Embed Size (px)
Citation preview
Breaking Out the Cybersecurity Workforce Framework
Ray TrygstadIndustry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education
The Framework: What Is It?
• NICE Cybersecurity Workforce Framework (NCWF)– NIST Special Publication 800-181 (draft)
• A national resource that categorizes and describes cybersecurity work
• Began as Federal effort and expanded beyond in 2010
The Framework: What Is It?
• The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides– A common definition of cybersecurity– A comprehensive list of cybersecurity tasks– The knowledge, skills, and abilities
required to perform those tasks
The Framework: What Is It?
• By using the Framework:– Educators can create programs aligned to jobs– Students will graduate with knowledge and
skills employers need– Employers can recruit from a larger pool of
more qualified candidates– Employees will have portable skills and better
defined career paths and opportunities
– Policy makers can set standards to promote workforce professionalization
The Framework: Structure
• Seven Categories – High-level grouping of common cybersecurity
functions
• Thirty-Three Specialty Areas– Distinct areas of cybersecurity work
• Fifty-Two Work Roles – Most detailed groupings comprised of specific
knowledge, skills, and abilities required to perform specific tasks in a work role
The Framework: Categories
Operate and
Maintain
Securely Provision
Protectand
Defend
Oversee and
Govern
Analyze Investigate
Collect and
Operate
The Framework: Categories
• Securely Provision (SP)– Conceptualize, design and build secure
information technology (IT) systems, with responsibility for aspects of systems and/or networks development
• Operate and Maintain (OM)– Provide support, administration, and
maintenance necessary to ensure effective and efficient information technology (IT) system performance and security
The Framework: Categories
• Oversee and Govern (OV)– Provide leadership, management,
direction, or development and advocacy so the organization may effectively conduct cybersecurity work
• Protect and Defend (PR)– Identify, analyze, and mitigate threats to
internal information technology (IT) systems and/or networks
The Framework: Categories
• Analyze (AN)– Perform highly specialized review and
evaluation of incoming cybersecurity information to determine usefulness for intelligence
• Collect and Operate (CO)– Provide specialized denial and deception
operations and collection of cybersecurity information that may be used to develop intelligence
The Framework: Categories
• Investigate (IN)– Investigate cybersecurity events or crimes
related to information technology (IT) systems, networks, and digital evidence
Area/Work Role Relationships
Tied to and works with…
The Framework: Work Roles
• Comprised of tasks with associated knowledge, skills, and abilities– Tasks drawn from list of 928 tasks– Knowledge drawn from list of 614 items– Skills drawn from 359 items– Specific abilities drawn from list of 119 items
• Several work roles may be included in a single position
The Framework: Tasks
The Framework: Knowledge
The Framework: Skills
The Framework: Abilities
The Framework: Work Roles
Breaking Out the Work Roles
• Not currently in usable state• Probably need additional information
– OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas)
– Job titles associate with this work role
• Expand codes into actual paragraphs– “Expanded work roles” we have titled
Work Role Details
Uses of Expanded Work Roles
• Consistent position/job descriptions– Support HR for staffing the cybersecurity
function in the organization– Mapping against NIST Cybersecurity
Framework implementation will allow determination of proper staffing levels
– Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities
Uses of Expanded Work Roles
• Curricular design to allow educational preparation for specific work roles– Cross map to Knowledge Units in NSA/
DHS Centers of Academic Excellence– Cross map to ACM/IEEE-CS model
curricula in IT and Cybersecurity as well as ABET Accreditation Standards
– Cross-check against course design & course objectives/outcomes
Uses of Expanded Work Roles
• Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply
Flaws in the Draft
• Good thing it’s a draft!• Wanted to create Work Role Details for
disaster recovery/business continuity– No work roles defined in the Framework– Hundreds of job titles in this field
• Lists of Tasks, Knowledge, Skills, & Abilities not in any order– Additions just get tacked on the end
Directions from here…
• Review & Comment period for the Framework ended in January 2017
• First “official” version will be published this spring
• Get it…use it…it’s free and it’s in the public domain so you can adapt it any way you want
Key Bibliography Items
• National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11
• Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf
• U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework
• U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/Day1_1430-1530hrs,DoDCyberspaceWorkforceFrameworkOverview.pdf
