Use the appropriate tool to assess organizational security in a given scenario.
Examples: netstat, nmap, FTK imager, Nessus
Identify and utilize appropriate data sources to support an investigation of a given security incident.
Examples: metadata, protocol analyzer output, syslog, rsyslog, syslog-ng
Explain the fundamental concepts of digital forensics.
Examples: documentation and evidence, acquisition, on-premises versus cloud
Analyze risk management policies and procedures in a given organizational environment.
Examples: risk management strategies, business impact analysis
Explain the procedures involved in creating a digital forensics investigation report and provide examples of report formats.
Examples: Use word processing software to write reports which include the purpose of the investigation, the process of securing documents obtained as evidence, and conclusions.
Incorporate safety procedures in handling, operating, and maintaining tools and machinery; handling materials; utilizing personal protective equipment; maintaining a safe work area; and handling hazardous materials and forces.
Demonstrate effective workplace and employability skills, including communication, awareness of diversity, positive work ethic, problem-solving, time management, and teamwork.
Explore the range of careers available in the field and investigate their educational requirements, and demonstrate job-seeking skills including resume-writing and interviewing.
Advocate and practice safe, legal, responsible, and ethical use of information and technology tools specific to the industry pathway.
Participate in a Career and Technical Student Organization (CTSO) to increase knowledge and skills and to enhance leadership and teamwork.
Use technology to collaborate with peers and/or experts to create digital artifacts that can be published online for a target audience.
Formulate new ideas, solve problems, or create products through the design and engineering process by utilizing testing, prototypes, and user feedback.
Compare and contrast different types of social engineering attack techniques.
Examples: baiting, scareware, pretexting, phishing, spear-phishing, watering hole, whaling
Analyze potential indicators which can be used to determine the type of attack taking place.
Examples: adversarial artificial intelligence, automated learning, ransomware, remote access Trojan (RAT)
Analyze potential indicators associated with application and network attacks.
Examples: race conditions, error handling, buffer overflow, distributed denial of service (DDoS), domain name system (DNS), OSI Model Layer 2 Attacks
Differentiate among specific threat actors, threat vectors, and intelligence sources.
Evaluate concerns associated with types of security vulnerabilities within an enterprise work environment.
Examples: network vulnerabilities, operating systems vulnerabilities, human vulnerabilities
Investigate and explain the importance of implementing security concepts within an enterprise environment.
Examples: configuration management (diagrams, baseline configuration, standard naming conventions, IP schema), data protection and redundancy, secure sockets layer (SSL) and transport layer security (TLS) inspection, hashing, API considerations, site resiliency, honeypots, fake telemetry
Describe the purpose and scope of a cybersecurity business continuity plan.
Apply mitigation techniques or controls to secure an environment in a given security incident.
Examples: application approved/denied list, quarantine, firewall rules, mobile device management (MDM), data loss prevention (DLP), update or revoke certificates
Collect and present information on the historical meanings and uses of key concepts of digital forensics.
Examples: documentation and evidence, acquisition, on-premises versus cloud, integrity, data recovery, non-repudiation
Explain the importance of following every detail of an incident response plan, including communication, response coordination with relevant employees and involved parties, and factors contributing to data criticality.
Examples: communicating only with trusted parties, disclosing information based on requirements, preventing inadvertent release of information, following requirements for reporting incidents
Describe the activities that make up the detection and analysis phase of the incident response life cycle, including identification of indication sources, analysis of an intrusion event, documentation, and notification of the incident.
Examples: unusual outbound network traffic or geographical irregularities, which indicate a possible breach or compromise
Describe the activities that make up the post-incident activity phase of the incident response life cycle, including identification of lessons learned and evidence retention.
Examples: cyber incident planning and response (CIPR) action checklist
Utilize basic digital forensics techniques and tools to collect data for use as evidence in an investigation.
Examples: network traffic analyzers, endpoint disk and memory, mobile, cloud, virtualization, legal hold, hashing, data carving, data acquisition
Compare and contrast various kinds of controls by type and category as they relate to governance, risk, and compliance.
Examples: managerial, operational, technical, control type (preventive, detective, corrective, deterrent, compensating, physical)
Research and share information on current, applicable regulations, standards, or frameworks that impact organizational security posture.
Examples: General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), Center for Internet Security framework (CIS); the National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) and Cybersecurity Framework (CSF); benchmarks and security configuration guides
Critique organizational and security policies regarding businesses, personnel, and data. ,
Examples: acceptable use policy, job rotation, mandatory vacation, least privilege, non-disclosure agreement, third-party vendors and risk management, service level agreement, memorandum of understanding, measurement systems analysis, end of life, credentialing policies, change management, asset management
Summarize risk management processes and concepts including risk types, management strategies, and analysis.
Examples: external, internal, legacy systems, acceptance, avoidance, transference, mitigation, risk matrix, heat map, risk control assessment, asset value, single-loss expectancy, annualized loss expectancy, annualized rate of occurrence
Describe the consequences of applying security protocols related to Internet privacy and sensitive data.
Examples: avoiding reputation damage, identity theft, IP theft, and fines; preventing privilege escalation, public disclosures, and data breaches
Explain the importance of cyber threat intelligence and data security to organizations.
Examples: Gather and report on current information from the Department of Homeland Security, the FBI, or SANS Internet Storm Center and explain how applying the information benefits an organization.
Summarize threat hunting techniques used proactively by organizations to secure their networks.
Utilize threat intelligence to support organizational security in a given scenario, using frameworks, threat research, intelligence sharing, and threat modeling methodologies.
Examples: MITRE ATT&CK, Diamond Model, kill chain, indicator of compromise, Common Vulnerability Scoring System, total attack surface, attack vector, adversary capability
Perform vulnerability management activities and analyze the output from common vulnerability assessment tools.
Examples: active versus passive scanning, mapping, enumeration, criticality of assets, validation outcomes (true positive, false positive, true negative, false negative), baseline configuration, patching, hardening, scanning parameters, web application scanners, wireless and infrastructure vulnerability scanners
Investigate the threats and vulnerabilities associated with specialized technologies, including operating within a cloud-based environment.
Examples: mobile, Internet of Things, embedded, real-time operating system, System-on-Chip, field programmable gate array, physical access controls, building automation systems, drones and vehicles, supervisory control and data acquisition systems (SCADA), cloud deployment models; insecure application programming interfaces, improper key management, unprotected storage, insufficient logging and monitoring
