Standards in this Framework
Standard | Description |
---|---|
1.1.1 | Demonstrate effective communication skills in both technical and non-technical contexts (e.g., explaining security risks to management, documenting network configurations). |
1.1.2 | Demonstrate integrity in IT practices (e.g., properly disposing of sensitive data, reporting security vulnerabilities responsibly, maintaining user privacy). |
1.1.3 | Develop collaboration and teamwork skills through group IT projects (e.g., setting up a secure network, conducting a mock security audit). |
1.1.4 | Identify and develop traits important for success in IT and security (e.g., problem-solving, attention to detail, adaptability to new technologies). |
1.2.1 | Research and categorize various roles within the IT and security fields (e.g., network administrator, systems analyst, information security analyst, IT support specialist, cloud architect, penetration tester). |
1.2.2 | Match professional certifications relevant to different IT and security careers to specific career paths (e.g., CompTIA A+, Network+, Security+, Cisco CCNA, CEH, CISSP). |
1.2.3 | Create a personalized career entry plan including education, certification, and experience requirements for different routes to enter IT and security careers (e.g., college degrees, vocational programs, internships, self-study and certifications, resumes, mock interviews). |
1.3.1 | Communicate the purpose and importance of an IT and security portfolio in career advancement. |
1.3.2 | Analyze examples of professional IT and security portfolios to identify key components (e.g., project descriptions, certifications, technical blog posts). |
1.3.3 | Compare platforms and tools for creating and hosting IT and security portfolios (e.g., LinkedIn, personal websites, GitHub for code-related projects). |
1.3.4 | Create initial portfolio entries from personal projects and achievement. |
2.1.1 | Build (e.g., virtual or physical) a computer system with necessary computer hardware (e.g., CPU, RAM, storage devices, motherboard, network interface card). |
2.1.2 | Identify the functions of various physical ports (e.g., USB and Ethernet) and connection interfaces (e.g., Wireless and Bluetooth) commonly found on computer systems. |
2.1.3 | Compare and contrast different types of operating systems (e.g., Windows, macOS, Linux) and their use cases. |
2.1.4 | Install and perform basic configurations for an operating system. |
2.1.5 | Diagnose and resolve common hardware and software issues (e.g., blue screen errors, driver conflicts, slow performance, network connectivity problems). |
2.2.1 | Define fundamental networking concepts (e.g., IP classification, DNS, DHCP, VLANs, and NAT). |
2.2.2 | Match common network ports with their associated protocols (e.g., HTTP/80, HTTPS/443, FTP/21, SSH/22). |
2.2.3 | Design network diagrams showing network topologies and their use cases (e.g., star, mesh, bus, and ring). |
2.2.4 | Differentiate between and describe the characteristics and use cases of common network types (e.g., Wide Area Networks (WANs), Local Area Networks (LANs), and Personal Area Networks (PANs)). |
2.2.5 | Compare different networking models (e.g., OSI model, TCP/IP model), explaining their layers and functions. |
2.2.6 | Set up and configure a basic local area network (LAN) (e.g., connecting devices, configuring IP addresses, and setting up network shares). |
2.3.1 | Compare cloud deployment models (e.g., public, private, hybrid, and community clouds), including their use cases and security implications. |
2.3.2 | Evaluate cloud service models (IaaS, PaaS, SaaS), considering factors such as cost, management overhead, and flexibility. |
2.3.3 | Evaluate virtualization technologies and their applications in IT, focusing on emerging trends and best practices (e.g., containerization, microservices architecture). |
2.3.4 | Set up and configure a basic virtual environment (e.g., virtual machines, containers) for a specific IT use case. |
3.1.1 | Define each aspect of the CIA triad (Confidentiality, Integrity, Availability) and the importance of each in cybersecurity. |
3.1.2 | Analyze the impact of cyber threats on society by discussing types and methods of cyber attacks and their mitigation and examining the motives of various cyber adversaries. |
3.1.3 | Identify different social engineering techniques (e.g, phishing, vishing, pretexting) and safeguards against them. |
3.1.4 | Apply identity and access management (e.g., authentication mechanisms, authorization models, access control systems, zero trust, and directory services) in security. |
3.1.5 | Develop basic incident response and disaster recovery plans with regard to business continuity fundamentals (e.g., detection methods, response procedures, system recovery, data backups). |
3.1.6 | Apply cryptographic techniques (e.g., symmetric vs asymmetric encryption, hashing, digital signatures) to secure systems, including focus on secure communication, data protection, and ensuring the integrity of software updates. |
3.1.7 | Perform basic cybersecurity risk assessments and explore how likelihood and harm are used in assessing and prioritizing risk. |
3.2.1 | Apply best practices for creating strong passwords and implementing multi-factor authentication (e.g., password complexity, password managers, biometrics). |
3.2.2 | Configure basic firewall rules to protect a network (e.g., blocking unnecessary ports, setting up DMZ). |
3.2.3 | Perform software updates and patch management to address vulnerabilities (e.g., operating system updates, application patching). |
