The Cyber Security
Body of Knowledge
Version 1.0
st
31 October 2019
https://www.cybok.org/
EDITORS
Awais Rashid University of Bristol
Howard Chivers University of York
George Danezis University College London
Emil Lupu Imperial College London
Andrew Martin University of Oxford
PROJECT MANAGER
Yvonne Rigby University of Bristol
PRODUCTION
Joseph Hallett University of Bristol
, The Cyber Security Body Of Knowledge
www.cybok.org
COPYRIGHT
© Crown Copyright, The National Cyber Security Centre 2019. This information is licensed
under the Open Government Licence v3.0. To view this licence, visit:
https://www.nationalarchives.gov.uk/doc/open-government-licence/
When you use this information under the Open Government Licence, you should include the
following attribution: CyBOK Version 1.0 © Crown Copyright, The National Cyber Security Cen-
tre 2019, licensed under the Open Government Licence: https://www.nationalarchives.gov.uk/
doc/open-government-licence/.
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of
education, training, course development, professional development etc. to contact it at con-
to let the project know how they are using CyBOK.
KA | October 2019 Page 2
,Preface
We are pleased to share CyBOK Version 1.0 with you. The journey for CyBOK began on the
1st of February 2017, when we started our Scoping Phase (Phase I). This involved a range
of community consultations, both within the UK and internationally, through a number of dif-
ferent activities designed to gain input from as wide an audience as possible. The activities
included:
• 11 community workshops with 106 attendees across the UK;
• 44 responses through an online survey;
• 13 position statements;
• 10 in-depth interviews with key experts internationally across the socio-technical spec-
trum of cyber security; and
• 28 responses to a paper-based exercise as part of a panel at the Advances in Security
Education Workshop at the USENIX Security Symposium 2017 in Vancouver, Canada.
There was a balance of inputs from academia and practitioners across most of these con-
sultations.
We complemented the consultations with analysis of a number of documents that typically
list key topics relevant to cyber security. Example documents included:
• Categorisations, such as the ACM Computing Classification System (CCS) taxonomy;
• Certifications, such as Certified Information Systems Security Professional (CISSP) and
the Institute of Information Security Professionals (IISP) Skills Framework;
• Calls for papers such as IEEE Symposium on Security & Privacy and USENIX Sympo-
sium on Usable Privacy and Security;
i
, The Cyber Security Body Of Knowledge
www.cybok.org
• Existing curricula, such as the ACM computer science curriculum and the work of the
Joint Task Force on Cybersecurity Education;
• Standards, such as BS ISO-IEC 27032 2021 and NIST IR 7298; and
• Tables of contents of various textbooks.
We used a variety of text-mining techniques, such as natural language processing and au-
tomatic text clustering to group relevant topics and identify relationships between topics. A
two-day workshop of the editors and researchers involved in the scoping synthesised the
various analyses to identify the 19 Knowledge Areas (KAs) that form the scope of the CyBOK.
These were published for community feedback. Although none of the 19 KAs needed to be
removed or new ones added on the basis of the feedback, the topics to be covered under
each KA were refined. The KAs were also categorised into five top-level categories. Version
2.0 of the Scope document was published on the CyBOK website in October 2017 and forms
the basis of the KAs in CyBOK Version 1.0. The details of the scoping work are discussed in
the following article:
Awais Rashid, George Danezis, Howard Chivers, Emil Lupu, Andrew Martin, Makayla Lewis,
Claudia Peersman (2018). Scoping the Cyber Security Body of Knowledge. IEEE Security
& Privacy 16(3): 96-102.
In Phase II (which started on the 1st of November 2017), the authoring of the 19 KAs began.
For each KA, we drew up a list of internationally recognised experts on the topic as candidate
authors and panels of reviewers. These lists were scrutinised by the CyBOK project’s Profes-
sional Advisory Board and Academic Advisory Board. Following their input, and any updates,
we invited a leading international expert to author the KA and a set of key experts as mem-
bers of a peer-review panel to provide review and feedback on the KA, under the management
of one of the CyBOK editors.
Each author prepared a strawman proposal for initial review and feedback by the expert peer-
review panel. This was followed by a full draft (woodenman), which was reviewed by the
panel, generating feedback for the authors—and often multiple iterations of discussion and
updates. Once all feedback from the review panel had been addressed, the author prepared a
draft for public review (tinman)1 . The public review for each KA remained open for 4 weeks. All
comments received from the public review were considered and, where appropriate, updates
were made to the KA. If a comment was not addressed, a clear rationale was recorded for the
reason. Following these updates, Version 1.0 of the KA was released on the CyBOK website.
These collectively form the CyBOK Version 1.0.
