NIST released draft NICE Cybersecurity Workforce Framework (NCWF) to more effectively identify, recruit, develop and maintain nation’s cybersecurity talent. The framework provides a common language to categorize and describe cybersecurity work that will help organizations build a strong labor staff to protect systems and data.
As the threats to cybersecurity and the protections implemented grow and evolve, a cybersecurity workforce must be prepared to adapt, design, develop, implement, maintain, measure, and understand all aspects of cyber security. A cybersecurity workforce includes not only technically focused staff but those who apply knowledge of cyber security and its inherent challenges when preparing their organization to successfully implement its mission. A knowledgeable and skilled cybersecurity workforce can implement and maintain protections and take actions to meet nation’s needs.
It will allow employers, educators, trainers, and those in the workforce to use consistent terms to describe cybersecurity work. It will help organizations define and share information about the cybersecurity workforce in a detailed, consistent and descriptive way. It will serve as a building block for the development of training standards, as well as for individual career planning. Federal agencies will soon be using this to identify their cybersecurity workforce as called for by the Federal Cybersecurity Workforce Assessment in the Cybersecurity Act of 2015.
This publication serves as a fundamental reference to support a workforce capable of meeting an organization’s cybersecurity needs. It describes how the NCWF provides organizations with a common, consistent lexicon to categorize and describe cybersecurity work. The document defines the NCWF components:-
- Categories – A high-level grouping of common cyber security functions;
- Specialty Areas – Distinct areas of cyber security work;
- Work Roles – The most detailed groupings of IT, cyber security, or cyber-related work, which include specific knowledge, skills, and abilities required to perform a set of tasks;
- Tasks – Specific work activities that could be assigned to a professional working in one of the NCWF’s Work Roles; and
- Knowledge, Skills, and Abilities (KSAs) – Attributes required to perform Tasks, generally demonstrated through relevant experience or performance-based education and training.
Based upon these components, the common lexicon provided by the NCWF enables consistent organization and communication about cybersecurity work.
Link to Draft SP 800-181 NICE Cybersecurity Workforce Framework (NCWF) by NIST
Authored By - Hussainali Ladha
TCS Enterprise Security And Risk Management