Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom

Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.

1. Why You Should Read This Book How We Plan to Present This? But First: An Overview of the Contents of the CSEC The Beginning of the Story: Tom Is Handed a Challenge 2. Getting Down to Business: Data Security Topic One: Why Is Data Security Important? The Basic Elements of Data Security: Processing, Transmitting, and Storing Ensuring Secure Data Transmission: Secure Transmission Protocols Ensuring Secure Data Storage: Information Storage Security Making Data Indecipherable: Cryptology Cracking the Code: Cryptanalysis Forensics: The Investigative Aspect Privacy: Ensuring Personal Data 3. Software Security: Software Underlies Everything Topic One: Fundamental Principles of Software Security Thinking about Security in Design Building the Software Securely Assuring the Security of the Software Secure Deployment and Maintenance Ensuring Proper Documentation Software Security and Ethics 4. Component Security: It All Starts with Components Designing Secure Components Assuring the Architecture: Component Testing Buying Components Instead of Making Them The Mystery of Reverse Engineering 5. Connection Security The CSEC Connection Security Knowledge Areas Topic One: The Physical Components of the Network Topic Two: Physical Interfaces and Connectors Topic Three: Physical Architecture: The Tangible Part of the Network Topic Four: Building a Distributed System Topic Five: Building a Network Topic Six: The Bits and Pieces of Network Operation Top Seven: The Practical Considerations of Building a Network Top Eight: Network Defense 6. System Security: Assembling the Parts into a Useful Whole Topic One: Thinking Systematically Topic Two: Managing What You Create Topic Three: Controlling Access Topic Four: Defending Your System Topic Five: Retiring an Old System Securely Topic Six: System Testing Topic Seven: Common System Architectures 7. Human Security: Human-Centered Threats Topic One: Identity Management Topic Two: Social Engineering Topic Three: Personal Compliance Topic Four: Awareness and Understanding Topic Five: Social and Behavioral Privacy Topic Six: Personal Data Privacy and Security Topic Seven: Usable Security and Privacy 8. Organizational Security: Introduction Securing the Enterprise Topic One: Risk Management Topic Two: Security Management Topic Three: Cybersecurity Planning Topic Four: Business Continuity, Disaster Recovery, and Incident Management Topic Five: Personnel Security Topic Six: Systems Management Topic Seven: Security Program Management Topic Eight: Security Operations Management Topic Nine: Analytical Tools 9. Societal Security: Security and Society Topic One: Cybercrime Topic Two: Cyber Law Topic Three: Cyber Ethics Topic Four: Cyber Policy Topic Five: Privacy

Dan Shoemaker, PhD, is a distinguished visitor of the IEEE, full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity. Ken Sigler is a faculty member of the Computer Information Systems (CIS) program and Chair of Curriculum Instruction at Oakland Community College in Michigan. Ken’s research is in the areas of software management, software Assurance, cybersecurity management and cybersecurity education in which he has published several books and articles. Tamara Shoemaker is Director for Cyber Security & Intelligence Studies at the University of Detroit Mercy. She spearheaded the development of two university department's community outreach and development strategy, CIS (Cyber security programs) and the Criminal Justice (CJ, and Intelligence Analysis). Tamara coordinates projects with government entities, academic organizations, industry and law enforcement agencies locally, nationally and internationally.