A CBK for Information Security and Critical Infrastructure Protection

  • Marianthi Theoharidou
  • Eleftheria Stougiannou
  • Dimitris Gritzalis
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 237)


Academic institutions educate future Information Security and Critical Infrastructure Protection (ISCIP) professionals, offering expedient and broad knowledge of the field. As industry often demands higher productivity and stronger specialization, several organizations (academic, governmental, industrial) considered the use of a Common Body of Knowledge (CBK), to serve as a tool that appropriately groups together the essential knowledge of this field. In this paper, we review the content of current ISCIP curricula, we define the necessary skills of an ISCIP Professional – as indicated and suggested by the industry – and form a multidisciplinary CBK of the ISCIP field.


Common Body of Knowledge (CBK) Academic Curriculum Academic Programme Critical Infrastructure Protection 


  1. 1.
    Bishop M., Engle S.: The Software Assurance CBK and University Curricula. 10th Colloquium for Information Systems Security Education. University of Maryland, USA (2006). Available online at: Scholar
  2. 2.
    Cabay M.: Information security education resources for professional development, ver. 11 (2004). Available online at:
  3. 3.
    Crowley E.: Information system security curricula development. In: Brewer J., Mendonca J. (Eds.): Proc. of the 4th Conf. on ITechnology Curriculum. ACM Press, USA (2003).Google Scholar
  4. 4.
    Egan L.: Closing the “Gap” between the university and industry in computer science. ACM SIGCSE Bulletin, Vol. 8, No. 4. ACM Press (1976) 19–25.CrossRefGoogle Scholar
  5. 5.
    Gritzalis D., Theocharidou M., Kalimeri E.: Towards an interdisciplinary information security education model. In: Miloslavskaya N., et al. (Eds.): Proc. of the 4th World Conf. on InfoSec Education (W1SE-4). Moscow (2005) 22–35.Google Scholar
  6. 6.
    Krause M., Tipton F. 2006. Handbook of Information Security Management, CRC Press.Google Scholar
  7. 7.
    Morneau K.: Designing an Information Security Program as a core competency of Network Technologists. In: Proc. of the 5th Conf. on IT Education. ACM Press, USA (2004) 29–32.Google Scholar
  8. 8.
    Redwine S. (Ed.): Secure Software Assurance: A guide to the Common Body of Knowledge to produce, acquire and sustain secure software, US Dept. of Homeland Security (2006).Google Scholar
  9. 9.
    Slay J., Lock P.: Developing an Undergraduate IT Security Stream: Industry Certification and the Development of Graduate Qualities. In: Miloslavskaya N., et al. (Eds.): Proc. of the 4th World Conf. on Information Security Education (WISE-4). Moscow (2005) 57–66.Google Scholar
  10. 10.
    Smith E., Kritzinger E., Oostuizen H., Von Solms S.: Information Security education: Bridging the gap between academic institutions and industry. In: Miloslavskaya N., et al. (Eds.): Proc. of the 4th World Conf. on InfoSec Education (WISE-4). Moscow (2005) 45–55.Google Scholar
  11. 11.
    von Solms S.; Information Security–A Multidimensional Discipline. Computer & Security Vol. 20, No. 20. Elsevier (2001) 504–508.CrossRefGoogle Scholar
  12. 12.
    Wilson M., Hash J.: Building an Information Technology Security Awareness and Training Program. NIST Special Publication 800-50. USA (2003).Google Scholar
  13. 13.
    Cresson-Wood C: Why information security is now multi-disciplinary, multi-departmental, and multi-organizational in nature. Computer Fraud & Security, Elsevier (2004) 16–17.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Marianthi Theoharidou
    • 1
  • Eleftheria Stougiannou
    • 1
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security and Critical Infrastructure Protection Research Group, Dept. of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations