1st Edition
Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom
Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.
1. Why You Should Read This Book
How We Plan to Present This?
But First: An Overview of the Contents of the CSEC
The Beginning of the Story: Tom Is Handed a Challenge
2. Getting Down to Business: Data Security
Topic One: Why Is Data Security Important?
The Basic Elements of Data Security: Processing, Transmitting, and Storing
Ensuring Secure Data Transmission: Secure Transmission Protocols
Ensuring Secure Data Storage: Information Storage Security
Making Data Indecipherable: Cryptology
Cracking the Code: Cryptanalysis
Forensics: The Investigative Aspect
Privacy: Ensuring Personal Data
3. Software Security: Software Underlies Everything
Topic One: Fundamental Principles of Software Security
Thinking about Security in Design
Building the Software Securely
Assuring the Security of the Software
Secure Deployment and Maintenance
Ensuring Proper Documentation
Software Security and Ethics
4. Component Security: It All Starts with Components
Designing Secure Components
Assuring the Architecture: Component Testing
Buying Components Instead of Making Them
The Mystery of Reverse Engineering
5. Connection Security
The CSEC Connection Security Knowledge Areas
Topic One: The Physical Components of the Network
Topic Two: Physical Interfaces and Connectors
Topic Three: Physical Architecture: The Tangible Part of the Network
Topic Four: Building a Distributed System
Topic Five: Building a Network
Topic Six: The Bits and Pieces of Network Operation
Top Seven: The Practical Considerations of Building a Network
Top Eight: Network Defense
6. System Security: Assembling the Parts into a Useful Whole
Topic One: Thinking Systematically
Topic Two: Managing What You Create
Topic Three: Controlling Access
Topic Four: Defending Your System
Topic Five: Retiring an Old System Securely
Topic Six: System Testing
Topic Seven: Common System Architectures
7. Human Security: Human-Centered Threats
Topic One: Identity Management
Topic Two: Social Engineering
Topic Three: Personal Compliance
Topic Four: Awareness and Understanding
Topic Five: Social and Behavioral Privacy
Topic Six: Personal Data Privacy and Security
Topic Seven: Usable Security and Privacy
8. Organizational Security: Introduction Securing the Enterprise
Topic One: Risk Management
Topic Two: Security Management
Topic Three: Cybersecurity Planning
Topic Four: Business Continuity, Disaster Recovery, and Incident Management
Topic Five: Personnel Security
Topic Six: Systems Management
Topic Seven: Security Program Management
Topic Eight: Security Operations Management
Topic Nine: Analytical Tools
9. Societal Security: Security and Society
Topic One: Cybercrime
Topic Two: Cyber Law
Topic Three: Cyber Ethics
Topic Four: Cyber Policy
Topic Five: Privacy
Biography
Dan Shoemaker, PhD, is a distinguished visitor of the IEEE, full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.
Ken Sigler is a faculty member of the Computer Information Systems (CIS) program and Chair of Curriculum Instruction at Oakland Community College in Michigan. Ken’s research is in the areas of software management, software Assurance, cybersecurity management and cybersecurity education in which he has published several books and articles.
Tamara Shoemaker is Director for Cyber Security & Intelligence Studies at the University of Detroit Mercy. She spearheaded the development of two university department's community outreach and development strategy, CIS (Cyber security programs) and the Criminal Justice (CJ, and Intelligence Analysis). Tamara coordinates projects with government entities, academic organizations, industry and law enforcement agencies locally, nationally and internationally.
Rapid dissemination of cybersecurity education is considered a strategic priority for all nations. When evaluated from this perspective, it has been designed in a way that teachers without cyber security experience can easily understand and convey and that the book has achieved its purpose. It makes an important contribution to creating social awareness of cybersecurity issues for the future. The contents of this book are well designed as the strategic map that traditional K-12 districts can use to lay out a complete course on this topic.
This book has a holistic approach by covering the entire formal body of knowledge. In this context, the subject of cyber security is presented modularly in eight specific sections, namely Data Security, Software Security, Component Security, Connection Security, System Security, Human Security, Organizational Security, and Societal Security. Hence, this book offers the opportunity to obtain independent technical information by educating the next generation of digital world defenders. The examples given to see the whole and fully understand the subject and the understandable way of presenting the subject can be expressed as the most important added value of the book.
Although I have read publications on cyber security so far, I would like to sincerely state that I have not come across a work that sheds light on cyber security with such a simple and understandable approach. I congratulate the authors, Daniel Shoemaker, Ken Sigler, and Tamara Shoemaker for presenting such a versatile subject in such an understandable way.
I recommend this book as an essential work that all teachers and all our colleagues who are afraid of the depth of cyber security and cannot decide where to start should have it. I hope this book will inspire a brand-new group of cybersecurity educators and researchers with a global vision to share more by adding value to a secure society.
- Assoc Prof Sezer Bozkus Kahyaoglu, Izmir Bakircay University, Turkey