CyBOK Mapping Framework for NCSC Certi ed Degrees Guidance ... · Software Construction, (Software...
Transcript of CyBOK Mapping Framework for NCSC Certi ed Degrees Guidance ... · Software Construction, (Software...
CyBOK MappingFramework for NCSCCerti�ed DegreesGuidance Document for UKHigher EducationLata Nautiyal University of Bristol
Awais Rashid University of Bristol
The Cyber Security Body Of Knowledgewww.cybok.org
� STEP BY STEP IMPLEMENTATION OF MAPPINGPROCESS BY TAKING EXAMPLE OF ONE MODULEDESCRIPTION FROM MIT UNIVERSITY, USA
Applied Cyber Security (MIT-USA)
Introduction to Information Security Fundamentals and Best Practices
• Protecting Your Computer and its Contents
• Securing Computer Networks–Basics of Networking
• Compromised Computers
• Secure Communications and Information Security Best Practices
• Privacy Guidelines
• Safe Internet Usage
Ethics in Cybersecurity & Cyber Law
• Privacy
• Intellectual Property
• Professional Ethics
• Freedom of Speech
• Fair User and Ethical Hacking
• Trademarks
• Internet Fraud
• Electronic Evidence
• Cybercrimes
Forensics
• Forensic Technologies
• Digital Evidence Collection
• Evidentiary Reporting
Network Assurance
• Layered Defense
• Surveillance and Reconnaissance
• Outsider Threat Protection
Secure Software & Browser Security
• Software Construction
• Software Design and Architecture
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
• Software Testing
• Methodologies
• The New Universal Client
• The Web Model
• Cookies and Browser Storage
• HTML� Security
Business Information Continuity
• Managing a Business Information Continuity Plan
• Vulnerabilities and Controls
• The Law and Business Information Continuity Plan
Information Risk Management
• Asset Evaluation and Business Impact Analysis
• Risk Identi�cation
• Risk Quanti�cation
• Risk Response Development and Control
• Security Policy, Compliance, and Business Continuity
Cyber Incident Analysis and Response
• Incident Preparation
• Incident Detection and Analysis
• Containment, Eradication, and Recovery
• Proactive and Post-Incident Cyber Services
�.� Formation Phase:Applied Cyber Security (MIT-USA)
Introduction to Information Security Fundamentals and Best Practices
• Protecting Your Computer and its Contents
• Securing Computer Networks–Basics of Networking
• Compromised Computers
• Secure Communications and Information Security Best Practices
• Privacy Guidelines
• Safe Internet Usage
Ethics in Cybersecurity & Cyber Law
• Privacy
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
• Intellectual Property
• Professional Ethics
• Freedom of Speech
• Fair User and Ethical Hacking
• Trademarks
• Internet Fraud
• Electronic Evidence
• Cybercrimes
Forensics
• Forensic Technologies
• Digital Evidence Collection
• Evidentiary Reporting
Network Assurance
• Layered Defense
• Surveillance and Reconnaissance
• Outsider Threat Protection
Secure Software & Browser Security
• Software Construction
• Software Design and Architecture
• Software Testing
• Methodologies
• The New Universal Client
• The Web Model
• Cookies and Browser Storage
• HTML� Security
Business Information Continuity
• Managing a Business Information Continuity Plan
• Vulnerabilities and Controls
• The Law and Business Information Continuity Plan
Information Risk Management
• Asset Evaluation and Business Impact Analysis
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
• Risk Identi�cation
• Risk Quanti�cation
• Risk Response Development and Control
• Security Policy, Compliance, and Business Continuity
Cyber Incident Analysis and Response
• Incident Preparation
• Incident Detection and Analysis
• Containment, Eradication, and Recovery
• Proactive and Post-Incident Cyber Services
�.� Connecting Phase:Searching for those highlighted keywords or a set of keywords using the resources in the“CyBOK Mapping Structure Guide”. This phase is comprised of � steps (Steps A to E).
