The original Theoretical and Practical Knowledge Base (TPKB) document
for the ISSPCS programme was a developmental resource used by the
ISSPCS development team to create the "ISSPCS Reference Guides"
(Available from
http://www.isspcs.org/resources/). Although no updates are
planned for this document at this time, the essence of this document
is described below and will remain the basis upon which applicants
for the certification will be assessed. It is important to note that
the following concepts will be reviewed regularly due to the nature of
both security and the IT industry.
Approach
The ISSPCS Theoretical and Practical Knowledge Base provides a
life-cycle approach to security within an organisation, covering the
full range of security related activities from strategic security
management to security administration. The unique element of the
ISSPCS TPKB is that it does not examine security issues in isolation.
The ISSPCS TPKB examines Security Processes in relation to
specific fields of application, called Functional Disciplines.
Security Processes
A Security Process represents a core area of knowledge, upon which
larger concepts are developed and security implementations are created.
Eight Security Processes have been identified:
- Strategic Security Management
- Compliance (Standards/Legal)
- Asset Identification, Classification and Valuation
- Security Risk Analysis and Assessment
- Security Risk Treatment (Management of the Risk)
- Operational Security Management
- Security Operations: Normal Conditions
- Security Operations: Abnormal Conditions
Functional Disciplines
Functional Disciplines represent realistic applications of knowledge
in a specific situation or circumstance.
Six Functional Disciplines have been identified:
- Fundamental Theory
- Environmental and Infrastructure Security
- Systems Security
- Communications and Network Security
- Physical Security
- Personnel Security
Modules
A Module is a Key Theoretical and Practical Knowledge Base Area and
results when a Security Layer intersects with a Functional Discipline
in the ISSPCS Subject Matrix to produce a specific, real-world
application of security knowledge.
This is demonstrated in the ISSPCS Subject Matrix below. The Subject
Matrix shows the applicant the TPKB Areas that can be covered in an
ISSPCS certification process.
|
|
|
|
|
1.
Strategic
Security
Manage-
ment
|
2.
Compli-
ance
(Standards
/Legal)
|
3.
Asset
Identif-
ication,
Classif-
ication &
Valuation
|
4.
Security
Risk
Analysis &
Assess-
ment
|
5.
Security
Risk
Treat-
ment
|
6.
Operational
Security
Manage-
ment
|
7.
Security
Mechan-
isms:
Normal
Operations
|
8.
Security
Mechan-
isms:
Abnormal
Operations
|
|
 |
A.
Fundamental Theory |
1A |
2A |
3A |
4A |
5A |
6A |
7A |
8A |
|
B.
Environmental &
Infrastructure
Security |
1B |
2B |
3B |
4B |
5B |
6B |
7B |
8B |
|
C.
Systems
Security |
1C |
2C |
3C |
4C |
5C |
6C |
7C |
8C |
|
D.
Communications
& Network
Security |
1D |
2D |
3D |
4D |
5D |
6D |
7D |
8D |
|
E.
Physical
Security |
1E |
2E |
3E |
4E |
5E |
6E |
7E |
8E |
|
F.
Personnel
Security |
1F |
2F |
3F |
4F |
5F |
6F |
7F |
8F |
|
|
|
|
|
|
|
|
|
|
|
|
Diagram 1: The ISSPCS Subject Matrix
For example, under the ISSPCS programme, it is possible to study
"Communications and Network Security" under the Process Areas of
"Strategic Security Management", "Compliance", "Asset Identification,
Classification and Valuation", "Security Risk Analysis & Assessment",
"Security Risk Treatment", "Security Mechanisms: Normal Operations",
"Security Mechanisms: Abnormal Operations", and "Operational Security
Management". Each Process Area contains specific knowledge concerning
the application of a Functional Discipline to that Process.
::
