SlideShare a Scribd company logo

Mirror mirrror

F
Flinturgy

My talk for USENIX ASE

Science
1 of 69
Download to read offline
Mirror, Mirror, On the Wall: 
 What are we teaching them all? Characterising the Focus of Cybersecurity Curricular Frameworks Joseph Hallett
There are lots of Cyber Security Curricular Frameworks
A couple of questions…
1. Are they all the same? 2. What are they all teaching? 3. Which one is best?
Are they the same?
Nope.
What are they
 all teaching?
Risk management and Security ops mostly…
But it depends on the framework… We’re going to describe them, 
 and present a method for describing others.
Which one is best?
Nope.
(depends)
They all serve different purposes and we’re not going to be making judgments here.
But we do want to clarify what their content is…
4 Curricular Frameworks
Association for Computing Machinery ASSOCIATION FOR INFORMATION SYSTEMS ifip CYBERSECURITY CURRICULA 2017 Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity A Report in the Computing Curricula Series Joint Task Force on Cybersecurity Education • Association for Computing Machinery (ACM) • IEEE Computer Society (IEEE-CS) • Association for Information Systems Special Interest Group on • Information Security and Privacy (AIS SIGSEC) • International Federation for Information Processing Technical Version 1.0 Report
IISP Knowledge Framework UK-based non-profit Cybersecurity professional organisation What knowledge is required to work in information security? Aims “to provide a foundation for curriculum development, course accreditation and for individual 
 professional certification”
NCSC Certified Masters Programmes in Cybersecurity UK framework for cybersecurity degrees
 Loosely based on IISP Knowledge Framework Multiple pathways based around a common set of topics: A: 4 year Computer science with cybersecurity
 B: 4 year Cybersecurity
 C: 4 year Digital forensics
 CNIS: 4 year Computer networks and internet security Masters: 1 year broad cybersecurity Masters programme
NICE Cybersecurity Workforce Framework NIST Special Publication 800-181 Aims to describe all cybersecurity work and act as a reference guide for people implementing education programmes. Big lists (~600) of Knowledge, Skills and Abilities Each tied and cross-referenced to jobs and roles within cybersecurity
Joint Task Force Cybersecurity Curricula Collaboration between ACM, IEEE-CS, AIS SIGSEC and IFIP WG 11.8 Aims to “leading resource of comprehensive cybersecurity curricular content for global academic institutions seeking to develop a broad range of cybersecurity offerings at the post- secondary level”
NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework CyBOK Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework CyBOK Security Discipline Skills Group Indicative Topic Knowledge Area Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline Category
Cybersecurity 
 Body 
 of 
 Knowledge
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Attacks and Defences
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Human Organisational and Regulatory Aspects
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Infrastructure Security
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Systems Security
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Software Platform Security
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
Map the topics from the curricular frameworks onto CyBOK Knowledge Areas
Map the topics from the curricular frameworks onto CyBOK Knowledge Areas Scope Document
—a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.”
—a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.” —CyBOK Scope document for the Law and Regulation Knowledge Area “International and national statutory and regulatory requirements, compliance obligations including data protection...”
—a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.”
“They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.” —a learning outcome for the IISP Knowledge Framework Skill Area A6.1 Law and Regulation
Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
—NICE K0015 “Knowledge of computer algorithms.”
—NICE K0015 “Knowledge of computer algorithms.” Too General For CyBOK :-(
Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
:-( Not Cybersecurity Research skills Physical security Intra-personal skills General Computer Science
34% 35% 13% 6% 11% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity NICE 27% 27% 11% 19% 16% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity NCSC 20% 33% 15%17% 15% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity JTF 42% 34% 2% 19% 3% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity IISP
IISP 18 (8%) 11 (5%) 10 (5%) 50 (23%) 6 (3%) 11 (5%) 1 (0%) 54 (25%) 1 (0%) 1 (0%) 2 (1%) 1 (0%) 36 (17%) 4 (2%) 1 (0%) 4 (2%) 1 (0%) 1 (0%) 1 (0%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security
87 (9%) 20 (2%) 87 (9%) 146 (14%) 1 (0%) 86 (9%) 113 (11%) 158 (16%) 2 (0%) 130 (13%) 3 (0%) 22 (2%) 41 (4%) 2 (0%) 41 (4%) 40 (4%) 10 (1%) 21 (2%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security NICE
5 (2%) 10 (3%) 12 (4%) 29 (10%) 31 (11%) 23 (8%) 13 (5%) 26 (9%) 6 (2%) 10 (3%) 25 (9%) 2 (1%) 30 (10%) 18 (6%) 2 (1%) 15 (5%) 14 (5%) 5 (2%) 10 (3%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security JTF
2 (2%) 6 (5%) 9 (8%) 14 (12%) 9 (8%) 6 (5%) 4 (4%) 12 (11%) 4 (4%) 1 (1%) 7 (6%) 8 (7%) 4 (4%) 10 (9%) 7 (6%) 7 (6%) 1 (1%) 3 (3%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security NCSC
Median
Median
Median
This doesn’t account for time spent on any topic… This doesn’t look at how knowledge in these topics is evaluated…
1. Are they all the same? 2. What are they all teaching? 3. Which one is best?
Are they the same?
Nope.
What are they
 all teaching?
Risk management and Security ops mostly…
But it depends on the framework… Using CyBOK we can characterise what is in them
Which one is best?
It depends what you want out of it…
But using CyBOK we can see what the emphasis is
…
Any Questions?
24% 26% 9% 17% 24% Attacks & Defences HumanOrganisational&RegulatoryAspectsInfrastructureSecurity Software&Platform Security SystemsSecurity CISSP 3(1%) 5(2%) 2(1%) 41(19%) 9(4%) 9(4%) 10(5%) 29(13%) 2(1%) 14(6%) 3(1%) 22(10%) 4(2%) 11(5%) 20(9%) 16(7%) 6(3%) 11(5%) AdversarialBehaviours Forensics Malware&AttackTechnology SecurityOperations&IncidentManagement HumanFactors Law&Regulation Privacy&OnlineRights RiskManagement&Governance Cyber-PhysicalSystemsSecurity HardwareSecurity NetworkSecurity PhysicalLayerSecurity SecureSoftwareDesign&Development SoftwareSecurity Web&MobileSecurity Authentication,Authorisation&Accountability Cryptography DistributedSystemsSecurity OperatingSystems&VirtualisationSecurity

