diffie-Hellman key exchange). |
| 3.1.4 | Analyze and identify hash functions (e.g., SHA-256, MD5 (though MD5 is now considered insecure)). |
| 3.1.5 | Identify digital signatures in practical scenarios (e.g., Secure email communication, software authentication). |
| 3.1.6 | Configure PKI and implement key management (e.g., Setting up a certificate authority (CA), key generation and distribution). |
| 3.2.1 | Apply steganography to hide data (e.g., using a hex editor). |
| 3.2.2 | Identify weak passwords through the use of hash analysis (e.g., detecting commonly used password patterns, identifying passwords that don't meet complexity requirements, finding instances of password reuse across accounts). |
| 3.2.3 | Apply fundamental data protection methods (e.g., encryption, access controls, secure backup procedures). |
| 3.2.4 | Write programs to encode/decode and encrypt/decrypt data (e.g., implementing base64 encoding for safe data transmission, creating a file encryption utility using standard libraries, developing a secure message encoding system). |
| 4.1.1 | Identify vulnerabilities presented by open ports and protocols running on a system (e.g., ssh on port 22, FTP on 20/21). |
| 4.1.2 | Use basic network security tools to identify common misconfigurations and vulnerabilities (e.g., nmap, Nessus). |
| 4.1.3 | Identify security measures as they relate to each layer of the TCP/IP Model (e.g., MAC filtering on layer 2). |
| 4.2.1 | Use network traffic monitoring tools to capture and analyze potentially malicious traffic (e.g.,using wireshark to identify packet anomalies). |
| 4.2.2 | Identify different network endpoints and consider controls for each (e.g., virtual machines, servers, etc.). |
| 4.2.3 | Configure network security controls (e.g., firewalls, network segmentation, IDSs, ACLs). |
| 5.1.1 | Demonstrate knowledge of basic cybersecurity frameworks and their purpose (e.g., NIST Cybersecurity Framework for beginners). |
| 5.1.2 | Analyze how different industries handle cybersecurity requirements (e.g., healthcare, education, banking). |
| 5.1.3 | Create basic security guidelines and procedures for an organization (e.g., password requirements for employees, acceptable use of company devices). |
| 5.2.1 | Compare and contrast and apply professional codes of ethics in cybersecurity (e.g., (ISC)² Code of Ethics, ISACA Code of Professional Ethics). |
| 5.2.2 | Develop and apply ethical decision-making frameworks when confronting security dilemmas and conflicting responsibilities. |
| 5.2.3 | Identify and resolve potential conflicts of interest in cybersecurity roles (e.g., disclosing relationships with vendors, avoiding personal gain from security recommendations, refusing gifts that could influence decision-making). |
| 5.2.4 | Balance security requirements with business objectives in case studies or simulations. |
| 5.3.1 | Analyze key privacy regulations and their requirements (e.g., HIPAA, FERPA, GDPR). |
| 5.3.2 | Apply data classification and handling procedures to protect sensitive information (e.g., retention, destruction, or disposal of data). |
| 5.3.3 | Design solutions that incorporate privacy-by-design principles. |
| 5.3.4 | Conduct privacy impact assessments for new systems and processes. |
| 5.3.5 | Monitor and report privacy breaches and incidents following regulatory requirements. |
| 5.4.1 | Apply principles of least privilege and separation of duties (e.g., restricting database administrators from modifying application code, requiring two-person approval for critical system changes, limiting user access to only required resources). |
| 5.4.2 | Implement role-based access control (RBAC) and attribute-based access control (ABAC). |
| 5.4.3 | Review and verify user access rights periodically to ensure appropriate permissions are maintained (e.g., quarterly access reviews,understanding supervisor certification of employee access levels). |
| 5.4.4 | Monitor and audit access patterns for suspicious activity (e.g., detecting off-hours system access, identifying unusual data download volumes, spotting multiple login attempts from unfamiliar locations). |
| 5.4.5 | Demonstrate understanding of how user lifecycle is managed from onboarding through termination. |
| 6.1.1 | Identify and categorize basic security risks in IT systems (e.g., unpatched software vulnerabilities, weak password policies, unsecured network ports). |
| 6.1.2 | Create simple threat models for common scenarios (e.g., school network, mobile app). |
| 6.1.3 | Develop basic risk management plans with practical solutions (e.g., implementing a regular software update schedule, establishing a data backup strategy, creating an incident response playbook). |
| 6.2.1 | Use basic risk assessment tools and checklists (e.g., NIST SP 800-30, ISO 27005, FAIR). |
| 6.2.2 | Practice monitoring and measuring security controls (e.g., reviewing audit logs, tracking vulnerability scan results, monitoring intrusion detection system alerts). |
| 6.2.3 | Update security plans based on new threats and lessons learned. |
| 7.1.1 | Use basic security monitoring tools (e.g., log analyzers, network monitors). |
| 7.1.2 | Practice following incident detection procedures through scenarios (e.g., investigating an unexpected spike in failed login attempts, responding to customer reports of system slowdowns, analyzing patterns of unusual database queries). |
| 7.1.3 | Create and understand basic security alerts (e.g., detecting multiple failed authentication attempts within a short timeframe, identifying unauthorized access to sensitive files, monitoring for unusual outbound network traffic patterns). |
| 7.2.1 | Develop and implement incident response plans through scenario-based exercises. |
| 7.2.2 | Document security incidents and generate post-incident reports. |
| 7.2.3 | Develop and test basic incident recovery procedures. |
| 8.1.1 | Identify and document system components, boundaries, and interactions (e.g., creating network diagrams, documenting data flow, identifying critical assets). |
| 8.1.2 | Apply CIA (Confidentiality, Integrity, Availability) principles to assess system impacts. |
| 8.1.3 | Evaluate system vulnerabilities and dependencies. |
| 8.2.1 | Integrate security requirements in system planning and design phases (e.g., conducting threat modeling, defining security architecture, selecting secure hardware and software). |
| 8.2.2 | Apply appropriate security controls based on system requirements. |
| 8.2.3 | Perform security testing and validation throughout development stages. |
| 8.3.1 | Evaluate and report on system security controls effectiveness. |
| 8.3.2 | Document system security architecture and controls (e.g., diagrams of network segmentation, lists of access control rules, descriptions of encryption methods). |
| 8.3.3 | Update security measures based on system changes and emerging threats. |
