Skip to content

Concept Taxonomy

A 12-category taxonomy organizing the 390 cybersecurity concepts. Categories align with the eight CSEC2017 Joint Task Force knowledge areas referenced by ABET CAC, plus foundational principles, operations, emerging topics, and capstones.

Foundation Concepts (FOUND)

The cross-cutting habits of mind, security principles, threat-and-risk vocabulary, and common control taxonomies that ground every other topic. Includes adversarial thinking, systems thinking, the CIA triad, AAA, defense in depth, least privilege, and the basic threat/vulnerability/exploit/risk lexicon.

Cryptography and Data Security (CRYPTO)

Cryptographic primitives and protocols, key management, PKI, TLS, hashing, signatures, and protections for data at rest, in transit, and in use. Includes privacy-preserving computation (homomorphic encryption, ZKPs, differential privacy).

Software Security (SOFT)

Secure software development lifecycle, common code vulnerabilities (OWASP Top Ten, CWE Top 25), injection and memory safety bugs, secure coding controls, static/dynamic analysis, fuzzing, and software supply chain (SBOM, code signing, dependency scanning).

Component Security (COMP)

Hardware and firmware security: TPM, HSM, secure enclaves, secure boot, side-channel attacks, hardware root of trust, embedded systems, IoT devices, and the hardware supply chain.

Network Security (NET)

Connection security: protocols and their weaknesses, firewalls, IDS/IPS, segmentation, VPNs, wireless (WPA3, 802.1X), DNS/DNSSEC, BGP/RPKI, DDoS defense, Zero Trust, and network monitoring tools.

System Security (SYS)

OS security primitives, memory protections (ASLR, DEP, stack canaries), access control models (DAC/MAC/RBAC/ABAC), virtualization and container security, cloud security and IAM, security monitoring tooling (SIEM/SOAR/SOC/EDR), patch and configuration management.

Human Security (HUMAN)

Identity and access management, authentication factors (passwords, MFA, biometrics, FIDO2/passkeys), federation (OAuth/OIDC/SAML), social engineering and its defenses, usable security, insider threat, and privacy engineering.

Organizational Security (ORG)

Governance, risk, and compliance: policies, standards, NIST CSF, ISO 27001, SOC 2, PCI-DSS, security program management, business continuity and disaster recovery, vendor and supply-chain risk, and security metrics.

Societal Security (SOC)

Cyber law and regulation (CFAA, ECPA, GDPR, CCPA, HIPAA, GLBA, FERPA, NIS2), digital forensics, cyber ethics, professional codes, cyber policy, and critical infrastructure protection (ICS, SCADA).

Offensive and Defensive Operations (OPS)

Pen testing, red/blue/purple teaming, MITRE ATT&CK, threat intelligence and hunting, vulnerability management, the incident response lifecycle (PICERL), malware analysis, and adversary techniques (privilege escalation, lateral movement, C2, exfiltration).

Emerging Topics (EMERG)

Forward-looking topics: AI/ML security (adversarial ML, prompt injection, data poisoning, model theft), post-quantum cryptography, confidential computing, and operational technology (OT/ICS, smart grid).

Capstone and Professional Skills (CAP)

Capstone project pathways (secure system design, security program design, applied research) plus the professional skills the ABET Student Outcomes require: technical communication and team collaboration.