ABSTRACT
The definition of the field of cybersecurity currently rests in the eye of the beholder. So, there are as many views about appropriate practice as there are interest groups. That is an extremely dangerous state of affairs given cybersecurity's pivotal role in ensuring our national security. As a result, a commonly accepted set of recommendations about the legitimate contents of the body of knowledge is a critical necessity for the profession.
The lack of a reliable and comprehensive definition of the elements of the field of cybersecurity poses a special problem for educators. That is because, logically, it is impossible to create a legitimate cybersecurity teaching process without knowing for sure what to teach. That is the reason why the Association of Computing Machinery/Institute of Electrical and Electronic Engineers/Association for Information Systems/International Federation for Information Processing Technical Committee on Information Security Education (ACM/IEEE/AIS/IFIP) joint recommendations for the contents of the field of cybersecurity are so groundbreaking.
In this chapter, you will learn why a standard definition of the practice of cybersecurity is so important to good practice. You will see how partial protection strategies create exploitable gaps in real-world cyberdefenses. This will help you understand why the teaching of cybersecurity practice has to be comprehensive. You will learn the important role of the professional societies in shaping best practice in any field; particularly the discipline of cybersecurity. Finally, you will get an overview of the general structure and intent of the CSEC2017 project as well as its practical applications.