Recommended

STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
A_novel_concept_for_Cybersecurity_ Institutional_Cybersecurty
A_novel_concept_for_Cybersecurity_ Institutional_CybersecurtyA_novel_concept_for_Cybersecurity_ Institutional_Cybersecurty
A_novel_concept_for_Cybersecurity_ Institutional_CybersecurtyGovernment
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Ferenc Fresz
 
Developing And Connecting Cybersecurity Leaders Globally
Developing And Connecting Cybersecurity Leaders GloballyDeveloping And Connecting Cybersecurity Leaders Globally
Developing And Connecting Cybersecurity Leaders Globallymloginov
 
STUDY CYBER SECURITY IN AUSTRALIA
STUDY CYBER SECURITY IN AUSTRALIASTUDY CYBER SECURITY IN AUSTRALIA
STUDY CYBER SECURITY IN AUSTRALIAAECC Global
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 

Recommended

STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
A_novel_concept_for_Cybersecurity_ Institutional_Cybersecurty
A_novel_concept_for_Cybersecurity_ Institutional_CybersecurtyA_novel_concept_for_Cybersecurity_ Institutional_Cybersecurty
A_novel_concept_for_Cybersecurity_ Institutional_CybersecurtyGovernment
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Ferenc Fresz
 
Developing And Connecting Cybersecurity Leaders Globally
Developing And Connecting Cybersecurity Leaders GloballyDeveloping And Connecting Cybersecurity Leaders Globally
Developing And Connecting Cybersecurity Leaders Globallymloginov
 
STUDY CYBER SECURITY IN AUSTRALIA
STUDY CYBER SECURITY IN AUSTRALIASTUDY CYBER SECURITY IN AUSTRALIA
STUDY CYBER SECURITY IN AUSTRALIAAECC Global
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 
Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6hymasakhamuri
 
EC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and CertificationsEC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and CertificationsITpreneurs
 
EC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU ProgramEC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU ProgramITpreneurs
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comNihal Peter Moraes
 
Cscu exam-info-and-test-objective
Cscu exam-info-and-test-objectiveCscu exam-info-and-test-objective
Cscu exam-info-and-test-objectiveTiger Virani
 
cyber-security-brochure
cyber-security-brochurecyber-security-brochure
cyber-security-brochureNick Serafimov
 
