Information Security Body of Knowledge
Since 2009, the Association of Information Security Professionals (AiSP) has launched its Information Security Body of Knowledge (IS BOK) 1.0 for information security professionals who wish to build and update their knowledge. Its domains are covered in the NICF – AiSP Qualified Information Security Professional (QISP®) Course.
Development in information security is progressing quickly due to technology advancements. As a ‘live’ atlas for information security professionals with one to five years of working experience in the industry, the current BOK 2.0 has built on the momentum of its predecessor and its 2019 update is made possible by more than 40 voluntary contributors from the academia and industry in Singapore.
The BOK 2.0 presents high-level set of concepts, terms and activities that are of relevance to the information security professional domain in Singapore, as defined by AiSP. BOK 2.0 has taken reference from the current Skills Framework for Infocomm Technology on cybersecurity topics, to ensure BOK’s coverage is appropriate for Singapore’s cybersecurity ecosystem. It covers the following,
- Governance & Management
- Physical Security, Business Continuity & Audit
- Security Architecture and Engineering
- Operation & Infrastructure Security
- Software Security
- Cyber Defence
- Security Operations
- Data Security
- Technology Trends
The actual contents of any body of knowledge for a profession evolves over time. We would only be limiting ourselves and our progress if we believe that there is one standardised or constant body of knowledge to fulfil the aspirations and growth of information security professionals. Given the wide spectrum in information applications in our current world, there is ‘no one BOK to rule them all’ to ensure security for all.
BOK is for the ecosystem, by the ecosystem
As mentioned in Singapore's Cybersecurity Strategy, the Government will work with industry associations such as AISP to introduce and build strong Communities of Practice for cybersecurity professionals in Singapore. This builds a common identity and foster trust within the profession.
Maintaining the BOK for mutual recognition of IS domains across different countries and contextualised application, would help to address the critical need to develop a strong pipeline of professionals in cyber and information security professions in the region. Singapore needs more cybersecurity professionals, and this is evident in other countries.
Having a Body of Knowledge that encompasses the best-of-class knowledge that is espoused by representative IS associations and societies worldwide, will also elevate the standing of our IS professionals who are conversant in these mutually recognised domains.