IT Security EBK2008 Summary
Download as PPT, PDF2 likes609 views
The document summarizes the establishment and purpose of the Information Technology (IT) Security Essential Body of Knowledge (EBK). The EBK was established to provide a common framework and baseline of competencies for the IT security workforce in both public and private sectors. It defines key functional areas, competencies, and roles to help standardize training, certification, and professional development in the field of IT security. The EBK was developed through collaboration between government, academia, and industry subject matter experts.
IT Security EBK2008 Summary
- 1. Information Technology (IT) Security Essential Body of Knowledge (EBK) A Competency and Functional Framework for IT Security Workforce Development September 2008 United States Department of Homeland Security by Chaiyakorn A., CISSP
- 2. Why was the EBK established? Rapid evolution of technology Various aspects and expertise are increasingly required Standard or common guideline in recruiting, training and retaining of workforce Knowledge and skill baseline Linkage between competencies and job functions For public and private sectors
- 3. Purpose of EBK Articulates functions that professionals within the IT security workforce perform in a common format and language. Provides a reference for comparing the content of IT security certifications, which have been developed independently according to varying criteria Promotes uniform competencies to increase the overall efficiency of IT security education, training, and professional development
- 4. Offers a way to further substantiate the wide acceptance of existing certifications so that they can be leveraged appropriately as credentials Provides content that can be used to facilitate cost-effective professional development of the IT security workforce, including skills training, academic curricula, and other affiliated human resource activities. Purpose of EBK (cont.)
- 5. How was the EBK built? The President’s Critical Infrastructure Protection Board (PCIPB) was established in October 2001 PCIPB created the IT Security Certification Working Group (ITSC-WG) 2003, the President released the National Strategy to Secure Cyberspace 2003, DHS-NCSD was established to act as a national focal point for cyber security Lead by the Department of Homeland Security, National Cyber Security Division (DHS-NCSD) together with academia, government, and private sector DHS-NCSD introduced this first draft to a broader audience of SMEs in January 2007 It will be re-evaluated approximately every two years
- 6. EBK Development Process Refer to 53 Critical Work Function (CWF) from DoD IASS
- 7. Key Divisions 4 functional perspectives 14 competency areas 10 roles
- 8. Functional Perspectives Manage Design Implement Evaluate
- 9. Competency Areas (MDIE in each) Data Security Digital Forensics Enterprise Continuity Incident Management IT Security Training and Awareness IT System Operations and Maintenance Network and Telecommunication Security Personnel Security Physical and Environmental Security Procurement Regulatory and Standards Compliance Security Risk Management Strategic Security Management System and Application Security
- 10. IT Security Roles Chief Information Officer Digital Forensics Professional Information Security Officer IT Security Compliance Officer IT Security Engineer IT Security Professional IT Systems Operations and Maintenance Professional Physical Security Professional Privacy Professional Procurement Professional
- 12. EBK Analysis Entry Level Professional Level Managerial Level
- 13. THANK YOU