NICE issues cybersecurity workforce framework for public comment

Nov 09, 2011

The National Initiative on Cybersecurity Education (NICE) has published for public comment a draft document that classifies the typical duties and skill requirements of cybersecurity workers. The document is meant to define professional requirements in cybersecurity, much as other professions, such as medicine and law, have done.

NICE is an interagency effort coordinated by the National Institute of Standards and Technology (NIST) and focused on cybersecurity awareness, education, training and professional development. NICE activities include increasing cybersecurity awareness for children and adults of all ages, promoting community college and university-level programs in cybersecurity, and expanding professional training opportunities.

The new document, the NICE Cybersecurity Workforce Framework, was created by the NICE group responsible for creating and maintaining a highly skilled workforce to meet the nation's computer security needs. Over 20 participating agencies contributed to the group's efforts.

"One thing NICE has found is that there has not been a consistent way to define or describe cybersecurity work across the federal workforce," says NICE Lead Ernest McDuffie. Cybersecurity professionals previously have not fit into the standard occupations, job titles, position descriptions and the federal job classification and job grading system managed by the Office of Personnel Management (OPM).

Not having a common language to discuss and understand the work and skill requirements hinders federal employers in setting basic requirements, identifying skill gaps and providing training and professional development opportunities for their workforce. "Other professions have organized their specialties, and now it is time for a common set of definitions for the cybersecurity workforce," said McDuffie.

The NICE Cybersecurity Workforce Framework provides a working taxonomy, or vocabulary, that is designed to fit into any organization's existing occupational structure. The framework is based on information gathered from federal agencies through two years of surveys and workshops by OPM, a major Department of Defense study of the cybersecurity and a study by the Federal CIO Council.

In opening the draft document up for public comment, NICE hopes to refine the framework so that it can be useful in both the public and private sectors to better protect the nation from escalating cybersecurity threats. Authors also want the framework to address emerging work requirements to help ensure the nation has the skills to meet them. The authors are requesting input from all of the nation's cybersecurity stakeholders including academia, professionals, not-for-profit organizations and private industry.

The framework organizes cybersecurity work into high-level categories ranging from the design, operation and maintenance of systems to incident response, information gathering and analysis. The structure is based on job analyses and groups together work and workers that share common major functions, regardless of job title.

Explore further: Putin signs law seen as crimping social media

More information: To read the document and provide comments, go to csrc.nist.gov/nice/framework/. The webpage also provides a template for comments, which are due Dec. 16, 2011.

add to favorites email to friend print save as pdf

Related Stories

Germany opens cybersecurity centre

Jun 16, 2011

Germany's interior minister opened Thursday a new cybersecurity centre to protect the country's infrastructure from what he said was a growing menace posed by hackers.

White House cybersecurity plan falls short, IU expert says

May 16, 2011

The Obama Administration outlined what it called sweeping cybersecurity legislation Thursday (May 12), but the proposed new law still provides few incentives, and even fewer legal requirements, for the private sector to provide ...

US moves to enhance cybersecurity cooperation

Oct 13, 2010

The Pentagon and Department of Homeland Security unveiled an agreement on Wednesday designed to boost cooperation in defending military and private computer networks from growing cyber threats.

Recommended for you

Social Security spent $300M on 'IT boondoggle'

3 hours ago

(AP)—Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims.

Six charged in global e-ticket hacking scheme

4 hours ago

Criminal charges were filed Wednesday against six people in what authorities said was a global cyber-crime ring that created fraudulent e-tickets for major concerts and sporting events.

User comments : 0