1st Edition

Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom

    228 Pages 11 Color Illustrations
    by CRC Press

    228 Pages 11 Color Illustrations
    by CRC Press

    Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.

    1. Why You Should Read This Book

    How We Plan to Present This?

    But First: An Overview of the Contents of the CSEC

    The Beginning of the Story: Tom Is Handed a Challenge

    2. Getting Down to Business: Data Security

    Topic One: Why Is Data Security Important?

    The Basic Elements of Data Security: Processing, Transmitting, and Storing

    Ensuring Secure Data Transmission: Secure Transmission Protocols

    Ensuring Secure Data Storage: Information Storage Security

    Making Data Indecipherable: Cryptology

    Cracking the Code: Cryptanalysis

    Forensics: The Investigative Aspect

    Privacy: Ensuring Personal Data

    3. Software Security: Software Underlies Everything

    Topic One: Fundamental Principles of Software Security

    Thinking about Security in Design

    Building the Software Securely

    Assuring the Security of the Software

    Secure Deployment and Maintenance

    Ensuring Proper Documentation

    Software Security and Ethics

    4. Component Security: It All Starts with Components

    Designing Secure Components

    Assuring the Architecture: Component Testing

    Buying Components Instead of Making Them

    The Mystery of Reverse Engineering

    5. Connection Security

    The CSEC Connection Security Knowledge Areas

    Topic One: The Physical Components of the Network

    Topic Two: Physical Interfaces and Connectors

    Topic Three: Physical Architecture: The Tangible Part of the Network

    Topic Four: Building a Distributed System

    Topic Five: Building a Network

    Topic Six: The Bits and Pieces of Network Operation

    Top Seven: The Practical Considerations of Building a Network

    Top Eight: Network Defense

    6. System Security: Assembling the Parts into a Useful Whole

    Topic One: Thinking Systematically

    Topic Two: Managing What You Create

    Topic Three: Controlling Access

    Topic Four: Defending Your System

    Topic Five: Retiring an Old System Securely

    Topic Six: System Testing

    Topic Seven: Common System Architectures

    7. Human Security: Human-Centered Threats

    Topic One: Identity Management

    Topic Two: Social Engineering

    Topic Three: Personal Compliance

    Topic Four: Awareness and Understanding

    Topic Five: Social and Behavioral Privacy

    Topic Six: Personal Data Privacy and Security

    Topic Seven: Usable Security and Privacy

    8. Organizational Security: Introduction Securing the Enterprise

    Topic One: Risk Management

    Topic Two: Security Management

    Topic Three: Cybersecurity Planning

    Topic Four: Business Continuity, Disaster Recovery, and Incident Management

    Topic Five: Personnel Security

    Topic Six: Systems Management

    Topic Seven: Security Program Management

    Topic Eight: Security Operations Management

    Topic Nine: Analytical Tools

    9. Societal Security: Security and Society

    Topic One: Cybercrime

    Topic Two: Cyber Law

    Topic Three: Cyber Ethics

    Topic Four: Cyber Policy

    Topic Five: Privacy


    Dan Shoemaker, PhD, is a distinguished visitor of the IEEE, full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

    Ken Sigler is a faculty member of the Computer Information Systems (CIS) program and Chair of Curriculum Instruction at Oakland Community College in Michigan. Ken’s research is in the areas of software management, software Assurance, cybersecurity management and cybersecurity education in which he has published several books and articles.

    Tamara Shoemaker is Director for Cyber Security & Intelligence Studies at the University of Detroit Mercy. She spearheaded the development of two university department's community outreach and development strategy, CIS (Cyber security programs) and the Criminal Justice (CJ, and Intelligence Analysis). Tamara coordinates projects with government entities, academic organizations, industry and law enforcement agencies locally, nationally and internationally.