Breaking Out the Cybersecurity Workforce Framework

Similar documents
National Initiative for Cybersecurity Education

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Shaping the Future of Cybersecurity Education

CYBERSECURITY: Scholarship and Job Opportunities

THE NATIONAL CYBERSECURITY WORKFORCE FRAMEWORK INTERACTIVE HOW-TO AND IMPLEMENTATION GUIDE

Which Side Are You On?

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

Secure Systems Administration and Engineering

Opening Doors to Cyber and Homeland Security Careers

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Global ICT Capacity Building Symposium 2018 Developing Skills for the Digital Economy and Society. Mr. Phillip Stoner, Director, Cyber Solutions Group

Cyber Semantic Landscape Ontology and Taxonomy

UTCS Scholarships for Service

NCSF Foundation Certification

Blending Information Systems Security and Forensics Curricula

CALIFORNIA CYBERSECURITY TASK FORCE

PARALEGAL CERTIFICATIONS. National Professional Standard for Paralegals

PARALEGAL CERTIFICATIONS. National Professional Standard for Paralegals

The fast track to top skills and top jobs in cyber. Guaranteed.

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

NSA s Centers of Academic Excellence in Cyber Security

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Tina Ladabouche. GenCyber Program Manager

Cyber Security School

Learning Objectives. NCTRC Specialty Certification ATRA Academy Webinar Series F: A Comprehensive Overview of the CTRS Certification Process

Developing the Next Generation Cyber Army VINCENT NESTLER, PH. D., CALIFORNIA STATE UNIVERSITY, SAN BERNARDINO

Cybersecurity Risk Management:

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Developing Career-Relevant Academic Programs

Cybersecurity Education for Enterprise Cloud Services

Implementing the EMS Education Agenda for the Future: A Systems Approach. A Priority for the NASEMSO

CYBER APPRENTICESHIP. Dr. Leigh Armistead, President

Media Kit. California Cybersecurity Institute

Overview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET

securely provision analyze

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

Health Education Community Health Education

Executive Summary and Overview

Forensics and Active Protection

Barbara Ciaramitaro, lead professor of IT and cyber security at Walsh College in Troy

NAM-Endorsed Skills Certification System

CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

Building new cybersecurity pipelines. NICE Conference 2017 November 8, Strengthening Cyber Workforce Development sans.

Rethinking Cybersecurity from the Inside Out

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Building the Cybersecurity Workforce. November 2017

Department of Defense MANUAL

What Makes PMI Certifications Stand Apart?

NCSF Foundation Certification

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS

SOUTH DAKOTA BOARD OF REGENTS. Budget and Finance ******************************************************************************

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Aligning Academic Supply and Industry Demand

NCSF-CFM Practitioner Syllabus

- Cyber threat information: information directly pertaining to,

Cyber Security Program

CITY OF MONTEBELLO SYSTEMS MANAGER

Researching New Ways to Build a Cybersecurity Workforce

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Computer Information Science xxx

The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS

STRATEGIC PLAN. USF Emergency Management

Hands-On CompTIA A+ Essentials / Practical Application Certification

CAEP EPP Assessment Audit Template

Certifying the Computer Security Professional Using the Project Management Institute's PMP Model

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Digital Forensics. Graduate Certificate

Academic Program Review Cyber Security College of Southern Nevada 2017

Security in Today s Insecure World for SecureTokyo

DoD SPēD Certification Program 21 July 2016

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Personnel Certification

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

SABSA. Title / definition. Type. Owner. Brief history and description SHERWOOD APPLIED BUSINESS SECURITY ARCHITECTURE (SABSA )

-Eight types of cyber data, (Sec. 708(7))

WINNING THE WAR FOR CYBER TALENT

Meeting the Cyber Security Workforce Demand By Drew Hamilton Mississippi State University

