Introducing the Information Technology Security Essential Body of Knowledge Framework

Abstract The National Strategy to Secure Cyberspace spurred the development of the Essential Body of Knowledge (EBK) for Information Technology Security. The key feature of this security tool is its ability to act as a framework for analyzing institutional security training needs and managing security workforce development. This is accomplished through a series of steps that map security personnel roles, competency areas, and functional perspectives to an industry accepted matrix of organizational security needs. By capturing the human resource and functional elements of security, the EBK acts as a distillation of best practice, laid out in generic form ready for implementation across a wide spectrum of organizations. This paper introduces the EBK, explains its form and content, and demonstrates how to transition from the generic framework to functional model that is useful in determining organizational security structure and helpful for managing security personnel training and future security needs.

[1]  Frederic P. Miller,et al.  ANSI escape code: ANSI art, Control character, AVATAR, Computer terminal, American National Standards Institute, International Organization for Standardization, ... International Electrotechnical Commission , 2009 .

[2]  Albert L. Harris,et al.  The impact of information richness on information security awareness training effectiveness , 2009, Comput. Educ..

[3]  Jonathan Zittrain,et al.  Law and technologyThe end of the generative internet , 2009, CACM.

[4]  R. Sharman,et al.  Social and Human Elements of Information Security: Emerging Trends and Countermeasures , 2008 .

[5]  Dimitris Gritzalis,et al.  A CBK for Information Security and Critical Infrastructure Protection , 2007, World Conference on Information Security Education.

[6]  P. Bowen,et al.  Information Security Guide for Government Executives , 2007 .

[7]  R. Kelly Rainer,et al.  The Top Information Security Issues Facing Organizations: What Can Government Do to Help? , 2006, Inf. Secur. J. A Glob. Perspect..

[8]  Lynn F. Fischer,et al.  Development and Application of Skill Standards for Security Practitioners , 2006 .

[9]  Eoghan Casey,et al.  Investigating sophisticated security breaches , 2006, CACM.

[10]  Rebecca T. Mercuri Challenges in forensic computing , 2005, CACM.

[11]  B. Allenby,et al.  Toward Inherently Secure and Resilient Societies , 2005, Science.

[12]  J. Chenoweth Computer Security: 20 things Every Employee Should Know. New York. , 2005 .

[13]  Suvojit Choton Basu,et al.  Information Assurance Technical Framework and End User Information Ownership: A Critical Analysis , 2005 .

[14]  Eugene H. Spafford,et al.  PFIRES: a policy framework for information security , 2003, CACM.

[15]  G. Goth Questions about strategy to secure cyberspace , 2003, IEEE Security & Privacy Magazine.

[16]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[17]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[18]  Corey D. Schou,et al.  A Model for Information Assurance : An Integrated Approach , 2001 .

[19]  Gilda Pour,et al.  The push to make software engineering respectable , 2000, Computer.

[20]  Alain Abran,et al.  The Guide to the Software Engineering Body of Knowledge , 1999, IEEE Softw..

[21]  Walter Guido Vincenti,et al.  What Engineers Know and How They Know It: Analytical Studies from Aeronautical History by Walter G. Vincenti , 1992, Technology and Culture.

[22]  W. Duncan A GUIDE TO THE PROJECT MANAGEMENT BODY OF KNOWLEDGE , 1996 .

[23]  Walter G. Vincenti,et al.  What Engineers Know and How They Know It: Analytical Studies from Aeronautical History. , 1992 .