Explore KSACs by Pathway
Explore Knowledge, Skills, Abilities, and Credentials (KSACs) by IT Pathway.
2. Cybersecurity Fundamentals
Label | KSAC Description | Bloom's Taxonomy Level | Cross-Cutting | |
---|---|---|---|---|
a | Examine and employ principles of cybersecurity. | ability | 2 | |
a.1 | Identify the goals, objectives and purposes of cybersecurity. | knowledge | 1 | |
a.2 | Understand the basic principles of risk management. | knowledge | 2 | |
a.3 | Describe the concepts of malware attack vectors. | knowledge | 1 | |
a.4 | Maintain data security using data labeling, handling, and disposal as prescribed by policy and law. | skill | 3 | |
a.5 | Mitigate threats by remaining abreast of industry information. (CVE, CWE, threat intel feeds, ATT&CK Framework). | skill | 2 | |
a.6 | Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). | knowledge | 1 | |
b | Describe the need for security and explain security risks and security safeguards. | knowledge | 2 | |
b.1 | Explain the need for confidentiality, integrity, and availability (CIA) of information. | knowledge | 1 | |
b.2 | Describe authentication, authorization, and auditing (AAA). | knowledge | 2 | |
b.3 | Explain data security in terms of authentication, authorization, access and auditing. | knowledge | 3 | Networking, Software Development |
b.4 | Understand the key cybersecurity principles in network defense (defense in depth, minimizing exposure, etc.). | knowledge | 2 | |
b.5 | Identify security risks and describe associated safeguards and methodologies (e.g. auditing). | knowledge | 2 | |
b.6 | Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). | knowledge | 2 | |
b.7 | Describe the components of the physical environment (e.g., wiring closets, server rooms) and physical security systems. | knowledge | 2 | |
b.8 | Describe the need for security in networking (e.g., firewall, access controls, encryption, demilitarized zone). | knowledge | 2 | |
b.9 | Describe the need for security in application development. | knowledge | 2 | |
b.10 | Track and catalogue physical assets (inventory, visibility). | ability | 1 | |
b.11 | Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. | knowledge | 2 | |
b.12 | Identify the need for personal security in digital information and describe how personal information can be safeguarded. | knowledge | 2 | |
c | Understand the purpose and function of cybersecurity technology identifying the tools and systems that reduce the risk of data breaches while enabling vital organization practices (Cybersecurity functions). | knowledge | 2 | |
d | Implement systems, apply tools, and use concepts to minimize the risk to an organization’s cyberspace to address cybersecurity threats. | ability | 3 | |
e | Understand processes and tools of Vulnerability Assessment/Scanning. | knowledge | 2 | |
f | Categorize system controls according to industry standards (FISMA, PCI,...). | knowledge | 4 |
Credentials
Entry
- Security+
- Network+
- Cloud+
- CEH
- GSEC
- CAP
Mid-level
- CCNA
- CYSA+
Advanced
- CASP
- CISSP
- CISA
- CISM
- CRISC
- CCSP