CyBOK Mapping Framework for NCSC Certi ed Degrees Guidance ... · Software Construction, (Software...

CyBOK MappingFramework for NCSCCerti�ed DegreesGuidance Document for UKHigher EducationLata Nautiyal University of Bristol

Awais Rashid University of Bristol

The Cyber Security Body Of Knowledgewww.cybok.org

� STEP BY STEP IMPLEMENTATION OF MAPPINGPROCESS BY TAKING EXAMPLE OF ONE MODULEDESCRIPTION FROM MIT UNIVERSITY, USA

Applied Cyber Security (MIT-USA)

Introduction to Information Security Fundamentals and Best Practices

• Protecting Your Computer and its Contents

• Securing Computer Networks–Basics of Networking

• Compromised Computers

• Secure Communications and Information Security Best Practices

• Privacy Guidelines

• Safe Internet Usage

Ethics in Cybersecurity & Cyber Law

• Privacy

• Intellectual Property

• Professional Ethics

• Freedom of Speech

• Fair User and Ethical Hacking

• Trademarks

• Internet Fraud

• Electronic Evidence

• Cybercrimes

Forensics

• Forensic Technologies

• Digital Evidence Collection

• Evidentiary Reporting

Network Assurance

• Layered Defense

• Surveillance and Reconnaissance

• Outsider Threat Protection

Secure Software & Browser Security

• Software Construction

• Software Design and Architecture

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page �


• Software Testing

• Methodologies

• The New Universal Client

• The Web Model

• Cookies and Browser Storage

• HTML� Security

Business Information Continuity

• Managing a Business Information Continuity Plan

• Vulnerabilities and Controls

• The Law and Business Information Continuity Plan

Information Risk Management

• Asset Evaluation and Business Impact Analysis

• Risk Identi�cation

• Risk Quanti�cation

• Risk Response Development and Control

• Security Policy, Compliance, and Business Continuity

Cyber Incident Analysis and Response

• Incident Preparation

• Incident Detection and Analysis

• Containment, Eradication, and Recovery

• Proactive and Post-Incident Cyber Services

�.� Formation Phase:Applied Cyber Security (MIT-USA)

Introduction to Information Security Fundamentals and Best Practices

• Protecting Your Computer and its Contents

• Securing Computer Networks–Basics of Networking

• Compromised Computers

• Secure Communications and Information Security Best Practices

• Privacy Guidelines

• Safe Internet Usage

Ethics in Cybersecurity & Cyber Law

• Privacy



• Intellectual Property

• Professional Ethics

• Freedom of Speech

• Fair User and Ethical Hacking

• Trademarks

• Internet Fraud

• Electronic Evidence

• Cybercrimes

Forensics

• Forensic Technologies

• Digital Evidence Collection

• Evidentiary Reporting

Network Assurance

• Layered Defense

• Surveillance and Reconnaissance

• Outsider Threat Protection

Secure Software & Browser Security

• Software Construction

• Software Design and Architecture

• Software Testing

• Methodologies

• The New Universal Client

• The Web Model

• Cookies and Browser Storage

• HTML� Security

Business Information Continuity

• Managing a Business Information Continuity Plan

• Vulnerabilities and Controls

• The Law and Business Information Continuity Plan

Information Risk Management

• Asset Evaluation and Business Impact Analysis



• Risk Identi�cation

• Risk Quanti�cation

• Risk Response Development and Control

• Security Policy, Compliance, and Business Continuity

Cyber Incident Analysis and Response

• Incident Preparation

• Incident Detection and Analysis

• Containment, Eradication, and Recovery

• Proactive and Post-Incident Cyber Services

�.� Connecting Phase:Searching for those highlighted keywords or a set of keywords using the resources in the“CyBOK Mapping Structure Guide”. This phase is comprised of � steps (Steps A to E).

