cybok mapping framework for ncsc certi ed degrees guidance ...€¦ · certication. table (.) is...

CyBOK MappingFramework for NCSCCerti�ed DegreesGuidance Document for UKHigher EducationLata Nautiyal University of Bristol

Awais Rashid University of Bristol

The Cyber Security Body Of Knowledgewww.cybok.org

� STEP BY STEP IMPLEMENTATION OF MAPPINGPROCESS BY TAKING EXAMPLE OF ONE MODULEDESCRIPTION FROM MIT UNIVERSITY, USA

Applied Cyber Security (MIT-USA)

Introduction to Information Security Fundamentals and Best Practices

• Protecting Your Computer and its Contents

• Securing Computer Networks–Basics of Networking

• Compromised Computers

• Secure Communications and Information Security Best Practices

• Privacy Guidelines

• Safe Internet Usage

Ethics in Cybersecurity & Cyber Law

• Privacy

• Intellectual Property

• Professional Ethics

• Freedom of Speech

• Fair User and Ethical Hacking

• Trademarks

• Internet Fraud

• Electronic Evidence

• Cybercrimes

Forensics

• Forensic Technologies

• Digital Evidence Collection

• Evidentiary Reporting

Network Assurance

• Layered Defense

• Surveillance and Reconnaissance

• Outsider Threat Protection

Secure Software & Browser Security

• Software Construction

• Software Design and Architecture

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page �


• Software Testing

• Methodologies

• The New Universal Client

• The Web Model

• Cookies and Browser Storage

• HTML� Security

Business Information Continuity

• Managing a Business Information Continuity Plan

• Vulnerabilities and Controls

• The Law and Business Information Continuity Plan

Information Risk Management

• Asset Evaluation and Business Impact Analysis

• Risk Identi�cation

• Risk Quanti�cation

• Risk Response Development and Control

• Security Policy, Compliance, and Business Continuity

Cyber Incident Analysis and Response

• Incident Preparation

• Incident Detection and Analysis

• Containment, Eradication, and Recovery

• Proactive and Post-Incident Cyber Services

�.� Formation Phase:Applied Cyber Security (MIT-USA)

Introduction to Information Security Fundamentals and Best Practices

• Protecting Your Computer and its Contents

• Securing Computer Networks–Basics of Networking

• Compromised Computers

• Secure Communications and Information Security Best Practices

• Privacy Guidelines

• Safe Internet Usage

Ethics in Cybersecurity & Cyber Law

• Privacy



• Intellectual Property

• Professional Ethics

• Freedom of Speech

• Fair User and Ethical Hacking

• Trademarks

• Internet Fraud

• Electronic Evidence

• Cybercrimes

Forensics

• Forensic Technologies

• Digital Evidence Collection

• Evidentiary Reporting

Network Assurance

• Layered Defense

• Surveillance and Reconnaissance

• Outsider Threat Protection

Secure Software & Browser Security

• Software Construction

• Software Design and Architecture

• Software Testing

• Methodologies

• The New Universal Client

• The Web Model

• Cookies and Browser Storage

• HTML� Security

Business Information Continuity

• Managing a Business Information Continuity Plan

• Vulnerabilities and Controls

• The Law and Business Information Continuity Plan

Information Risk Management

• Asset Evaluation and Business Impact Analysis



• Risk Identi�cation

• Risk Quanti�cation

• Risk Response Development and Control

• Security Policy, Compliance, and Business Continuity

Cyber Incident Analysis and Response

• Incident Preparation

• Incident Detection and Analysis

• Containment, Eradication, and Recovery

• Proactive and Post-Incident Cyber Services

�.� Connecting Phase:Searching for those highlighted keywords or a set of keywords using the resources in the“CyBOK Mapping Structure Guide”. This phase is comprised of � steps (Steps A to E).

Step A: – Mapping with an alphabetical version of the CyBOK’s knowledge areas indicativematerial from NCSC’s certi�cation document: –

Start your search with this document. If your Highlighted/Underlined keywords or a setof keywords are found in this part, then record these in the table and move on to the next key-words or a set of keywords. Repeat the process until the last keywords or a set of keywords.(Move to step B)

S.No. Broad Category KA Topic IndicativeMaterial

Keyword or a Setof Keywords

Mapping with analphabeticalversion of the

CyBOKknowledge areas

indicativematerial

�Protecting YourComputer and its

ContentsNot Found

�

Securingcomputer

networks - Basicsof networking

Not Found

� CompromisedComputers Not Found

�

SecureCommunicationsand InformationSecurity BestPractices

Not Found

� PrivacyGuidelines Not Found

6 Privacy Not Found

� IntellectualProperty Not Found

8 ProfessionalEthics Not Found



� Freedom ofSpeech Not Found

�� Ethical Hacking Not Found�� Trademarks Not Found�� Internet Fraud Not Found

�� ElectronicEvidence Not Found

�� Cybercrimes Not Found

�� Attacks anddefences F

De�nition andconceptualmodels

Forensicscience

ForensicTechnologies

(Forensicscience)

Found andRecorded

�6 Digital EvidenceCollection Not Found

�� EvidentiaryReporting Not Found

�8 Layered Defense Not Found�� Reconnaissance Not Found

�� Outsider ThreatProtection Not Found

�� SoftwareConstruction Not Found

�� Software Designand Architecture Not Found

�� Software Testing Not Found�� Methodologies Not Found�� The Web Model Not Found

�6 Software andPlatform Security WAM

Fundamentalconcepts andapproaches

Cookies Cookies Found andRecorded

�� HTML� Security Not Found

�8

Managing aBusiness

InformationContinuity Plan

Not Found

�� Vulnerabilitiesand control Not Found

�� Continuity Plan Not Found

��Asset Evaluationand Business

Impact AnalysisNot Found

�� Risk Identi�cation Not Found

�� RiskQuanti�cation Not Found

��Risk Response

development andcontrol

Not Found

�� Security Policy Not Found

�6Compliance, and

BusinessContinuity

Not Found

�� Attacks andDefences SOIM

Human Factors:Incident

Management

Prepare:Incident

managementplanning

Incidentpreparation(incident

managementplanning)

Found andRecorded

�8 Attacks andDefences SOIM


Management

Prepare:incident

managementplanning

IncidentDetection and

Analysis (Incidentmanagementplanning)

Found andRecorded



��Containment,

Eradication, andRecovery

Not Found



Management

Follow up -Post-incident

activities

Post-incidentcyber services(Follow up

:post-incidentactivities)

Found andRecorded

Step B: – Mapping with CyBOK Mapping Reference �.�: –

Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step C)

S.No. Broad Category KA Keyword or a Set of Keywords Mapping with CyBOKMapping Reference �.�

� Protecting Your Computer and itsContents Not Found

� Infrastructure Security NS Securing Computer Networks -Basics of networking Found and Recorded

� Software and PlatformSecurity SS, NS

Compromised Computers (CVEs,CWEs), Or (Common network

attacks)

Found and Recorded,(Selected SS as relevant)

� Systems Security CSecure Communications and

Information Security Best Practices(Secure Communication Channel)

Found and Recorded

� Privacy Guidelines Not Found

6 Human, Organisational andRegulatory Aspects POR Privacy Found and Recorded

� Human, Organisational andRegulatory Aspects LR Intellectual Property Found and Recorded

8 Human, Organisational andRegulatory Aspects LR Professional Ethics (Ethics) Found and Recorded

� Human, Organisational andRegulatory Aspects POR Freedom of Speech Found and Recorded

�� Infrastructure SecurityNS,

SOIM,SSL

Ethical Hacking, (Penetrationtesting) or (Penetration testing -DNS) Or (Penetration testing –

active penetration) Or (Penetrationtesting – software tool)

Found and Recorded,(Selected NS as relevant)(But Multiple mappings are

possible)

�� Human, Organisational andRegulatory Aspects LR Trademarks Found and Recorded

�� Internet Fraud Not Found

�� Attacks and Defences F Electronic Evidence (Forensicevidence) Found and Recorded

�� Human, Organisational andRegulatory Aspects LR, F Cybercrimes Found and Recorded

(Selected LR as relevant)�6 Attacks and Defences F Digital Evidence Collection Found and Recorded�� Evidentiary Reporting Not Found

�8 Systems SecurityAAA,RMG,SSL

Layered Defense, (Security Policies)Or (Defence in depth)

Found and Recorded,(Selected AAA as relevant)

�� Reconnaissance Found (Not recorded, notrelevant as per the context)

�� Attacks and DefencesSOIM,AB,RMG

Outsiders Threat Protection(Threats External)

Found and Recorded,(Selected SOIM as relevant)

�� Software and PlatformSecurity SSL Software Construction, (Software

Development) Found and Recorded

�� Software Design and Architecture Not Found

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page 6


�� Software Testing Not Found

�� Software and PlatformSecurity SSL Methodologies (Software

Development methods) Found and Recorded

�� The Web Model Not Found�� HTML� Security Not Found

�8 Attacks and Defences RMG,SOIM

Managing a Business InformationContinuity Plan, (Business

continuity management/planning)

Found and Recorded,(Selected RMG as relevant)

�� Software and PlatformSecurity

SS,CPS Vulnerabilities and control Found and Recorded,

(Selected SS as relevant)

�� Human, Organisational andRegulatory Aspects RMG Continuity plan (Continuity

management) Found and Recorded

�� Human, Organisational andRegulatory Aspects RMG

Asset Evaluation and BusinessImpact Analysis (Business impactanalysis - in information asset

classi�cation)

Found and Recorded

�� Human, Organisational andRegulatory Aspects RMG Risk Identi�cation Analysis Found and Recorded

�� Human, Organisational andRegulatory Aspects RMG Risk Quanti�cation (Risk –

measuring) Found and Recorded

�� Human, Organisational andRegulatory Aspects RMG Risk Response development and

control Found and Recorded

�� Human, Organisational andRegulatory Aspects RMG Security Policy Found and Recorded

�6 Human, Organisational andRegulatory Aspects RMG Compliance and Business

Continuity Found and Recorded

�� Attacks and Defences SOIMContainment, Eradication and

Recovery (Containment in Incidentresponse plan)

Found and Recorded

Step C: – Complete the missing Topics and Indicative Material from CyBOK KnowledgeTrees for all the recorded keywords or a set of keywords found through CyBOK Mappingreference �.�: –

Searching topics and indicative materials from CyBOK Knowledge Trees for all the recordedkeywords or a set of keywords found through CyBOK Mapping reference �.� as CyBOK Map-ping reference �.� provides relevant CyBOK knowledge areas but not the topic and indicativematerial, therefore CyBOK Knowledge Trees are used. (Move to step D)


Keyword or a setof Keywords

Mapping missingTopics andIndicative

Material fromCyBOK

Knowledge Trees

� InfrastructureSecurity NS Network Defence

Tools ***

SecuringComputerNetworks -Basics ofnetworking

Found andRecorded(Multiple

mappings arepossible)

Mapping to NS isjust an

interpretation asper our viewpoint

� Software andPlatform Security SS, NS Categories of

vulnerability CVEs and CWEs

CompromisedComputers

(CVEs, CWEs), Or(Common

network attacks)

Found andRecorded,

(Selected SS asrelevant)



� Systems Security C Public keycryptography ***

SecureCommunicationsand InformationSecurity Best

Practices (SecureCommunication

Channel)

Found andRecorded

6

Human,Organisationaland Regulatory

Aspects

POR Control *** Privacy Found andRecorded

�


Aspects

LR IntellectualProperty

Understandingintellectualproperty ORCatalogue ofintellectual

property rights

IntellectualProperty

Found andRecorded

8


Aspects

LR Ethics Codes of conduct ProfessionalEthics (Ethics)

Found andRecorded

�


Aspects

POR

Privacytechnologies and

democraticvalues

Censorshipresistance andfreedom ofspeech

Freedom ofSpeech

Found andRecorded

�� InfrastructureSecurity

NS,SOIM,SSL

Networkprotocols andvulnerability

Common networkattacks

Ethical Hacking(Penetrationtesting) or

(Penetrationtesting - DNS) Or

(Penetrationtesting – activepenetration) Or(Penetrationtesting –

software tool)

Found andRecorded,

(Selected NS asrelevant)(But

Multiplemappings are

possible)

��


Aspects

LR IntellectualProperty

Catalogue ofintellectual

property rightsTrademarks Found and

Recorded

�� Attacks andDefences F

De�nition andconceptual

model

Digital (forensic)trace

ElectronicEvidence(Forensicevidence)

Found andRecorded

��


Aspects

LR, F Computer CrimeCrimes againstinformationsystems

Cybercrimes

Found andRecorded

(Selected LR asrelevant)

�6 Attacks andDefences F

Main MemoryForensics OR

Operating SystemAnalysis OR

Cloud ForensicsOR Artifact

Analysis It couldbe any of these

depending on thecontext.

