Standards in this Framework
| Standard | Description |
|---|---|
| CYBII.1 | Analyze current legislation that governs computer related crimes. |
| CYBII.2 | Research and report on current legal cases involving acts of computer crime. |
| CYBII.3 | Analyze methods used to collect evidence to support legal cases involving computer related crimes. |
| CYBII.4 | Determine various forms of malware. |
| CYBII.5 | Analyze methods to handle malware. a) Encryption techniques, b) Basic input/output system (BIOS) features, c) Strategies for dealing with malware |
| CYBII.6 | Differentiate among various types of attacks on systems and networks. a) Virus, b) Worms, c) Trojans, d) Unpatched software, e) Password cracking, f) Advanced persistent threat, g) Reconnaissance/footprinting, h) Infiltration, i) Network breach, j) Network exploitation, k) Attack for effects (e.g., deceive, disrupt, degrade, and destroy), l) DoS/DDoS, session hijacking, m) HTTP spoofing, n) DNS attacks, o) Switch attacks, p) Main-in-the-middle (MITM) attacks, q) Cross site scripting, r) Drive-by-attacks |
| CYBII.7 | Analyze cryptographic tools, procedures for use, and products. a) PKI Certificates, b) PGP, c) Certificate authorities |
| CYBII.8 | Develop a simple public key infrastructure to be used in a small business. |
| CYBII.9 | Demonstrate the create of a self-signed certificate for use on a web server by using command line or online tools. |
| CYBII.10 | Analyze attack methods on wireless networks. |
| CYBII.11 | Demonstrate the use of wireless security protocols. |
| CYBII.12 | Evaluate the capabilities of WPA, WPA-2, and WEP and the effectiveness of the security protocols and demonstrate how to use them appropriately. |
| CYBII.13 | Analyze, define, and demonstrate the use of environmental controls. |
| CYBII.14 | Work collaboratively to develop simple policies that support the operations of security in an organization. |
| CYBII.15 | Research and analyze security awareness in organizations. a) Security policy training and procedures, b) Personally identifiable information, c) Information classifications, d) Data labeling, handling, and disposal, e) Compliance with laws, best practices, and standards, f) User habits, g) Threat awareness, h) Use of social networking |
| CYBII.16 | Analyze and define the impact of security incidents on an organization. |
| CYBII.17 | Research and define what a disaster recovery (DR) plan is and how to develop one. a) Preventative measures, b) Detective measures, c) Corrective measures |
| CYBII.18 | Explore and identify various assessment methods including but not limited to network penetration and vulnerability testing. |
| CYBII.19 | Identify and explain the use of security testing tools. |
| CYBII.20 | Demonstrate and compare effectiveness of Nessus and Nmap. |
| CYBII.21.a | Evaluate the patch status on a machine. |
| CYBII.21.b | Demonstrate knowledge of packet-level analysis in order to install and view packets. |
| CYBII.21.c | Perform secure data destruction (e.g. Secure Erase, BCWipe). |
| CYBII.22 | Demonstrate proper secure network configuration and administration. |
| CYBII.22.a | Applying and implementing secure network administration principles. |
| CYBII.22.b | Demonstrating knowledge of how network services and protocols interact to provide network communications in order to securely implement and use common protocols. |
| CYBII.22.c | Identify commonly used default network ports. |
| CYBII.22.d | Setting up a Network Address Translation (NAT) device. |
| CYBII.22.e | Configuring a Virtual Private Network (VPN). |
| CYBII.22.f | Configuring a remote access policy Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP). |
| CYBII.22.g | Demonstrating knowledge protocols (e.g., Transmission Control Protocol and Internet Protocol (TCP/IP), Dynamic Host Configuration Protocol (DHCP) and directory services (e.g., Domain Name System (DNS) by setting up common protocols, e.g., Secure Shell (SSH), netstat, Simple Mail Transfer Protocol (SMTP), nslookup, Telent, DNS/Bind, FTP, IIS/Web Pages, DHCP/DNS server). |
| CYBII.22.h | Locating open ports by completing a port scan. |
| CYBII.22.i | Demonstrating the knowledge and use of network statistics (netstat). |
