Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom

1. Why You Should Read This Book

How We Plan to Present This?

But First: An Overview of the Contents of the CSEC

The Beginning of the Story: Tom Is Handed a Challenge

2. Getting Down to Business: Data Security

Topic One: Why Is Data Security Important?

The Basic Elements of Data Security: Processing, Transmitting, and Storing

Ensuring Secure Data Transmission: Secure Transmission Protocols

Ensuring Secure Data Storage: Information Storage Security

Making Data Indecipherable: Cryptology

Cracking the Code: Cryptanalysis

Forensics: The Investigative Aspect

Privacy: Ensuring Personal Data

3. Software Security: Software Underlies Everything

Topic One: Fundamental Principles of Software Security

Thinking about Security in Design

Building the Software Securely

Assuring the Security of the Software

Secure Deployment and Maintenance

Ensuring Proper Documentation

Software Security and Ethics

4. Component Security: It All Starts with Components

Designing Secure Components

Assuring the Architecture: Component Testing

Buying Components Instead of Making Them

The Mystery of Reverse Engineering

5. Connection Security

The CSEC Connection Security Knowledge Areas

Topic One: The Physical Components of the Network

Topic Two: Physical Interfaces and Connectors

Topic Three: Physical Architecture: The Tangible Part of the Network

Topic Four: Building a Distributed System

Topic Five: Building a Network

Topic Six: The Bits and Pieces of Network Operation

Top Seven: The Practical Considerations of Building a Network

Top Eight: Network Defense

6. System Security: Assembling the Parts into a Useful Whole

Topic One: Thinking Systematically

Topic Two: Managing What You Create

Topic Three: Controlling Access

Topic Four: Defending Your System

Topic Five: Retiring an Old System Securely

Topic Six: System Testing

Topic Seven: Common System Architectures

7. Human Security: Human-Centered Threats

Topic One: Identity Management

Topic Two: Social Engineering

Topic Three: Personal Compliance

Topic Four: Awareness and Understanding

Topic Five: Social and Behavioral Privacy

Topic Six: Personal Data Privacy and Security

Topic Seven: Usable Security and Privacy

8. Organizational Security: Introduction Securing the Enterprise

Topic One: Risk Management

Topic Two: Security Management

Topic Three: Cybersecurity Planning

Topic Four: Business Continuity, Disaster Recovery, and Incident Management

Topic Five: Personnel Security

Topic Six: Systems Management

Topic Seven: Security Program Management

Topic Eight: Security Operations Management

Topic Nine: Analytical Tools

9. Societal Security: Security and Society

Topic One: Cybercrime

Topic Two: Cyber Law

Topic Three: Cyber Ethics

Topic Four: Cyber Policy

Topic Five: Privacy

Biography

Dan Shoemaker, PhD, is a distinguished visitor of the IEEE, full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program and Chair of Curriculum Instruction at Oakland Community College in Michigan. Ken’s research is in the areas of software management, software Assurance, cybersecurity management and cybersecurity education in which he has published several books and articles.

Tamara Shoemaker is Director for Cyber Security & Intelligence Studies at the University of Detroit Mercy. She spearheaded the development of two university department's community outreach and development strategy, CIS (Cyber security programs) and the Criminal Justice (CJ, and Intelligence Analysis). Tamara coordinates projects with government entities, academic organizations, industry and law enforcement agencies locally, nationally and internationally.

Rapid dissemination of cybersecurity education is considered a strategic priority for all nations. When evaluated from this perspective, it has been designed in a way that teachers without cyber security experience can easily understand and convey and that the book has achieved its purpose. It makes an important contribution to creating social awareness of cybersecurity issues for the future. The contents of this book are well designed as the strategic map that traditional K-12 districts can use to lay out a complete course on this topic.

 

This book has a holistic approach by covering the entire formal body of knowledge. In this context, the subject of cyber security is presented modularly in eight specific sections, namely Data Security, Software Security, Component Security, Connection Security, System Security, Human Security, Organizational Security, and Societal Security. Hence, this book offers the opportunity to obtain independent technical information by educating the next generation of digital world defenders. The examples given to see the whole and fully understand the subject and the understandable way of presenting the subject can be expressed as the most important added value of the book.

 

Although I have read publications on cyber security so far, I would like to sincerely state that I have not come across a work that sheds light on cyber security with such a simple and understandable approach. I congratulate the authors, Daniel Shoemaker, Ken Sigler, and Tamara Shoemaker for presenting such a versatile subject in such an understandable way.

 

I recommend this book as an essential work that all teachers and all our colleagues who are afraid of the depth of cyber security and cannot decide where to start should have it. I hope this book will inspire a brand-new group of cybersecurity educators and researchers with a global vision to share more by adding value to a secure society.

 

- Assoc Prof Sezer Bozkus Kahyaoglu, Izmir Bakircay University, Turkey