Step A: – Mapping with an alphabetical version of the CyBOK’s knowledge areas indicativematerial from NCSC’s certi�cation document: –

Start your search with this document. If your Highlighted/Underlined keywords or a setof keywords are found in this part, then record these in the table and move on to the next key-words or a set of keywords. Repeat the process until the last keywords or a set of keywords.(Move to step B)

S.No. BroadCategory KA Topic Indicative Material /Keyword or a

Set of Keywords

Mapping with analphabetical version

of the CyBOKknowledge areasindicative material

� Protecting Your Computer and itsContents Not Found

� Securing computer networks -Basics of networking Not Found

� Compromised Computers Not Found

� Secure Communications andInformation Security Best Practices Not Found

� Privacy Guidelines Not Found6 Privacy Not Found� Intellectual Property Not Found8 Professional Ethics Not Found� Freedom of Speech Not Found�� Ethical Hacking Not Found�� Trademarks Not Found�� Internet Fraud Not Found�� Electronic Evidence Not Found�� Cybercrimes Not Found

�� Attacks anddefences F

De�nition andconceptualmodels

Forensic Technologies (Forensicscience) Found and Recorded

�6 Digital Evidence Collection Not Found�� Evidentiary Reporting Not Found�8 Layered Defense Not Found



�� Reconnaissance Not Found�� Outsider Threat Protection Not Found�� Software Construction Not Found�� Software Design and Architecture Not Found�� Software Testing Not Found�� Methodologies Not Found�� The Web Model Not Found

�6

Softwareand

PlatformSecurity

WAMFundamentalconcepts andapproaches

Cookies Found and Recorded

�� HTML� Security Not Found

�8 Managing a Business InformationContinuity Plan Not Found

�� Vulnerabilities and control Not Found�� Continuity Plan Not Found

�� Asset Evaluation and BusinessImpact Analysis Not Found

�� Risk Identi�cation Not Found�� Risk Quanti�cation Not Found

�� Risk Response development andcontrol Not Found

�� Security Policy Not Found

�6 Compliance, and BusinessContinuity Not Found

�� Attacks andDefences SOIM Incident

managementIncident preparation (incident

management planning) Found and Recorded

�8 Attacks andDefences SOIM Incident

managementIncident Detection and Analysis(Incident management planning) Found and Recorded

�� Containment, Eradication, andRecovery Not Found

�� Attacks andDefences SOIM Incident

managementPost-incident cyber services(post-incident activities) Found and Recorded

Step B: – Mapping with CyBOK Mapping Reference �.�: –

Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step C)

S.No. Broad Category KA Indicative Material /Keyword or a Set ofKeywords

Mapping with CyBOKMapping Reference �.�

� Protecting Your Computer and its Contents Not Found

� InfrastructureSecurity NS Securing Computer Networks - Basics of

networking Found and Recorded

� Software andPlatform Security SS, NS Compromised Computers (CVEs, CWEs),

Or (Common network attacks)Found and Recorded,

(Selected SS as relevant)

� Systems Security CSecure Communications and Information

Security Best Practices (SecureCommunication Channel)

Found and Recorded

� Privacy Guidelines Not Found

6Human,

Organisational andRegulatory Aspects

POR Privacy Found and Recorded

�Human,


LR Intellectual Property Found and Recorded

8Human,


LR Professional Ethics (Ethics) Found and Recorded



�Human,


POR Freedom of Speech Found and Recorded

�� InfrastructureSecurity

NS,SOIM,SSL

Ethical Hacking, (Penetration testing) or(Penetration testing - DNS) Or (Penetration

testing – active penetration) Or(Penetration testing – software tool)

Found and Recorded,(Selected NS as relevant)(But Multiple mappings are

possible)

��Human,


LR Trademarks Found and Recorded

�� Internet Fraud Not Found

�� Attacks andDefences F Electronic Evidence (Forensic evidence) Found and Recorded

��Human,


LR, F Cybercrimes Found and Recorded(Selected LR as relevant)

