SARMA Common Knowledge Base Project:About

From SARMA Common Knowledge Base Project

During the 2007 SARMA Conference, there was consensus among the attendees that, while we cannot currently call ourselves a profession, must strive towards this goal. One of the ways we can do this is to create a common base of knowledge that is documented, generally agreed upon and available to be taught to others. The SARMA Common Knowledge Base (CKB) Program is intended to address these issues.

As discussed at the Conference, the initial focus of CKB Program was threefold: 1) establishing the common lexicon for security risk analysis; 2) documenting the efforts of the profession to date; and, 3) developing badly needed standardized approaches to key security risk analysis issues. Five specific projects have been formally initiated:

• The Common Lexicon Project will focus on developing a broad-based, consensus solution to the "language barrier".

• The Encyclopedia of Security Analysis Methods Project will capture the current state of the profession in a virtual encyclopedia.

• The Generally Accepted Risk Assessment Principles Project, or GARAP, will identify and promulgation generally accepted principles to bring rigor and standardization to the process of assessing security risks.

Building on the momentum from the Conference, a kick-off meeting for the first three projects was held on June 22, 2007. During the kick-off, attendees learned more about the vision for each of the projects and received detailed training in the use of the Wiki software that will be used to support their implementation.

The fourth and fifth additions to the Common Knowledge Base were added in October 2007 in recognition that there remained a need for a central place to document such information. These were:

• The Research and Development in Security Analysis and Risk Management Reference will enable both research needs and ongoing research projects to be listed to facilitate better coordination between researchers and practicioners.

• The Who's Who in Security Analysis Reference will create a directory of individual experts and orgaizations currently working in the field. By also listing their specializations, the Who's Who will facilitate the government's and SARMA's ability to convene more representative panels, working groups and standards bodies from the many niche specialties needed for a more balanced approach.

As professionals add to the Wiki, it will become the most comprehensive collection of security knowledge available in one place. However, there is still much to be done and many needs remain if these projects are to realize their full potential. What this means is that the active participation of the broadest possible cross-section of the SARMA membership and security professionals is needed. Therefore, we encourage you to consider becoming involved. This can take many forms - becoming a member of one of the project teams, providing input as a practitioner, recruiting new members to broaden the diversity of the organization and its knowledge base… all are important and welcome contributions.