*** Digital EvidenceCollection

Found andRecorded

�8 Systems SecurityAAA,RMG,SSL

Authorisation Access Control

Layered Defense(Security Policies)Or (Defence in

depth)

Found andRecorded,

(Selected AAA asrelevant)

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page 8


�� Attacks andDefences

SOIM,AB,RMG

Knowledge:intelligence and

analytics

Cyber-threatintelligence

Outsiders ThreatProtection

(Threats External)

Found andRecorded,

(Selected SOIMas relevant)

�� Software andPlatform Security SSL Prescriptive

Processes SAFECode

SoftwareConstruction,(Software

Development)

Found andRecorded


Processes SAFECode

Methodologies(Software

Developmentmethods)

Found andRecorded

�8 Attacks andDefences

RMG,SOIM

BusinessContinuity:Incident

Response andRecoveryPlanning

***

Managing aBusiness

InformationContinuity Plan

(Businesscontinuitymanage-

ment/planning)

Found andRecorded,

(Selected RMG asrelevant)

�� Software andPlatform Security

SS,CPS

Categories ofVulnerabilities

(SS) ORPrevention ofVulnerabilities

*** Vulnerabilitiesand control

Found andRecorded

(Selected SS asrelevant)

��


Aspects

RMG

Businesscontinuity:

incident responseand recovery

planning

***Continuity plan

(Continuitymanagement)

Found andRecorded

��


Aspects

RMGRisk Assessmentand Management

Principles

Risk assessmentand management

methods

Asset Evaluationand Business

Impact Analysis(Business impact

analysis - ininformation assetclassi�cation)

Found andRecorded

��


Aspects

RMG Risk De�nition Risk assessment Risk Identi�cationAnalysis

Found andRecorded

��


Aspects

RMGRisk Assessmentand Management

PrinciplesSecurity metrics

RiskQuanti�cation

(Risk –measuring)

Found andRecorded

��


Aspects

RMG

Businesscontinuity:


planning

***Risk Response

development andcontrol

Found andRecorded

��


Aspects

RMG Risk Governance Enacting securitypolicy Security Policy Found and

Recorded

�6


Aspects

RMG

Businesscontinuity:


planning

***Compliance and

BusinessContinuity

Found andRecorded




Human factors:incident

management

Handle: actualincident response

Containment,Eradication and

Recovery(Containment inIncident response

plan)

Found andRecorded

Step D:– Mapping with CyBOK Knowledge Trees: –

Continue your search with this document. If your remaining (Not Found) keywords or aset of keywords are found in this part, then record these in the table and move on to thenext keywords or a set of keywords. Repeat the process until the last keywords or a set ofkeywords. (Move to step E)


Keyword or a setof Keywords

Mapping withCyBOK

Knowledge Trees

� CyBOKIntroduction CI Foundational

ConceptsDe�nition ofcyber security

Protecting YourComputer and its

Contents

Found andRecorded

�


Aspects

POR Control ***

PrivacyGuidelines

(privacy policyinterpretability)

Found andRecorded

�� Attacks andDefences AB, LR Characterisation

of Adversaries

cyber-enabledcrime vs

cyber-dependentcrime OR

interpersonalcrimes OR

cyber-enabledorganised crime

ORcyber-dependentorganised crime

Internet Fraud

Found andRecorded

(Selected AB asrelevant)

�� Attacks andDefences F

De�nitions andconceptualmodels

Legal Concernsand the Daubert

Standard

EvidentiaryReporting

Found andRecorded


Knowledge:Intelligence and

analytics*** Reconnaissance Found and

Recorded


Processes SAFECode Software Designand Architecture

Found andRecorded


Processes SAFECode Software Testing Found andRecorded

�� Software andPlatform Security WAM


Webi�cation The Web Model Found andRecorded

�� Software andPlatform Security WAM


Webi�cation HTML� Security Found andRecorded

Step E:– Complete �nalmissing keywords using the Tabular representation of CyBOK broadcategories, knowledge areas and their description: –

If the keywords or a set of keywords are not found in any of the materials provided to supportthe mapping process then identify the most relevant knowledge area using this documentand then record the relevant KA.

Not Applicable - All the keywords have been mapped by using Step A to D

CyBOK Mapping Framework for NCSC Certi�ed Degrees | June �� Page ��


�.� Finalising Phase:This phase is a result of the mapping process; the results are transferred from the varioustables to the Final table. It will be helpful to �ll Table (�.�) in the application for NCSCcerti�cation. Table (�.�) is required as a part of the application for NCSC certi�cation.

Broad Category KA Topic Indicative MaterialKeyword/ Set ofKeywords/Course

keywords

CyBOK Introduction CI Foundational Concepts De�nition of cybersecurity

Protecting YourComputer and its

Contents

Infrastructure Security NS Network Defence Tools ***Securing computernetworks - Basics of

networkingSoftware and Platform

Security SS Categories ofvulnerability CVEs and CWEs Compromised

Computers

System Security C Public key cryptography ***Secure Communicationsand Information Security

Best PracticesHuman, Organisationaland Regulatory Aspects POR Control *** Privacy Guidelines

Human, Organisationaland Regulatory Aspects POR Control *** Privacy

Human, Organisationaland Regulatory Aspects LR Intellectual Property

Understandingintellectual property ORCatalogue of intellectual

property rights

Intellectual Property

Human, Organisationaland Regulatory Aspects LR Ethics Codes of conduct Professional Ethics

Human, Organisationaland Regulatory Aspects POR Privacy technologies

and democratic valuesCensorship resistanceand freedom of speech Freedom of Speech

Infrastructure Security NS Network protocols andvulnerability

Common networkattacks Ethical Hacking

Human, Organisationaland Regulatory Aspects LR Intellectual Property Catalogue of intellectual

property rights Trademarks

Attackafe and Defences AB Characterisation ofAdversaries

cyber-enabled crime vscyber-dependent crimeOR interpersonal crimes

OR cyber-enabledorganised crime ORcyber-dependentorganised crime

Internet Fraud

Attacks and Defences F De�nition andconceptual model Digital (forensic) trace Electronic Evidence

Human, Organisationaland Regulatory Aspects LR Computer Crime Crimes against

information systems Cybercrimes

Attacks and Defences F De�nition andconceptual model Forensic science Forensic Technologies

Attacks and Defences F

Main Memory ForensicsOR Operating SystemAnalysis OR Cloud

Forensics

*** Digital EvidenceCollection

Attacks and Defences F De�nitions andconceptual models

Legal Concerns and theDaubert Standard Evidentiary Reporting

Systems Security AAA Authorisation Access Control Layered Defense

Attacks and Defences SOIM Knowledge: Intelligenceand analytics *** Reconnaissance

Attacks and Defences SOIM Knowledge: Intelligenceand analytics Cyber-threat intelligence Outsider Threat

ProtectionSoftware and Platform

Security SSL Prescriptive Processes SAFECode Software Construction



Software and PlatformSecurity SSL Prescriptive Processes SAFECode Software Design and

ArchitectureSoftware and Platform

Security SSL Prescriptive Processes SAFECode Software Testing

Software and PlatformSecurity SSL Prescriptive Processes SAFECode Methodologies

Software and PlatformSecurity WAM Fundamental concepts

and approaches Webi�cation The Web Model


and approaches Cookies Cookies


and approaches Webi�cation HTML� Security

Attacks and Defences RMGBusiness Continuity:

Incident Response andRecovery Planning

***Managing a BusinessInformation Continuity

Plan

Software and PlatformSecurity SS

Categories ofVulnerabilities (SS) OR

Prevention ofVulnerabilities,

*** Vulnerabilities andcontrol

Human, Organisationaland Regulatory Aspects RMG

Business continuity:incident response and

recovery planning*** Continuity Plan

Human, Organisationaland Regulatory Aspects RMG Risk Assessment and

Management PrinciplesRisk assessment andmanagement methods

Asset Evaluation andBusiness Impact

AnalysisHuman, Organisationaland Regulatory Aspects RMG Risk De�nition Risk assessment Risk Identi�cation

Human, Organisationaland Regulatory Aspects RMG Risk Assessment and

Management Principles Security metrics Risk Quanti�cation



recovery planning*** Risk Response

development and control

Human, Organisationaland Regulatory Aspects RMG Risk Governance Enacting security policy Security Policy



recovery planning*** Compliance and

Business Continuity

Attacks and Defences SOIM Human Factors: IncidentManagement

Prepare: incidentmanagement planning Incident preparation


Prepare: incidentmanagement planning

Incident Detection andAnalysis

Attacks and Defences SOIM Human factors: incidentmanagement

Handle: actual incidentresponse

Containment,Eradication, and

Recovery


Follow up - Post-incidentactivities

Post-incident cyberservices

Note :- Some topics are too broad to be covered in a single KA, therefore if terms are sobroad, they can’t be mapped without more context. It is better to consider the context andthen record the appropriate Indicate Material, Topic, Knowledge Areas and Broad Category.*** Indicated that there is no direct mapping of keyword with Indicative material but with Topiccoverage.



� SOURCE OF MODULE CONTENTShttps://professional.mit.edu/course-catalog/applied-cybersecurity


cybok mapping framework for ncsc certi ed degrees guidance ...€¦ · certication. table (.) is...

Documents