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Network security
Network securityNetwork security
Network securitysnegacmr
 
Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6César Celis
 
cybersecurity es
cybersecurity escybersecurity es
cybersecurity esNithyesh Panathula
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber StrategyIan Kelly
 
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity laurieannwilliams
 
EC-Council Certified Network Defender
EC-Council Certified Network DefenderEC-Council Certified Network Defender
EC-Council Certified Network DefenderITpreneurs
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
 
Cyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdfCyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdfIgorSamuel12
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsFat-Thing Gabriel-Culley
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestrationChadni Islam
 
Cybersecurity Discipline
Cybersecurity DisciplineCybersecurity Discipline
Cybersecurity DisciplineMark Stockman
 
Career Opportunities in Cyber Security
Career Opportunities in Cyber SecurityCareer Opportunities in Cyber Security
Career Opportunities in Cyber Securitystjohns9
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 

More Related Content

What's hot

Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6hymasakhamuri
 
EC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and CertificationsEC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and CertificationsITpreneurs
 
EC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU ProgramEC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU ProgramITpreneurs
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comNihal Peter Moraes
 
Cscu exam-info-and-test-objective
Cscu exam-info-and-test-objectiveCscu exam-info-and-test-objective
Cscu exam-info-and-test-objectiveTiger Virani
 
cyber-security-brochure
cyber-security-brochurecyber-security-brochure
cyber-security-brochureNick Serafimov
 
Network security
Network securityNetwork security
Network securitysnegacmr
 
Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6César Celis
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber StrategyIan Kelly
 

What's hot (12)

Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6
 
EC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and CertificationsEC-Council Cyber Security Training and Certifications
EC-Council Cyber Security Training and Certifications
 
EC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU ProgramEC-Council Certified Secure Computer User C|SCU Program
EC-Council Certified Secure Computer User C|SCU Program
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
 
Cscu exam-info-and-test-objective
Cscu exam-info-and-test-objectiveCscu exam-info-and-test-objective
Cscu exam-info-and-test-objective
 
cyber-security-brochure
cyber-security-brochurecyber-security-brochure
cyber-security-brochure
 
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
 
Network security
Network securityNetwork security
Network security
 
Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6
 
cybersecurity es
cybersecurity escybersecurity es
cybersecurity es
 
Global Maritime Cyber Strategy
Global Maritime Cyber StrategyGlobal Maritime Cyber Strategy
Global Maritime Cyber Strategy
 

Similar to Mirror mirrror

The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity laurieannwilliams
 
EC-Council Certified Network Defender
EC-Council Certified Network DefenderEC-Council Certified Network Defender
EC-Council Certified Network DefenderITpreneurs
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsMatthew Rosenquist
 
Cyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdfCyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdfIgorSamuel12
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestrationChadni Islam
 
Cybersecurity Discipline
Cybersecurity DisciplineCybersecurity Discipline
Cybersecurity DisciplineMark Stockman
 
Career Opportunities in Cyber Security
Career Opportunities in Cyber SecurityCareer Opportunities in Cyber Security
Career Opportunities in Cyber Securitystjohns9
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Securing the digital frontier cyber security policies for a safer future.pdf
Securing the digital frontier cyber security policies for a safer future.pdfSecuring the digital frontier cyber security policies for a safer future.pdf
Securing the digital frontier cyber security policies for a safer future.pdfAltius IT
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Hacker Academy UK Booklet
Hacker Academy UK BookletHacker Academy UK Booklet
Hacker Academy UK BookletHacker Academy
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World SessionYasserElsnbary
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
2011 lecture ia orientation
2011 lecture ia orientation2011 lecture ia orientation
2011 lecture ia orientation2b3d
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...Infosec
 

Similar to Mirror mirrror (20)

The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
 
EC-Council Certified Network Defender
EC-Council Certified Network DefenderEC-Council Certified Network Defender
EC-Council Certified Network Defender
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
 
Cyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdfCyber-Handbook-Enterprise.pdf
Cyber-Handbook-Enterprise.pdf
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
 
Cybersecurity Discipline
Cybersecurity DisciplineCybersecurity Discipline
Cybersecurity Discipline
 
