<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Mapping Foundational Knowledge in Cybersecurity</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Kalinka Kaloyanova</string-name>
          <email>kkaloyanova@fmi.uni-so</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Faculty of Mathematics and Informatics University of Sofia St. Kliment Ohridski 5 James Bourchier Blvd.</institution>
          ,
          <addr-line>1164, Sofia</addr-line>
          ,
          <country country="BG">Bulgaria</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Institute of Mathematics and Informatics, Bulgarian Academy of Sciences</institution>
          ,
          <addr-line>Acad. G. Bonchev Str., Block 8, 1113 Sofia</addr-line>
          ,
          <country country="BG">Bulgaria</country>
        </aff>
      </contrib-group>
      <fpage>108</fpage>
      <lpage>114</lpage>
      <abstract>
        <p>Various cybersecurity curricular guidelines were announced during the last several years. These are the results from common efforts of many organizations, universities, professional bodies, practitioners, etc. This paper considers fundamental cybersecurity knowledge and its presentation in order to help educators to prepare new educational programs. In recent years, many universities have been included cybersecurity as an important element at different levels of their education programs. Various courses and completed programs were developed. They are based on the basic recommendations provided by a number of cybersecurity frameworks and educational guidelines, produced from different professional organizations, academic and practitioners. As different frameworks emphasize different topics, a complex view on the fundaments in cybersecurity is needed. Cyber Security Body of Knowledge (CyBOK), version 1.0, announced at the end of 2019, presents such a comprehensive understanding of foundational cybersecurity knowledge and provide it into several main categories and a number of knowledge areas [1]. In this paper, we discuss the main categories and knowledge areas recognized by CyBOK, and their correspondence to the educational requirements at university level. The last ones are best represented through the CSEC2017 curriculum [3].</p>
      </abstract>
      <kwd-group>
        <kwd>information security</kwd>
        <kwd>cybersecurity</kwd>
        <kwd>curricula</kwd>
        <kwd>CSEC2017</kwd>
        <kwd>Cyber Security Body of Knowledge (CyBOK)</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1 Introduction</title>
      <p>education in the field [13]. In a number of countries, the development of national
cybersecurity programs has begun [14], [16].</p>
      <p>
        Many project and common efforts of different groups of educators,
practitioners, national and professional organizations led to the publication of
a number of frameworks and guidelines in cybersecurity. Widespread among
them are the NICE Cybersecurity Workforce Framework, published by the U.S.
National Initiative on Cybersecurity Education (NICE) [12], the National Centers
of Academic Excellence in Cyber Defense (CAE-CD) Designation Program
Guidance [
        <xref ref-type="bibr" rid="ref11">11</xref>
        ], IISP Knowledge Framework [
        <xref ref-type="bibr" rid="ref9">9</xref>
        ].
      </p>
      <p>
        Several cybersecurity curricula were also announced. The Cybersecurity
Curricular Guideline CSEC2017 presents the result of the work of several
organizations - ACM, IEEE Computer Society, AIS SIGSEC, and IFIP WG 11
[
        <xref ref-type="bibr" rid="ref4">4</xref>
        ]. The curriculum recommendations provided here could be used to supplement
the established computer science and computer engineering disciplines [
        <xref ref-type="bibr" rid="ref3">3</xref>
        ].
      </p>
      <p>
        The Cybersecurity: A Generic Reference Curriculum is “the result of the work
of multinational team of volunteer academics and researchers drawn from 17
nations associated with Partnership for Peace Consortium (PfPC) Emerging
Security Challenges Working Group” [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ]. The generic guidelines provided by all
these documents can be used when particular programs and courses are created
for scholars, students and workers.
      </p>
      <p>
        Among the various cybersecurity frameworks and guidelines, CSEC2017
[
        <xref ref-type="bibr" rid="ref3">3</xref>
        ] could be most easily adopted for a university cybersecurity program [
        <xref ref-type="bibr" rid="ref11">11</xref>
        ].
First, it is more acceptable for universities due to the close connections with
other computing curricula that are periodically defined by ACM (Association for
Computing Machinery), IEEE (Institute of Electrical and Electronics Engineers),
and AIS (Association for Information Systems) [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ]. Second, it provides
recommendations using traditional categories like knowledge areas, knowledge
units, topics, etc.