�6 Attacks andDefences F Digital Evidence Collection Found and Recorded

�� Evidentiary Reporting Not Found

�8 Systems SecurityAAA,RMG,SSL

Layered Defense, (Security Policies) Or(Defence in depth)

Found and Recorded,(Selected AAA as relevant)

�� Attacks andDefences

SOIM,AB,MAT

Reconnaissance, (Although whilesearching in CYBOK Mapping Reference�.�, it was not showing under SOIM, but as

per the relevance SOIM is used)

Found and Recorded,(Selected SOIM as relevant)


SOIM,AB,RMG

Outsiders Threat Protection, (ThreatsExternal)

Found and Recorded,(Selected SOIM as relevant)

�� Software andPlatform Security SSL Software Construction, (Software

Development) Found and Recorded

�� Software Design and Architecture Not Found�� Software Testing Not Found

�� Software andPlatform Security SSL Methodologies (Software Development

methods) Found and Recorded

�� The Web Model Not Found�� HTML� Security Not Found

�8 Attacks andDefences

RMG,SOIM

Managing a Business InformationContinuity Plan, (Business continuity

management/planning)

Found and Recorded,(Selected RMG as relevant)

�� Software andPlatform Security

SS,CPS Vulnerabilities and control Found and Recorded,

(Selected SS as relevant)

��Human,


RMG Continuity plan (Continuity management) Found and Recorded

��Human,


RMGAsset Evaluation and Business ImpactAnalysis (Business impact analysis - in

information asset classi�cation)Found and Recorded

��Human,


RMG Risk Identi�cation Analysis Found and Recorded

��Human,


RMG Risk Quanti�cation (Risk – measuring) Found and Recorded

��Human,


RMG Risk Response development and control Found and Recorded

��Human,


RMG Security Policy Found and Recorded

�6Human,


RMG Risk Quanti�cation (Risk – measuring) Found and Recorded

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page 6


�� Attacks andDefences SOIM Containment, Eradication and Recovery

(Containment in Incident response plan) Found and Recorded

Step C: – Complete the missing topics from CyBOK Knowledge Trees for all the recordedkeyword or a set of keywords found through CyBOK Mapping reference �.�: –

Searching topics from CyBOK Knowledge Trees for all the recorded keywords or a set ofkeywords found through CyBOK Mapping reference �.� as CyBOK Mapping reference �.� pro-vides relevant CyBOK knowledge areas but not the topic, therefore CyBOK Knowledge Treesare used. (Move to step D)

S.No. Broad Category KA TopicIndicative Material/Keyword or a Set of

Keywords

Mapping missing topicswith CyBOK Knowledge

Trees

� InfrastructureSecurity NS

Network DefenceTools Or Wireless

LAN Security

Securing ComputerNetworks - Basics of

networking

Found and Recorded(Multiple mapping is

possible) Mapping to NSis just interpretation as

per our viewpoint

� Software andPlatform Security SS, NS Categories of

vulnerability

CompromisedComputers (CVEs,

CWEs), Or (Commonnetwork attacks)

Found and Recorded,(Selected SS as relevant)

� Systems Security C Public key encryption

Secure Communicationsand Information SecurityBest Practices (Secure

CommunicationChannel)

Found and Recorded

6

Human,Organisationaland Regulatory

Aspects

POR Control Privacy Found and Recorded

�


Aspects

LR Intellectual Property Intellectual Property Found and Recorded

8


Aspects

LR Ethics Professional Ethics(Ethics) Found and Recorded

�


Aspects

PORPrivacy technologies

and democraticvalues

Freedom of Speech Found and Recorded

�� InfrastructureSecurity

NS,SOIM,SSL

Network defencetools

Ethical Hacking,(Penetration testing) or(Penetration testing -DNS) Or (Penetration

testing – activepenetration) Or

(Penetration testing –software tool)