Career Opportunities in Cyber Security
Career Opportunities in Cyber SecurityCareer Opportunities in Cyber Security
Career Opportunities in Cyber Security
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Securing the digital frontier cyber security policies for a safer future.pdf
Securing the digital frontier cyber security policies for a safer future.pdfSecuring the digital frontier cyber security policies for a safer future.pdf
Securing the digital frontier cyber security policies for a safer future.pdf
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Hacker Academy UK Booklet
Hacker Academy UK BookletHacker Academy UK Booklet
Hacker Academy UK Booklet
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Session
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
 
2011 lecture ia orientation
2011 lecture ia orientation2011 lecture ia orientation
2011 lecture ia orientation
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...
NICE Cybersecurity Workforce Framework: Close your skills gap with role-based...
 

Recently uploaded

Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfSumit Kumar yadav
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...RohitNehra6
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisDiwakar Mishra
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bSérgio Sacani
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...anilsa9823
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTSérgio Sacani
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Patrick Diehl
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRDelhi Call girls
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxkessiyaTpeter
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoSérgio Sacani
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡anilsa9823
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...jana861314
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPirithiRaju
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)PraveenaKalaiselvan1
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxjana861314
 

Recently uploaded (20)

Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdf
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
 
Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
 
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43bNightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOST
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on Io
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
 

