acm joint task force to develop global cybersecurity ... · model. stakeholders were invited to...
TRANSCRIPT
![Page 1: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/1.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
1
ACMJointTaskForcetoDevelopGlobalCybersecurityCurricularGuidelinesSurveyReport–October2016
INTRODUCTION
TheACMJointTaskForceonCybersecurityEducation(JTF)launchedinSeptember2015todevelopthefirstsetofglobalcurricularguidelinesincybersecurityeducation.Cybersecurityisdefinedhereas:
“Acomputing-baseddisciplineinvolvingtechnology,people,information,andprocessestoenableassuredoperations.Itinvolvesthecreation,operation,analysis,andtestingofsecurecomputersystems.Itisaninterdisciplinarycourseofstudy,includingaspectsoflaw,policy,humanfactors,ethics,andriskmanagementinthecontextofadversaries.”
TheJTFisacollaborationbetweenmajorinternationalcomputingsocieties:AssociationforComputingMachinery(ACM),IEEEComputerSociety(IEEECS),AssociationforInformationSystemsSpecialInterestGrouponSecurity(AISSIGSEC),andInternationalFederationforInformationProcessingTechnicalCommitteeonInformationSecurityEducation(IFIPWG11.8).TheJTFgrewoutofthefoundationaleffortsoftheCyberEducationProject(CEP).Afterayearofcommunityengagementanddevelopmentalwork,theJTFlaunchedasurveyinSeptember2016tosolicitbroadinputontheproposedcurricularthoughtmodel.Stakeholderswereinvitedtoparticipateinthesurveythroughdirectinvitations,announcementsinpubliceducationalandscientificforums,socialmediaoutreachviatheJTFwebsiteandLinkedIn,andinvitationssentthroughthedistributionlistsofparticipatingprofessionalassociations.Thisreportsummarizesthe229completedsurveyresponsesreceivedduringthesurveyperiodofSeptember16–October3,2016.
RESPONDENTDEMOGRAPHICS
Gender:Approximately71%(162)ofrespondentsweremale,26%(60)werefemale,andsixrespondentsdidnotindicategender.
Geographicdistribution:Nearly88%(201)ofsurveyrespondentsreportedtheUnitedStatesastheirprimaryworklocation.Theremaining22%ofsurveyrespondentsweredistributedasfollows1:Australia(6),Norway(3),Italy(2),SouthAfrica(2),andSweden(2);withonecompletedsurveyfromeachofthefollowingcountries:Bulgaria,Canada,China,HongKong,India,Netherlands,NewZealand,Portugal,Qatar,Singapore,Slovenia,Spain,andThailand. 1Thenumberofrespondentspercountryisshownintheparentheses.
![Page 2: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/2.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
2
Thechartsbelowprovideadditionalinformationonthebackgroundofsurveyrespondents.
*Respondentswerepermittedtoselectallapplicablestakeholdergroups.
0
50
100
150
200
250 210
3919
4623 15
StakeholderCommunity*
0
20
40
60
80
100
120
140
160
Doctorate Masters Bachelors Associates NoResponse
154
60
8 2 5
HighestDegreeAMained
![Page 3: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/3.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
3
^Degreefieldsrepresentalldegreelevels(doctorate,masters,bachelors,andassociates).
Manyrespondentsreportedholdingmultiplecertifications.Themostfrequentlyheldcertificationsincluded:theCertifiedInformationSystemsSecurityProfessional(CISSP),Security+,CertifiedEthicalHacker(CEH),CertifiedInformationAuditor(CISA),CertifiedInformationSecurityManager(CISM),RiskandInformationSystemControl(RISC),ComputerHackingForensicInvestigator,CiscoCertifiedNetworkAssociate,andMicrosoftCertifiedSystemsEngineer.Certificationsheldbythreeorfewerrespondents
010203040506070
15
70
123
14 122
12 82
12 133 3 3 7
DegreeFields^
05
10152025303540
3832
12 116 5 4 4 4
CerOficaOonsHeld
![Page 4: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/4.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
4
includedCertifiedCyberForensicsProfessional,ProjectManagementProfessional,CiscoCertifiedNetworkAssociate(Security),orCertifiedCouldSecurityProfessional.Ofthe229respondents,31reportedthattheydidnotholdasecurity-relatedcertification.