Step A: – Mapping with an alphabetical version of the CyBOK’s knowledge areas indicativematerial from NCSC’s certi�cation document: –
Start your search with this document. If your Highlighted/Underlined keywords or a setof keywords are found in this part, then record these in the table and move on to the next key-words or a set of keywords. Repeat the process until the last keywords or a set of keywords.(Move to step B)
S.No. BroadCategory KA Topic Indicative Material /Keyword or a
Set of Keywords
Mapping with analphabetical version
of the CyBOKknowledge areasindicative material
� Protecting Your Computer and itsContents Not Found
� Securing computer networks -Basics of networking Not Found
� Compromised Computers Not Found
� Secure Communications andInformation Security Best Practices Not Found
� Privacy Guidelines Not Found6 Privacy Not Found� Intellectual Property Not Found8 Professional Ethics Not Found� Freedom of Speech Not Found�� Ethical Hacking Not Found�� Trademarks Not Found�� Internet Fraud Not Found�� Electronic Evidence Not Found�� Cybercrimes Not Found
�� Attacks anddefences F
De�nition andconceptualmodels
Forensic Technologies (Forensicscience) Found and Recorded
�6 Digital Evidence Collection Not Found�� Evidentiary Reporting Not Found�8 Layered Defense Not Found
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
�� Reconnaissance Not Found�� Outsider Threat Protection Not Found�� Software Construction Not Found�� Software Design and Architecture Not Found�� Software Testing Not Found�� Methodologies Not Found�� The Web Model Not Found
�6
Softwareand
PlatformSecurity
WAMFundamentalconcepts andapproaches
Cookies Found and Recorded
�� HTML� Security Not Found
�8 Managing a Business InformationContinuity Plan Not Found
�� Vulnerabilities and control Not Found�� Continuity Plan Not Found
�� Asset Evaluation and BusinessImpact Analysis Not Found
�� Risk Identi�cation Not Found�� Risk Quanti�cation Not Found
�� Risk Response development andcontrol Not Found
�� Security Policy Not Found
�6 Compliance, and BusinessContinuity Not Found
�� Attacks andDefences SOIM Incident
managementIncident preparation (incident
management planning) Found and Recorded
�8 Attacks andDefences SOIM Incident
managementIncident Detection and Analysis(Incident management planning) Found and Recorded
�� Containment, Eradication, andRecovery Not Found
�� Attacks andDefences SOIM Incident
managementPost-incident cyber services(post-incident activities) Found and Recorded
Step B: – Mapping with CyBOK Mapping Reference �.�: –
Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step C)
S.No. Broad Category KA Indicative Material /Keyword or a Set ofKeywords
Mapping with CyBOKMapping Reference �.�
� Protecting Your Computer and its Contents Not Found
� InfrastructureSecurity NS Securing Computer Networks - Basics of
networking Found and Recorded
� Software andPlatform Security SS, NS Compromised Computers (CVEs, CWEs),
Or (Common network attacks)Found and Recorded,
(Selected SS as relevant)
� Systems Security CSecure Communications and Information
Security Best Practices (SecureCommunication Channel)
Found and Recorded
� Privacy Guidelines Not Found
6Human,
Organisational andRegulatory Aspects
POR Privacy Found and Recorded
�Human,
Organisational andRegulatory Aspects
LR Intellectual Property Found and Recorded
8Human,
Organisational andRegulatory Aspects
LR Professional Ethics (Ethics) Found and Recorded
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
�Human,
Organisational andRegulatory Aspects
POR Freedom of Speech Found and Recorded
�� InfrastructureSecurity
NS,SOIM,SSL
Ethical Hacking, (Penetration testing) or(Penetration testing - DNS) Or (Penetration
testing – active penetration) Or(Penetration testing – software tool)
Found and Recorded,(Selected NS as relevant)(But Multiple mappings are
possible)
��Human,
Organisational andRegulatory Aspects
LR Trademarks Found and Recorded
�� Internet Fraud Not Found
�� Attacks andDefences F Electronic Evidence (Forensic evidence) Found and Recorded
��Human,
Organisational andRegulatory Aspects
LR, F Cybercrimes Found and Recorded(Selected LR as relevant)
�6 Attacks andDefences F Digital Evidence Collection Found and Recorded
�� Evidentiary Reporting Not Found
