National Initiative for Cybersecurity Education

Similar documents
Breaking Out the Cybersecurity Workforce Framework

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

Framework for Improving Critical Infrastructure Cybersecurity

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Shaping the Future of Cybersecurity Education

NCSF Foundation Certification

Which Side Are You On?

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

Cybersecurity Risk Management:

Cyber Semantic Landscape Ontology and Taxonomy

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

How to Align with the NIST Cybersecurity Framework

Overview of the Cybersecurity Framework

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program

Rethinking Cybersecurity from the Inside Out

NCSF Foundation Certification

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

The NIST Cybersecurity Framework

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Updates to the NIST Cybersecurity Framework

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

CISO as Change Agent: Getting to Yes

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Cybersecurity & Privacy Enhancements

State of South Carolina Interim Security Assessment

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

BCM Program Development

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

POSITION DESCRIPTION

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Global ICT Capacity Building Symposium 2018 Developing Skills for the Digital Economy and Society. Mr. Phillip Stoner, Director, Cyber Solutions Group

Cybersecurity for Health Care Providers

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

DEFENSE LOGISTICS AGENCY

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Cybersecurity Job Seekers

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

October 30, 2015 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

NERC Staff Organization Chart Budget 2019

FISMA Cybersecurity Performance Metrics and Scoring

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

National Cybersecurity Center of Excellence

NERC Staff Organization Chart Budget 2019

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

The Department of Homeland Security, National Protection. and Programs Directorate, National Initiative for

T&E Workforce Development

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

K12 Cybersecurity Roadmap

WINNING THE WAR FOR CYBER TALENT

Why you should adopt the NIST Cybersecurity Framework

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

NCSF Practitioner Certification

Moderator: Presenters: Ross Albert Damon D Levine

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Aboriginal Affairs and Northern Development Canada. Internal Audit Report Summary. Audit of Information Technology Security.

THE NATIONAL CYBERSECURITY WORKFORCE FRAMEWORK INTERACTIVE HOW-TO AND IMPLEMENTATION GUIDE

NERC Staff Organization Chart Budget 2018

Executive Summary and Overview

Security and Privacy Governance Program Guidelines

Incident Response Table Tops

NW NATURAL CYBER SECURITY 2016.JUNE.16

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cyberbit Range. A Global Success Story by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary

Intelligent Building and Cybersecurity 2016

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Framework for Improving Critical Infrastructure Cybersecurity

Understanding Cybersecurity Talent Needs Findings From Surveys of Business Executives and College Presidents

Implementing Executive Order and Presidential Policy Directive 21

Cyber Security & Homeland Security:

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

IT Specialist Program Format 5, page

Information Security Continuous Monitoring (ISCM) Program Evaluation

Using Metrics to Gain Management Support for Cyber Security Initiatives

Designing and Building a Cybersecurity Program

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

You will choose to study units from one of four specialist pathways depending on the career you wish to pursue. The four pathways are:

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Framework for Improving Critical Infrastructure Cybersecurity

Transcription:

National Initiative for Cybersecurity Education NIST Special Publication, 800-181 NICE Cybersecurity Workforce Framework Douglas Rausch Cybersecurity Program Director, Bellevue University Lead Skills-based Training & Performance-based Certification and Range sub-group

A Little History Version 1.0 (an interactive pdf and website) posted April 2013 Version 2.0 (a spreadsheet) posted May 2014 Draft NIST SP 800-181 posted Nov 2016, comments were taken through Jan 6, 2017

Drafting Team NICE Program Office Cyber Workforce Division in the Office of the Deputy DoD Chief Information Officer Cybersecurity Cybersecurity Education and Awareness Branch, Stakeholder Engagement and Cyber Infrastructure Resilience Division, Department of Homeland Security OPM (and a cast of thousands, or at least hundreds/tens)

NIST NICE Framework Version 3.0

The publication Organizes cybersecurity work into seven high level categories and over 50 Work Roles within those seven Categories NEW: Offers a superset of Tasks for each Work Role NEW: Offers a superset list of Knowledge, Skills, and Abilities (KSAs) for each work role

Categories A high-level grouping of common cybersecurity functions

Specialty Areas Specialty Areas are groupings of cybersecurity work 31 Specialty Areas callout out in NCWF version 1.0 and 32 in NCWF version 2.0, 35 in version 3.0 Each specialty area represents an area of concentrated work, or function, within cybersecurity Previous versions of the NCWF provided broader and less defined Tasks and Knowledge, Skills and Abilities (KSAs) SP 800-181 connects Tasks and KSAs with the Work Roles

Specialty Areas

Work Roles Work Roles are the most detailed grouping of IT, cybersecurity, or cyber related work Roles include lists of KSAs that are required to perform a set of functions or tasks Work being performed is described by selecting one or more Work Roles relevant to that job or position Work Roles aid in the organization and communication about cybersecurity responsibilities

Work Roles

Tasks - KSAs Every Work Role requires an individual to perform certain duties, or Tasks which are the type of work that could be assigned Knowledge, Skills, and Abilities (KSAs) are the attributes required to perform a job SP 800-181 associates KSAs with Work Roles to clearly define the qualifying experience or capabilities needed to successfully perform the tasks

Tasks 359 Tasks in SP 800-181

KSAs Knowledge, Skills, and Abilities (KSAs) are the attributes required to perform a job and are generally demonstrated through relevant experience, education, or training. The NCWF associates KSAs with Work Roles to clearly define the qualifying experience or capabilities needed to successfully perform the tasks or functions associated with a given Role.

Knowledge 614 Knowledge elements

Skills 359 Skills

Abilities 119 Abilities

Relationships

Work Role Detail Listing

Workforce Mapping Efforts Cybersecurity Framework Employer/Employee Academic Institutions Certification Providers

Cybersecurity Framework Released in 2014, the Cybersecurity Framework was developed in response to Executive Order 13636, provides a performance-based and cost-effective approach to help organizations identify, assess, and manage cybersecurity risk Identify (ID) Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities Protect (PR) Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services Detect (DE) Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event Respond (RS) Develop and implement the appropriate activities to take action regarding a detected cybersecurity event Recover (RC) Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event

NCWF to CSF

Cyberseek.org

NSA KU s to NICE KSA s

Mapping to Vendor Certifications (notional)

Questions

Purpose and Applicability Provides organizations with a common, consistent lexicon that categorizes and describes cybersecurity work useful to educators, employers, and employees Improves communication among organizations to help identify, recruit, and develop cyber talent Enables employers to standardize professional development, certifications, and training Facilitates a more consistent, comparable, and repeatable approach to select and specify cybersecurity work roles for positions within organizations Provides a stable yet flexible catalog of tasks, knowledge skills and abilities for each cybersecurity work role to meet both the current and future needs Enables academic institutions to align curricula to the Workforce Framework and teach the knowledge necessary for students to effectively join the workforce

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback