1st Edition

The Cybersecurity Body of Knowledge
The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity




ISBN 9780367900946
Published April 20, 2020 by CRC Press
578 Pages 151 B/W Illustrations

USD $129.95

Prices & shipping based on shipping country


Preview

Book Description

The Cybersecurity Body of Knowledge explains the content, purpose, and use of eight knowledge areas that define the boundaries of the discipline of cybersecurity. The discussion focuses on, and is driven by, the essential concepts of each knowledge area that collectively capture the cybersecurity body of knowledge to provide a complete picture of the field.

This book is based on a brand-new and up to this point unique, global initiative, known as CSEC2017, which was created and endorsed by ACM, IEEE-CS, AIS SIGSEC, and IFIP WG 11.8. This has practical relevance to every educator in the discipline of cybersecurity. Because the specifics of this body of knowledge cannot be imparted in a single text, the authors provide the necessary comprehensive overview. In essence, this is the entry-level survey of the comprehensive field of cybersecurity. It will serve as the roadmap for individuals to later drill down into a specific area of interest.

This presentation is also explicitly designed to aid faculty members, administrators, CISOs, policy makers, and stakeholders involved with cybersecurity workforce development initiatives. The book is oriented toward practical application of a computing-based foundation, crosscutting concepts, and essential knowledge and skills of the cybersecurity discipline to meet workforce demands.

Dan Shoemaker, PhD, is full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy. Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.

Ken Sigler, MS, is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity.

Table of Contents

Foreword 1

Foreword 2

Author Biographies

Introduction

 

Chapter 1 Securing Cyberspace Is Everybody’s Business

Introduction: The Current Situation Is Out of Control

The Challenge: How Do You Protect Something that Doesn’t Actually Exist?

We Must Re-evaluate Our Assumptions

The Adversary Changes Thing

The Three-Legged Stool

Learning to Play Better with Others

Creating a Holistic Solution

The Importance of Knowing What to Do

Enabling Common Understanding

Education Is the Key

The Body of Knowledge and Educational Strategy

Cybersecurity as an Academic Study

The Importance of Unified Recommendations about Areas of Vital Interest

Circumscribing the Field: Background and Intention of CC2005

Defining the Elements of the Discipline of Cybersecurity: CSEC2017

Knowledge Area One: Data Security

Knowledge Area Two: Software Security

Knowledge Area Three: Component Security

Knowledge Area Four: Connection Security

Knowledge Area Five: System Security

Knowledge Area Six: Human Security

Knowledge Area Seven: Organizational Security

Knowledge Area Eight: Societal Security

Real-World Utilization of the CSEC2017 Body of Knowledge

CSEC2017 Framework Areas of Application

Thirty Review Questions: Introduction to the CSEC Standard

You Might Also Like to Read

Chapter Summary

Keywords

References

 

Chapter 2 The Cybersecurity Body of Knowledge 39

Bodies of Knowledge Are Essential Tools in Educational Settings

Bodies of Knowledge

Making Cybersecurity Teaching Real

Validating Curricular Concepts

Applying the CSEC2017

The CSEC2017 Model

The CSEC2017 Organization

The CSEC2017 Implementation Process

Knowledge Area One: Data Security

Knowledge Area Two: Software Security

Knowledge Area Three: Component Security

Knowledge Area Four: Connection Security

Knowledge Area Five: System Security

Knowledge Area Six: Human Security

Knowledge Area Seven: Organizational Security

Knowledge Area Eight: Societal Security

Twenty Review Questions: The Cybersecurity Body of Knowledge

You Might Also Like to Read

Chapter Summary

Keywords

 

Chapter 3 Data Security

Surviving in a Digital Era

The CSEC2017 Data Security Knowledge Units

Knowledge Unit One: Cryptography

Knowledge Unit Two: Digital Forensics

Knowledge Unit Three: Data Integrity and Authentication

Knowledge Unit Four: Access Control

Knowledge Unit Five: Secure Communication Protocols

Knowledge Unit Six: Cryptanalysis

Knowledge Unit Seven: Data Privacy

Knowledge Unit Eight: Information Storage Security

Chapter Review Questions

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Data Security Knowledge Area

Keywords

References

 

Chapter 4 Software Security

Building Pathways toward Software Security

The CSEC2017 Software Security Knowledge Units

Knowledge Unit One: Fundamental Principles

Knowledge Unit Two: Design

Knowledge Unit Three: Implementation

Knowledge Unit Four: Analysis and Testing

Knowledge Unit Five: Deployment and Maintenance

Knowledge Unit Six: Documentation

Knowledge Unit Seven: Ethics

Twenty Review Questions for This Chapter

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Component Security

Knowledge Area

Keywords

Reference

 

Chapter 5 Component Security

It All Starts with the Components

The CSEC2017 Component Security Knowledge Units

Knowledge Unit One: Component Design

Knowledge Unit Two: Component Procurement

Knowledge Unit Three: Component Testing

Knowledge Unit Four: Component Reverse Engineering

Forty Review Questions: Component Security

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Component Security

Knowledge Area

Keywords

Reference

 

Chapter 6 Connection Security

Introduction: The Challenge of Connecting the Enterprise

The CSEC Connection Security Knowledge Areas

Knowledge Unit One: Physical Media

Knowledge Unit Two: Physical Interfaces and Connectors

Knowledge Unit Three: Hardware Architecture

Knowledge Unit Four: Distributed Systems Architecture

Knowledge Unit Five: Network Architecture

Knowledge Unit Six: Network Implementations

Knowledge Unit Seven: Network Services

Knowledge Unit Eight: Network Defense

Twenty Review Questions: Connection Security

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Connection Security

Knowledge Area

Keywords

References

 

