Knowledge areas of the course
The course content is based on materials from the The Cyber Security Body of Knowledge (CyBOK) project. The first two modules contain administrative aspects of the course and an introduction. The remaining 21 modules (3–23), which CyBOK refers to as Knowledge Areas, are loosely divided into five areas:
- People, organisation and regulation
- Attacks and defence
- Systems security
- Software and platform security
- Infrastructure security
The CyBOK knowledge areas have been adapted to suit the needs of the course by both expanding them and, mostly, by reducing and condensing the original CyBOK content. Below is a concise description of the contents of the modules.
| |
Cyber security 1: fundamentals |
| 2. Introduction |
Introduction to cyber security, definitions of concepts and terms, security principles |
| |
People, organisation and regulation |
| 3. Risk management and risk management system |
Assessment of organisational risks, risk management and risk mitigation |
| 4. Law and regulation |
What do legislation and ethics have to do with cyber security? |
| 5. Human factors |
Usable security, social and behavioural factors, security awareness, and how user behaviour can be influenced. |
| 6. Privacy and rights online |
The importance of privacy and technologies as protection |
| |
Attacks and defence |
| 7. Malware and attack techniques |
Attack techniques and analysis. |
| 8. Malicious activity: attacks and adversaries |
Different types of attacks and adversaries, identification of malicious activity, elements and operating models. |
| 9. Security measures and incident management |
Management of security incidents and related systems. Detection of incidents and response to them. |
| 10. Digital forensics |
The significance of digital evidence |
| |
Systems security |
| 11. Cryptology (theory) |
A brief reference to the mathematics and notation of cryptology |
| 12. Operating systems and virtualisation |
Security mechanisms of operating systems. |
| 13. Security of distributed systems |
Security mechanisms of peer-to-peer and coordinated distributed systems. |
| 14. Artificial intelligence and formal methods |
Security of artificial intelligence. Abstractions and formal methods supporting security. |
| 15. Authentication, authorisation and accountability |
Access control, identity management and authentication |
| |
Software and platform security |
| 16. Software security |
Security problems caused by programming errors and how to avoid them. |
| 17. Web and mobile security |
Security of web and mobile applications and services. |
| 18. Secure software development (SDL) |
Principles of secure software development. |
| |
Infrastructure security |
| 19. Applied cryptography |
Cryptography with almost no formulas, as practitioners need to know much more than that. |
| 20. Network security |
Security of networking technologies and communication protocols. |
| 21. Hardware security |
Security of hardware design and implementation. |
| 22. Security of cyber-physical systems |
Security challenges of cyber-physical systems, e.g. IoT and industrial automation systems |
| 23. Physical layer security and communications |
Security of the physical layer and communications. |
CyBOK - The Cyber Security Body Of Knowledge 1.0, University of Bristol, 2019, https://www.cybok.org/
Free and openly accessible. CyBOK is a community resource, freely available under the Open Government License. A key, over-arching guiding principle for CyBOK Version 1.0 and any future versions of CyBOK is that it remains an open and freely available resource for the community, e.g., it will not be placed behind a pay wall or a login page.
The Open Government License permits anyone to copy, publish, distribute, transmit and adapt the licensed work, and to exploit it both commercially and non-commercially. In return, the re-user of the licensed work has to acknowledge the source of the work and provide a link to the OGL. http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/