• Izzat Alsmadi


The job market for cyber security-related jobs is growing and is expected to reach a peak on demand in the next few years. Statistics showed that the USA has an overall national workforce shortage. Additionally, there is a need for education methods in this field in particular to evolve and accommodate market demands. In this path, NICE Cyber security education framework has been introduced recently. In this book, our goal is to present a teaching material based on NICE framework. The NICE framework focus was more jobs oriented than educational oriented. The NICE framework itself extended earlier OPM security framework ( Both frameworks adopted KSA competencies (Knowledge, Skills, and Abilities or Experience) as an alternative to classical course or program learning outcomes (CLOs and PLOs). One of the main differences between the two approaches is that KSA competencies explicitly distribute teaching, learning and also assessment activities to three categories: KSAs. This is very necessary for practical-oriented majors such as cyber security where knowledge and lecturing based on slides will not be enough.


  1. Bejtlich R (2010) CIRT-level response to advanced persistent threat. SANS Forensic Incident Response SummitGoogle Scholar
  2. Bellovin SM, Landau S, Lin HS (2017) Limiting the undesired impact of cyber weapons: technical requirements and policy implications. J Cybersecur 3(1):59–68. Scholar
  3. Campbell T (2003) An introduction to the computer security incident response team (CSIRT) set-up and operational considerations. Global information assurance certification paper. giac.orgGoogle Scholar
  4. Cichonski P, Millar T, Grance T (NIST), Scarfone K (Scarfone Cybersecurity) (2012) NIST Special publication 800-61, SP 800-61 Rev. 2. Computer security incident handling guide, August 2012Google Scholar
  5. Gennuso K (2012) Shedding light on security incidents using network flows. SANS.
  6. Information security Technologies to Secure Federal Systems (2004) GAO report to congressional requesters. GAO-04-467.
  7. InfoSec Nirvana (2015) Part 2, Incident classification, security investigation series.
  8. Kumari W, McPherson D (2009) Remote triggered black hole filtering with unicast reverse path forwarding (uRPF). Network working group, request for comments: 5635Google Scholar
  9. Lewis L (1993) A case-based reasoning approach to the management of faults in communications networks. CAIAGoogle Scholar
  10. Libicki M (2017) Second acts in cyberspace. J Cybersec 3:29–35Google Scholar
  11. Mehta L (2014) Top 6 SIEM Use Cases—InfoSec Institute. Accessed 6 Sept 2014
  12. Olson L, Blackwell A (1990) Understanding network management with OOA. IEEE network magazineGoogle Scholar
  13. Sang-Hun C (2016) Computer networks in South Korea are paralyzed in cyberattacks. New York Times. Last Accessed 26 June 2016
  14. Trivedi K (2007) A standards-based approach for offering a managed security service in a multivendor network environment. Internet Protocol J 10(3)Google Scholar
  15. Zhang E (2017) What is event correlation, examples, benefits and more. Digi Guardian, Sep. 12th 2018, digitalguardian.comGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  1. 1.Texas A&M UniversitySan AntonioUSA

Personalised recommendations