�8 Systems SecurityAAA,RMG,SSL
Layered Defense, (Security Policies) Or(Defence in depth)
Found and Recorded,(Selected AAA as relevant)
�� Attacks andDefences
SOIM,AB,MAT
Reconnaissance, (Although whilesearching in CYBOK Mapping Reference�.�, it was not showing under SOIM, but as
per the relevance SOIM is used)
Found and Recorded,(Selected SOIM as relevant)
�� Attacks andDefences
SOIM,AB,RMG
Outsiders Threat Protection, (ThreatsExternal)
Found and Recorded,(Selected SOIM as relevant)
�� Software andPlatform Security SSL Software Construction, (Software
Development) Found and Recorded
�� Software Design and Architecture Not Found�� Software Testing Not Found
�� Software andPlatform Security SSL Methodologies (Software Development
methods) Found and Recorded
�� The Web Model Not Found�� HTML� Security Not Found
�8 Attacks andDefences
RMG,SOIM
Managing a Business InformationContinuity Plan, (Business continuity
management/planning)
Found and Recorded,(Selected RMG as relevant)
�� Software andPlatform Security
SS,CPS Vulnerabilities and control Found and Recorded,
(Selected SS as relevant)
��Human,
Organisational andRegulatory Aspects
RMG Continuity plan (Continuity management) Found and Recorded
��Human,
Organisational andRegulatory Aspects
RMGAsset Evaluation and Business ImpactAnalysis (Business impact analysis - in
information asset classi�cation)Found and Recorded
��Human,
Organisational andRegulatory Aspects
RMG Risk Identi�cation Analysis Found and Recorded
��Human,
Organisational andRegulatory Aspects
RMG Risk Quanti�cation (Risk – measuring) Found and Recorded
��Human,
Organisational andRegulatory Aspects
RMG Risk Response development and control Found and Recorded
��Human,
Organisational andRegulatory Aspects
RMG Security Policy Found and Recorded
�6Human,
Organisational andRegulatory Aspects
RMG Risk Quanti�cation (Risk – measuring) Found and Recorded
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page 6
The Cyber Security Body Of Knowledgewww.cybok.org
�� Attacks andDefences SOIM Containment, Eradication and Recovery
(Containment in Incident response plan) Found and Recorded
Step C: – Complete the missing topics from CyBOK Knowledge Trees for all the recordedkeyword or a set of keywords found through CyBOK Mapping reference �.�: –
Searching topics from CyBOK Knowledge Trees for all the recorded keywords or a set ofkeywords found through CyBOK Mapping reference �.� as CyBOK Mapping reference �.� pro-vides relevant CyBOK knowledge areas but not the topic, therefore CyBOK Knowledge Treesare used. (Move to step D)
S.No. Broad Category KA TopicIndicative Material/Keyword or a Set of
Keywords
Mapping missing topicswith CyBOK Knowledge
Trees
� InfrastructureSecurity NS
Network DefenceTools Or Wireless
LAN Security
Securing ComputerNetworks - Basics of
networking
Found and Recorded(Multiple mapping is
possible) Mapping to NSis just interpretation as
per our viewpoint
� Software andPlatform Security SS, NS Categories of
vulnerability
CompromisedComputers (CVEs,
CWEs), Or (Commonnetwork attacks)
Found and Recorded,(Selected SS as relevant)
� Systems Security C Public key encryption
Secure Communicationsand Information SecurityBest Practices (Secure
CommunicationChannel)
Found and Recorded
6
Human,Organisationaland Regulatory
Aspects
POR Control Privacy Found and Recorded
�
Human,Organisationaland Regulatory
Aspects
LR Intellectual Property Intellectual Property Found and Recorded
8
Human,Organisationaland Regulatory
Aspects
LR Ethics Professional Ethics(Ethics) Found and Recorded
�
Human,Organisationaland Regulatory
Aspects
PORPrivacy technologies
and democraticvalues
Freedom of Speech Found and Recorded
�� InfrastructureSecurity
NS,SOIM,SSL
Network defencetools
Ethical Hacking,(Penetration testing) or(Penetration testing -DNS) Or (Penetration
testing – activepenetration) Or
(Penetration testing –software tool)
Found and Recorded,(Selected NS as
relevant)(But Multiplemappings are possible)
��
Human,Organisationaland Regulatory
Aspects
LR Intellectual Property Trademarks Found and Recorded
�� Attacks andDefences F De�nition and
conceptual modelElectronic Evidence(Forensic evidence) Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
LR, F Computer Crime Cybercrimes Found and Recorded(Selected LR as relevant)
