About

Instructional materials developed by the National CyberWatch Center Curriculum Standards Panel (NCC-CSP) for the National CyberWatch Information Security Fundamentals outcomes-based educational course (NCC 210), and future courses, follows a Competency-Based Mastery Learning (CBML) methodology. There is a strong focus on assessments which, for the most part, can be considered readiness assessments, because they evaluate a learner’s level of understanding of concepts, principles, and behaviors at several intervals during the learning process, to ensure the learner has mastered those (in other words, they are “ready”) before moving on to the next set of concepts, principles, and behaviors. This includes a basic readiness assessment for learners who want to enter the field of cybersecurity at the foundational level. The CBML assessment methodology also has a focus on the incorrect answers selected by learners, to determine their level of confidence or certainty in those answers, and why they selected the incorrect answer. The CBML methodology would then use that feedback for the creation of an alternate learning pathway to address the learner’s misunderstanding or misconception of the concept or principle being taught, and provide the correct method or approach to be used.

Using the CBML methodology, which requires a greater level of detail than most standard outcomes-based instructional materials, the NCC-CSP Leadership Team and Assessment Team developed some guidelines and templates to assist the Information Security Fundamentals CSP members in creating instructional materials related to both course curriculum and companion assessments. The sections below contain the basic guidance and templates (with examples) for developing new instructional materials on an ongoing basis, which can be added into the CBML Curriculum Library.

The following documents are part of the general information provided to new panel members, so that all participants have the same general background and lexicon for the CBML focus of this ongoing curriculum development effort:

MAPPING AND ALIGNMENT WITH NATIONAL STANDARDS

The NIST Cybersecurity Framework Functions and NICE Cybersecurity Workforce Framework Categories/Specialty Areas are correlated with the seven threshold Learning Objectives in the following file. The Topic Area Working Groups (TAWGs) were created to encompass the following NIST Cybersecurity Framework Functions – TAWG-1: Identify; TAWG-2: Protect/Detect; and TAWG-3: Respond/Recover:

In addition, the Topic Areas linked with the NIST Cybersecurity Framework Functions and Categories, were mapped to the Security Families and Privacy Families contained in NIST Special Publication (SP) 800-53 Rev.4, as shown in the following document:

The five NIST Cybersecurity Framework Functions and their respective Categories (Domains) are defined as follows:

  1. Identify: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
    a. Categories: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy
  2. Protect: Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
    a. Categories: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures;
    Maintenance; and Protective Technology
  3. Detect: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event
    a. Categories: Anomalies and Events; Security Continuous Monitoring; and Detection Processes
  4. Respond: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event
    a. Categories: Response Planning; Communications; Analysis; Mitigation; and Improvements
  5. Recover: Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event
    a. Categories: Recovery Planning; Improvements; and Communications

The NICE Cybersecurity Workforce Framework Categories and Specialty areas are listed below (in the sequence presented in the NICE Cybersecurity Workforce Framework itself):

  1. Securely Provision (SP): Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development
    a. Specialty Areas: Risk Management (RSK), Software Development (DEV), Systems Architecture (ARC), Systems Development (SYS), Systems Requirements Planning (SRP), Technology R&D (TRD), and Test and Evaluation (TST)
  2. Operate and Maintain (OM): Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security
    a. Specialty Areas: Customer Service and Technical Support (STS), Data Administration (DTA), Knowledge Management (KMG), Network Services (NET), Systems Administration (ADM), and Systems Analysis (ANA)
  3. Oversee and Govern (OV): Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
    a. Specialty Areas: Cybersecurity Management (MGT), Executive Cyber Leadership (EXL), Legal Advice and Advocacy  (LGA), Program/Project Management and Acquisition (PMA), Strategic Planning and Policy (SPP), and Training, Education, and Awareness (TEA)
  4. Protect and Defend (PR): Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks
    a. Specialty Areas: Cybersecurity Defense Analysis (CDA), Cybersecurity Defense Infrastructure Support (INF), Incident         Response (CIR), and Vulnerability Assessment and Management (VAM)
  5. Analyze (AN): Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence
    a. Specialty Areas: All-Source Analysis (ASA), Exploitation Analysis (EXP), Language Analysis (LNG), Targets (TGT), and Threat Analysis (TWA)
  6. Collect and Operate (CO): Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence
    a. Specialty Areas: Collection Operations (CLP), Cyber Operational Planning (OPL), and Cyber Operations (OPS)
  7. Investigate (IN): Investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
    a. Specialty Areas: Cyber Investigation (INV) and Digital Forensics (FOR)

CURRICULUM DEVELOPMENT GUIDANCE

The seven threshold Learning Objectives were divided among Special Interest Groups (SIGs) to develop the specific learning materials for each module. To facilitate this part of the process, certain Domains and Responsibility Areas from existing commercial certifications were identified for each Learning Objective and its subordinate Concepts (topics). Individual learning modules were then focused on one or two associated concepts – for example the concept of “network scanning” under LO #1748 (Understand the fundamentals of network and application vulnerability scanners). The following document contains a tab for each SIG (for the seven Learning Objectives) with the certification domains and listing of concepts which came from various certification requirements and have not been vetted or prioritized within the Learning Objective:

During the first several tasks, the National CyberWatch Center Information Security Fundamentals Panel mapped and prioritized Learning Objectives and Responsibilities within Responsibility Areas. The outcome of the first 8 tasks was the prioritized list and identification of threshold Learning Objectives, called a Pathfinder Network, which includes the relationships between Learning Objectives (e.g., predecessors and successors), is depicted as a chart in the first document below. The other documents provide the instructions and descriptions for the 8 primary tasks completed by the each Topic Area Working Group within the Information Security Fundamentals Curriculum Standards Panel:

ASSESSMENT DEVELOPMENT GUIDANCE

The following set of documents were created to help guide the creation of Competency-based Mastery Learning (CBML) assessments for the learning modules. Final versions of all assessments must be Sharable Content Object Reference Model (SCORM) compliant in order to also be platform independent and available for use on any major Learning Management System (LMS).

TEMPLATES

The following document was created as a template for Information Security Fundamentals Panel members within each Special Interest Group (SIG) to create content for their modules: