The Cyber Security Body of Knowledge project or CyBOK is a collaborative initiative mobilised in 2017 with an aspiration to “codify the foundational and generally recognized knowledge on Cyber Security.” Version 1.0 of the published output of this consultative exercise was quietly released last year and then more publicly launched in January 2020.Yet, this free and information-packed publication does not appear to have captured the attention it perhaps deserves across the wider industry. Hence the reason for blogging and discussing a very quick overview of it here on State of Security. So, what does it look like?Composition and Domain CategoriesAcross its 800+ pages, the CyBOK is effectively organized into nineteen top-level Knowledge Areas (KAs) and then grouped into five overarching categories, as shown in this diagram.
CyBOK Knowledge AreasMuch of this will be familiar territory for many security professionals, some of whom have actually questioned if it is not simply “reinventing the wheel?’” (ISC)² has after all, already established a widely recognized ‘Common Body of Knowledge’ or CBK for its Certified Information Systems Security Professional (CISSP) accreditation. For those unfamiliar, the overarching CISSP CBK domain categories, are:Security and Risk Management (including Legal & Regulatory, Personnel Security, Threat Modelling)Asset Security (including Data Management, Privacy)Security Architecture and Engineering (including Security Models, Cryptography, Physical Site)Communication and Network SecurityIdentity and Access Management (including IAM, IDaaS)Security Assessment and TestingSecurity Operations (including Incident Response)Software Development Security (including Malware)Origins and DefinitionsOriginating in the early 1990s before the term ‘Cyber’ was common parlance for IT related security matters, the (ISC)² CBK has more traditionally been known by many as a ‘Common Body of Knowledge for ..
Support the originator by clicking the read the rest link below.
