Blog post

CyBOK - release of the first Knowledge Areas

Created:  25 Apr 2018
Updated:  25 Apr 2018
Author:  Chris E
CyBOK Knowledge Areas cluster diagram

Work on the new Cyber Security Body of Knowledge is starting to gather pace. Last time I blogged the project was just kicking off and since then the team has run a consultation to define the scope (Scope Document v2) and are starting to develop the individual Knowledge Areas (KAs).

Just to recap, the consultation identified 19 Knowledge Areas (KAs) organised into five broad groupings, as shown in the diagram.

The approach has already proved extremely helpful, such as in the forthcoming DCMS consultation on developing the cyber security profession. It enables us to finally answer the question, “So what do you mean by cyber security?” This also helps us to illustrate the breadth and complexity of this area.

So, what’s next?

The team of academics (led by Professor Awais Rashid of Bristol University) has been working hard to develop the first KAs for public consultation. The plan is to release each KA as it becomes available to ensure we maintain pace and enable people to make use of them as soon as possible – and we are already seeing a demand, which is great. It’s probably worth saying that for each KA there will be a formal review process with an expert review panel and following this the resulting draft will be will be released for public review. The plan is to release KAs throughout the next 18 months with the full CyBOK being available in 2019.

I’m really pleased to be able to say that the first two knowledge areas, Cryptography and Software Security, are now available. Consultation on these first Knowledge Areas will be open until 25 May 2018 inclusive - please have a read and send the team your views.

This is a world-leading project (as noted by many of the international experts the team has engaged) and if you want to follow progress or get involved, you can email the CyBOK team ( or keep an eye on the CyBOK website and Twitter feed.

How will the NCSC promote uptake and use of the CyBOK?

We will soon begin work to start promoting the uptake and use of the CyBOK. Initially, we are going to use our existing activities such as: certified degrees, CyberFirst and certified training. We will be supporting this with wider consultation amongst academia, government and industry; as I said in my first blog, Building the Cyber Security Body of Knowledge, it is expected that the CyBOK will enable the UK to focus learning pathways, professional development and careers information for cyber security. We will also be looking to others outside NCSC to help promote and embed this work, so we’re open to suggestions.

How can you get involved?

Please keep your eyes peeled on the CyBOK website for further updates and opportunities to engage. We will also be flagging these opportunities through the NCSC website and Twitter. If there is anything else you’d like to know about the project, we encourage you to get in touch or contact the academic team via

Chris Ensor
Deputy Director Cyber Skills and Growth

1 comment

NCSC Communications Team - 02 Aug 2018
This blog is now closed to comments.

Was this blog post helpful?

We need your feedback to improve this content.

Yes No