Found and Recorded,(Selected NS as

relevant)(But Multiplemappings are possible)

��


Aspects

LR Intellectual Property Trademarks Found and Recorded

�� Attacks andDefences F De�nition and

conceptual modelElectronic Evidence(Forensic evidence) Found and Recorded

��


Aspects

LR, F Computer Crime Cybercrimes Found and Recorded(Selected LR as relevant)



�6 Attacks andDefences F Storage Forensics Digital Evidence

Collection Found and Recorded

�8 Systems SecurityAAA,RMG,SSL

Access ControlLayered Defense,

(Security Policies) Or(Defence in depth)

Found and Recorded,(Selected AAA as

relevant)


SOIM,AB,MAT

Knowledge:Intelligence and

analytics

Reconnaissance,(Although while

searching in CYBOKMapping Reference �.�, itwas not showing underSOIM, but as per the

relevance SOIM is used)

Found and Recorded,(Selected SOIM as

relevant)


SOIM,AB,RMG

Knowledge:intelligence and

analytics

Outsiders ThreatProtection, (Threats

External)

Found and Recorded,(Selected SOIM as

relevant)

�� Software andPlatform Security SSL Safe Code Software Construction,

(Software Development) Found and Recorded

�� Software andPlatform Security SSL Safe Code

Methodologies(Software Development

methods)Found and Recorded

�8 Attacks andDefences

RMG,SOIM

Plan: securityinformation and

event management

Managing a BusinessInformation Continuity

Plan, (Businesscontinuity

management/planning)

Found and Recorded,(Selected RMG as

relevant)

�� Software andPlatform Security

SS,CPS

Categories ofVulnerabilities (SS),CPS Domains (CPS)

Vulnerabilities andcontrol

Found and Recorded,(Selected SS as relevant)

��


Aspects

RMG

Business continuity:incident response

and recoveryplanning

Continuity plan(Continuity

management)Found and Recorded

��


Aspects

RMG



Asset Evaluation andBusiness Impact

Analysis (Businessimpact analysis - ininformation assetclassi�cation)

Found and Recorded

��


Aspects

RMG Risk De�nition Risk Identi�cationAnalysis Found and Recorded

��


Aspects

RMG Risk Governance Risk Quanti�cation (Risk– measuring) Found and Recorded

��


Aspects

RMG



Risk Responsedevelopment and control Found and Recorded

��


Aspects

RMG Risk Governance Security Policy Found and Recorded

�6


Aspects

RMG



Risk Quanti�cation (Risk– measuring) Found and Recorded

�� Attacks andDefences SOIM

Human factors:incident

management

Containment,Eradication and

Recovery (Containmentin Incident response

plan)

Found and Recorded

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page 8


Step D:– Mapping with CyBOK Knowledge Trees: –

Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step E)

S.No. Broad Category KA TopicIndicative Material/Keyword or a Set of

Keywords

Mapping with CyBOKKnowledge Trees

� CyBOK Introduction CI FoundationalConcepts

Protecting YourComputer and its

ContentsFound and Recorded

�Human,


POR ControlPrivacy Guidelines(privacy policyinterpretability)

Found and Recorded

�� Attacks andDefences AB, LR

Cyber Enabled crimeof cyber dependentcrime OR computer

crime

Internet Fraud Found and Recorded(Selected AB as relevant)

�� Attacks andDefences F Conceptual Model Evidentiary Reporting Found and Recorded

�� Software andPlatform Security SSL Safe code Software Design and

Architecture Found and Recorded

�� Software andPlatform Security SSL Safe code Software Testing Found and Recorded

�� Software andPlatform Security WAM

Fundamentalconcepts andapproaches

The Web Model Found and Recorded

�� Software andPlatform Security WAM

Fundamentalconcepts andapproaches

HTML� Security Found and Recorded

Step E:– Complete �nalmissing keywords using the Tabular representation of CyBOK broadcategories, knowledge areas and their description: –

If the keywords or a set of keywords are not found in any of the materials provided to supportthe mapping process then identify the most relevant knowledge area using this documentand then record the relevant KA.