      </p>
      <p>
        Due to the rapid development of cybersecurity, the basic knowledge in this
field is not well structured, yet. Plenty of books, scientific and white papers, blogs,
etc. presents different aspects of the field [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. It is not easy for teachers, students
and even professionals to choose the most appropriate resources that should be
used for each specific case, even when they follow curricula recommendations
[15], [17].
      </p>
      <p>
        Cyber Security Body of Knowledge (CyBOK) is trying to fill this gap
exploring and systemizing the knowledge obtained from the existing resources
(papers, technical documents, standards, reports, etc.) that can assist cybersecurity
education. As CyBOK v.1.0 identifies definitions, explanation, examples in
cybersecurity area, it complements other curricula recommendations and assists
educators in creating new cybersecurity educational units.
While most of the above presented documents and frameworks, especially
curricula guidelines, aim to develop cybersecurity educational programs, the
main goal of the Cyber Security Body of Knowledge (CyBOK) [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ] project is to
systemize the existing knowledge in the field and to serve as common information
resource for these educational programs. To achieve its main goal, the current
version – CyBOK v1.0 determines a number of knowledge areas (KA) grouped
under the following five categories [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ]:
• Human, Organizational and Regulatory aspects;
• Attacks and Defenses;
• Software and Platform Security;
• System Security;
• Infrastructure Security.
      </p>
      <p>All categories consist of four knowledge areas, except Software and Platform
Security category, which consists of three.</p>
      <p>Security management systems and organizational security controls are
the focus of the first category - Human, Organizational and Regulatory
aspects. Formulating four substantial knowledge areas - Risk Management
and Governance, Law and Regulation, Human Factors and Privacy and Online
Rights, this category addresses the security issues at the organizational level.
Also is addressed the application of instruments like procedures, standards,
organizational policies to mitigate risks.</p>
      <p>The second category Attack and Defense refers to more technical issues
and analyses. The technical aspects of computer attacks and malicious software
and hardware are discussed in Malware and Attack Technologies knowledge
area. The next knowledge area Adversarial Behaviors presents specific aspects
of cybercrime such as behavior of the attackers, their motives and methods
used and cybercrime relation with economics and society. The technical aspects
of operational security (system management, security monitoring) and how
to respond to the incident management are covered by Security Operations &amp;
Incident Management. The last knowledge area in this category – Forensics,
concerns the work with digital evidence of security events and crimes.</p>
      <p>Software engineering and security aspects are in the focus of Software and
Platform Security category. The role of the security in the system development
life cycle is marked in Secure Software Lifecycle knowledge area. Specific
programming practices leading to security faults and techniques improving
software security are the subject of knowledge area Software Security. In
addition, particular issues concerning security of web application are Web and
Mobile Security.</p>
      <p>The Systems security category introduce fundamental concepts of
cryptography, algorithms, and proof techniques through the Cryptography
knowledge area. The other KA - Operating Systems and Virtualization Security
presents the protection mechanism to ensure the security at operation systems
level. The case security issues of different large-scale distributed systems
were discussed in more details the Distributed Systems Security area. The
Authentication, Authorization &amp; Accountability knowledge area focuses on
the identification management discussing technics and technologies for user
identification and user authorization.</p>
      <p>Network Security, Hardware Security, Cyber-Physical Systems Security and
Physical Layer Security knowledge areas belong to the Infrastructure security
category. Each of these four knowledge areas cover security issues at different
sides of the physical infrastructure – hardware security, different computational
devices, networking and telecommunications protocols, etc.</p>
      <p>The chosen topics demonstrate not only the breath of scope CyBOK, but also
the significant efforts to finding a balance between the more rigorous academic
forms and the practical orientation, demanded by the industry.</p>
      <p>
        Despite the presenting variety of topics, this is not the last version of the
CyBOK and the process for change requests have already started [
        <xref ref-type="bibr" rid="ref2">2</xref>
        ].
      </p>
    </sec>
    <sec id="sec-2">
      <title>4 A Comparison of the frameworks</title>
      <p>As the nineteen CyBOK knowledge areas are organized into five categories these
categories could be easily used for the correspondence with the eight knowledge
areas of CSEC2017 curricula. This comparison is presented in Table 1.