FEEDBACKONTHEPROPOSEDTHOUGHTMODEL
SurveyparticipantswereaskedtoprovidefeedbackontheJTFcurricularthoughtmodel.ThecurricularthoughtmodelwaspresentedasamodificationofU.S.NationalResearchCouncilNextGenerationScienceStandards(nextgenscience.org).Surveyrespondentswereaskedtocommentspecificallyon(1)thegraphicalrepresentationand(2)thefourstructuralelementsofthethoughtmodel:CoreIdeas,FocusAreas,Practices,andCross-CuttingConceptsforcybersecurityeducation.
• CoreIdeasareknowledgeareasordomains;• FocusAreasaredifferentprofessionalpracticecontexts;• Practicesarethecombinationofknowledgeandskillsthatculminateinto
competencywhenconnectedwithaparticularfocusarea;and• Cross-CuttingConceptsbridgecoreideaspracticeandfocusareas.
Feedbackoneachcomponentisprovidedbelow.
(1)GraphicalRepresentation
Surveyrespondentswereaskedtoconsidertheproposedgraphicandrespondtothe3questionslistedinthetablebelow.
![Page 5: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/5.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
5
StronglyAgree
Agree Neutral Disagree StronglyDisagree
Q1-TheabovegraphicclearlycommunicatesthatengagingincybersecurityinvestigationrequiresnotonlyskillbutalsoknowledgethatisspecifictoeachPractice
47(20.5%)
81(35.4%)
31(13.5%)
53(23.1%)
17(7.4%)
Q2--TheabovegraphicclearlycommunicatesthatCross-CuttingConceptsbridgeCoreIdeas,Practices,andFocusAreas.
72(31.4%)
91(39.7%)
23(10%)
33(14.4%)
10(4.4%)
Q3--TheabovegraphicclearlycommunicatesthatCoreIdeashavethepowertofocuscybersecuritycurriculum,instructionandassessments.
31(13.5%)
67(29.3%)
53(23.1%)
55(24%)
23(10%)
Asindicatedbytheresponsestoeachquestion,surveyrespondentsweregenerallyfavorableaboutthegraphic.However,asummaryofthe73commentsofferedasrespondentnarratives,suggestseveralareasforimprovement:
• IncludespecificPracticeAreasandrevisethegraphictoshowthatmultiplepracticeareasexist.
• Expandthedefinitionofeachofthemodelelementsandclarifythedistinctionbetweenthem.
• Alignthegraphicalrepresentationandthemodelmoretightly.Thecurrentrepresentationisnotintuitiveoreasilyunderstoodwithoutthemodel.
• Simplifythediagram.
![Page 6: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/6.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
6
(2)StructuralElementsoftheThoughtModel
Summaryfeedbackoneachthefourstructuralelementsofthethoughtmodel:CoreIdeas,FocusAreas,Practices,andCross-CuttingConceptsforcybersecurityeducation;isprovidedbelow.
CoreIdeas
CoreIdeasaredefinedasknowledgeareasordomains.SurveyrespondentswereaskedtoreviewtheCoreIdeaslistedbelowand(A)indicateifeachlistedCoreIdeashouldbeincludedinthecurricularvolume;(B)suggestanychangestothedefinitionoftheCoreIdeaandrecommendtheadditionofCoreIdeasnotcurrentlyincluded.
CoreIdeas:
1. InformationSecurity[Includes:informationconfidentiality,dataintegrity,availability,cryptographyandcryptanalysis]
2. SoftwareSecurity[Includes:securesoftwareengineering,softwarereverseengineering,malwareanalysis]
3. SystemSecurity[Includes:availability,authentication,accesscontrols,securesystemsdesign,computernetworkdefenseandCNA/penetrationtesting,reverseengineering(hardware),cyberphysicalsystems,digitalforensics,supplychainmtg]
4. UsableSecurity[Includes:identitymanagement,socialengineering,socialnetworks,human-computerinteraction]
5. OrganizationalSecurity[Includes:riskmanagement,missionassurance,disasterrecovery,businesscontinuity,securityevaluations/compliance,organizationalbehavior,intelligence,economics]
6. SocietalSecurity[Includes:cybercrime,cyberlaw,ethics,policy,privacy,intellectualproperty,professionalresponsibility,globalsocietalimpacts]
![Page 7: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/7.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
7
A.PercentageofrespondentsaffirmingCoreIdea
(B)SummaryCommentsontheCoreIdeas
SurveyrespondentsmadeseveralrecommendationsregardingthelistofCoreIdeas.TherecommendationssummarizedbelowreflectthethemesforeachCoreIdea.
InformationSecurity
• Reconsidertheinclusionofcryptographyandcryptanalysis.ThesetopicsshouldberemovedasCoreIdeasandinsteadincludedastopicsforspecificgroups.
• ProvideamorethoroughrationaleforthesetofCoreIdeasincludedinthemodel.Astheyarepresented,thebreadthoftopicsdoesnotprovidesufficientcurricularfocus.
• Includetopicsofprivacyauthenticationandnon-repudiation.Ifthesetopicsareaddressedintheexistingcategories,clarifytheirplacement.
SoftwareSecurity
• Manyofthetopicsincludedinthecategoryarespecializedandmightnotberelevantfortheallportionsofthebroadaudiencetobeservedbythisdocument.Giventhis,shouldthetopicsherebere-classified.
• Reconsidertheinclusionoftopicsthatseemmorerelatedtopractice.Forexample,malwareanalysisandreverseengineeringmightbemoreappropriatelyclassifiedasapracticeratherthanacoreidea.
• Provideastrongerreferenceto,andconsiderrelabelingthiscategoryas,thesecuritysoftwaredevelopmentlifecycle.
70%75%80%85%90%95%
100% 96%
87%
96%
82%87% 86%
RespondentsAffirmingCoreIdea
![Page 8: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/8.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
8
SystemSecurity
• Severaltopics,whileimportantforsomespecializedareas,arenotrelevantforthebroadaudiencetobeservedbythisdocument.Forinstance,CNA,digitalforensics,andsupplychainmanagementshouldnotbelistedasCoreIdeas.
• Reconsidertheinclusionoftopicsthatseemmorerelatedtopractice.Forexample,hardwarereverseengineeringshouldberemoved.
UsableSecurity
• Identitymanagementisacriticaltopicrelatedtoaccesscontrolbutismisplacedinthiscategory.MoveittoOrganizationalSecurity.
• Considerrelabelingthiscategory.Isthethemehere‘user’or‘humanfactors’security?Ifso,considerusingoneoftheselabelstoclarifythemeaningof‘usable’security.
• Manyoftheideasincludedinthiscategoryaretightlycoupledwithpractice.ThiscontentmaybemisclassifiedasaCoreIdea.
OrganizationalSecurity
• Thetopicsincludedinthiscategoryareimportantbutreconsiderwhetherornottheyhavethesamelevelofimportanceastheothercategories.
• Riskmanagementisacriticaltopicbuttheothercontentincludedinthiscategorymaynotbeasimportant.Forexample,iseconomicsimportanttoincludehere.
• Critical,butmissing,topicsincluderesilienceandphysicalsecurity.Thesetopicsshouldbeadded.
SocietalSecurity
• Thetopicsincludedinthiscategoryareimportantbutreconsiderwhetherornottheyhavethesamelevelofimportanceastheothercategories.Privacyistheonlyexceptiontothiscomment.
• Thecategoryisextremelybroad.Identifythespecifictopicstobeincludedhere.
FocusAreas
FocusAreasaredefinedasdifferentprofessionalpracticecontexts.SurveyrespondentswereaskedtoreviewtheFocusAreaslistedbelowand(A)indicateifeachlistedFocusAreashouldbeincludedinthecurricularvolume;(B)suggestanychangestothedefinitionoftheFocusAreaandrecommendtheadditionofFocusAreasnotcurrentlyincluded.
![Page 9: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/9.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
9
FocusAreas:
1. SecurityandRiskManagement[Includes:Security,Risk,Compliance,Law,Regulations,andBusinessContinuity]
2. CommunicationandNetworkSecurity[Includes:DesigningandProtectingNetworkSecurity]
3. IdentityandAccessManagement[Includes:ControllingAccessandManagingIdentity]
4. SecurityAssessmentandTesting[Includes:Designing,Performing,andAnalyzingSecurityTesting]
5. AssetSecurity[Includes:ProtectingSecurityofAssets]
6. SecurityEngineering[Includes:EngineeringandManagementofSecurity]
7. SecurityOperations[Includes:FoundationalConcepts,Investigations,IncidentManagement,andDisasterRecovery]
8. SoftwareDevelopmentSecurity[Includes:Understanding,Applying,andEnforcingSoftwareSecurity]
(A)PercentageofrespondentsaffirmingFocusArea
0%20%40%60%80%
100%93% 94% 91% 92%
71% 75%91% 88%
RespondentsAffirmingFocusArea
![Page 10: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/10.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
10
(B)SummaryCommentsontheFocusAreas
SurveyrespondentsmadeseveralrecommendationsregardingthelistofFocusAreas.TherecommendationssummarizedbelowreflectthethemesforeachFocusArea.
