Skip to content

Chapters

This textbook is organized into 16 chapters covering 390 cybersecurity concepts drawn from the eight CSEC2017 knowledge areas referenced by the ABET CAC Cybersecurity Program Criteria.

Chapter Overview

  1. Security Foundations: Properties, Mindset, and Risk - Core security properties, mindset, threat modeling, and risk fundamentals.
  2. Threats, Vulnerabilities, and Security Controls - Vocabulary of threats, vulnerabilities, attack models, and the security control taxonomy.
  3. Cryptography Fundamentals: Symmetric Ciphers and Hashing - Symmetric encryption, block-cipher modes, hashing, and message authentication codes.
  4. Cryptography in Practice: PKI, TLS, and Data Protection - Public-key crypto applied: digital signatures, PKI, TLS, key management, and privacy-preserving computation.
  5. Software Vulnerabilities and Secure Coding - OWASP Top Ten, memory-safety bugs, injection attacks, and other common code vulnerabilities.
  6. Software Assurance and Supply Chain Security - Static and dynamic analysis, fuzzing, dependency scanning, SBOMs, and supply-chain defenses.
  7. Component and Hardware Security - TPM, HSM, secure enclaves, secure boot, side-channels, and IoT/embedded device security.
  8. Network Security Foundations: Protocols, Firewalls, and Detection - OSI and TCP/IP, network attacks, firewalls, IDS/IPS, segmentation, VPNs, and IPsec.
  9. Advanced Network Defense: Wireless, DNS, and Zero Trust - Wireless (WPA3/802.1X), DNSSEC, BGP/RPKI, DDoS mitigation, and Zero Trust architecture.
  10. System Security: OS, Memory, and Access Control - OS isolation, memory defenses, DAC/MAC/RBAC/ABAC, virtualization, and container security.
  11. Cloud Security and Operations Monitoring - Cloud shared responsibility, IAM, SIEM/SOAR, SOC, EDR/XDR, hardening, and CIS benchmarks.
  12. Human Security: Identity, Authentication, and Social Engineering - IAM, SSO, MFA, FIDO2/passkeys, OAuth/OIDC/SAML, social engineering, and privacy engineering.
  13. Organizational Security: Governance, Risk, and Compliance - GRC, NIST CSF, ISO 27001, SOC 2, PCI-DSS, BCP/DR, vendor risk, and risk-treatment decisions.
  14. Societal Security: Law, Forensics, and Ethics - Cyber law (CFAA, GDPR, HIPAA, etc.), digital forensics, ethics, and critical-infrastructure protection.
  15. Offensive and Defensive Security Operations - Pen testing, red/blue/purple teaming, MITRE ATT&CK, threat hunting, and the PICERL lifecycle.
  16. Emerging Topics and Capstone Pathways - AI/ML security, post-quantum crypto, confidential computing, OT/ICS, blockchain, and capstone tracks.

How to Use This Textbook

Chapters are ordered to respect concept dependencies — every prerequisite is introduced before the concepts that build on it. Read the chapters in sequence on a first pass, then return to specific chapters as a reference. Each chapter ends with a list of every concept it covers, drawn directly from the course learning graph.

Note: Each chapter includes the list of concepts it covers and links to the chapters whose material it builds on. Make sure to complete prerequisite chapters before tackling advanced ones.