Please enable JavaScript to use CodeHS

Ohio Cyber Testing and Response Standards Mapping

to

Advanced Cybersecurity

67 Standards in this Framework 40 Standards Mapped 59% Mapped to Course


Standard Lessons
1.12.3. Interpret security policies through job specific training and training updates.
  1. 7.3 Level 3: Incident Response
1.12.4. Apply secure password behavior.
  1. 3.6 Access Control
1.12.5. Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating).
  1. 3.2 Environmental Controls
  2. 5.6 Internal Threats
2.1.1. Explain the need for confidentiality, integrity, and availability (CIA) of information.
2.1.2. Describe authentication, authorization, and auditing.
  1. 3.6 Access Control
2.1.3. Describe multilevel security.
2.1.4. Identify security risks and describe associated safeguards and methodologies (e.g., auditing).
2.1.5. Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing).
  1. 5.2 Malware Types and Prevention
2.1.10. Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement.
2.1.11. Identify the need for personal security in digital information and describe how personal information can be safeguarded.
  1. 3.5 Mobile Devices
2.1.13. Describe privacy security compliance on systems (e.g., Health Insurance Portability and Accountability Act [HIPAA], Payment Card Industry [PCI], Sarbanes Oxley Act [SOX], Americans with Disabilities Act [ADA], General Data Protection Regulation [GDPR], European Union Data Protection Regulation [EUDPR]).
  1. 7.4 Level 4: Data and Licenses
2.4.1. Investigate the scope and the impact of mobile computing environments on society.
2.4.2. Describe the differences, advantages, and limitations of cloud computing (e.g., public cloud, private cloud, hybrid cloud) and on-premises computing.
2.4.4. Describe emerging technologies (e.g., Bring your Own Device [BYOD], Services Virtualization, Augmented Reality [AR], SMART Devices, Additive Manufacturing [3D Printing]).
  1. 3.5 Mobile Devices
3.1.1. Differentiate between authentication and authorization.
  1. 3.6 Access Control
3.1.2. Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards).
  1. 3.2 Environmental Controls
  2. 3.6 Access Control
3.1.4. Describe Virtual Private Networks (VPNs) using tunneling protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Secure Socket Tunneling Protocol [SSTP], Point-to-Point Tunneling Protocol [PPTP] and encrypting techniques).
  1. 3.4 Private Networks
3.2.1. Identify and implement data and application security.
3.2.8. Identify the need for disaster recovery policies and procedures.
  1. 7.3 Level 3: Incident Response
3.3.1. Describe network security policies (e.g., acceptable use policy).
3.3.5. Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization.
  1. 8.3 Risk Response
3.3.6. Describe the functions and uses of patch management.
3.4.3. Compare network analysis software (e.g., network analyzer) and hardware tools to identify security risks and vulnerabilities.
  1. 8.1 Identifying Risks
3.4.4. Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training).
3.5.1. Describe wireless security risks (e.g., unauthorized access) and how to mitigate them.
  1. 3.4 Private Networks
3.5.2 Compare methods of increasing the security of wireless networks and devices (e.g., Media Access Control [MAC] address filtering, Wi-Fi Protected Access [WPA], 802.1x, Remote Authentication Dial In User Service [RADIUS]).
  1. 3.4 Private Networks
3.5.3 Research security enhancements provided by Institute of Electrical and Electronics Engineers (IEEE).
3.5.4 Describe practices and policies for preventing and detecting installation of rogue networks.
3.5.5. Describe security practices and policies for personal devices.
  1. 3.5 Mobile Devices
3.5.6. Implement and test the security of a wireless network.
4.1.1. Determine the basic point-to-point (PTP) and point-to-multipoint (PTMP) network topologies (e.g., star, ring, tree, mesh, hybrid) and identify broadband and baseband (e.g., Ethernet) transmission methods and standards.
  1. 3.4 Private Networks