Mirror mirrror

  • 1. Mirror, Mirror, On the Wall: 
 What are we teaching them all? Characterising the Focus of Cybersecurity Curricular Frameworks Joseph Hallett
  • 2. There are lots of Cyber Security Curricular Frameworks
  • 4. 1. Are they all the same? 2. What are they all teaching? 3. Which one is best?
  • 5. Are they the same?
  • 9. But it depends on the framework… We’re going to describe them, 
 and present a method for describing others.
  • 10. Which one is best?
  • 11. Nope.
  • 13. They all serve different purposes and we’re not going to be making judgments here.
  • 14. But we do want to clarify what their content is…
  • 16. Association for Computing Machinery ASSOCIATION FOR INFORMATION SYSTEMS ifip CYBERSECURITY CURRICULA 2017 Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity A Report in the Computing Curricula Series Joint Task Force on Cybersecurity Education • Association for Computing Machinery (ACM) • IEEE Computer Society (IEEE-CS) • Association for Information Systems Special Interest Group on • Information Security and Privacy (AIS SIGSEC) • International Federation for Information Processing Technical Version 1.0 Report
  • 17. IISP Knowledge Framework UK-based non-profit Cybersecurity professional organisation What knowledge is required to work in information security? Aims “to provide a foundation for curriculum development, course accreditation and for individual 
 professional certification”
  • 18. NCSC Certified Masters Programmes in Cybersecurity UK framework for cybersecurity degrees
 Loosely based on IISP Knowledge Framework Multiple pathways based around a common set of topics: A: 4 year Computer science with cybersecurity
 B: 4 year Cybersecurity
 C: 4 year Digital forensics
 CNIS: 4 year Computer networks and internet security Masters: 1 year broad cybersecurity Masters programme
  • 19. NICE Cybersecurity Workforce Framework NIST Special Publication 800-181 Aims to describe all cybersecurity work and act as a reference guide for people implementing education programmes. Big lists (~600) of Knowledge, Skills and Abilities Each tied and cross-referenced to jobs and roles within cybersecurity
  • 20. Joint Task Force Cybersecurity Curricula Collaboration between ACM, IEEE-CS, AIS SIGSEC and IFIP WG 11.8 Aims to “leading resource of comprehensive cybersecurity curricular content for global academic institutions seeking to develop a broad range of cybersecurity offerings at the post- secondary level”
  • 21. NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
  • 22. NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
  • 23. NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework CyBOK Security Discipline Skills Group Indicative Topic Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline
  • 24. NCSC Certifed Masters NICE Cybersecurity Workforce Framework JTF Curriculum Guidelines IISP Knowledge Framework CyBOK Security Discipline Skills Group Indicative Topic Knowledge Area Speciality Area Work Role K S A Topic Knowledge Units Knowledge Area Learning Outcome Level Skill Area Security Discipline Category
  • 25.
  • 27.
  • 28. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
  • 29. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Attacks and Defences
  • 30. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Human Organisational and Regulatory Aspects
  • 31. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Infrastructure Security
  • 32. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Systems Security
  • 33. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability Software Platform Security
  • 34. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
  • 35. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
  • 36. Adversarial Behaviours Forensics Malware and Attack Technologies Security Operations and Incident Management Human Factors Law and Regulation Privacy and Online Rights Risk Management and Governance Network Security Hardware Security Cyber-Physical Systems Security Physical Layer Security Software Security Web and Mobile Security Secure Software Lifecycle Cryptography Operating Systems and Virtualisation Security Distributed Systems Security Authentication, Authorisation and Accountability
  • 37. Map the topics from the curricular frameworks onto CyBOK Knowledge Areas
  • 38. Map the topics from the curricular frameworks onto CyBOK Knowledge Areas Scope Document
  • 39. —a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.”
  • 40. —a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.” —CyBOK Scope document for the Law and Regulation Knowledge Area “International and national statutory and regulatory requirements, compliance obligations including data protection...”
  • 41. —a learning outcome for the IISP Knowledge Framework Skill Area A6.1 “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.”
  • 42. “They shall be able to list the major applicable legislation and regulations affecting an example organization and describe their overall purpose.” —a learning outcome for the IISP Knowledge Framework Skill Area A6.1 Law and Regulation
  • 43. Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
  • 44. Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
  • 45. —NICE K0015 “Knowledge of computer algorithms.”
  • 46. —NICE K0015 “Knowledge of computer algorithms.” Too General For CyBOK :-(
  • 47. Curricular Framework Mapped / Total Mapped Percentage IISP 215/252 85% JTF 286/287 100% NICE 206/630 33% NCSC 114/118 97%
  • 48. :-( Not Cybersecurity Research skills Physical security Intra-personal skills General Computer Science
  • 49. 34% 35% 13% 6% 11% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity NICE 27% 27% 11% 19% 16% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity NCSC 20% 33% 15%17% 15% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity JTF 42% 34% 2% 19% 3% Attacks & Defences HumanOrganisational&RegulatoryAspects InfrastructureSecurity Software&Platform Security SystemsSecurity IISP
  • 50. IISP 18 (8%) 11 (5%) 10 (5%) 50 (23%) 6 (3%) 11 (5%) 1 (0%) 54 (25%) 1 (0%) 1 (0%) 2 (1%) 1 (0%) 36 (17%) 4 (2%) 1 (0%) 4 (2%) 1 (0%) 1 (0%) 1 (0%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security
  • 51. 87 (9%) 20 (2%) 87 (9%) 146 (14%) 1 (0%) 86 (9%) 113 (11%) 158 (16%) 2 (0%) 130 (13%) 3 (0%) 22 (2%) 41 (4%) 2 (0%) 41 (4%) 40 (4%) 10 (1%) 21 (2%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security NICE
  • 52. 5 (2%) 10 (3%) 12 (4%) 29 (10%) 31 (11%) 23 (8%) 13 (5%) 26 (9%) 6 (2%) 10 (3%) 25 (9%) 2 (1%) 30 (10%) 18 (6%) 2 (1%) 15 (5%) 14 (5%) 5 (2%) 10 (3%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security JTF
  • 53. 2 (2%) 6 (5%) 9 (8%) 14 (12%) 9 (8%) 6 (5%) 4 (4%) 12 (11%) 4 (4%) 1 (1%) 7 (6%) 8 (7%) 4 (4%) 10 (9%) 7 (6%) 7 (6%) 1 (1%) 3 (3%) Adversarial Behaviours Forensics Malware & Attack Technology Security Operations & Incident Management Human Factors Law & Regulation Privacy & Online Rights Risk Management & Governance Cyber-Physical Systems Security Hardware Security Network Security Physical Layer Security Secure Software Design & Development Software Security Web & Mobile Security Authentication, Authorisation & Accountability Cryptography Distributed Systems Security Operating Systems & Virtualisation Security NCSC
  • 57. This doesn’t account for time spent on any topic… This doesn’t look at how knowledge in these topics is evaluated…
  • 58. 1. Are they all the same? 2. What are they all teaching? 3. Which one is best?
  • 59. Are they the same?
  • 60. Nope.
  • 61. What are they
 all teaching?
  • 63. But it depends on the framework… Using CyBOK we can characterise what is in them
  • 64. Which one is best?
  • 65. It depends what you want out of it…
  • 66. But using CyBOK we can see what the emphasis is
  • 67.