High School Cybersecurity Curriculum Guidelines - An Introduction

In this video, High School Cybersecurity Curriculum Guidelines' development team members and educators - Ms. Jennifer Peyrot and Mr. Mark Emry - provide an overview of the Guidelines and speak to why they are especially needed today. 

Big Idea #1: ETHICS

As the lead developer for the High School Cybersecurity Curriculum Guidelines, Dr. Melissa Dark, PhD, discusses the first "Big Idea" explored in the Guidelines: ETHICS.

Cybersecurity can offer both tremendous benefits and serious harms. Ethical reflection and judgement are required to make decisions about the trade-offs between the benefits and harms. Whether a system’s design or the use of the system constitutes a benefit or harm depends on the ethical duties and interests of both the designer and user.


In this video, Dr. Matt Bishop, Professor at UC Davis, introduces the second "Big Idea" of the Guidelines - ESTABLISHING TRUST.

This section of the course emphasizes the cybersecurity principles, the CIA triad, and how to question assumptions as the basis for establishing trust in cybersecurity.


In this video, one of the Guidelines' developers - Dr. Dan Massey, Professor of Computer Science at University of Colorado-Boulder,  discusses the third "Big Idea" explored in the Guidelines: UBIQUITOUS CONNECTIVITY.

In today's world, a collection of networks forms our "Internet" connective a vast number of devices. This vast number of devices connected over a large number of network technologies is referred to as ubiquitous connectivity. In other words, everything is connected all the time. The more dependent we become on ubiquitous connectivity, the greater the implications if the network becomes compromised. This makes it necessary for students to understand and effectively use the methods and tools for keeping our network secure.


In this video, Assistant Professor Nolen Scaife discusses the fourth "Big Idea" explored in the Guidelines: DATA SECURITY. Mr. Scaife teaches in the Department of Computer Science and the Technology, Cybersecurity, and Policy program at the University of Colorado Boulder.

The concept of what data is, and how it can be collected, has changed monumentally with the advent of the Internet. With an ease of collection created by improved computing power, data can be generated, stored, transmitted, and manipulated at a much greater pace and at an almost immeasurable amount. Keeping those with malicious intent away from data assets and preserving privacy is a major tenet in Cybersecurity.


In this video, Mr. Jeremy Epstein of the National Science Foundation, discusses the fifth "Big Idea" explored by the Guidelines: SYSTEM SECURITY.

Adversaries may exploit weaknesses in the system to disrupt the systems confidentiality, integrity, or availability. System security includes definitions and explanations of security flaws and vulnerabilities, helps explain why hardware and software have vulnerabilities, introduces students to some specific vulnerabilities, and addresses the consequences of less secure hardware and software.


In this video, Shannon Beck, a research scientist with Los Alamos National Lab, discusses the sixth "Big Idea" explored in the Guidelines: ADVERSARIAL THINKING. This video is released under LA-UR-20-20882.

A primary objective of cybersecurity is to identify critical assets, design and implement systems to protect the assets, identify ways to detect when the protections fail, respond to the failures, and ultimately recover to a working state. To accomplish this, one must think about what can go wrong. This big idea extends the concept of adversary to anything that might disrupt the system, from a clever cyber criminal who will adapt to a natural disaster.

Big Idea #7: RISK

In this video, NCMF Education Program Director Mr. Mark Loepker discusses the seventh "Big Idea" explored in the Guidelines: RISK.

Risk, as defined in regards to cybersecurity, is a relationship between the chance that some harm will occur and the damage that will be done if it does occur. This big idea engages students in this course with the risk assessment process as a methodology for grasping cybersecurity risk. This big idea also addresses the inherently uncertain and complex nature of cybersecurity risk due to complexity of systems of systems, the presence of adversaries, the logical malleability of computing, and the dynamic and distributed nature of computing.


In this video, Mr. David Balenson of SRI International discusses the eighth and final "Big Idea" explored in the Guidelines: IMPLICATIONS.

Societies face cybersecurity issues regarding infrastructure, law enforcement, and social, economic, and cultural issues. Cybersecurity is shaped by critical historical ideas and events. This course differentiates between the severity of cyber threats and stresses the fact that threats evolve along with the technology which enables the adversary to evolve with their attacks.