4.1.4. Identify standard and emerging network technologies (e.g., broadband, satellite, optic, cellular, Local-Area Network (LAN) and WiFi).
4.1.6. Configure and build a network. (e.g., server, switch, router)
4.2.3. Compare the seven layers of the Open Systems Interconnection stack to the four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack.
  1. 16.1 Advanced Networking
4.2.5. Describe actions to be performed at each of the Open Systems Interconnection physical layers.
  1. 16.1 Advanced Networking
4.3.1. Identify the criteria used in selecting media (e.g., physical properties, transmission technologies, transmission span, bandwidth, topology, security, noise immunity, installation considerations, cost).
4.3.2. Differentiate between media types (e.g., coaxial, twisted pair, fiber optic) and interfaces.
4.3.3. Compare media categories (e.g., single mode, multimode, CAT5, CAT5E, CAT6+).
4.3.4. Describe types of media connectors (e.g., Bayonet Neill-Concelman [BNC], Registered Jack [RJ]-45, LC, ST) and grounding techniques.
4.3.6. Identify the advantages and disadvantages of cabling systems.
4.4.1. Compare wireless standards in common use (e.g., Institute of Electrical and Electronics Engineers [IEEE] 802.11, Cellular, Bluetooth, Worldwide Interoperability for Microwave Access [WiMAX], Radio Frequency Identification [RFID], Near Field Communication [NFC]).
  1. 3.3 Protocols and Standards
4.5.3. Describe the Service Set Identifier (SSID) as used in wireless communications.
  1. 3.3 Protocols and Standards
4.5.4. Select and install access points, wireless Network Interface Cards (NICs), antennas, and other hardware and software components to provide a wireless networking solution as determined by a site and customer survey.
4.5.6. Secure the wireless network.
  1. 3.4 Private Networks
9.1.1. Identify the goals, objectives and purposes of cybersecurity.
9.1.2. Describe the concepts of malware attack vectors.
  1. 5.2 Malware Types and Prevention
9.1.5. Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative).
9.3.1. Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution).
  1. 5.5 Cross-site Scripting
  2. 8.2 Assessing Risks
9.3.5 Discover and mitigate common database vulnerabilities and attacks.
9.3.6. Differentiate between Server-side vs. client-side validation.
9.5.1. Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware).
  1. 5.4 Additional Attacks
  2. 8.2 Assessing Risks
9.5.2. Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks).
  1. 5.4 Additional Attacks
9.5.4. Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole).
  1. 3.2 Environmental Controls
9.5.5. Perform penetration testing.
  1. 8.4 Penetration Testing
9.7.1. Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting).
  1. 8.4 Penetration Testing
9.7.2. Use tools and procedures for digital reconnaissance (e.g., host scanning, network mapping, NMAP, packet analyzer, vulnerability scanner).
  1. 8.1 Identifying Risks
  2. 8.4 Penetration Testing
9.7.3. Analyze reconnaissance results (data correlation, data analytics, point-in-time, data logs, packet captures).
  1. 8.1 Identifying Risks
  2. 8.2 Assessing Risks
9.7.4. Collect digital evidence according to established policies and protocols (e.g., system image, packet captures).
  1. 8.1 Identifying Risks
  2. 8.2 Assessing Risks
9.7.5. Maintain chain of custody on evidence.
9.7.6. Generate file hash.
  1. 1.5 Hash Function Development
9.8.2. Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard).
  1. 3.1 Advanced Devices
9.8.3. Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner).
  1. 8.1 Identifying Risks
9.8.9 Interpret alarms and alert trends.
9.8.10 Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach).
  1. 7.3 Level 3: Incident Response
9.8.11 Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box).
  1. 8.4 Penetration Testing
9.10.1 Enforce concepts related to threat vectors and probability/threat likelihood.
  1. 8.3 Risk Response
9.10.2 Identify concepts of risk calculation (Likelihood, ALE, Impact, SLE, ARO, MTTR, MTTF, MTBF).
  1. 8.3 Risk Response