Home land

Information Technology (IT) Security
Essential Body of Knowledge (EBK):
A Competency and Functional Framework
for IT Security Workforce Development

Office of Cybersecurity and Communications
National Cyber Security Division

September 2008
United States Department of Homeland Security
Washington, D.C. 20528

Table of Contents
1

Introduction............................................................................................................... 1
1.1 Overview ............................................................................................................... 1
1.2 Background ........................................................................................................... 2
1.3 Purpose.................................................................................................................. 2
1.4 Scope ..................................................................................................................... 3
1.5 Review Cycle ........................................................................................................ 3
1.6 DocumentOrganization......................................................................................... 6

2

IT Security Competency Areas ................................................................................ 7
2.1 Data Security ......................................................................................................... 7
2.2 DigitalForensics.................................................................................................... 8
2.3 Enterprise Continuity .......................................................................................... 10
2.4 Incident Management .......................................................................................... 11
2.5 IT Security Training and Awareness .................................................................... 13
2.6 ITSystems Operations and Maintenance ............................................................ 14
2.7 Network and Telecommunications Security ........................................................ 16
2.8 Personnel Security ............................................................................................... 18
2.9 Physical and EnvironmentalSecurity.................................................................. 19
2.10 Procurement......................................................................................................... 20
2.11 Regulatory and Standards Compliance ............................................................... 22
2.12 Security Risk Management ................................................................................. 232.13 Strategic Security Management ........................................................................... 25
2.14 System and Application Security ........................................................................ 26

3

IT Security Key Terms and Concepts ................................................................... 28
3.1 Data Security....................................................................................................... 28
3.2 Digital Forensics.................................................................................................. 29
3.3 Enterprise Continuity .......................................................................................... 29
3.4 Incident Management.......................................................................................... 30
3.5 IT Security Training and Awareness .................................................................... 30
3.6 IT Systems Operations and Maintenance ............................................................ 31
3.7 Network and Telecommunications Security ........................................................ 32
3.8 Personnel Security...