Component security
Connection security</p>
      <p>Infrastructure Security
Human security Human, Organizational
Organizational security and Regulatory Aspects
Societal security
Software Security
Web &amp; Mobile Security
Secure Software Design &amp;
Development
Security Operations &amp; Incident
Management
Network Security
Hardware Security
Cyber-Physical Systems Security
Physical Layer Security
Human Factors
Law &amp; Regulation
Privacy &amp; Online Rights
Risk Management &amp; Governance</p>
      <p>
        Even at such high-level, the parallel, presented in Table 1, demonstrates that
CyBOK categories and knowledge areas could be successfully used as a basis for
comparison with CSEC 2017 knowledge areas [
        <xref ref-type="bibr" rid="ref3">3</xref>
        ].
      </p>
      <p>As the CSEC2017 knowledge areas are further broken down into knowledge
units, these units could be used for the next step of the compliance. The topics
in CSEC2017, present more detailed pieces of knowledge (Attacks, Malware,
Forensics, Cryptography, etc.) and they could be used for finding correspondence
within the content of CyBOK knowledge areas. In some cases, the CSES2017
essentials, listed at the beginning of each KA could be used to find parallels, as
they present the essential concepts presented in units and modules.</p>
      <p>We applied this approach in the case of CSEC2017 knowledge area
Component Security - it does not match directly to any of the CyBOK categories.
Instead, we could find the correspondence with the Security Operations &amp; Incident
Management, which is a part of Attacks and Defenses Category, as well with
particular elements from other areas. For example, supply chain management
(one of the essentials of Component security) is discussed in CyBOK within the
Adversarial Behaviors area.</p>
      <p>It can be seen that CSEC 2017 content is fully addressed by the CyBOK
knowledge areas. The topics are covered in a balanced manner. In the case,
where specific knowledge is needed, the CyBOK presents the latest research
in the field. For example, in Cryptography contemporary theoretical results in
quantum algorithms and calculations are examined.</p>
      <p>Not only technical, but also human, organizational and law aspects are
explored in both documents. The CyBOK provides an international perspective
on regulatory requirements and online rights, but it lists noted technologies for
protecting data and user privacy. In this way, it draws attention to wider
sociotechnical view and covers the issues, discussed in the last tree CSEC2017 areas.</p>
    </sec>
    <sec id="sec-3">
      <title>5 Conclusions</title>
      <p>In this paper, we explore the CyBOK approach for knowledge areas in cybersecurity
and show its applicability to educational process. As a comprehensive store
of established knowledge sets, including papers, documents and many other
references, it is the best starting point for universities and other academic
institutions when creating their educational programs. The presented accordance
with CSEC2017 will assists educators in preparing courses and other teaching
materials. For all organizations, it could be a good foundation to enhance their
own IT security management.</p>
    </sec>
    <sec id="sec-4">
      <title>Acknowledgements</title>
      <p>This paper is partially supported by the National Scientific Program “Information
and Communication Technologies for a Single Digital Market in Science,
Education and Security (ICTinSES)”, financed by the Ministry of Education and
Science.
12. Newhouse, William et al., National Initiative for Cybersecurity Education (NICE) Cybersecurity</p>
      <p>Workforce Framework, https://doi.org/10.6028/NIST.SP.800-181, 2017.
13. Orozova D., Kaloyanova K, Todorova M., Introducing Information Security Concepts and</p>
      <p>Standards in Higher Education, TEM Journal. Volume 8, Issue 3, pp. 1017-1024, August 2019.
14. Savoska S., Tozievska V., Computer crime forms and mechanism for security and protection,
Proc. of ISGT2018, Sofia, Bulgaria, November 16-17, 2018, CEUR-WS.org, online
CEURWS.org/Vol-2464/paper7.pdf, last accessed 2020/02/18.
15. Shalamanov V., Penchev G., Academic Support to Cyber Resilience: National and Regional</p>
      <p>Approach, Computer and Communications Engineering. 13, No. 2: pp. 73-80, 2019.
16. Sharkov G., Papazov, Todorova K., Koykov G., Georgiev M. and Zahariev G., Cyber Threat
Map for National and Sectoral Analysis, Computer and Communications Engineering. 13, No.
