

CyBOK: A knowledge framework for the cyber security workforce

Source: PSE Feb/March 20

Professor Awais Rashid - University of Bristol, UK

An online resource, bringing together the latest intelligence on cyber security, providing a go-to resource for information security professionals across the public sector.

Cyber security of our connected digital world is a major challenge for the foreseeable future – even more so given the shortage of qualified personnel to take on a variety of roles across a wide range of sectors and employers.

Reports from organisations such as ISC(2) estimate a global shortage of ca. 4M. The problem is compounded by the fact that, as we build increasingly complex, highly connected systems and infrastructures – for instance, smart cities, intelligent transportation, future manufacturing, smart grids – different pieces of cyber security knowledge need to be brought together when architecting, implementing, deploying and running such systems. And there isn’t a singular cyber security professional who can either fulfil all those knowledge needs or at those different stages of a system’s lifecycle.

For instance, cyber risk analysts typically require a deep understanding of risk assessment and management approaches with a broader understanding of other topics such as software, hardware and cyber physical environments as well as attack and defence techniques and human factors.

In contrast, those responsible for developing software systems are likely to require deep knowledge of software security, secure software development practices and, depending on the application context, security of web and mobile technologies or cyber-physical systems. These are not exhaustive examples but highlight that cyber security professionals with different types of knowledge are required for different roles and contexts.

Though there is a wealth of cyber security knowledge available – in the form of academic research, text books, industry reports, standards – this knowledge has historically been fragmented. Those responsible for training the cyber security workforce, for example, designers of: university-level undergraduate and postgraduate programmes, continuing professional development (CPD) programmes or professional training courses, do not have a one-stop authoritative source to identify what cyber security knowledge is relevant for particular education and training contexts and what are the key sources from which such knowledge should be drawn.

Similarly, employers need authoritative sources to identify what knowledge is required for particular roles and the specific details (for example, specific sub-topics) that can be used to establish an incoming employee’s command of that knowledge.

The Cyber Security Body of Knowledge, CyBOK, aims to address these needs by synthesising the wealth of authoritative sources into 19 knowledge areas (KAs), divided into five high-level categories. CyBOK has been developed through a rigorous process from February 2017 to October 2019 involving a wide-ranging consultation – nationally and internationally – to identify the scope of the CyBOK from which the 19 KAs were distilled.

Following this scoping work, 110 experts from academia, industry, practice and professional organisations have come together as authors, expert reviewers or advisors to develop detailed descriptions of the KAs which have been further reviewed through an open consultation process that elicited a further 1600 comments from the wider community. The result is an extensive resource – 828 pages bringing together 1839 authoritative sources.

CyBOK has many uses – ranging from the design of education programmes to underpinning development of job descriptions for roles through to benchmarking of cyber security capacity (strengths and gaps) within an organisation or a nation.

The knowledge area descriptions are complemented by knowledge trees, visual representations that act as a quick index into the topic. Webinars and podcasts are also being made available. Furthermore, an additional set of resources for those designing education and training programmes as well as job descriptions will also be released soon.

These resources are being developed for the community by the community that has engaged with this work nationally and internationally and are a key stepping stone in providing rigorous knowledge-based foundations for cyber security as a discipline and profession.

The CyBOK project is funded by the National Cyber Security Programme.


There are no comments. Why not be the first?

Add your comment

public sector executive tv

more videos >

latest public sector news

Leeds’ Clean Air Zone Plans Suspended for the foreseeable future

19/08/2020Leeds’ Clean Air Zone Plans Suspended for the foreseeable future

Leeds City Council have today (August 19) announced that their plans for a Clean Air Zone within the city may not have to go ahead due to lower e... more >
Apprenticeships on the rise across London boroughs

19/08/2020Apprenticeships on the rise across London boroughs

According to recent statistics by London Councils, apprenticeships directly created by London boroughs are up 14% on the previous  year. ... more >
Colleges set to receive £200m in Funding

19/08/2020Colleges set to receive £200m in Funding

Over 180 colleges are set to receive a share of £200m, in order to repair and refurbish buildings and campuses. The funding makes up p... more >

editor's comment

25/10/2017Take a moment to celebrate

Devolution, restructuring and widespread service reform: from a journalist’s perspective, it’s never been a more exciting time to report on the public sector. That’s why I could not be more thrilled to be taking over the reins at PSE at this key juncture. There could not be a feature that more perfectly encapsulates this... read more >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been th... more > more last word articles >
View all News

the raven's daily blog

Cleaner, greener, safer media: Increased ROI, decreased carbon

23/06/2020Cleaner, greener, safer media: Increased ROI, decreased carbon

Evolution is crucial in any business and Public Sector Executive is no different. Long before Covid-19 even became a thought in the back of our minds, the team at PSE were looking at innovative ways to deliver its content to our audience in a more dynamic and responsive manner. We’re conscious to take the time to both prot... more >
read more blog posts from 'the raven' >


Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Being on the receiving end of some “thanks” can make communit... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues that community-led initiatives are a productive way of helping to solve... more >
Aberdeen's green transport fleet attracting international attention

19/06/2019Aberdeen's green transport fleet attracting international attention

Aberdeen City Council’s hydrogen spokesperson, councillor Philip Bell, highlights the Granite City’s determination to play a leading ... more >
A fifth of public sector workers have never received a thank you from the people they serve

13/06/2019A fifth of public sector workers have never received a thank you from the people they serve

A fifth of the country’s public sector workers say they have NEVER received a ‘thank you’ for doing their job as Public Service... more >


Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need to invest in technology to help make better use of their resources. Bu... more >
Digital innovation in the public sector: The future is now

17/12/2018Digital innovation in the public sector: The future is now

One of the public sector’s key technology partners has recently welcomed a new member to its team. Matt Spencer, O2’s head of public ... more >
New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

05/11/2018New Dorset Councils CEO on the creation of a new unitary: ‘This is going to be the right decision for Dorset’

The new chief executive of one of the new unitary authorities in Dorset has outlined his approach to culture and work with employees, arguing tha... more >
Keeping the momentum of the Northern Powerhouse

15/10/2018Keeping the momentum of the Northern Powerhouse

On 6 September, the biggest decision-makers of the north joined forces to celebrate and debate how to drive innovation and improvement through th... more >

public sector focus

View all News