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
�6 Attacks andDefences F Storage Forensics Digital Evidence
Collection Found and Recorded
�8 Systems SecurityAAA,RMG,SSL
Access ControlLayered Defense,
(Security Policies) Or(Defence in depth)
Found and Recorded,(Selected AAA as
relevant)
�� Attacks andDefences
SOIM,AB,MAT
Knowledge:Intelligence and
analytics
Reconnaissance,(Although while
searching in CYBOKMapping Reference �.�, itwas not showing underSOIM, but as per the
relevance SOIM is used)
Found and Recorded,(Selected SOIM as
relevant)
�� Attacks andDefences
SOIM,AB,RMG
Knowledge:intelligence and
analytics
Outsiders ThreatProtection, (Threats
External)
Found and Recorded,(Selected SOIM as
relevant)
�� Software andPlatform Security SSL Safe Code Software Construction,
(Software Development) Found and Recorded
�� Software andPlatform Security SSL Safe Code
Methodologies(Software Development
methods)Found and Recorded
�8 Attacks andDefences
RMG,SOIM
Plan: securityinformation and
event management
Managing a BusinessInformation Continuity
Plan, (Businesscontinuity
management/planning)
Found and Recorded,(Selected RMG as
relevant)
�� Software andPlatform Security
SS,CPS
Categories ofVulnerabilities (SS),CPS Domains (CPS)
Vulnerabilities andcontrol
Found and Recorded,(Selected SS as relevant)
��
Human,Organisationaland Regulatory
Aspects
RMG
Business continuity:incident response
and recoveryplanning
Continuity plan(Continuity
management)Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
RMG
Business continuity:incident response
and recoveryplanning
Asset Evaluation andBusiness Impact
Analysis (Businessimpact analysis - ininformation assetclassi�cation)
Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
RMG Risk De�nition Risk Identi�cationAnalysis Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
RMG Risk Governance Risk Quanti�cation (Risk– measuring) Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
RMG
Business continuity:incident response
and recoveryplanning
Risk Responsedevelopment and control Found and Recorded
��
Human,Organisationaland Regulatory
Aspects
RMG Risk Governance Security Policy Found and Recorded
�6
Human,Organisationaland Regulatory
Aspects
RMG
Business continuity:incident response
and recoveryplanning
Risk Quanti�cation (Risk– measuring) Found and Recorded
�� Attacks andDefences SOIM
Human factors:incident
management
Containment,Eradication and
Recovery (Containmentin Incident response
plan)
Found and Recorded
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page 8
The Cyber Security Body Of Knowledgewww.cybok.org
Step D:– Mapping with CyBOK Knowledge Trees: –
Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step E)
S.No. Broad Category KA TopicIndicative Material/Keyword or a Set of
Keywords
Mapping with CyBOKKnowledge Trees
� CyBOK Introduction CI FoundationalConcepts
Protecting YourComputer and its
ContentsFound and Recorded
�Human,
Organisational andRegulatory Aspects
POR ControlPrivacy Guidelines(privacy policyinterpretability)
Found and Recorded
�� Attacks andDefences AB, LR
Cyber Enabled crimeof cyber dependentcrime OR computer
crime
Internet Fraud Found and Recorded(Selected AB as relevant)
�� Attacks andDefences F Conceptual Model Evidentiary Reporting Found and Recorded
�� Software andPlatform Security SSL Safe code Software Design and
Architecture Found and Recorded
�� Software andPlatform Security SSL Safe code Software Testing Found and Recorded
�� Software andPlatform Security WAM
Fundamentalconcepts andapproaches
The Web Model Found and Recorded
�� Software andPlatform Security WAM
Fundamentalconcepts andapproaches
HTML� Security Found and Recorded
Step E:– Complete �nalmissing keywords using the Tabular representation of CyBOK broadcategories, knowledge areas and their description: –
If the keywords or a set of keywords are not found in any of the materials provided to supportthe mapping process then identify the most relevant knowledge area using this documentand then record the relevant KA.
Not Applicable - All the keywords have been mapped by using Step A to D
�.� Finalising Phase:Finally, results are transferred from the working table to the Table �.� (NCSC certi�cationdocument) required as part of the application for NCSC certi�cation.
