Table of Contents

Forward 1. Forward 2. Author Biographies. Introduction. Chapter 1. Securing Cyberspace is Everybody’s Business. Chapter 2. The Cybersecurity Body of Knowledge. Chapter 3. Data Security. Chapter 4. Software Security. Chapter 5. Component Security. Chapter 6. Connection Security. Chapter 7. System Security. Chapter 8. Human Security. Chapter 9. Organizational Security. Chapter 10. Societal Security. Index.

About the Author

Dan Shoemaker, PhD, is full professor, senior research scientist, and Program Director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy . Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity.

Reviews

Book Foreword: I have great pleasure in writing this foreword. I have worked with Dan, Anne, and Ken over the past six years as this amazing team has written six books for my book collection initiative. Their newest effort, The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity, brings together a comprehensive understanding of cybersecurity and should be on the book shelf of every professor, student, and practitioner. Right now, the study of cybersecurity is pretty-much in the eye of the beholder because the number of interpretations about what ought to be taught is limited only by the number of personal agendas out there in the field. Through discussion with the team, I've learned that every well-established discipline of scholarship and practice has gone through the process of research, extensive discussions, formation of communities of practice, and thought leadership to continually build the body of knowledge. Over time, diverse voices put forth ideas, concepts, theories, and empirical evidence to advance the thinking and in every discipline there comes a time when thought leaders establish generally accepted standards based on a comprehensive view of the body of knowledge. I believe that time has come for the discipline of cybersecurity. Beginning with a narrow focus on computer security, the discipline has advanced tremendously and has accurately become known as a fundamentally computing-based discipline that involves people, information, technology, and processes. Additionally, as the global cyber infrastructure increases the possible targets, the interdisciplinary nature of the field includes aspects of ethics, law, risk management, human factors, and policy. The growing need to protect not just corporate information and intellectual property, but to maintain national security has created a demand for specialists across a range of work roles, with the knowledge of the complexities of holistically assuring the security of systems. A vision of proficiency in cybersecurity, that aligns with industry needs and involves a broad global audience of stakeholders, was needed to provide stability and an understanding of the boundaries of the discipline. The formation of the CSEC2017 Joint Task Force - involving four major international computing societies: the Association of Computing Machinery (ACM), the IEEE Computer Society (IEEE CS), the Association for Information Systems Special Interest Group on Information Security and Privacy (AIS SIGSEC), and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) - came together to publish the single commonly accepted guidelines for cybersecurity curriculum (the CSEC2017 Report). The CSEC2017 Report authors have produced a thought model and structure in which the comprehensive discipline of cybersecurity can be well understood. With this understanding, development within academic institutions and industry can prepare a wide range of programs grounded in fundamental principles.This book explains the process by which the CSEC2017 Report was formulated and its pedigree. It discusses the knowledge units of each of the eight knowledge area categories of the field in detail. The reader will understand the required knowledge for cybersecurity and gain a basic understanding of the application and purpose of each of these myriad elements.I have studied the various chapters and believe the seamless flow of the content will benefit all readers and that the extensive use of visuals greatly improves readability. Although knowledge knows no end, dissemination and sharing of knowledge are critical. I believe this book will help form the foundation of the next evolution of cybersecurity and I congratulate the team on their work and their amazing result. Dan SwansonSeries EditorReviews:
"The Cybersecurity Body of Knowledge is a technical but readable guide to the eight areas that make up the core cybersecurity areas. Rather than treating the book as a knowledge dump of everything cybersecurity, the authors present the essential cybersecurity elements readers need to know.Cybersecurity knowledge cannot be conveyed in a single volume. In fact, the cybersecurity curriculum guidelines developed by the JTF run to more than 100 pages. Those looking for a comprehensive roadmap to effectively begin their cybersecurity journey will find that The Cybersecurity Body of Knowledge is an excellent guide."
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior information security specialist with Tapad, Inc.
https://www.asisonline.org/security-management-magazine/articles/2021/01/book-review-the-cybersecurity-body-of-knowledge/