NCSC Cyber Security Training Courses

1y ago
15 Views
2 Downloads
583.78 KB
31 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Fiona Harless
Transcription

NCSC Cyber Security Training CoursesSupporting Assessment Criteria for the NCSC Certified Training SchemeThe copyright of this document is reserved and vested in the Crown.Page 1 of 31

Document HistoryIssue1.02.03.04.0Date30 September 201408 January 20163 June 2020December 2020CommentFirst IssueSecond IssueThird IssueFourth IssuePage 2 of 31

IntroductionReflecting the aims of the National Cyber Security Programme, UK Government and its delivery partners are working to increase the UK's educational capabilityin all fields of cyber security. Together the Department for Business, Energy and Industrial Strategy, the Engineering and Physical Sciences Research Council,the Department for Digital, Culture, Media and Sport, NCSC and Cabinet Office have developed a joint approach and strategy for reaching this goal. As part ofthat strategy, through the NCSC Certified Training scheme, NCSC intends to certify cyber security training courses, which are available to anyone and not justthe public sector. The scheme is designed to provide confidence in cyber security training providers and the courses that they offer.OverviewCyber Security: the National Cyber Security Strategy 2016-20211 describes cyber security as ‘the protection of information systems (hardware, software andassociated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This includes harm caused intentionallyby the operator of the system, or accidentally, as a result of failing to follow security procedures.’ This document’s use of the term ‘cyber security’ is consistentwith this definition. However, it should be recognised that there are many definitions of cyber security and a succinct definition will always be rather abstract.The NCSC is using the Cyber Security Body of Knowledge (CyBOK2) to define the discipline of cyber security, including its boundaries, dependencies andrelationships with other disciplines.The CyBOK Knowledge Areas (KAs) should be used as the basis for assessing and defining the cyber security knowledge content of a training course. Applicantsclaiming to map training to CyBOK KA topics must provide supporting evidence. This self-assessment will be used as a basis for assessment by the CertificationBody (APMG). Mapping the knowledge content of cyber security topics in training courses to CyBOK KAs is in line with the approach used for mapping cybersecurity degree knowledge content to CyBOK for NCSC certification of degrees. This is intentional as it provides a common baseline for cyber security capabilityfrom awareness and training through to that used at the highest levels of academic pursuit. The anticipated key benefits include providing clear guidance toprospective students and employers about the content and quality of such courses.The requirement is for training providers to tell a coherent story which lays out what will be taught, why that makes a coherent module of training and todemonstrate that the content is correct and relevant to the audience/community. To meet the scope to apply for recognition, eighty per cent or more of thetraining must be related to cyber security. As CyBOK is the agreed community scope for established cyber security knowledge, it is anticipated that themajority of knowledge provided in cyber security training will map to CyBOK topics. Other elements in cyber security practice, for example the application ofskills, may also be k/government/uploads/system/uploads/attachment data/file/567242/national cyber security strategy 2016.pdfwww.cybok.orgPage 3 of 31

Course Content and StructureTraining providers will be able to submit two types of courses for assessment: those which provide fundamental or introductory topic coverage and courseswhich provide coverage which is beyond introductory. Training providers will be asked to designate which type of course they are submitting.At least eighty per cent of the training course must cover cyber security (which can include knowledge and skills), as nominated by the training provider in theirself-assessment. Applicants need to show how the training provides a coherent body of work for students and ensures that they will gain knowledge about keyareas of cyber security. Course content must be consistent with NCSC guidance on the same subject matter.It is expected that an introductory training course will: Provide an introduction, awareness and overview of topics in one or more of the nominated CyBOK KAsBe applicable for those who are taking up a new cyber security role or wishing to enter the cyber security professionNot require any training, professional or academic prerequisitesNot have to include any self-studyNot have to provide any practical/‘hands-on’ learningNot have to include a formal examination or assessment, although this can be offered if requiredIt is expected that training courses which provide more than an introduction to cyber security will: Provide a detailed insight and understanding of a breadth of topics in one or more of the nominated CyBOK KAsBe applicable for those who are already performing a cyber-security role and wish to further their professional capabilityRequire training, professional or academic prerequisitesTypically run for two or more daysInclude self-studyProvide practical/‘hands-on’ learningInclude formal examination or assessment, which could form part of a professional certification.Page 4 of 31

