Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor ork Ray Trygst gstad ad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education
The Framework: What Is It? • NICE Cybersecurity Workforce Framework (NCWF) – NIST Special Publication 800-181 (draft) • A national resource that categorizes and describes cybersecurity work • Began as Federal effort and expanded beyond in 2010
The Framework: What Is It? • The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides – A common definition of cybersecurity – A comprehensive list of cybersecurity tasks – The knowledge, skills, and abilities required to perform those tasks
The Framework: What Is It? • By using the Framework: – Educat ators ors can create programs aligned to jobs – Stud uden ents will graduate with knowledge and skills employers need – Employ oyers can recruit from a larger pool of more qualified candidates – Employ oyees es will have portable skills and better defined career paths and opportunities – Pol olicy m mak akers can set standards to promote workforce professionalization
The Framework: Structure • Seven Categories – High-level grouping of common cybersecurity functions • Thirty-Three Specialty Areas – Distinct areas of cybersecurity work • Fifty-Two Work Roles – Most detailed groupings comprised of specific knowledge, skills, and abilities required to perform specific tasks in a work role
The Framework: Categories Operate and Maintain Protect Securely and Provision Defend Oversee and Govern Analyze Investigate Collect and Operate
The Framework: Categories • Securely Provision (SP) – Conceptualize, design and build secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development • Operate and Maintain (OM) – Provide support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security
The Framework: Categories • Oversee and Govern (OV) – Provide leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work • Protect and Defend (PR) – Identify, analyze, and mitigate threats to internal information technology (IT) systems and/or networks
The Framework: Categories • Analyze (AN) – Perform highly specialized review and evaluation of incoming cybersecurity information to determine usefulness for intelligence • Collect and Operate (CO) – Provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence
The Framework: Categories • Investigate (IN) – Investigate cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
Area/Work Role Relationships
Tied to and works with…
The Framework: Work Roles • Comprised of tasks with associated knowledge, skills, and abilities – Tasks drawn from list of 928 tasks – Knowledge drawn from list of 614 items – Skills drawn from 359 items – Specific abilities drawn from list of 119 items • Several work roles may be included in a single position
The Framework: Tasks
The Framework: Knowledge
The Framework: Skills
The Framework: Abilities
The Framework: Work Roles
Breaking Out the Work Roles • Not currently in usable state • Probably need additional information – OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas) – Job titles associate with this work role • Expand codes into actual paragraphs – “Expanded work roles” we have titled Work Role Details
Uses of Expanded Work Roles • Consistent position/job descriptions – Support HR for staffing the cybersecurity function in the organization – Mapping against NIST Cybersecurity Framework implementation will allow determination of proper staffing levels – Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities
Uses of Expanded Work Roles • Curricular design to allow educational preparation for specific work roles – Cross map to Knowledge Units in NSA/ DHS Centers of Academic Excellence – Cross map to ACM/IEEE-CS model curricula in IT and Cybersecurity as well as ABET Accreditation Standards – Cross-check against course design & course objectives/outcomes
Uses of Expanded Work Roles • Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply
Flaws in the Draft • Good thing it’s a draft! • Wanted to create Work Role Details for disaster recovery/business continuity – No work roles defined in the Framework – Hundreds of job titles in this field • Lists of Tasks, Knowledge, Skills, & Abilities not in any order – Additions just get tacked on the end
Directions from here… • Review & Comment period for the Framework ended in January 2017 • First “official” version will be published this spring • Get it…use it…it’s free and it’s in the public domain so you can adapt it any way you want
Key Bibliography Items • National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11 • Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf • U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework • U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/Day1_1430- 1530hrs,DoDCyberspaceWorkforceFrameworkOverview.pdf
The End… • Questions? • Thank you! • Ray T y Trygst ygstad trygstad@iit.edu http://trygstad.rice.iit.edu/ 630-447-9009
Recommend
More recommend