SecurityandRiskManagement
• Changethelabelofthiscategoryto“Governance,Risk,andCompliance”inordertohighlighttheimportanceofeachofthesetopics.
• Reconsidertheinclusionofbusinesscontinuity.Whileitisanimportanttopic,isitappropriatelycategorizedhere?
• Addaudittothiscategory.
CommunicationandNetworkSecurity
• ThecontentofthisFocusAreashouldbereclassifiedasaCoreIdea.• Clarifythedefinitionofthecategoryandmorepreciselydescribethecontent.
IdentityandAccessManagement
• ThecontentofthisFocusAreaisimportant,butmaybetoonarrowlydefinedtostandasaseparatecategory.
SecurityAssessmentandTesting
• Thiscategoryshouldincludecertificationandaudit.• Whileimportanttopics,thiscategoryistoonarrowandshouldbecombinedwith
anotherfocusarea.
AssetSecurity
• Clarifythedefinitionofassets(e.g.digital/physical/information)inthiscategory.• Whileimportanttopics,thiscategoryistoonarrowandshouldbecombinedwith
anotherfocusarea.
SecurityEngineering
• Clarifythedefinitionofsecurityengineeringasafocusarea.• Excludemanagementfromthiscategory.
SecurityOperations
• Clarifythefoundationconceptstobeincludedinthiscategory.• Respondentsaffirmedtheimportanceofthiscontentwithinthiscategorybut
wereconflictedaboutwhetherthecategorywastoobroadlyortoonarrowlydefined.
SoftwareDevelopmentSecurity
• Clarifyhowthiscategorydiffersfromsecurityengineeringandfromsecurityoperations.Shouldthecategoriesbecombined?
![Page 11: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/11.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
11
OtherComments
• Additionaltopicstoinclude:incidentmanagement,ethics,socialengineering,physicalsecurity,andpolicy.
• Howweretheseareasdetermined?ConsiderusingtheNISTFrameworkandleveragingthecategories:Identify,Protect,Detect,Respond,andRecover.
• Severaloverlappingareasofmanagementshouldbeincluded.
Practice
PracticesarethecombinationofknowledgeandskillsthatculminateintoprofessionalcompetencywhenconnectedwithaparticularFocusArea.Surveyrespondentswereaskedtoconsiderthelistofreferencesbelowand(A)indicateifthepracticesderivedfromthosesourcesshouldbeincludedinthecybersecuritycurricularvolume;and(B)suggestanyadditionalsourcestoinclude.
Practice:
• NationalCybersecurityWorkforceframework–NICE
• NSACenterofAcademicExcellence,KnowledgeUnits-NSAKU
• (ISC)2CertifiedInformationSystemsSecurityProfessional–CISSP
• ACMComputerScienceCurricula2013-CS2013
• ACM/IEEEInformationTechnologyCurriculum2017-IT2017
• SkillsFrameworkfortheInformationAge–SFIA
• InstituteforInformationSecurityProfessionalsFramework2.0-IISP2.0
![Page 12: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/12.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
12
(A)PercentageofrespondentsaffirmingPracticeReference
(B)SummaryCommentsonPracticeReferences
• Donotleantoheavilyonanyofthesereferences.Therelativequalityandvalueofvariousreferenceswasmixedandmanyrespondentsnotedthatrelevancewilldependontheaudience.
• ThereferencesareheavilyUS-centric.Addadditionalglobalreferencepoints.
• Articulatehowtheinclusionofthesepracticereferencesalignswiththepurposeofthecurricularvolume.Thereferenceshavemanyoverlappingconceptsandtheinclusionofmultipleframeworkswillbeconfusing.Asignificantcontributionofthisvolumewouldbetoprovideaguidetooverlappingpracticesinthese,andotherframeworks.
• Cautiouslydistinguishbetweeneducationandtraining–developingskillsversusunderstandingconcepts.
• Academicinstitutionsofvaryingtypescontinuetostruggleintheprocessofmappingtheircurriculatoanyofthesereferences.Guidanceonthisprocesswouldbevaluabletotheaudienceofthiscurricularvolume–notinghowever,thatthevalueofeachreferenceisdependentuponthespecificaudience.