2: pp. 29-32, 2019.
17. Trifonov R., Nakov O., Manolov S., Popov, G., Tsochev, G. and Pavlova, G., Framework for
the Development of Cybersecurity Training Programs for Students of Engineering Specialties,
Related to Computer Systems and Information Technologies, Computer and Communications
Engineering. 13, No. 2: pp. 65-68, 2019.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          1.
          <string-name>
            <surname>About</surname>
            <given-names>CyBOK</given-names>
          </string-name>
          ,
          <article-title>Aims of the CyBOK project</article-title>
          , https://www.cybok.org/about/,
          <source>last accessed</source>
          <year>2020</year>
          /05/11.
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          2.
          <string-name>
            <surname>Change-</surname>
          </string-name>
          requests
          <string-name>
            <surname>-</surname>
          </string-name>
          now-welcome, https://www.cybok.org/news/change-requests
          <string-name>
            <surname>-</surname>
          </string-name>
          now-welcome,
          <source>last accessed</source>
          <year>2020</year>
          /03/25.
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          3. CSEC2017,
          <article-title>Cybersecurity Curricula 2017 Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity, Version 1</article-title>
          .0, https://www.acm.org/binaries/content/ assets/ education/curricula-recommendations/csec2017.pdf,
          <source>last accessed</source>
          <year>2020</year>
          /04/21.
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          4. CSEC_Overview, http://www.ncsl.org/ documents/taskforces/ CSEC_Overview.pdf,
          <source>last accessed</source>
          <year>2020</year>
          /04/22.
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          5.
          <string-name>
            <given-names>Curricula</given-names>
            <surname>Recommendations</surname>
          </string-name>
          , https://www.acm.org/education/curricula-recommendations
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          6.
          <string-name>
            <surname>Cybersecurity</surname>
          </string-name>
          .
          <article-title>A Generic Reference Curriculum</article-title>
          . https://pfp-consortium.org/ index.php/pfpcproducts/education-curricula/item/262-cybersecurity-reference-curriculum,
          <source>last accessed</source>
          <year>2020</year>
          /04/08.
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          7.
          <string-name>
            <surname>CyBOK</surname>
            <given-names>V.</given-names>
          </string-name>
          <year>1</year>
          .0, https://www.cybok.org/media/downloads/,
          <source>last accessed</source>
          <year>2020</year>
          /02/20. CyBOK_ version_1.0_
          <issue>YMKBy7a</issue>
          .pdf,
          <source>last accessed</source>
          <year>2020</year>
          /02/18.
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          8.
          <string-name>
            <surname>Dimitrov</surname>
            ,
            <given-names>V.</given-names>
          </string-name>
          ,
          <article-title>Semantics of Vulnerabilities and Intelligent Search</article-title>
          , Computer and Communications Engineering, Vol.
          <volume>13</volume>
          , No.
          <issue>2</issue>
          , pp.
          <fpage>20</fpage>
          -
          <lpage>25</lpage>
          ,
          <year>2019</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          9.
          <string-name>
            <given-names>IISP</given-names>
            <surname>Knowledge</surname>
          </string-name>
          <article-title>Framework</article-title>
          .
          <source>Report, IISP</source>
          ,
          <year>2017</year>
          . https:// www.iisp.org/imis15/iisp/ About_Us/Our_Knowledge_Framework/iisp/About_Us/Our_Knowledge_Framework. aspx?hkey=
          <fpage>6e8644f9</fpage>
          -fc2f
          <string-name>
            <surname>-</surname>
          </string-name>
          4f53-
          <fpage>9784</fpage>
          -b0fb2dba5e8b, last accessed
          <year>2020</year>
          /04/21.
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          10. ISO/IEC 27000:
          <string-name>
            <surname>2018(E):</surname>
          </string-name>
          <article-title>Information technology - Security techniques - Information security management systems - Overview and vocabulary</article-title>
          . Standard. ISO/IEC, Switzerland
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          11. NIETP programs, http://www.iad.gov/NIETP/CAERequirements.cfm,
          <source>last accessed</source>
          <year>2020</year>
          /04/19
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>