Chapter 7 System Security

Assembling the Parts into a Useful Whole

The Key Role of Design in Systems

The CSEC2017 System Security Knowledge Units

Knowledge Unit One: System Thinking

Knowledge Unit Two: System Management

Knowledge Unit Three: System Access

Knowledge Unit Four: System Control

Knowledge Unit Five: System Retirement

Knowledge Unit Six: System Testing

Knowledge Unit Seven: Common System Architectures

Seventy Review Questions: System Security 380

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Component Security

Knowledge Area

Keywords

References

 

Chapter 8 Human Security

Human-Centered Threats

Ensuring Disciplined Practice

The Challenging Case of Human Behavior

The CSEC2017 Human Security Knowledge Units

Knowledge Unit One: Identity Management

Knowledge Unit Two: Social Engineering

Knowledge Unit Three: Personal Compliance

Knowledge Unit Four: Awareness and Understanding

Knowledge Unit Five: Social and Behavioral Privacy

Knowledge Unit Six: Personal Data Privacy and Security

Knowledge Unit Seven: Usable Security and Privacy

Seventy Review Questions: Human Security

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Human Security

Knowledge Area

Keywords

References

 

Chapter 9 Organizational Security

Introduction Securing the Entire Enterprise

Integrating the Elements of Cybersecurity into an Applied Solution

The CSEC2017 Organizational Security Knowledge Units

Knowledge Area One: Risk Management

Knowledge Area Two: Security Governance and Policy

Knowledge Area Three: Analytical Tools

Knowledge Unit Four: Systems Administration

Knowledge Area Five: Cybersecurity Planning

Knowledge Unit Six: Business Continuity, Disaster

Knowledge Unit Seven: Security Program Management

Knowledge Unit Eight: Personnel Security

Knowledge Unit Nine: Security Operations

Forty Review Questions: Organizational Security

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Organizational Security

Knowledge Area

Keywords

References

 

Chapter 10 Societal Security

Security and Worldwide Connectivity

The CSEC2017 and the Profession

The CSEC2017 Societal Security Knowledge Units

Knowledge Unit One: Cybercrime

Knowledge Unit Two: Cyber Law

Knowledge Unit Three: Cyber Ethics

Knowledge Unit Four: Cyber Policy

Knowledge Unit Five: Privacy

You Might Also Like to Read

Chapter Summary

Learning Objectives for the Human Security Knowledge Area

Keywords

References

Index

...
View More

Author(s)

Biography

Dan Shoemaker, PhD, is full professor, senior research scientist, and Program Director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy .  Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity.

Featured Author Profiles

Author - Anne  Kohnke
Author

Anne Kohnke

Associate Professor of Cybersecurity, University of Detroit Mercy
Detroit, Michigan, USA

Learn more about Anne Kohnke »

Reviews

Book Foreword: 

I have great pleasure in writing this foreword. I have worked with Dan, Anne, and Ken over the past six years as this amazing team has written six books for my book collection initiative. Their newest effort, The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity, brings together a comprehensive understanding of cybersecurity and should be on the book shelf of every professor, student, and practitioner. 

Right now, the study of cybersecurity is pretty-much in the eye of the beholder because the number of  interpretations about what ought to be taught is limited only by the number of personal agendas out there in the field. 

Through discussion with the team, I've learned that every well-established discipline of scholarship and practice has gone through the process of research, extensive discussions, formation of communities of practice, and thought leadership to continually build the body of knowledge. Over time, diverse voices put forth ideas, concepts, theories, and empirical evidence to advance the thinking and in every discipline there comes a time when thought leaders establish generally accepted standards based on a comprehensive view of the body of knowledge. 

I believe that time has come for the discipline of cybersecurity.  

Beginning with a narrow focus on computer security, the discipline has advanced tremendously and has accurately become known as a fundamentally computing-based discipline that involves people, information, technology, and processes. Additionally, as the global cyber infrastructure increases the possible targets, the interdisciplinary nature of the field includes aspects of ethics, law, risk management, human factors, and policy. The growing need to protect not just corporate information and intellectual property, but to maintain national security has created a demand for specialists across a range of work roles, with the knowledge of the complexities of holistically assuring the security of systems. A vision of proficiency in cybersecurity, that aligns with industry needs and involves a broad global audience of stakeholders, was needed to provide stability and an understanding of the boundaries of the discipline. 

The formation of the CSEC2017 Joint Task Force - involving four major international computing societies: the Association of Computing Machinery (ACM), the IEEE Computer Society (IEEE CS), the Association for Information Systems Special Interest Group on Information Security and Privacy (AIS SIGSEC), and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) - came together to publish the single commonly accepted guidelines for cybersecurity curriculum (the CSEC2017 Report). The CSEC2017 Report authors have produced a thought model and structure in which the comprehensive discipline of cybersecurity can be well understood.  With this understanding, development within academic institutions and industry can prepare a wide range of programs grounded in fundamental principles.

This book explains the process by which the CSEC2017 Report was formulated and its pedigree.  It discusses the knowledge units of each of the eight knowledge area categories of the field in detail.  The reader will understand the required knowledge for cybersecurity and gain a basic understanding of the application and purpose of each of these myriad elements.

I have studied the various chapters and believe the seamless flow of the content will benefit all readers and that the extensive use of visuals greatly improves readability. Although knowledge knows no end, dissemination and sharing of knowledge are critical.  I believe this book will help form the foundation of the next evolution of cybersecurity and I congratulate the team on their work and their amazing result.  

Dan Swanson

Series Editor