GRADUATE CERTIFICATE IN INFORMATION SECURITY MANAGEMENT

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

U.S. Department of Homeland Security Office of Cybersecurity & Communications

HOUSTON FORENSIC SCIENCE CENTER

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

CYBER APPRENTICESHIP. Dr Leigh Armistead, President

Strengthening Cybersecurity Workforce Development December 2017

STATE OF NORTH CAROLINA

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

IS305 Managing Risk in Information Systems [Onsite and Online]

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

Transcription:

Breaking Out the Cybersecurity Workforce Framework Ray Trygstad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education

The Framework: What Is It? NICE Cybersecurity Workforce Framework (NCWF) NIST Special Publication 800-181 (draft) A national resource that categorizes and describes cybersecurity work Began as Federal effort and expanded beyond in 2010

The Framework: What Is It? The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides A common definition of cybersecurity A comprehensive list of cybersecurity tasks The knowledge, skills, and abilities required to perform those tasks

The Framework: What Is It? By using the Framework: Educators can create programs aligned to jobs Students will graduate with knowledge and skills employers need Employers can recruit from a larger pool of more qualified candidates Employees will have portable skills and better defined career paths and opportunities Policy makers can set standards to promote workforce professionalization

The Framework: Structure Seven Categories High-level grouping of common cybersecurity functions Thirty-Three Specialty Areas Distinct areas of cybersecurity work Fifty-Two Work Roles Most detailed groupings comprised of specific knowledge, skills, and abilities required to perform specific tasks in a work role

The Framework: Categories Operate and Maintain Securely Provision Oversee and Govern Protect and Defend Analyze Collect and Operate Investigate

The Framework: Categories Securely Provision (SP) Conceptualize, design and build secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development Operate and Maintain (OM) Provide support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security

The Framework: Categories Oversee and Govern (OV) Provide leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work Protect and Defend (PR) Identify, analyze, and mitigate threats to internal information technology (IT) systems and/or networks

The Framework: Categories Analyze (AN) Perform highly specialized review and evaluation of incoming cybersecurity information to determine usefulness for intelligence Collect and Operate (CO) Provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence

The Framework: Categories Investigate (IN) Investigate cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence

Area/Work Role Relationships

Tied to and works with

The Framework: Work Roles Comprised of tasks with associated knowledge, skills, and abilities Tasks drawn from list of 928 tasks Knowledge drawn from list of 614 items Skills drawn from 359 items Specific abilities drawn from list of 119 items Several work roles may be included in a single position

The Framework: Tasks

The Framework: Knowledge

The Framework: Skills

The Framework: Abilities

The Framework: Work Roles

Breaking Out the Work Roles Not currently in usable state Probably need additional information OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas) Job titles associate with this work role Expand codes into actual paragraphs Expanded work roles we have titled Work Role Details

Uses of Expanded Work Roles Consistent position/job descriptions Support HR for staffing the cybersecurity function in the organization Mapping against NIST Cybersecurity Framework implementation will allow determination of proper staffing levels Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities

Uses of Expanded Work Roles Curricular design to allow educational preparation for specific work roles Cross map to Knowledge Units in NSA/ DHS Centers of Academic Excellence Cross map to ACM/IEEE-CS model curricula in IT and Cybersecurity as well as ABET Accreditation Standards Cross-check against course design & course objectives/outcomes

Uses of Expanded Work Roles Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply

Flaws in the Draft Good thing it s a draft! Wanted to create Work Role Details for disaster recovery/business continuity No work roles defined in the Framework Hundreds of job titles in this field Lists of Tasks, Knowledge, Skills, & Abilities not in any order Additions just get tacked on the end

Directions from here Review & Comment period for the Framework ended in January 2017 First official version will be published this spring Get it use it it s free and it s in the public domain so you can adapt it any way you want

Key Bibliography Items National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11 Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/day1_1430-1530hrs,dodcyberspaceworkforceframeworkoverview.pdf

The End Questions? Thank you! Ray Trygstad trygstad@iit.edu http://trygstad.rice.iit.edu/ 630-447-9009

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback