Table Of ContentThe Cyber Security
Body of Knowledge
Version1.1.0
31st July2021
https://www.cybok.org/
EDITORS
Awais Rashid University of Bristol
Howard Chivers University of York
Emil Lupu Imperial College London
Andrew Martin University of Oxford
Steve Schneider University of Surrey
PROJECT MANAGERS
Helen Jones University of Bristol
Yvonne Rigby University of Bristol
PRODUCTION
Chao Chen University of Bristol
Joseph Hallett University of Bristol
TheCyberSecurityBodyOfKnowledge
www.cybok.org
COPYRIGHT
© Crown Copyright, The National Cyber Security Centre 2021. This information is licensed
undertheOpenGovernmentLicencev3.0.Toviewthislicence,visit:
https://www.nationalarchives.gov.uk/doc/open-government-licence/
WhenyouusethisinformationundertheOpenGovernmentLicence,youshouldincludethe
followingattribution:CyBOKVersion1.1.0©CrownCopyright,TheNationalCyberSecurity
Centre2021,licensedundertheOpenGovernmentLicence:https://www.nationalarchives.gov.uk/
doc/open-government-licence/.
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes
of education, training, course development, professional development etc. to contact it at
[email protected].
KA |July2021 Page2
TheCyberSecurityBodyOfKnowledge
www.cybok.org
CHANGELOG
Introduction
Versiondate Versionnumber Changesmade
July2021 1.1.0 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;addedreferencestonewKAs;updated diagram;
removedFormalMethodscross-cuttingtopic.
October2019 1.0
Risk Management and Governance
Versiondate Versionnumber Changesmade
July2021 1.1.1 Amended“issue”to“version”
March2021 1.1.0 Updated copyright statement; added new section on
VulnerabilityManagement;correctedtypos
October2019 1.0
Law & Regulation
Versiondate Versionnumber Changesmade
July2021 1.0.2 Amended“issue”to“version”;correctedtypos
March2021 1.0.1 Updatedcopyrightstatement;inSection3.6.6amended
“contactingparties” to“contractingparties”
October2019 1.0
Human Factors
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
Privacy & Online Rights
Versiondate Versionnumber Changesmade
July2021 1.0.2 Amended“issue”to“version”;correctedtypos
March2021 1.0.1 Updated copyright statement; amended spelling error
in Section 5.1.2: “patters” to “patterns”; added missing
wordinSection5.1.2:“Onthehand”to“Ontheonehand”
October2019 1.0
KA |July2021 Page3
TheCyberSecurityBodyOfKnowledge
www.cybok.org
Malware & Attack Technologies
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
Adversarial Behaviours
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
Security Operations & Incident Management
Versiondate Versionnumber Changesmade
July2021 1.0.2 Amended“issue”to“version”;correctedtypos
March2021 1.0.1 Updatedcopyrightstatement;updatedSOARacronym
to Security Orchestration, Automation and Response;
amended Section 8.1.2 from “analysts man consoles”
to“analystsmonitorconsoles”
October2019 1.0
Forensics
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
Cryptography
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
KA |July2021 Page4
TheCyberSecurityBodyOfKnowledge
www.cybok.org
Operating Systems and Virtualisation
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
Distributed Systems Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
Formal Methods for Security
Versiondate Versionnumber Changesmade
July2021 1.0
Authentication, Authorisation & Accountability
Versiondate Versionnumber Changesmade
July2021 1.0.2 Fixedtypographicalissuesinabstract;amended“issue”
to“version”
March2021 1.0.1 Updated copyright statement; removed AAA abbrevia-
tionfromKAtitle;addedfootnoteregardinguseofthe
acronymAAA
October2019 1.0
Software Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
KA |July2021 Page5
TheCyberSecurityBodyOfKnowledge
www.cybok.org
Web & Mobile Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
Secure Software Lifecycle
Versiondate Versionnumber Changesmade
July2021 1.0.2 Amended“issue”to“version”;correctedtypos
March2021 1.0.1 Updated copyright statement; amended Section 17.4
from “Four assessment approaches are described in
this section” to “Three assessment approaches are de-
scribedinthissection”
October2019 1.0
Applied Cryptography
Versiondate Versionnumber Changesmade
July2021 1.0
Network Security
Versiondate Versionnumber Changesmade
July2021 2.0 Major revision with restructuring to place the network
protocoldiscussioninawidercontextandmentionofa
broaderrangeofnetworkarchitectures.
October2019 1.0
Hardware Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
KA |July2021 Page6
TheCyberSecurityBodyOfKnowledge
www.cybok.org
Cyber-Physical Systems Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”
October2019 1.0
Physical Layer and Telecommunications Security
Versiondate Versionnumber Changesmade
July2021 1.0.1 Updatedcopyrightstatement;amended“issue”to“ver-
sion”;amendedtypos
October2019 1.0
KA |July2021 Page7
TheCyberSecurityBodyOfKnowledge
www.cybok.org
KA |July2021 Page8
Preface
WearepleasedtoshareCyBOKVersion1.1.0withyou.ThisversionhasaddedtwonewKnowl-
edgeAreastoCyBOK:AppliedCryptography andFormalMethodsforSecurity.Italsoincludes
amajorrevisiontoNetworkSecurity,aminorrevisiontoRiskManagement&Governanceand
a host of small typographical fixes. We have also added an extensive index of terms as a
lookupmechanism.
CyBOK1.1.0isacontinuationofthejourneythatbeganonthe1stofFebruary2017,whenwe
startedourScopingPhase(PhaseI).Thisinvolvedarangeofcommunityconsultations,both
within the UK and internationally, through a number of different activities designed to gain
inputfromaswideanaudienceaspossible.Theactivitiesincluded:
• 11communityworkshopswith106attendeesacrosstheUK;
• 44responsesthroughanonlinesurvey;
• 13positionstatements;
• 10in-depthinterviewswithkeyexpertsinternationallyacrossthesocio-technicalspec-
trumofcybersecurity;and
• 28responsestoapaper-basedexerciseaspartofapanelattheAdvancesinSecurity
EducationWorkshopattheUSENIXSecuritySymposium2017inVancouver,Canada.
Therewasabalanceofinputsfromacademiaandpractitionersacrossmostoftheseconsul-
tations.
Wecomplementedtheconsultationswithanalysisofanumberofdocumentsthattypically
listkeytopicsrelevanttocybersecurity.Exampledocumentsincluded:
• Categorisations,suchastheACMComputingClassificationSystem(CCS)taxonomy;
i
TheCyberSecurityBodyOfKnowledge
www.cybok.org
• Certifications,suchasCertifiedInformationSystemsSecurityProfessional(CISSP)and
theInstituteofInformationSecurityProfessionals(IISP)SkillsFramework;
• CallsforpaperssuchasIEEESymposiumonSecurity&PrivacyandUSENIXSymposium
onUsablePrivacyandSecurity;
• Existingcurricula,suchastheACMcomputersciencecurriculumandtheworkofthe
JointTaskForceonCybersecurityEducation;
• Standards,suchasBSISO-IEC270322021andNISTIR7298;and
• Tablesofcontentsofvarioustextbooks.
We used a variety of text-mining techniques, such as natural language processing and au-
tomatictextclusteringtogrouprelevanttopicsandidentifyrelationshipsbetweentopics.A
two-day workshop of the editors and researchers involved in the scoping synthesised the
variousanalysestoidentifythe19KnowledgeAreas(KAs)thatformedthescopeofCyBOK
Version 1.0. These were published for community feedback. Although none of the 19 KAs
neededtoberemovedornewonesaddedonthebasisofthefeedback,thetopicstobecov-
eredundereachKAwererefined.TheKAswerealsocategorisedintofivetop-levelcategories.
Version 2.0 of the Scope document was published on the CyBOK website in October 2017
andformedthebasisoftheKAsinCyBOKVersion1.0.Thedetailsofthescopingworkare
discussedinthefollowingarticle:
AwaisRashid,GeorgeDanezis,HowardChivers,EmilLupu,AndrewMartin,MakaylaLewis,
ClaudiaPeersman(2018).ScopingtheCyberSecurityBodyofKnowledge.IEEESecurity
&Privacy16(3):96-102.
InPhaseII(whichstartedonthe1stofNovember2017),theauthoringofthe19KAsbegan.
For each KA, we drew up a list of internationally recognised experts on the topic as candi-
date authors and panels of reviewers. These lists were scrutinised by the CyBOK project’s
Professional Advisory Board and Academic Advisory Board. Following their input, and any
updates,weinvitedaleadinginternationalexperttoauthoreachKAandasetofkeyexperts
as members of a peer-review panel to provide review and feedback on the KA, under the
managementofoneoftheCyBOKeditors.
Eachauthorpreparedastrawmanproposalforinitialreviewandfeedbackbytheexpertpeer-
reviewpanel.Thiswasfollowedbyafulldraft(woodenman),whichwasreviewedbythepanel,
generatingfeedbackfortheauthors—andoftenmultipleiterationsofdiscussionandupdates.
Once all feedback from the review panel had been addressed, the author prepared a draft
for public review (tinman)1. The public review for each KA remained open for 4 weeks. All
commentsreceivedfromthepublicreviewwereconsideredand,whereappropriate,updates
weremadetotheKA.Ifacommentwasnotaddressed,aclearrationalewasrecordedforthe
decision.Followingtheseupdates,Version1.0oftheKAwasreleasedontheCyBOKwebsite.
ThesecollectivelyformedtheCyBOKVersion1.0.
InadditiontotheauthoringoftheKAs,workwasundertakenbytheprojectteamtoidentify
learning pathways through CyBOK. This involved analysis of a number of curricular frame-
works,professionalcertificationsandacademicdegreeprogrammestostudytheircoverage
1DuetothetimeconstraintsforPhaseII,thepanelandpublicreviewsforWeb&MobileSecurityandAuthen-
tication,Authorisation&Accountabilitywereconductedinparallel.
|July2021 Pageii
