The Department of Homeland Security (DHS) recently released the draft “IT Security Essential Body of Knowledge (EBK)” for public comment and feedback.
This 45-page document outlines the skill sets the groups working with the DHS have determined as being necessary for different information security topics. Many information security folks asked why another information security EBK was necessary when there was already the CISSP Common Body of Knowledge (CBK).
Well, the most apparent reason is that this is a government initiative as opposed to a private industry initiative, and they want to include a few things that are missing from within the CBK.
And, it is likely the final DHS EBK will weigh heavily in U.S. federal data protection law compliance. If you are a company doing business in the U.S. you should review what the DHS EBK draft says to see how feasible their information security framework is with regard to how you could meet compliance with it within your organization and industry.
Don’t wait until after the DHS EBK is finalized to complain about the details…give your constructive input now to try and help make it a reasonable, effective document!
Many of us participating in the Security Catalyst Community (SCC) are banding together to review and comment on the contents of the document. So far the list includes:
Rich Mogull, Ron Woerner, Andrew Hay, Don Weber, Michael Santarcangelo, Andy Willingham, David Mortman, Brett Lewis, Martin McKeay, and Landon Lewis.
One of the resources we have been using is ScribbleWiki.
If you want to join our group response effort, or are too shy to submit your comments to the DHS alone, you can join us in our efforts by providing your input at the Security Catalyst Community’s DHS IT Security EBK Response page.
Whether you want to review and comment alone are as a group, it is important for you to know the comments for the document are due by *December 7, 2007*!
Don’t wait until after the document is finalized to provide constructive criticism, or even belly-aching.
Let your voice be heard now, and if you think the final document did not address your expressed concerns, you will be well justified in continuing to give constructive criticism and belly-aching after the fact!
Tags: awareness and training, CBK, CISSP, DHS EBK, Information Security, IT compliance, IT security, IT security Essential Body of Knowledge, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training