The Assessment ProcessAPMG, the Certification Body, assesses three distinct areas of course delivery.1)The quality management systems of the training provider will be checked to ensure that the management of applicants, their personal details, theprocesses for developing courses and the delivery of training and maintaining oversight of those delivering the training are consistent, efficient and effective.2)The trainers will be assessed for their teaching ability and delivery, their technical knowledge of the cyber security topics covered by the course beingassessed and the ways in which they maintain their cyber security knowledge. This will include observation of their training and an interview with each trainerdelivering a course. The platform performance for online training will also be assessed.3)course. 3The training content will be assessed to ensure that it provides the best opportunity for delegates to feel that they have received a high quality trainingAt least eighty per cent of a training course must address cyber security.Course content must be consistent with NCSC guidance on the same subject matter.Applicants need to justify how the distribution of topics provides a coherent body of work for students and ensures that they are gaining knowledgeabout key areas of cyber security.The CyBOK3 is the community consensus for the scope of cyber security knowledge. It is therefore anticipated that most cyber security knowledge incyber security training will map to CyBOK topics. Cyber security topics not included in CyBOK may also be included, in particular skills, including crosscutting skills.In order to claim to map to a CyBOK Knowledge Area (KA), course topics should, for example, map to approximately half of the topics in the nominatedKA.The depth of coverage of cyber security topics should also be indicated (e.g., introductory or above introductory). This can be evidenced, for example,by how much of the course is devoted to the topic and how the topic is treated. By way of example only for topic treatment - the level of detailedinformation provided about the topic and the degree to which a student must demonstrate understanding of it, including whether the topic is tested,and if so, the rigour of that testing method and whether there is more than one way in which topic knowledge acquisition is assessed. In addition, ifindicative material for the topic can be mapped to a 3rd of 4th set of sub-nodes in a KA Knowledge Tree, this might indicate that the topic is being treatedat a depth that is above introductory.The overall course description and syllabus should:o explain which cyber security topics are coveredo explain what the training should enable students to do as a result of attending the coursewww.cybok.orgPage 5 of 31

oojustify the description of the type of training offered (introductory or above introductory)include a bar chart and/or radar chart based on CyBOK mapping to show the relative emphasis of the course (see Appendix A).See Appendix A for guidance on how to map to the CyBOK KAs, using mapping resources from the CyBOK website4. Applicants are encouraged to refer to allof the mapping resources.See Appendix B for some examples of indicative material for cyber security topics. Training programmes are not required to cover all indicative materialexplicitly, however in order to demonstrate that a KA topic is satisfactorily addressed, there must be evidence of a good breadth of indicative material orsimilar examples.The above should provide prospective applicants with a full understanding of what to expect from the training. Marketing material for the training will also beassessed to ensure that it does not mislead potential applicants.Certification of training courses by APMG will be subject to a set of terms and conditions (T&Cs) which all applicants will have to agree to as part of theapplication process.4See a set of resources at https://www.cybok.org/usecases/Page 6 of 31

Appendix AMethodology for mapping topics to one or more CyBOK Knowledge AreasThe following mapping resources are taken from the Cyber Security Body of Knowledge (‘CyBOK’), which is published under an Open Government Licence. Seewww.cybok.org for further information. All are free to download.1. Highlight and list key terms and topics in training material and use the following resources to establish if they can be mapped to CyBOK topics: CyBOK Knowledge Trees (see https://www.cybok.org/knowledgebase/ )CyBOK Mapping Reference v 1.1. (see https://www.cybok.org/usecases/An A-Z of CyBOK Knowledge Areas Indicative Material (see https://www.cybok.org/usecases/CyBOK Tabular Representation of the Broad Categories and Knowledge Areas (see https://www.cybok.org/usecases/The following 4 tables are an example of how to record mapping to CyBOK.MAPPING TO CyBOK USING KNOWLEDGE TREESTraining Module/SectionTopicCyBOK TopicCyBOK Knowledge AreaCyBOK Broad CategoryPage 7 of 31

MAPPING TO CyBOK USING AN A-Z of CyBOK KNOWLEDGE AREAS INDICATIVEMATERIALTraining Module/SectionTopic CyBOK TopicCyBOK Knowledge AreaCyBOK Broad CategoryMAPPING TO CyBOK USING THE CyBOK MAPPING REFERENCE V1.1Training Module/SectionTopic CyBOK TopicCyBOK Knowledge AreaCyBOK Broad CategoryMAPPING TO CyBOK USING A TABULAR REPRESENTATION OF BROAD CATEGORIESAND KAsTraining Module/SectionTopic CyBOK TopicCyBOK Knowledge AreaCyBOK Broad CategoryPage 8 of 31

2. Use the largest list produced for each Knowledge Area (KA) to produce a bar chart to show the relative emphasis of the CyBOK KAs in the training course.Produce a radar chart or similar to show the relative emphasis of the CyBOK broad categories.3. The following is an example of how to produce these charts.EXAMPLE OF A CHART TO SHOW KNOWLEDGE AREA EMPHASISIntroduction to CyBOKRisk Management and GovernanceLaw and RegulationHuman FactorsPrivacy and Online RightsMalware and Attack TechnologyAdversarial BehavioursSecurity Operations and Incident ManagementForensicsCryptographyOperating Systems and Virtualisation SecurityDistributed System SecurityAuthentication, Authorisation and AccountabilitySoftware SecurityWeb and Mobile SecuritySecure Software LifecycleNetwork SecurityHardware SecurityCyber Physical SecurityPhysical Layer and Telecommunications Security35564567856756756775Page 9 of 31

KNOWLEDGE AREA EMPHASISPhysical Layer and Telecommunications SecurityCyber Physical SecurityHardware SecurityNetwork SecuritySecure Software LifecycleWeb and Mobile SecuritySoftware SecurityAuthentication, Authorisation and AccountabilityDistributed System SecurityOperating Systems and Virtualisation SecurityCryptographyForensicsSecurity Operations and Incident ManagementAdversarial BehavioursMalware and Attack TechnologyPrivacy and Online RightsHuman FactorsLaw and RegulationRisk Management and GovernanceIntroduction to CyBOK0123456789Page 10 of 31

EXAMPLE OF A CHART TO SHOW BROAD CATEGORY EMPHASISHuman, Organisational and RegulatoryAspectsAttacks and DefencesSystem SecuritySoftware and Platform SecurityInfrastructure Security2023261825BROAD CATEGORY EMPHASISHuman, Organisationaland Regulatory AspectsInfrastructure SecuritySoftware and PlatformSecurityAttacks and DefencesSystem SecurityPage 11 of 31

4. List the main cyber security topics in the training material in the following table and provide evidence against the headings to support claimsfor introductory or above introductory topic coverage. This information should form the basis for the overall description and marketing ofthe course. It is expected that the overwhelming majority of topics in a course would be at an above introductory depth in order to justify aclaim that the course as a whole can be described as above introductory.DEPTH OF TOPIC COVERAGECyber Security TopicTrainingModule/SectionTopic Coverage that is above Introductory (e.g., is there a very fulldegree of detail, is the topic assessed, are there a number ofdifferent ways that the topic is treated or understanding isassessed, etc.?)Coverage atintroductorylevelMapped to CyBOK Y/N (this informationshould be availablefrom the previousmapping tables)Page 12 of 31

Appendix BThe following tables (one for each CyBOK Knowledge Area) show some examples of the type of indicative material which would demonstrate some coverageof knowledge relating to the nominated cyber security topic. Other examples may also be applicable.1.KNOWLEDGE AREACyBOK IntroductionCyBOK TOPICEXAMPLE OF INDICATIVE MATERIALObjectives of cyber securityDefinition of cyber securityFailures and incidentsRisk managementSaltzer and Schroeder principlesFoundational ConceptsPrinciplesNIST principlesLatent design conditionsPrecautionary PrincipleCross-cutting ThemesBROAD CATEGORYHuman, Organisationaland Regulatory Aspects2.KNOWLEDGE AREARisk Management andGovernanceSecurity economicsSecurity architecture and lifecycleVerification and formal methodsCyBOK TOPICRisk DefinitionsRisk GovernanceRisk Assessment & Management PrinciplesEXAMPLE OF INDICATIVE MATERIALRisk assessmentRisk managementLevels of perceived riskGovernance modelsRisk perception factorsHuman factors and risk communicationSecurity cultureEnacting security policyComponent versus systems perspectivesElements of riskRisk assessment and management methodsRisk assessment and management in cyber-physical systemsSecurity metricsBusiness Continuity: Incident Response andRecovery PlanningISO/IED 27035NCSC GuidancePage 13 of 31

