AP Cybersecurity is one of College Board's new AP courses, offered for the first time in Fall 2026. It has no prerequisite and is designed to be equivalent to a one-semester introductory college cybersecurity course. This guide summarizes the five units in the official framework, their topics, and the four skill categories.
Unit 1 — Introduction to Security
The introductory unit focuses on the human side of security and core threats.
- Recognizing social engineering tactics and explaining their impact.
- Weak authentication and suspicious website logins; making authentication stronger.
- Security on public networks (public Wi-Fi) and types of wireless attacks.
- AI-based attacks and the use of AI in cyber defense.
Unit 2 — Securing Spaces
Treats physical security as the first layer of defense (defense-in-depth).
- Cyber foundations: types of threats, phases of a cyberattack, the risk assessment process.
- Risk management strategies and types of security controls; why defense-in-depth is needed.
- Physical vulnerabilities and attacks; assessing and documenting risk.
- Protecting physical spaces and detecting physical attacks.
Unit 3 — Securing Networks
Built on network attacks, segmentation, firewalls, and log analysis.
- Common network attacks and how network vulnerabilities are exploited.
- Managerial controls and wireless network security settings.
- Network segmentation and how it increases security.
- Firewall types, allowing/denying traffic with an access control list, effective placement.
- Automated security tools and detecting attacks by analyzing log files.
Unit 4 — Securing Devices
Device security; authentication and detecting attacks on devices.
- Device vulnerabilities and attacks on devices.
- Authentication methods.
- Protecting devices and detecting attacks on them.
Unit 5 — Securing Applications and Data
Application and data security; access controls and cryptography.
- Application and data vulnerabilities and attacks.
- Managerial controls and access controls.
- Protecting stored data with cryptography; symmetric and asymmetric cryptography.
- Protecting applications and detecting attacks on data and applications.
The four skill categories
All units are learned around four core Cybersecurity Skills:
- Analyze Risk — evaluate risk to organizational assets.
- Mitigate Risk — implement protective and deterrent security controls.
- Detect Attacks — implement detection methods, monitor systems, and analyze evidence.
- Collaborate — work with others and with AI to accomplish a task.
Exam format
The exam has two sections: multiple-choice questions and a free-response section. Questions assess skills like risk analysis, control selection, log/incident interpretation, and evidence-based justification. Scores are reported on the 1-5 scale.