Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.
Author(s): Daniel Shoemaker, Ken Sigler, Tamara Shoemaker
Series: Internal Audit and IT Audit
Publisher: CRC Press
Year: 2023
Language: English
Pages: 228
City: Boca Raton
Cover
Half Title
Series Page
Title Page
Copyright Page
Contents
Foreword
Authors
Glossary
K-12 Resources
Introduction
Chapter 1: Why You Should Read This Book
How We Plan to Present This?
But First: An Overview of the Contents of the CSEC
The Beginning of the Story: Tom Is Handed a Challenge
Chapter 2: Getting Down to Business: Data Security
Topic One: Why Is Data Security Important?
The Basic Elements of Data Security: Processing, Transmitting,
and Storing
Ensuring Secure Data Transmission: Secure Transmission Protocols
Ensuring Secure Data Storage: Information Storage Security
Making Data Indecipherable: Cryptology
Cracking the Code: Cryptanalysis
Forensics: The Investigative Aspect
Privacy: Ensuring Personal Data
Chapter 3: Software Security: Software Underlies Everything
Topic One: Fundamental Principles of Software Security
Thinking about Security in Design
Building the Software Securely
Assuring the Security of the Software
Secure Deployment and Maintenance
Ensuring Proper Documentation
Software Security and Ethics
Chapter 4: Component Security: It All Starts with Components
Designing Secure Components
Assuring the Architecture: Component Testing
Buying Components Instead of Making Them
The Mystery of Reverse Engineering
Chapter 5: Connection Security
The CSEC Connection Security Knowledge Areas
Topic One: The Physical Components of the Network
Topic Two: Physical Interfaces and Connectors
Topic Three: Physical Architecture: The Tangible Part of the Network
Topic Four – Building a Distributed System
Topic Five: Building a Network
Topic Six: The Bits and Pieces of Network Operation
Top Seven: The Practical Considerations of Building a Network
Top Eight: Network Defense
Chapter 6: System Security: Assembling the Parts into a Useful Whole
Topic One: Thinking Systematically
Topic Two: Managing What You Create
Topic Three: Controlling Access
Topic Four: Defending Your System
Topic Five: Retiring an Old System Securely
Topic Six: System Testing
Topic Seven: Common System Architectures
Chapter 7: Human Security: Human-Centered Threats
Topic One: Identity Management
Topic Two: Social Engineering
Topic Three: Personal Compliance
Topic Four: Awareness and Understanding
Topic Five: Social and Behavioral Privacy
Topic Six: Personal Data Privacy and Security
Topic Seven: Usable Security and Privacy
Chapter 8: Orgaganizational Security: Introduction Securing the Enterprise
Topic One: Risk Management
Topic Two: Security Management
Topic Three: Cybersecurity Planning
Topic Four: Business Continuity, Disaster Recovery, and Incident Management
Topic Five: Personnel Security
Topic Six: Systems Management
Topic Seven: Security Program Management
Topic Eight: Security Operations Management
Topic Nine: Analytical Tools
Chapter 9: Societal Security: Security and Society
Topic One: Cybercrime
Topic Two: Cyber Law
Topic Three: Cyber Ethics
Topic Four: Cyber Policy
Topic Five: Privacy