Not Applicable - All the keywords have been mapped by using Step A to D

�.� Finalising Phase:Finally, results are transferred from the working table to the Table �.� (NCSC certi�cationdocument) required as part of the application for NCSC certi�cation.

BroadCategory KA Topic Indicative

Material

ModuleProvidingsigni�cantcoverage

ModuleProvidingpartial

coverage

AssessmentApproximatenumber ofcredits

CyBOKIntroduction CI Foundational

Concepts

ProtectingYour

Computer andits Contents

InfrastructureSecurity NS

NetworkDefence ToolsOr WirelessLAN Security

Securingcomputernetworks -Basics ofnetworking



Software andPlatformSecurity

SS Categories ofvulnerability

CompromisedComputers

SystemSecurity C Public key

encryption

Secure Com-munications

andInformationSecurity BestPractices

Human, Or-ganisational

andRegulatory As-pectsHuman,Organisa-tional andRegulatoryAspects

POR Control PrivacyGuidelines


andRegulatoryAspects

POR Control Privacy



LR IntellectualProperty

IntellectualProperty



LR Ethics ProfessionalEthics



POR

Privacytechnologies

anddemocratic

values

Freedom ofSpeech

InfrastructureSecurity NS Network

defence toolsEthicalHacking



LR IntellectualProperty Trademarks

Attacks andDefences

AB OrLR

CyberEnabled crime

or cyberdependentcrime ORcomputercrime

Internet Fraud

Attacks andDefences F

De�nition andconceptual

model

ElectronicEvidence



LR ComputerCrime Cybercrimes

Attacks andDefences F

De�nition andconceptual

model

ForensicTechnologies

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page ��


Attacks andDefences F Storage

Forensics

DigitalEvidenceCollection

Attacks andDefences F Conceptual

modelEvidentiaryReporting

SystemsSecurity AAA Access

ControlLayeredDefense

Attacks andDefences SOIM

Knowledge:Intelligenceand analytics

Reconnaissance


Knowledge:Intelligenceand analytics

OutsiderThreat

ProtectionSoftware and

PlatformSecurity

SSL Safe Code SoftwareConstruction


SSL Safe CodeSoftware

Design andArchitecture


SSL Safe Code SoftwareTesting


SSL Safe Code Methodologies



The WebModel



Cookies



HTML�Security

Attacks andDefences RMG

Plan: securityinformationand event

management

Managing aBusiness

InformationContinuity

PlanSoftware and

PlatformSecurity

SS Categories ofvulnerabilities

Vulnerabilitiesand control



RMG

Businesscontinuity:incident

response andrecoveryplanning

ContinuityPlan



RMG



AssetEvaluation

and BusinessImpactAnalysis



RMG RiskDe�nition

RiskIdenti�cation





RMG RiskGovernance

RiskQuanti�cation



RMG



RiskResponse

developmentand control



RMG RiskGovernance

SecurityPolicy



RMG



Compliance,and BusinessContinuity

Attacks andDefences SOIM Incident

managementIncident

preparation


management

IncidentDetection and

Analysis


Humanfactors:incident

management

Containment,Eradication,and Recovery


management

Post-incidentcyber

services

Note :- Some topics are too broad to be covered in a single KA, therefore if terms are sobroad, they can’t be mapped without more context. It is better to consider the context andthen record the appropriate Topic, Knowledge Areas and Broad Category.

� SOURCE OF MODULE CONTENTShttps://professional.mit.edu/course-catalog/applied-cybersecurity


CyBOK Mapping Framework for NCSC Certi ed Degrees Guidance ... · Software Construction, (Software...

Documents

Transcript of CyBOK Mapping Framework for NCSC Certi ed Degrees Guidance ... · Software Construction, (Software...