AThe “Unit Map” (How to Think About the Curriculum)

When new AP courses launch, teachers need a practical map — not a vague list of topics. The cleanest way to structure AP Cybersecurity is around a defender’s workflow:

1. Recognize attacks (human + technical entry points)
2. Understand systems (how networks and identity actually work)
3. Protect data (crypto + secure configuration)
4. Reduce risk (layered controls and tradeoffs)
5. Respond & improve (incident thinking + policy)

BSuggested Unit Breakdown (Teacher-Ready)

Below is a practical unit framework you can implement immediately. Even if the official order differs slightly, the skills will transfer.

Unit 1 — Security Foundations + Social Engineering

• Security goals (CIA triad), threat actors, basic risk language
• Phishing, spear phishing, whaling/BEC, vishing, smishing
• Pretexting, baiting, quid pro quo, OSINT
• Verification habits and safe reporting

Unit 2 — Networks & Communication

• Data flow, protocols, and where attackers intercept/redirect traffic
• Wi-Fi basics, segmentation, DNS concepts
• Common network misconfigurations and how they create exposure

Unit 3 — Identity, Authentication, and Access Control

• Passwords, MFA, session security
• Least privilege, roles, access control models
• Credential theft and lateral movement (conceptually)

Unit 4 — Cryptography & Data Protection

• Encryption vs hashing, key management basics
• Integrity and authenticity concepts
• When encryption helps, when it doesn’t

Unit 5 — Defense-in-Depth + Incident Thinking

• Layered controls (technical + human)
• Monitoring, detection concepts, incident response sequence
• Policy, governance, and security culture

CPacing Guide (36 Weeks, Flexible)

Here’s a pacing plan that works for typical U.S. high school schedules. Adjust based on your semester system.

• Weeks 1–7: Unit 1 (foundations + social engineering) + weekly scenario quizzes
• Weeks 8–14: Unit 2 (networks) + “spot the weak link” lab prompts
• Weeks 15–20: Unit 3 (identity + access) + policy and MFA evaluation
• Weeks 21–27: Unit 4 (crypto basics) + integrity/authentication scenarios
• Weeks 28–34: Unit 5 (defense-in-depth + incidents) + cumulative case studies
• Weeks 35–36: Review + full practice exam simulations

DAssessment System That Saves Your Time

You’re one teacher, not a security team. Your assessment system needs to be repeatable.

Use the “3-Part Scenario Prompt”

1. Classify the attack or vulnerability
2. Justify using evidence in the scenario
3. Defend with the best control and explain why

Weekly Micro-Assessments (10–15 min)

• 1 scenario prompt
• 4 multiple choice options for classification
• 2–3 sentence justification

Unit Performance Tasks

• Students write a short policy memo (password/MFA policy, phishing response plan)
• Students propose a layered defense plan for a school scenario

EInternal Linking Strategy for Your Students

If you’re using APCSExamPrep as course infrastructure, give students one “home base” link and then direct them outward:

• Home base hub: AP Cybersecurity Complete Course Guide
• CSA comparison (career pathway): AP CSA Exam Prep Hub

?Frequently Asked Questions