BROAD CATEGORYHuman, Organisationaland Regulatory AspectsKNOWLEDGE AREA3. Law and RegulationCyBOK TOPICIntroductory Principles of Legal ResearchJurisdictionPrivacy Laws in General and ElectronicInterceptionData protectionComputer crimeContract lawEXAMPLE OF INDICATIVE MATERIALNature of law and legal analysisApplying law to cyberspace and information technologiesCriminal lawCivil lawLiability and courtsEvidence and proofHolistic approaches to legal risk analysisPrescriptive jurisdictionEnforcement jurisdictionData sovereigntyInternational normsInterception by a stateInterception by persons other than stateEnforcement of privacy lawsSubject matter and regulatory focusCore regulatory principlesInvestigation and prevention of crimePersonal data breach notificationEnforcement and penaltiesCrimes against information systemsDe minimis exceptions to crimes against informationsystemsThe enforcement of, and penalties for, crimes againstinformation systemsWarranted state activityResearch and development activities conducted by nonstate personsSelf-help disfavoured: software locks and hack-backOn-line contractsEncouraging security standards via contractWarranties and their exclusionLimitations of liability and exclusions of liabilityBreach of contract and remediesEffects of contract on non-contracting partiesPage 14 of 31

Human, Organisationaland Regulatory Aspects3. Law and RegulationIntellectual PropertyInternet IntermediariesDematerialisation of Documents and ElectronicTrust ServicesOther Regulatory MattersPublic International LawEthicsConflict of law - contractsUnderstanding intellectual propertyCatalogue of intellectual property rightsEnforcement – remediesReverse engineeringInternational treatment and conflict of lawShields from liabilityTake-down protectionAdmission into evidence of electronic documentsRequirements of form and the threat of unenforceabilityElectronic signatures and identity trust servicesConflict of law – electronic signatures and trust servicesIndustry-specific regulationsRestrictions on exporting security technologiesMatters classified as secret by a stateAttributing action to a state under international lawState cyber operations in generalCyber espionage in peacetimeCross-border criminal investigationThe law of armed conflictObligations owed to a clientCodes of conductVulnerability testingPage 15 of 31

BROAD CATEGORYHuman, Organisationaland Regulatory AspectsCyBOK KNOWLEDGE AREA4. Human FactorsCyBOK TOPICUsable SecurityFitting the task to the HumanHuman ErrorAwareness and EducationPositive SecurityStakeholder EngagementEXAMPLE OF INDICATIVE MATERIALAssessment criteriaMental models of securityHuman capabilities and limitationsShort-term memoryLong-term memoryHuman biasesNeeds of specific groupsGoals and tasksInteraction contextDevice capabilities and limitationsLatent usability failures in systems-of-systemsThinking fast and slowShadow securitySecurity hygieneTermsNew approachesMental models of cyber risks and defencesFear uncertainty and doubtPeople are not the weakest linkEmployeesSoftware developersPage 16 of 31

BROAD CATEGORYHuman, Organisationaland Regulatory AspectsKNOWLEDGE AREA5. Privacy and OnlineRightsCyBOK TOPICConfidentialityControlTransparencyPrivacy Technologies and Democratic RightsPrivacy EngineeringBROAD CATEGORYAttacks and DefencesKNOWLEDGE AREA6. Malware and AttackTechnologiesCyBOK TOPICMalware TaxonomyMalicious Activities by MalwareMalware AnalysisMalware DetectionMalware ResponseEXAMPLE OF INDICATIVE MATERIALData confidentialityMetadata confidentialityPrivacy settings configurationPrivacy policy negotiationPrivacy policy interpretabilityFeedback-based transparencyAudit-based transparencyPrivacy technologies as support to democratic politicalsystemsCensorship resistance and freedom of speechGoalsStrategiesPrivacy evaluationEXAMPLE OF INDICATIVE MATERIALDimensionsKindsPotentially unwanted programsAttack on confidentiality, integrity, availabilityCyber kill chainUnderground eco-systemAnalysis techniquesAnalysis environmentsAnti-analysis and evasion techniquesIdentifying the analysis environmentIdentifying the presence of malwareEvasion and countermeasuresAttack detectionDisrupting malware operationsAttributionPage 17 of 31