3.2.4 | Implement basic access control measures to protect resources (e.g., file permissions, user account management, principle of least privilege). |
4.1.1 | Compare file system structures and directory hierarchies in different operating systems (e.g., Windows NTFS, Linux ext4). |
4.1.2 | Perform basic file and directory operations using command-line interfaces (e.g., creating, copying, moving, and deleting files and directories in Windows PowerShell or Linux Bash). |
4.1.3 | Implement file permissions and access controls to ensure data security (e.g., setting NTFS permissions in Windows, using chmod in Linux). |
4.2.1 | Compare and contrast different types of data classification and handling (e.g., public, internal, confidential, restricted). |
4.2.2 | Implement basic data encryption techniques (e.g., file encryption, database encryption, email encryption). |
4.2.3 | Define data privacy regulations and their impact on IT practices (e.g., GDPR, CCPA, HIPAA). |
4.2.4 | Apply best practices for secure data storage and transmission (e.g., secure file transfer protocols, encrypted backups, data loss prevention). |
5.1.1 | Analyze the Information Technology Infrastructure Library (ITIL) framework and apply its core concepts to IT scenarios (e.g., service strategy, service design, service transition, service operation). |
5.1.2 | Create basic service level agreements (SLAs) for IT services (e.g., response times, uptime guarantees, support hours). |
5.1.3 | Develop change management procedures for IT environments (e.g., change requests, impact analysis, rollback plans). |
5.1.4 | Create essential IT documentation for a small organization (e.g., basic network diagrams, standard operating procedures, troubleshooting guides). |
5.2.1 | Practice effective communication skills for IT support roles (e.g., active listening, clear explanations, empathy). |
5.2.2 | Demonstrate knowledge of common IT support tools and ticketing systems through case studies, simulations, or hands-on practice when available. |
5.2.3 | Perform basic troubleshooting for common IT issues (e.g., network connectivity problems, software installation errors, hardware failures). |
5.2.4 | Create user training materials and documentation for IT support (e.g., user guides, conducting training sessions, developing FAQs). |
5.2.5 | Communicate ethical considerations related to IT careers (e.g., reporting, scope, customer data privacy). |
6.1.1 | Develop scripts for system administration tasks (e.g., creating a PowerShell script for user account management, writing a Bash script for log rotation, Python script for file management). |
6.1.2 | Develop a program that monitors system resources (e.g., CPU usage, memory, disk space) and logs the information to a file. |
6.1.3 | Develop programs to perform network-related tasks and interactions (e.g., writing a Python script for port scanning, creating a basic network discovery tool, implementing a simple client-server communication program, or automating network configuration checks). |
6.1.4 | Develop simple security tools using programming languages (e.g., creating a password strength checker, filtering IP addresses, and building a basic intrusion detection system). |
6.1.5 | Create programs that perform basic file and directory operations using a text-based programming language (e.g., creating, copying, moving, compressing, and deleting files and directories). |
6.2.1 | Identify and fix common security vulnerabilities in code (e.g., input validation, addressing cross-site scripting vulnerabilities in web applications, preventing SQL injection attacks, secure password storage, and avoiding buffer overflow errors). |
6.2.2 | Implement basic authentication and authorization mechanisms within a program (e.g., creating a login system with password hashing using a programming language library, implementing role-based access control, and using multi-factor authentication). |
6.2.3 | Develop programs that demonstrate secure data storage and transmission (e.g., writing an application that uses encryption for storing sensitive data, creating a script that implements secure file transfer). |
7.1.1 | Analyze artificial intelligence and machine learning applications in IT and security (e.g., predictive maintenance, automated threat detection, intelligent network optimization, anomaly detection, behavioral analysis) and propose use cases. |
7.1.2 | Design a basic security plan for Internet of Things (IoT) enabled devices considering their impact on IT and security, including applications in various industries and associated security challenges (e.g., smart homes, industrial IoT, device vulnerabilities, data privacy). |
7.1.3 | Compare potential applications of blockchain technology in IT and security (e.g., secure data sharing, identity management, supply chain security, distributed ledgers, smart contracts). |
7.1.4 | Evaluate edge computing and its role in modern IT infrastructures, including use cases and security considerations (e.g., real-time data processing, reduced latency, improved privacy). |
7.1.5 | Analyze quantum computing’s potential impact on current security practices, including applications and implications for current encryption methods (e.g., complex simulations, optimization problems, quantum-resistant cryptography). |
7.1.6 | Communicate ethical considerations and potential risks associated with emerging technologies in IT and security (e.g., AI bias, privacy concerns, job displacement, scalability of security measures). |