Explore KSACs by Pathway

Explore Knowledge, Skills, Abilities, and Credentials (KSACs) by IT Pathway.

2. Cybersecurity Fundamentals

Label KSAC Description Bloom's Taxonomy Level Cross-Cutting
a Examine and employ principles of cybersecurity. ability 2
a.1 Identify the goals, objectives and purposes of cybersecurity. knowledge 1
a.2 Understand the basic principles of risk management. knowledge 2
a.3 Describe the concepts of malware attack vectors. knowledge 1
a.4 Maintain data security using data labeling, handling, and disposal as prescribed by policy and law. skill 3
a.5 Mitigate threats by remaining abreast of industry information. (CVE, CWE, threat intel feeds, ATT&CK Framework). skill 2
a.6 Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). knowledge 1
b Describe the need for security and explain security risks and security safeguards. knowledge 2
b.1 Explain the need for confidentiality, integrity, and availability (CIA) of information. knowledge 1
b.2 Describe authentication, authorization, and auditing (AAA). knowledge 2
b.3 Explain data security in terms of authentication, authorization, access and auditing. knowledge 3 Networking, Software Development
b.4 Understand the key cybersecurity principles in network defense (defense in depth, minimizing exposure, etc.). knowledge 2
b.5 Identify security risks and describe associated safeguards and methodologies (e.g. auditing). knowledge 2
b.6 Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). knowledge 2
b.7 Describe the components of the physical environment (e.g., wiring closets, server rooms) and physical security systems. knowledge 2
b.8 Describe the need for security in networking (e.g., firewall, access controls, encryption, demilitarized zone). knowledge 2
b.9 Describe the need for security in application development. knowledge 2
b.10 Track and catalogue physical assets (inventory, visibility). ability 1
b.11 Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. knowledge 2
b.12 Identify the need for personal security in digital information and describe how personal information can be safeguarded. knowledge 2
c Understand the purpose and function of cybersecurity technology identifying the tools and systems that reduce the risk of data breaches while enabling vital organization practices (Cybersecurity functions). knowledge 2
d Implement systems, apply tools, and use concepts to minimize the risk to an organization’s cyberspace to address cybersecurity threats. ability 3
e Understand processes and tools of Vulnerability Assessment/Scanning. knowledge 2
f Categorize system controls according to industry standards (FISMA, PCI,...). knowledge 4



  1. Security+
  2. Network+
  3. Cloud+
  4. CEH
  5. GSEC
  6. CAP


  1. CCNA
  2. CYSA+


  1. CASP
  2. CISSP
  3. CISA
  4. CISM
  5. CRISC
  6. CCSP