The Cybersecurity Body of Knowledge (Security, Audit and Leadership Series)

The Cybersecurity Body of Knowledge (Security, Audit and Leadership Series)

The Cybersecurity Body of Knowledge explains the content, purpose, and use of eight knowledge areas that define the boundaries of the discipline of cybersecurity. The discussion focuses on, and is driven by, the essential concepts of each knowledge area that collectively capture the cybersecurity body of knowledge to provide a complete picture of the field. This book is based on a brand-new and up to this point unique, global initiative, known as CSEC2017, which was created and endorsed by ACM, IEEE-CS, AIS SIGSEC, and IFIP WG 11.8. This has practical relevance to every educator in the discipline of cybersecurity. Because the specifics of this body of knowledge cannot be imparted in a single text, the authors provide the necessary comprehensive overview. In essence, this is the entry-level survey of the comprehensive field of cybersecurity. It will serve as the roadmap for individuals to later drill down into a specific area of interest. This presentation is also explicitly designed to aid faculty members, administrators, CISOs, policy makers, and stakeholders involved with cybersecurity workforce development initiatives. The book is oriented toward practical application of a computing-based foundation, crosscutting concepts, and essential knowledge and skills of the cybersecurity discipline to meet workforce demands. Dan Shoemaker, PhD, is full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity. Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy. Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors. Ken Sigler, MS, is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity. Book Foreword: I have great pleasure in writing this foreword. I have worked with Dan, Anne, and Ken over the past six years as this amazing team has written six books for my book collection initiative. Their newest effort, The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity, brings together a comprehensive understanding of cybersecurity and should be on the book shelf of every professor, student, and practitioner. Right now, the study of cybersecurity is pretty-much in the eye of the beholder because the number of interpretations about what ought to be taught is limited only by the number of personal agendas out there in the field. Through discussion with the team, I've learned that every well-established discipline of scholarship and practice has gone through the process of research, extensive discussions, formation of communities of practice, and thought leadership to continually build the body of knowledge. Over time, diverse voices put forth ideas, concepts, theories, and empirical evidence to advance the thinking and in every discipline there comes a time when thought leaders establish generally accepted standards based on a comprehensive view of the body of knowledge. I believe that time has come for the discipline of cybersecurity. Beginning with a narrow focus on computer security, the discipline has advanced tremendously and has accurately become known as a fundamentally computing-based discipline that involves people, information, technology, and processes. Additionally, as the global cyber infrastructure increases the possible targets, the interdisciplinary nature of the field includes aspects of ethics, law, risk management, human factors, and policy. The growing need to protect not just corporate information and intellectual property, but to maintain national security has created a demand for specialists across a range of work roles, with the knowledge of the complexities of holistically assuring the security of systems. A vision of proficiency in cybersecurity, that aligns with industry needs and involves a broad global audience of stakeholders, was needed to provide stability and an understanding of the boundaries of the discipline. The formation of the CSEC2017 Joint Task Force - involving four major international computing societies: the Association of Computing Machinery (ACM) , the IEEE Computer Society (IEEE CS) , the Association for Information Systems Special Interest Group on Information Security and Privacy (AIS SIGSEC) , and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) - came together to publish the single commonly accepted guidelines for cybersecurity