Unit 2: Securing Spaces

Unit Overview

Unit 2 introduces students to the critical role of physical security in a comprehensive cybersecurity strategy. Students learn that cybersecurity extends beyond digital defenses to include the protection of physical spaces, devices, and infrastructure. The unit emphasizes risk assessment processes, defense-in-depth strategies, and the various types of security controls used to protect organizational assets.

This unit focuses on professional cybersecurity scenarios where students take on the role of security professionals conducting vulnerability assessments and implementing protective measures.

Unit Scenario

Scenario 2A: Securing Xtensr Labs

Students work as members of a physical security team conducting a vulnerability assessment of a newly acquired facility. They review building plans, identify vulnerabilities, assess risks, recommend security controls, and plan monitoring equipment placement.

Lessons in This Unit

2.1 Cyber Foundations

Establish fundamental cybersecurity concepts including social engineering tactics, adversary types, attack phases, risk assessment processes, and security control classifications.

2.2 Physical Vulnerabilities and Attacks

Identify and assess common physical attacks such as piggybacking, tailgating, shoulder surfing, and card cloning, and learn to document associated risks.

2.3 Protecting Physical Spaces

Explore managerial and physical controls used to secure physical environments, including access controls, security policies, and protective barriers.

2.4 Detecting Physical Attacks

Learn about detection methods and the strategic placement of security controls to identify and respond to physical security breaches.

Course Skills Emphasized

  • Skill 1.A: Identify, with and without the support of AI, vulnerabilities, threats, and attack methods, and explain how they generate risk.
  • Skill 1.C: Evaluate, with and without the support of AI, the likelihood and impact of risks.
  • Skill 1.D: Document, with and without the support of AI, the likelihood and impact of risks.
  • Skill 2.A: Identify security controls, and explain how they mitigate risks.
  • Skill 2.B: Determine layered security controls that address vulnerabilities.
  • Skill 3.A: Identify methods for monitoring systems, and explain how they detect attacks.
  • Skill 3.B: Determine strategies and methods to detect attacks.

Key Topics Covered

  • Risk assessment methodology and documentation
  • Social engineering tactics (pretexting, authority, intimidation, consensus, scarcity, familiarity, urgency)
  • Adversary classification (script kiddies, hacktivists, insider threats, cyberterrorists, criminal organizations)
  • Attack phases (reconnaissance, initial access, persistence, lateral movement, taking action, evading detection)
  • Security control types (physical, technical, managerial) and functions (preventative, detective, corrective)
  • Defense-in-depth strategies and layered security
  • Physical attacks and vulnerabilities
  • Risk management strategies (avoid, transfer, mitigate, accept)
  • CIA triad (confidentiality, integrity, availability)

AP Cybersecurity Curriculum

Made with ❤️ for students by students

This is an independent educational resource and is not affiliated with, endorsed by, or sponsored by the College Board. AP® is a trademark registered by the College Board, which is not affiliated with, and does not endorse, this website.

Quick Links

HomeLessonsAboutContact

Get in Touch

Contact form will load when visible.

© 2025 AP Cybersecurity Curriculum. All rights reserved.
Privacy PolicyTerms of Service