BroadCategory KA Topic Indicative
Material
ModuleProvidingsigni�cantcoverage
ModuleProvidingpartial
coverage
AssessmentApproximatenumber ofcredits
CyBOKIntroduction CI Foundational
Concepts
ProtectingYour
Computer andits Contents
InfrastructureSecurity NS
NetworkDefence ToolsOr WirelessLAN Security
Securingcomputernetworks -Basics ofnetworking
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page �
The Cyber Security Body Of Knowledgewww.cybok.org
Software andPlatformSecurity
SS Categories ofvulnerability
CompromisedComputers
SystemSecurity C Public key
encryption
Secure Com-munications
andInformationSecurity BestPractices
Human, Or-ganisational
andRegulatory As-pectsHuman,Organisa-tional andRegulatoryAspects
POR Control PrivacyGuidelines
Human, Or-ganisational
andRegulatoryAspects
POR Control Privacy
Human, Or-ganisational
andRegulatoryAspects
LR IntellectualProperty
IntellectualProperty
Human, Or-ganisational
andRegulatoryAspects
LR Ethics ProfessionalEthics
Human, Or-ganisational
andRegulatoryAspects
POR
Privacytechnologies
anddemocratic
values
Freedom ofSpeech
InfrastructureSecurity NS Network
defence toolsEthicalHacking
Human, Or-ganisational
andRegulatoryAspects
LR IntellectualProperty Trademarks
Attacks andDefences
AB OrLR
CyberEnabled crime
or cyberdependentcrime ORcomputercrime
Internet Fraud
Attacks andDefences F
De�nition andconceptual
model
ElectronicEvidence
Human, Or-ganisational
andRegulatoryAspects
LR ComputerCrime Cybercrimes
Attacks andDefences F
De�nition andconceptual
model
ForensicTechnologies
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page ��
The Cyber Security Body Of Knowledgewww.cybok.org
Attacks andDefences F Storage
Forensics
DigitalEvidenceCollection
Attacks andDefences F Conceptual
modelEvidentiaryReporting
SystemsSecurity AAA Access
ControlLayeredDefense
Attacks andDefences SOIM
Knowledge:Intelligenceand analytics
Reconnaissance
Attacks andDefences SOIM
Knowledge:Intelligenceand analytics
OutsiderThreat
ProtectionSoftware and
PlatformSecurity
SSL Safe Code SoftwareConstruction
Software andPlatformSecurity
SSL Safe CodeSoftware
Design andArchitecture
Software andPlatformSecurity
SSL Safe Code SoftwareTesting
Software andPlatformSecurity
SSL Safe Code Methodologies
Software andPlatformSecurity
WAMFundamentalconcepts andapproaches
The WebModel
Software andPlatformSecurity
WAMFundamentalconcepts andapproaches
Cookies
Software andPlatformSecurity
WAMFundamentalconcepts andapproaches
HTML�Security
Attacks andDefences RMG
Plan: securityinformationand event
management
Managing aBusiness
InformationContinuity
PlanSoftware and
PlatformSecurity
SS Categories ofvulnerabilities
Vulnerabilitiesand control
Human, Or-ganisational
andRegulatoryAspects
RMG
Businesscontinuity:incident
response andrecoveryplanning
ContinuityPlan
Human, Or-ganisational
andRegulatoryAspects
RMG
Businesscontinuity:incident
response andrecoveryplanning
AssetEvaluation
and BusinessImpactAnalysis
Human, Or-ganisational
andRegulatoryAspects
RMG RiskDe�nition
RiskIdenti�cation
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page ��
The Cyber Security Body Of Knowledgewww.cybok.org
Human, Or-ganisational
andRegulatoryAspects
RMG RiskGovernance
RiskQuanti�cation
Human, Or-ganisational
andRegulatoryAspects
RMG
Businesscontinuity:incident
response andrecoveryplanning
RiskResponse
developmentand control
Human, Or-ganisational
andRegulatoryAspects
RMG RiskGovernance
SecurityPolicy
Human, Or-ganisational
andRegulatoryAspects
RMG
Businesscontinuity:incident
response andrecoveryplanning
Compliance,and BusinessContinuity
Attacks andDefences SOIM Incident
managementIncident
preparation
Attacks andDefences SOIM Incident
management
IncidentDetection and
Analysis
Attacks andDefences SOIM
Humanfactors:incident
management
Containment,Eradication,and Recovery
Attacks andDefences SOIM Incident
management
Post-incidentcyber
services
Note :- Some topics are too broad to be covered in a single KA, therefore if terms are sobroad, they can’t be mapped without more context. It is better to consider the context andthen record the appropriate Topic, Knowledge Areas and Broad Category.
� SOURCE OF MODULE CONTENTShttps://professional.mit.edu/course-catalog/applied-cybersecurity
CyBOK Mapping Framework for NCSC Certi�ed Degrees | June ���� Page ��