In addition to the authoring of the KAs, work was undertaken by the project team to identify
learning pathways through CyBOK. This involved analysis of a number of curricular frame-
works, professional certifications and academic degree programmes to study their coverage
and focus with regards to CyBOK. A first analysis of four curricular frameworks was provided
in the following paper:
1
Due to the time constraints for Phase II, the panel and public reviews for Web & Mobile Security and Authen-
tication, Authorisation & Accountability were conducted in parallel.
| October 2019 Page ii
Body of Knowledge
Version 1.0
st
31 October 2019
https://www.cybok.org/
EDITORS
Awais Rashid University of Bristol
Howard Chivers University of York
George Danezis University College London
Emil Lupu Imperial College London
Andrew Martin University of Oxford
PROJECT MANAGER
Yvonne Rigby University of Bristol
PRODUCTION
Joseph Hallett University of Bristol
, The Cyber Security Body Of Knowledge
www.cybok.org
COPYRIGHT
© Crown Copyright, The National Cyber Security Centre 2019. This information is licensed
under the Open Government Licence v3.0. To view this licence, visit:
https://www.nationalarchives.gov.uk/doc/open-government-licence/
When you use this information under the Open Government Licence, you should include the
following attribution: CyBOK Version 1.0 © Crown Copyright, The National Cyber Security Cen-
tre 2019, licensed under the Open Government Licence: https://www.nationalarchives.gov.uk/
doc/open-government-licence/.
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of
education, training, course development, professional development etc. to contact it at con-
to let the project know how they are using CyBOK.
KA | October 2019 Page 2
,Preface
We are pleased to share CyBOK Version 1.0 with you. The journey for CyBOK began on the
1st of February 2017, when we started our Scoping Phase (Phase I). This involved a range
of community consultations, both within the UK and internationally, through a number of dif-
ferent activities designed to gain input from as wide an audience as possible. The activities
included:
• 11 community workshops with 106 attendees across the UK;
• 44 responses through an online survey;
• 13 position statements;
• 10 in-depth interviews with key experts internationally across the socio-technical spec-
trum of cyber security; and
• 28 responses to a paper-based exercise as part of a panel at the Advances in Security
Education Workshop at the USENIX Security Symposium 2017 in Vancouver, Canada.
There was a balance of inputs from academia and practitioners across most of these con-
sultations.
We complemented the consultations with analysis of a number of documents that typically
list key topics relevant to cyber security. Example documents included:
• Categorisations, such as the ACM Computing Classification System (CCS) taxonomy;
• Certifications, such as Certified Information Systems Security Professional (CISSP) and
the Institute of Information Security Professionals (IISP) Skills Framework;
• Calls for papers such as IEEE Symposium on Security & Privacy and USENIX Sympo-
sium on Usable Privacy and Security;
i
, The Cyber Security Body Of Knowledge
www.cybok.org
• Existing curricula, such as the ACM computer science curriculum and the work of the
Joint Task Force on Cybersecurity Education;
• Standards, such as BS ISO-IEC 27032 2021 and NIST IR 7298; and
• Tables of contents of various textbooks.
We used a variety of text-mining techniques, such as natural language processing and au-
tomatic text clustering to group relevant topics and identify relationships between topics. A
two-day workshop of the editors and researchers involved in the scoping synthesised the
various analyses to identify the 19 Knowledge Areas (KAs) that form the scope of the CyBOK.
These were published for community feedback. Although none of the 19 KAs needed to be
removed or new ones added on the basis of the feedback, the topics to be covered under
each KA were refined. The KAs were also categorised into five top-level categories. Version
2.0 of the Scope document was published on the CyBOK website in October 2017 and forms
the basis of the KAs in CyBOK Version 1.0. The details of the scoping work are discussed in
the following article:
Awais Rashid, George Danezis, Howard Chivers, Emil Lupu, Andrew Martin, Makayla Lewis,
Claudia Peersman (2018). Scoping the Cyber Security Body of Knowledge. IEEE Security
& Privacy 16(3): 96-102.
In Phase II (which started on the 1st of November 2017), the authoring of the 19 KAs began.
For each KA, we drew up a list of internationally recognised experts on the topic as candidate
authors and panels of reviewers. These lists were scrutinised by the CyBOK project’s Profes-
sional Advisory Board and Academic Advisory Board. Following their input, and any updates,
we invited a leading international expert to author the KA and a set of key experts as mem-
bers of a peer-review panel to provide review and feedback on the KA, under the management
of one of the CyBOK editors.
Each author prepared a strawman proposal for initial review and feedback by the expert peer-
review panel. This was followed by a full draft (woodenman), which was reviewed by the
panel, generating feedback for the authors—and often multiple iterations of discussion and
updates. Once all feedback from the review panel had been addressed, the author prepared a
draft for public review (tinman)1 . The public review for each KA remained open for 4 weeks. All
comments received from the public review were considered and, where appropriate, updates
were made to the KA. If a comment was not addressed, a clear rationale was recorded for the
reason. Following these updates, Version 1.0 of the KA was released on the CyBOK website.
These collectively form the CyBOK Version 1.0.
In addition to the authoring of the KAs, work was undertaken by the project team to identify
learning pathways through CyBOK. This involved analysis of a number of curricular frame-
works, professional certifications and academic degree programmes to study their coverage
and focus with regards to CyBOK. A first analysis of four curricular frameworks was provided
in the following paper:
1
Due to the time constraints for Phase II, the panel and public reviews for Web & Mobile Security and Authen-
tication, Authorisation & Accountability were conducted in parallel.
| October 2019 Page ii
