Project News

On October 13, 2020, AIS held a study session on SecBoK, which is being used in the project. The SecBoK (Security Body of Knowledge), created by the NPO Japan Network Security Association (JNSA), is a systematic list of roles, tasks, and required skills of personnel involved in security operations. The SecBoK was also referred to the framework created by the U.S. National Institute of Standards and Technology (NIST).

From the Vietnamese side, in addition to the AIS staff, three members from Viet Nam Information Security Association (VNISA) attended the study session.

Currently, AIS is working on defining the role of security operations in government agencies and setting the necessary qualifications to work in security operations. Since the Vietnamese side recognizes the following challenges, the purpose of this study session was to share the knowledge that Japan has and to learn from it.

• The role of security operations is for the government and is not in a format that can be applied to private companies.
• Viet Nam does not have a list of roles, tasks, skills, etc. like NIST or SecBoK, or documents that show the relationship between them.

Unlike in Japan, having a certification is a prerequisite for working in the security field. Also, since it is common for one person to have multiple roles in Viet Nam, both in the government and the private sector (especially in small banks, etc.), they are considering creating a standard to systematically train new staff in such cases.

In the study session, we explained the history of SecBoK and its use based on public information by the NPO Japan Network Security Association (JNSA), the developer of SecBoK. We also explained the relationship between SecBoK and the IT certification and IT skills standards (ITSS) provided by the Information-technology Promotion Agency (IPA) in Japan. After that, we introduced how to apply SecBoK to the JICA cybersecurity projects in Indonesia and Viet Nam.

In Japan, educational institutions and other organizations often refer to it when creating their curriculum. In addition, CompTIA, one of the organizations that offer international certifications, has mapped its own training to the SecBoK.

In the project, when creating the Career Development Plan (CDP), a training plan for AIS employees, the project team assigns each employee a security work role defined in the SecBoK.

Through this study session, the following comments were obtained from AIS and VNISA.

• Vietnamese side could learn a lot from the Japanese case study.
• SecBoK is a useful framework that can be applied not only to governments but also to private companies.
• Japan has spent more than 10 years creating various security frameworks, leading to SecBoK. However, it will take a long time for Viet Nam to create such a framework, as it still needs to be updated.
• Vietnamese side would like to create a curriculum and qualifications related to security in Vietnamese universities, and they are very interested in the technical cooperation project being conducted in Indonesia.

In the future, AIS and VNISA will continue to work together to define the roles and create a Vietnamese version of the SecBoK. In the project, we will accumulate know-how through the preparation and review of CDP (Career Development Plan) and provide information and study sessions to AIS and VNISA as necessary, as a material for consideration in Vietnam.