UK-led team paves the way for a cyber-secure future
Press release issued: 9 January 2020
With more of the world’s businesses, governments and general population turning to online services, there has never been a more pressing need to understand and tackle the risk of cyber threats. That need is heightened by the historic lack of an authoritative, universally-agreed body of rigorously tested knowledge, prompting a global team of leading researchers to pool their expertise in a new, open source resource.
The Cyber Security Body of Knowledge (CyBOK), the first project of its kind and led by academics from the University of Bristol, was launched this week at London’s Science Museum, at an event attended by over 50 leading cyber security experts from academia and industry.
Funded by the UK’s National Cyber Security Programme and initiated by the National Cyber Security Centre (NCSC), CyBOK is the culmination of three years’ work and aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts.
The project represents a major landmark and unique resource that could help industry to future proof new developments, while also ensuring the next generation of students and researchers have a solid foundational understanding of the field.
The launch marks the latest stage of the project as researchers seek to share these new resources by way of laying the foundations of best practice in cyber security. Over the next 15 months, the CyBOK guide along with several free resources including webinars, podcasts and knowledge trees will be actively distributed to those designing university education and professional training courses in the UK and globally. This will be done under the stewardship of an international steering committee comprising experts from industry, professional bodies and academia.
Digital Minister Matt Warman said: “It’s vital that organisations across the UK have access to the skilled cyber security individuals they need so their online systems are resilient and secure. The launch of the Government-funded CyBOK means those interested in the cyber industry will now be able to access a single source of information to help them enter and develop their careers in the profession. This is a major milestone with academia, industry and government working together to set out what a cyber security professional needs to know to succeed in the industry."
Project lead Awais Rashid, Professor of Cyber Security from the University of Bristol’s Department of Computer Science, said: “Millions of us conduct our professional and personal lives online so it’s vital that we ensure that our transactions are conducted safely and securely.
“Despite rapid growth in the area of cyber security, there has been a disproportionate skills gap in terms of understanding and responding to the risks involved in our 24-7-365 interconnected world.
“One of the driving motivations for this project was a professional desire to fill that gap and create something that would be of practical, tried and tested use to educators, students, industry and anyone else actively involved in this field. CyBOK is the first project of its kind to offer a consolidated body of knowledge that can become a universal guidebook and authoritative reference tool.”
The 854-page CyBOK guide is as substantive and vast in scope as it is in size, covering everything from the role of human agency in compromising and safeguarding systems, to the importance of protecting critical national infrastructures from cyber-attacks.
The guide provides a thorough overview of the strengths, limitations and implications of issues such as risk management and governance, law and regulations, privacy and online rights, malware and criminal behaviours, securing mobile and web technologies, and large networked systems, software and hardware.
“This has been a truly international effort, one that has seen authors, reviewers and expert panels work together and test their ideas as a community,” added Professor Rashid. “Our collective hope is that CyBOK will equip all sectors involved in this field to advance their knowledge and any new developments leveraging cyber security as a key differentiator to become market leaders globally.”
The Cyber Security Body of Knowledge has been designed to inform and underpin education and professional training for the cyber security sector. The CyBOK project team undertook an extensive mapping exercise and analysis of relevant texts, alongside a range of community consultations via workshops, an online survey, interviews and position papers. These activities provided an in-depth understanding of the community’s collective view of the top-level Knowledge Areas (KAs), all of which can be found in the guidebook online at https://www.cybok.org