1st Edition
Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom
Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.
1. Why You Should Read This Book
How We Plan to Present This?
But First: An Overview of the Contents of the CSEC
The Beginning of the Story: Tom Is Handed a Challenge
2. Getting Down to Business: Data Security
Topic One: Why Is Data Security Important?
The Basic Elements of Data Security: Processing, Transmitting, and Storing
Ensuring Secure Data Transmission: Secure Transmission Protocols
Ensuring Secure Data Storage: Information Storage Security
Making Data Indecipherable: Cryptology
Cracking the Code: Cryptanalysis
Forensics: The Investigative Aspect
Privacy: Ensuring Personal Data
3. Software Security: Software Underlies Everything
Topic One: Fundamental Principles of Software Security
Thinking about Security in Design
Building the Software Securely
Assuring the Security of the Software
Secure Deployment and Maintenance
Ensuring Proper Documentation
Software Security and Ethics
4. Component Security: It All Starts with Components
Designing Secure Components
Assuring the Architecture: Component Testing
Buying Components Instead of Making Them
The Mystery of Reverse Engineering
5. Connection Security
The CSEC Connection Security Knowledge Areas
Topic One: The Physical Components of the Network
Topic Two: Physical Interfaces and Connectors
Topic Three: Physical Architecture: The Tangible Part of the Network
Topic Four: Building a Distributed System
Topic Five: Building a Network
Topic Six: The Bits and Pieces of Network Operation
Top Seven: The Practical Considerations of Building a Network
Top Eight: Network Defense
6. System Security: Assembling the Parts into a Useful Whole
Topic One: Thinking Systematically
Topic Two: Managing What You Create
Topic Three: Controlling Access
Topic Four: Defending Your System
Topic Five: Retiring an Old System Securely
Topic Six: System Testing
Topic Seven: Common System Architectures
7. Human Security: Human-Centered Threats
Topic One: Identity Management
Topic Two: Social Engineering
Topic Three: Personal Compliance
Topic Four: Awareness and Understanding
Topic Five: Social and Behavioral Privacy
Topic Six: Personal Data Privacy and Security
Topic Seven: Usable Security and Privacy
8. Organizational Security: Introduction Securing the Enterprise
Topic One: Risk Management
Topic Two: Security Management
Topic Three: Cybersecurity Planning
Topic Four: Business Continuity, Disaster Recovery, and Incident Management
Topic Five: Personnel Security
Topic Six: Systems Management
Topic Seven: Security Program Management
Topic Eight: Security Operations Management
Topic Nine: Analytical Tools
9. Societal Security: Security and Society
Topic One: Cybercrime
Topic Two: Cyber Law
Topic Three: Cyber Ethics
Topic Four: Cyber Policy
Topic Five: Privacy
Biography
Dan Shoemaker, PhD, is a distinguished visitor of the IEEE, full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.
Ken Sigler is a faculty member of the Computer Information Systems (CIS) program and Chair of Curriculum Instruction at Oakland Community College in Michigan. Ken’s research is in the areas of software management, software Assurance, cybersecurity management and cybersecurity education in which he has published several books and articles.
Tamara Shoemaker is Director for Cyber Security & Intelligence Studies at the University of Detroit Mercy. She spearheaded the development of two university department's community outreach and development strategy, CIS (Cyber security programs) and the Criminal Justice (CJ, and Intelligence Analysis). Tamara coordinates projects with government entities, academic organizations, industry and law enforcement agencies locally, nationally and internationally.