BROAD CATEGORYAttacks and DefencesKNOWLEDGE AREA7. Adversarial BehavioursCyBOK TOPICSCharacterisation of AdversariesElements of a Malicious OperationModelsEXAMPLE OF INDICATIVE MATERIALCyber-enabled crime vs cyber-dependent crimeInterpersonal crimesCyber-enabled organised crimeCyber-dependent organised crimeHacktivistsState actorsAffiliate programmesInfection vectorsInfrastructureSpecialised servicesHuman servicesPayment methodsAttack treesKill chainsEnvironmental criminologyFlow of capitalAttributionPage 18 of 31

BROAD CATEGORYAttacks and DefencesKNOWLEDGE AREA8. Secure Operations andIncident ManagementCyBOK TOPICSFundamental ConceptsEXAMPLE OF INDICATIVE MATERIALWorkflows and vocabularyArchitectural principlesMonitor: Data SourcesAnalyse: Analysis MethodsPlan: Security Information and EventManagementExecute: Mitigation and CountermeasuresKnowledge: Intelligence and AnalysisHuman Factors: Incident ManagementNetwork trafficNetwork aggregates: netflowNetwork infrastructure informationApplication logs: web server logs and filesSystem and kernel logsSyslogMisuse detectionAnomaly detectionMachine learningTesting and validating intrusion detection systemsThe base-rate fallacyContribution of SIEM to analysis and detectionData collectionAlert correlationSecurity operations and benchmarkingIntrusion prevention systemsSIEM platforms and countermeasuresSOAR: impact and risk assessmentSite reliability engineeringCyber security knowledge managementHoneypots and honeynetsCyber-threat intelligenceSituational awarenessPrepare: incident management planningHandle: actual incident responseFollow up: post incident activitiesPage 19 of 31

BROAD CATEGORYAttacks and DefencesKNOWLEDGE AREA9. ForensicsCyBOK TOPICSDefinitions and Conceptual ModelsOperating System AnalysisMain Memory ForensicsApplication ForensicsCloud ForensicsArtifact AnalysisEXAMPLES OF INDICATIVE MATERIALForensic scienceCyber domainDigital (forensic) traceLegal concerns and the Daubert StandardDefinitionsConceptual modelsStorage forensicsData acquisitionFilesystem analysisBlock device analysisData recovery and file content carvingProcess informationFile informationNetwork connectionsArtifacts and fragmentsChallenges of live forensicsCase study: e.g., web browsersServicesForensics challengesSaaS forensicsCryptographic hashingBlock-level analysisApproximate analysisCloud-native artifactsPage 20 of 31

BROAD CATEGORYSystems SecurityKNOWLEDGE AREA10. CryptographyCyBOK TOPICSSchemesSymmetric CryptographyPublic Key CryptographyCryptographic Security ModelsInformation-Theoretically Secure ConstructionsStandard ProtocolsAdvanced ProtocolsPublic-Key Schemes with Special PropertiesEXAMPLES OF INDICATIVE MATERIALAESRSADESPKCSDSAKerberosTLSSymmetric primitivesSymmetric encryption and authenticationPublic-key encryptionPublic-key signaturesBasic security definitionsHard problemsSetup assumptionsSimulation of cryptographic operationsUniversal composabilityOne-time padSecret sharingAuthentication protocolsKey agreement protocolsOblivious transferZero knowledgeSigma protocolsSecure multi-party computationGroup signaturesRing signaturesBlind signaturesIdentity-based encryptionLinearly homomorphic encryptionFully homomorphic encryptionPage 21 of 31

BROAD CATEGORYSystems SecurityKNOWLEDGE AREA11. Operating Systems andVirtualisation SecurityCyBOK TOPICSAttacker ModelEXAMPLES OF INDICATIVE MATERIALAttack surfaceThreats to security for modern OSsRole of Operating SystemsOS Security PrinciplesPrimitives for Isolation and MediationOS HardeningRelated AreasEmbracing SecurityMediationDesign choicesVirtual machinesIOTSecurity domainsIsolationSecurity modelsNewer principlesSaltzer and Schroeder’s principlesProtection ringsLow-end devices and IOTMulticsTrusted computer system evaluation criteriaMemory protection and address spacesCapabilitiesPhysical access and secure deletionAuthentication and identificationModern hardware extensions for memory protectionInformation hardeningControl-flow restrictionsPartitioningCode and data integrity checksAnomaly detectionFormal verificationDatabasesPaX TeamGRSecurityPage 22 of 31

