The McCumber Cube and CIA Triad
This interactive lesson introduces the McCumber Cube model of cybersecurity programs. It includes the CIA Triad (Confidentiality, Integrity, Availability), the foundational principles of information security

Self-Assessment: McCumber Cube
This self-assessment helps students test their knowledge of the McCumber Cube model of information security management. Students try to classify each cybersecurity action based on the three dimensions of the McCumber Cube.

Cybersecurity Principles
This interactive lesson introduces the Cybersecurity Principles - the fundamental qualities of a system that make it secure. The Cybersecurity Principles are modularity; simplicity of design; layering (defense in depth); separation (of domains); complete mediation; least privilege; fail safe defaults/fail secure; isolation; encapsulation; usability; open design; least astonishment (psychological acceptability); trust relationships; and minimize trust surface (reluctance to trust). A self-assessment is provided at the end of the lesson.

Information Security Access Control
This interactive lesson discusses the role that access control plays in information security. It names identification, authentication, authorization, and accountability (IAAA) as the elements in the process of accessing resources, and it compares a variety of access control models.

Cybersecurity Risk Management
This interactive lesson defines risk management terms relevant to cybersecurity. It also explains a four-step risk management process that can be used to reduce the potential impact of cybersecurity threats and vulnerabilities. Self-assessment activities are provided at the end of the interactive lesson.

Cybersecurity Risk Analysis
This interactive lesson explores both quantitative risk analysis and qualitative risk analysis in the context of cybersecurity. Self-assessment activities at the end of the interactive lesson challenge students to do risk analysis calculations based on specific cybersecurity scenarios.

Physical and Environmental Protection Controls
This interactive lesson explains physical and environmental protection controls--measures taken to protect systems, buildings and the supporting infrastructure against threats associated with their physical environment. Self-assessment activities challenge students to identify which physical security controls could protect vital equipment and systems from threats such as bad actors piggybacking or dumpster diving, or power interruptions caused by thunderstorms.

Data Backups
This interactive lesson explores the role that data backups play in information security programs, because they can be essential in recovery efforts. The lesson explains different types of backups and backup rotation schemes.

Google Hacking
This interactive lesson explains how insecure website configurations may expose personal, private and other sensitive information to indexing by Google and other search engines. Attackers may use Google hacking (also called 'Google dorking') techniques to identify vulnerabilities to exploit. Penetration testers run Google hacking queries against organization websites to find exposed information that should be protected and hidden from search engines. A self-assessment is provided at the end of the lesson.

The Heartbleed Bug
This interactive lesson describes the Heartbleed bug, a vulnerability in the popular OpenSSL cryptographic software library. This vulnerability makes it possible for hackers to steal information that's protected, under normal conditions, by the secure socket layer (SSL)/TLS encryption used to secure Internet traffic.

Meltdown and Spectre
This interactive lesson explains Meltdown and Spectre, two vulnerabilities discovered by cybersecurity researchers that affect almost all CPUs released since 1995. Attackers exploiting these vulnerabilities can read data from a computer's kernel memory (Meltdown) but also data handled by other apps (Spectre). Meltdown and Spectre vulnerability exploitations are considered side-channel attacks.

Spoofing Attacks
This interactive lesson defines a spoofing attack as an attack in which a hacker successfully masquerades as another person by falsifying data to gain an illegitimate advantage. The lesson explains four types of spoofing attacks: ARP spoofing attacks, DNS server spoofing attacks, IP address spoofing attacks, and MAC address spoofing attacks.

Malware Types
This interactive lesson describes 10 types of malware, or malicious code: viruses, worms, Trojans, Remote Access Trojans (RATs), logic bombs, keyloggers, spyware, adware, bots and botnets, and rootkits. It also explains advanced persistent threats (APTs) and zero day attacks. A self-assessment is provided at the end of the lesson.

Social Engineering
This interactive lesson describes eight types of social engineering attacks (also called "human hacking"): baiting, shoulder surfing, pretexting, phishing, spear fishing and whaling, scareware and ransomware, tailgating, and dumpster diving.

The Three-way Handshake and Denial-of-Service Attacks
To explain how a denial-of-service attack works, this interactive lesson first describes the three-way handshake, the process of creating a connection between computers communicating using the transmission control protocol (TCP). Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks overwhelm a receiving computer system with incomplete three-way handshake sessions.

Cybersecurity Scenario Activity
This interactive activity challenges students to explore a virtual cybersecurity scenario and identify evidence that suggests what types of exploits a hacker is trying to use.

Introduction to Code Injection Attacks
This interactive lesson introduces code injection attacks, in which an attacker supplies untrusted input to a program and it gets processed as part of a command or query, altering the execution of the program. Types of code injection attacks include cross-site scripting, operating system command injections, SQL injections, and buffer overflow.

OS Command Injection
This interactive lesson describes an operating system command injection attack (aka OS command injection) as a code injection attack in which attackers exploit a vulnerable web application by creating scripts that execute commands on the web application server operating system. Scripts may be embedded or hidden in user cookies, form data, HTML headers, or the web application code itself. Execution of the commands enables attackers to steal information from, delete information from, or otherwise compromise the website or webserver.

SQL Injection
This interactive lessons defines an SQL injection as an attack that interrupts the processes by which websites programmed in PHP request (query) specific content from a database using the SQL programming language. Attackers exploit the poor web design/PHP code of some websites by using special characters as control structures to access, delete, change, or otherwise alter the database. The interactive lesson concludes with the main principles of SQL injection prevention.

Buffer Overflow Attacks
This interactive lesson explains buffer overflow as the problem that occurs when the amount of data written to or read from a buffer (a finite-sized block of memory) exceeds the capacity of what it can hold. Buffer overflow can affect code execution when those overflowed buffers not only overwrite data but also overwrite the return addresses that control which instructions the processor will execute when it is finished with the current function. An attacker could use the buffer overwriting the return address to hold a short snippet of executable code, which might download a malicious executable or open a network connection, for example.

Cross-Site Scripting
This interactive lesson explains cross-site scripting (xss) attacks, in which attackers inject malicious scripts into legitimate websites viewed by other users through their browsers. When the page loads in the victim's browser, the malicious script executes, enabling the attacker to steal information from, delete information from, or otherwise compromise the victim's computer. This lesson concludes with three methods of cross-site scripting prevention.

Self-Assessment: Code Injection
This self-assessment helps students test their knowledge of four types of code injection attacks. Presented with four cybersecurity scenarios, students try to identify which type of code injection is being attempted: cross-site scripting, SQL injection, OS command injection, or buffer overflow.

Cryptography
This interactive lesson describes how modern cryptography utilizes algorithms that use keys to encrypt and decrypt information. It explains the difference between symmetric cryptography and asymmetric cryptography. Examples of cryptography in real-life include apps for mobile messaging that use end-to-end encryption to maintain the confidentiality of messages, and digital signatures that provide proof of authentication and non-repudiation. A self-assessment is provided at the end of the lesson.

Public Key Infrastructure and Digital Certificates
This interactive lesson explains how Public Key Infrastructure (PKI) enables users and systems to exchange data over the Internet securely. PKI is a system used to distribute, verify, and revoke public keys used for public key encryption. A Digital Certificate, also known as a public key certificate, is a digital file that cryptographically links a public key with its owner. The PKI system uses a trusted third party called a Certificate Authority (CA) to issue, sign, and store the Digital Certificates. The lesson describes how the PKI process and exchange of Digital Certificates helps ensure multiple cybersecurity functions: confidentiality, authentication, access control, non-repudiation, and integrity.

Diffie-Hellman Key Exchange
This interactive lesson explains how the Diffie-Hellman key exchange is used to create a secure communication method that can be established without a secure secondary communication network or trusted third-party authentication. The lesson also explains why the Diffie-Hellman key exchange protocol is vulnerable to man in the middle attacks.

Understanding Network Addresses
This interactive lesson explains how network addresses work by using the analogies of street addresses and personal names. Similar to the way your street address changes if you move to a different neighborhood, a device's Internet Protocol address (also called an IP address or logical address) changes when it is moved to a different network. In contrast, your personal name (for example, Jane Doe) does not change if you move to a different part of town. A device's media access control address (also called a MAC address or physical address) is burned in and does not change.

MAC & IP Addresses
This interactive lesson describes how both MAC addresses and IP addresses are necessary for requested website data to travel from a web server to your device. Routers need your public IP address to deliver the website data to the correct default gateway. Then the default gateway router needs your unique identifier, the MAC address, to get the website data to your device rather than other devices on the local area network (LAN). The lesson compares the request and delivery of data packets to the ordering and delivery of pizzas, and it includes multiple interactive activities.

The OSI Model
This interactive lesson describes the Open Systems Interconnection (OSI) model, a networking framework that characterizes how information from a software application in one computer moves through a network to a software application in another computer. The OSI model breaks the flow of data down into seven layers: the physical layer, the presentation layer, the session layer, the transport layer, the network layer, the data link layer, and the physical layer.

Windows Permissions
"Permissions management is a tool to help prevent unauthorized access. This interactive lesson explains the two types of permissions management used in Windows: Share permissions and NTFS permissions (also called security permissions). The lesson also explains which permissions take precedence when two or more permission settings conflict. Interactive activities challenge students to answer permissions management questions based on fictional scenarios.

Kerberos Authentication
This interactive lessons explains Kerberos, a network authentication protocol that uses encryption to provide authentication for client-server applications. The process requires a Key Distribution Center (KDC), a third party that both the client and service trust. Kerberos uses a combination of access tickets and private key encryption to prove the client's identity to the server and prove the server's identity to the client.

The Cybersecurity Maturity Model
This interactive lesson introduces the CMMC as a maturity model. As an organization matures and develops enhanced capabilities, it develops formally defined steps and documents its practices to establish standardization and consistency. The Cybersecurity Maturity Model Certification (CMMC) was developed to assess the maturity level of the cybersecurity programs of U.S. Department of Defense vendors and contractors. This lesson describes the five maturity levels in the model, and explains which practices and processes must be established for an organization to be certified at each maturity level.

CMMC Framework
This interactive lesson explains the elements of the CMMC Framework: domains, organizational capabilities, practices and processes. For each of the framework's seventeen domains, the relevant capabilities are identified. A chart illustrates the practices distributed by maturity level. In a self-assessment at the end of the lesson, students are challenged to identify whether a term is a CMMC domain, capability, practice or process by clicking on the appropriate answer.

CMMC Self-Assessment
This self-assessment helps students test their knowledge of Cybersecurity Maturity Model Certification (CMMC). Students are challenged to correctly answer questions related to the CMMC Maturity Levels.