Cross-CuttingConcepts
Cross-CuttingConceptsbridgecoreideas,practicesandfocusareas.SurveyrespondentswereaskedtoreviewtheCross-CuttingConceptslistedbelowand(A)indicateifeach
0%10%20%30%40%50%60%70%80%90%
NICE CAEKUs CISSP ACMCS2013
ACMIT2017
SFIA IISP
85% 81%76%
68%75%
41%
61%
RespondentsAffirmingPracOceReference
![Page 13: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/13.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
13
listedCross-CuttingConceptsshouldbeincludedinthecurricularvolume;(B)suggestanychangestothedefinitionoftheCross-CuttingConceptsandrecommendtheadditionofCross-CuttingConceptsnotcurrentlyincluded.
Cross-CuttingConcepts:
1. AdversarialThinking
2. Risk
3. Confidentiality
4. Integrity
5. Availability
6. Accesscontrol
(A)PercentageofrespondentsaffirmingCross-CuttingConcept
(B)SummaryCommentsonCross-CuttingConcepts
SurveyrespondentsmadeseveralrecommendationsregardingthelistofCross-CuttingConcepts.TherecommendationssummarizedbelowreflectthethemesforeachCross-CuttingConcepts.
84%86%88%90%92%94%96%
89%
95%92% 92%
89% 88%
RespondentsAffirmingCross-CuYngConcepts
![Page 14: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/14.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
14
AdversarialThinking
• Clarifythedefinitionofadversarialthinking.Basedonthedefinition,thisconceptcouldbefoundationaloritcouldbemoreorientedtowardattacker/offensivethinking.
Risk
• Clarifythedefinitionofrisk.IsthisconceptrelatedtoITmanagementorconsideredmorebroadlywithabusiness/organizationalfocus?
Confidentiality
• Theconceptislistedascross-cuttingandasaCoreIdea.Clarifythedistinctionandthedefinitionoftheterm.
Integrity
• Theconceptislistedascross-cuttingandasaCoreIdea.Clarifythedistinctionandthedefinitionoftheterm.
Availability
• Theconceptislistedascross-cuttingandasaCoreIdea.Clarifythedistinctionandthedefinitionoftheterm.
Accesscontrol
• Accesscontrolisnotatthesamelevelofimportanceastheothercross-cuttingconcepts.
• Clarifythedefinitionofaccesscontrol.Isitmorethanamechanismoratechnology?
OverallComments
• Clarifythedefinitionofcross-cuttingconcepts.Whatistheunderlyingprinciplethatguidesthecontentofthissection?Istheintenttoprovidefoundationalknowledgeorcross-cuttingideas?Rethinktheleveloftheconceptsandthebreadthoftopicsincludedinthecategory.
• Consideraddingethics,privacy,non-repudiationandhuman-factors/people-orientedideas.
SummaryCommentsontheThoughtModel
Generalfeedbackonthethoughtmodelprovidedadditionalinsightforthedevelopmentprocess.Summarycommentsinclude:
• Clarifytheintendedaudienceofthecurricularvolume.• Clarifythedefinitionsanddistinguishbetweentheelements.• Provideadditionalinformationonthecontentofeachofthecategories.
![Page 15: ACM Joint Task Force to Develop Global Cybersecurity ... · model. Stakeholders were invited to participate in the survey through direct invitations, announcements in public educational](https://reader034.vdocument.in/reader034/viewer/2022042306/5ed273a7af24ad2040748500/html5/thumbnails/15.jpg)
Report:ACMJointTaskForceSurveytoDevelopGlobalCybersecurityCurricularGuidelines http://csec2017.org October2016
15
• Simplifythemodel.• Providealogicalplacementforemergingtopics.
Thisreportprovidesanoverviewofthefeedbackreceivedfromthestakeholdersurveyonthedevelopmentofthefirstsetofglobalcybersecuritycurricularguidelines.TheJointTaskForcecontinuestoreviewandincorporatethedetailedfeedbackintothedevelopmentprocess.
ThefirstdraftoftheCybersecurityCurricularVolumewillbereleasedtothepublicinlate2016.Communityengagementopportunitieswillbecontinuouslyupdatedonthecsec2017.orgwebsiteandcommunitymembersarewelcometoprovidespecificfeedbacktotheJTFviathatwebsiteatanytime.
TheJointTaskForcewillholdaSpecialSessionattheACMSIGCSEMeeting,March8-11,2017inSeattle,WashingtonUSAtodiscussthedraftdocument.Detailsonthespecifictimeandlocationofthespecialsessionareforthcoming.Pleaseplantoattend.