The Cyber Security Body Of Knowledge

Dr. Greg Bernstein

January 12th, 2022

The CyBOK Project

Compendium of Cybersecurity Information

From CyBOK: Cybersecurity Body of Knowledge

The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic.


Introduction to CyBOK Issue 1.1

Definition of CyberSecurity

From Intro to CyBOK

Definition: Cyber security refers to the protection of information systems (hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorized access, harm or misuse. This includes harm caused intentionally by the operator of the system, or accidentally, as a result of failing to follow security procedures.

Definition of Information Security

From Intro to CyBOK

Definition: Information security. Preservation of confidentiality, integrity and availability of information.

In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

Categorizing CyberSecurity

CyBOK Diagram

Why Bother?

  • The field of cybersecurity is large and growing
  • Need a way to break it up into specialties (“knowledge areas”)
  • CyBOK has an up to date free document covering each of these areas
  • These hae been produced by practitioners from many different countries

CyBOK and Class

  • We will use CyBOK materials as part of our class readings
  • These are research/professional level overviews of the latest topics
  • These are not necessarily easy reads
  • We will have case studies and hands on examples to complement

Human, Organizational, and Regulatory Aspects

From Intro to CyBOK

  • Risk Management & Governance

  • Law & Regulation

  • Human Factors

  • Privacy & Online Rights

Attacks and Defences

From Intro to CyBOK

  • Malware & Attack Technologies

  • Adversarial Behaviors

  • Security Operations & Incident Management

  • Forensics

Systems Security

From Intro to CyBOK

  • Cryptography

  • Operating Systems & Virtualization Security

  • Distributed Systems Security

  • Authentication, Authorization, & Accountability

  • Formal Methods for Security

Software and Platform Security

From Intro to CyBOK

  • Software Security

  • Web & Mobile Security

  • Secure Software Lifecycle

Infrastructure Security

From Intro to CyBOK

  • Applied Cryptography

  • Network Security

  • Hardware Security

  • Cyber-Physical Systems Security

  • Physical Layer & Telecommunications Security

// reveal.js plugins