Software Engineering Institute

The CERT Incident Management Body of Knowledge (CIMBOK) was built using a systematic process that starts with a controlled vocabulary and evolves through taxonomies, static ontologies, dynamic ontologies, intentional ontologies, and metamodels. The CIMBOK builds on 10 previous standards for incident management. This paper describes the components of the CIMBOK and how they were constructed.