BROAD CATEGORYSystems SecurityKNOWLEDGE AREA12. Distributed SystemsSecurityCyBOK TOPICSClasses of Distributed SystemsClasses of Vulnerabilities and ThreatsDecentralised P2P ModelsAttacking P2P ModelsCoordinated Resource ClusteringCoordination Classes and AttackabilityEXAMPLES OF INDICATIVE MATERIALDecentralised point-to-point interactions across distributedentities without a centralised coordination serviceCoordinated clustering across distributed resources andservicesAccess/admission control and ID managementData transportationResource management and coordination servicesData securityPrinciplesUnstructured P2P protocolsStructured P2P protocolsHybrid P2P protocolsHierarchical P2P protocolsFunctional elementsAttack typesAttacks and their mitigationSystems coordination stylesReliable and secure group communicationsCoordination principlesReplication management and coordination schemaClasses of disruptionsResource coordination classServices coordination classPage 23 of 31

BROAD CATEGORYSystems SecurityKNOWLEDGE AREA13. Authentication,Authorisation andAccountabilityCyBOK TOPICSAuthorisationAccess Control in Distributed SystemsAuthenticationAccountabilityEXAMPLES OF INDICATIVE MATERIALAccess controlEnforcing access controlTheoryCore conceptsOrigin-based policiesFederated access controlCryptography and access controlIdentity managementUser authenticationAuthentication in distributed systemsFacets of authenticationTechnical aspectsPrivacy and accountabilityDistributed logsPage 24 of 31

BROAD CATEGORYSoftware and PlatformSecurityKNOWLEDGE AREA14. Software SecurityCyBOK TOPICCategories of VulnerabilitiesPrevention of VulnerabilitiesMitigating ExploitationDetection of VulnerabilitiesEXAMPLES OF INDICATIVE MATERIALCVEs and CWEsMemory management vulnerabilitiesStructured output generation vulnerabilitiesRace condition vulnerabilitiesAPI vulnerabilitiesSide channel vulnerabilitiesAPI designCoding practicesErroneous executionLanguage design and type systemsStructured output generations mitigationsRace condition mitigationsInformation flowRuntime detection of attacksAutomated software diversityLimiting privilegesStatic detectionDynamic detectionSoundnessCompletenessPage 25 of 31

BROAD CATEGORYSoftware and PlatformSecurityKNOWLEDGE AREA15. Web and MobileSecurityCyBOK TOPICFundamental Concepts and ApproachesClient-Side Vulnerabilities and MitigationsServer-Side Vulnerabilities and MitigationsEXAMPLES OF INDICATIVE MATERIALAppificationWebificationApplication storesSandboxingPermission dialogue based access controlWeb PKI and HTTPSAuthenticationCookiesPasswords and alternativesFrequent software updatesPhishingClickjackingClient-side storagePhysical attacksInjection vulnerabilitiesServer-side misconfiguration and vulnerable componentsPage 26 of 31

BROAD CATEGORYSoftware and PlatformSecurityKNOWLEDGE AREA16. Secure SoftwareLifecycleCyBOK TOPICMotivations for Secure Software LifecyclePrescriptive ProcessesAdaptations of Secure Software LifecycleAssess the Secure Software LifecycleEXAMPLES OF INDICATIVE MATERIALBreaches are costlyVulnerabilities can be exploited without being noticedPatching can introduce vulnerabilitiesCustomers don’t apply patchesTrusted computingSAFECodeMicrosoft SDLTouchpointsAgile and DevOpsMobileCloud computingIOTRoad vehiclesEcommerceSAMMBSIMMCommon criteriaPage 27 of 31

BROAD CATEGORYInfrastructure SecurityKNOWLEDGE AREA17. Network SecurityCyBOK TOPICInternet ArchitectureNetwork Defence ToolsWireless LAN securityAdvanced Network Security TopicsNetwork Protocols and VulnerabilityEXAMPLES OF INDICATIVE MATERIALApplication layer securityTransport layer securityNetwork layer securityLink layer securityPacket filtersIntrusion detection systemsIntrusion prevention systemsNetwork architecture designApplication gatewayCircuit level gatewayWPAWPA2WEPWPA3RSNSoftware defined networkingInternet of Things securityDolev-Yao adversarial modelCommon network attacksPage 28 of 31

BROAD CATEGORYInfrastructure SecurityKNOWLEDGE AREA18. Hardware SecurityCyBOK TOPICHardware Design CycleMeasuring Hardware SecuritySecure PlatformsHardware Support for Software SecurityHardware Design for Cryptographic AlgorithmsSide Channel Attacks and Fault AttacksEntropy generating Building BlocksHardware Design ProcessEXAMPLES OF INDICATIVE MATERIALHardware design processRoot of trustThreat modelFIPS 140-2Common criteria and EMVCoSESIPHardware security module (HSM)Secure element and smartcardTrusted platform module (TPM)IBM 4578 secure coprocessorARM TrustzoneProtected module architecturesLightweight solutionsObjectivesVirtual machinesTrusted execution environmentCryptographic algorithms at RTL levelDesign processAttacksCountermeasuresPhysically unclonable functions (PUFs)Random number generationTimeDesign and fabrication of silicon integrated circuitsTrojan circuitsCircuit level techniquesBoard level securityPage 29 of 31

BROAD CATEGORYInfrastructure SecurityKNOWLEDGE AREA19. Cyber Physical SystemsSecurityCyBOK TOPICSCyber Physical Systems SecurityCross CuttingCyber Physical Systems DomainsPolicy and Political AspectsEXAMPLES OF INDICATIVE MATERIALCharacteristicsProtection against natural events and accidentsSecurity and privacy concernsPreventing attacksDetecting attacksMitigating attacksIndustrial control systemsElectric power gridsTransportation systems and autonomous vehiclesRobotics and advanced manufacturingMedical devicesIOTIncentives and regulationCyber conflictIndustry practices and standardsPage 30 of 31

BROAD CATEGORYInfrastructure SecurityKNOWLEDGE AREA20. Physical Layer andTelecommunicationsSecurityCyBOK TOPICSchemes for Confidentiality, Integrity andAccess ControlJamming and nce Bounding and Secure PositioningCompromising Emanations and Sensor SpoofingPhysical Layer Security of SelectedCommunications TechnologiesEXAMPLES OF INDICATIVE MATERIALKey establishment based on channel reciprocityMIMO-supported approachesSecrecy capacityFriendly jammingProtecting data integrityLPI and covert communicationClassification of jammersCountermeasuresCoordinated spread spectrum techniquesUncoordinated spread spectrum techniquesSignal annihilation and overshadowingDevice under identificationIdentification signalsDevice fingerprintsAttacks on physical layer identificationDistance bounding protocolsDistance measurement techniquesPhysical layer attacks on secure distance measurementSecure positioningCompromising emanationsSensor compromiseNFCAir traffic communications networksCellular networksGNSS security and spoofing attacksPage 31 of 31

training must be related to cyber security. As CyBOK is the agreed community scope for established cyber security knowledge, it is anticipated that the majority of knowledge provided in cyber security training will map to CyBOK topics. Other elements in cyber security practice, for example the application of skills, may also be included.

Related Documents:

The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK's technical authority for cyber security. Since the NCSC was created in 2016 as part of the Government's National Cyber Security Strategy, it has worked to make the UK the safest place to live and work online. This Review of its fifth year looks at some of

the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.

Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber

What is Cyber Security? The term cyber security refers to all safeguards and measures implemented to reduce the likelihood of a digital security breach. Cyber security affects all computers and mobile devices across the board - all of which may be targeted by cyber criminals. Cyber security focuses heavily on privacy and

Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.

4 National Cyber Security Centre National Cyber Security Centre 5 The Cyber Threat to Sports Organisations The Cyber Threat to Sports Organisations Forewords Sports organisations are reliant on IT and technology to manage their office functions and,

Cyber crimes pose a real threat today and are rising very rapidly both in intensity and complexity with the spread of internet and smart phones. As dismal as it may sound, cyber crime is outpacing cyber security. About 80 percent of cyber attacks are related to cyber crimes. More importantly, cyber crimes have

In health care in England, perceptions of value have been dominated by a mix of clinical outcomes, system targets, competition mechanisms and encouragement for single units to act autonomously and be judged as single services. What people using health services value most has not been adequately considered or captured. However, a number of recent changes are raising the question of whether the .