breaking aking o out t the c cybersecu ersecurity ity
play

Breaking aking O Out t the C Cybersecu ersecurity ity Workf - PowerPoint PPT Presentation

Aug 22, 2022 •349 likes •645 views

Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor ork Ray Trygst gstad ad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security &

  1. Breaking aking O Out t the C Cybersecu ersecurity ity Workf kforce F orce Frame mewor ork Ray Trygst gstad ad Industry Professor of Information Technology & Management; Associate Director, IIT Center for Cyber Security & Forensics Education

  2. The Framework: What Is It? • NICE Cybersecurity Workforce Framework (NCWF) – NIST Special Publication 800-181 (draft) • A national resource that categorizes and describes cybersecurity work • Began as Federal effort and expanded beyond in 2010

  3. The Framework: What Is It? • The foundation for increasing the size and capability of the U.S. cybersecurity workforce; it provides – A common definition of cybersecurity – A comprehensive list of cybersecurity tasks – The knowledge, skills, and abilities required to perform those tasks

  4. The Framework: What Is It? • By using the Framework: – Educat ators ors can create programs aligned to jobs – Stud uden ents will graduate with knowledge and skills employers need – Employ oyers can recruit from a larger pool of more qualified candidates – Employ oyees es will have portable skills and better defined career paths and opportunities – Pol olicy m mak akers can set standards to promote workforce professionalization

  5. The Framework: Structure • Seven Categories – High-level grouping of common cybersecurity functions • Thirty-Three Specialty Areas – Distinct areas of cybersecurity work • Fifty-Two Work Roles – Most detailed groupings comprised of specific knowledge, skills, and abilities required to perform specific tasks in a work role

  6. The Framework: Categories Operate and Maintain Protect Securely and Provision Defend Oversee and Govern Analyze Investigate Collect and Operate

  7. The Framework: Categories • Securely Provision (SP) – Conceptualize, design and build secure information technology (IT) systems, with responsibility for aspects of systems and/or networks development • Operate and Maintain (OM) – Provide support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security

  8. The Framework: Categories • Oversee and Govern (OV) – Provide leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work • Protect and Defend (PR) – Identify, analyze, and mitigate threats to internal information technology (IT) systems and/or networks

  9. The Framework: Categories • Analyze (AN) – Perform highly specialized review and evaluation of incoming cybersecurity information to determine usefulness for intelligence • Collect and Operate (CO) – Provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence

  10. The Framework: Categories • Investigate (IN) – Investigate cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence

  11. Area/Work Role Relationships

  12. Tied to and works with…

  13. The Framework: Work Roles • Comprised of tasks with associated knowledge, skills, and abilities – Tasks drawn from list of 928 tasks – Knowledge drawn from list of 614 items – Skills drawn from 359 items – Specific abilities drawn from list of 119 items • Several work roles may be included in a single position

  14. The Framework: Tasks

  15. The Framework: Knowledge

  16. The Framework: Skills

  17. The Framework: Abilities

  18. The Framework: Work Roles

  19. Breaking Out the Work Roles • Not currently in usable state • Probably need additional information – OPM Cybersecurity Category/Specialty Area Code (drawn from Specialty Areas) – Job titles associate with this work role • Expand codes into actual paragraphs – “Expanded work roles” we have titled Work Role Details

  23. Uses of Expanded Work Roles • Consistent position/job descriptions – Support HR for staffing the cybersecurity function in the organization – Mapping against NIST Cybersecurity Framework implementation will allow determination of proper staffing levels – Work Roles are not just security roles; many are for straight IT staff with addition of clearly defined security roles & responsibilities

  24. Uses of Expanded Work Roles • Curricular design to allow educational preparation for specific work roles – Cross map to Knowledge Units in NSA/ DHS Centers of Academic Excellence – Cross map to ACM/IEEE-CS model curricula in IT and Cybersecurity as well as ABET Accreditation Standards – Cross-check against course design & course objectives/outcomes

  25. Uses of Expanded Work Roles • Technology providers can identify cybersecurity Work Roles and specific Tasks and KSAs associated with services and hardware/software products they supply

  26. Flaws in the Draft • Good thing it’s a draft! • Wanted to create Work Role Details for disaster recovery/business continuity – No work roles defined in the Framework – Hundreds of job titles in this field • Lists of Tasks, Knowledge, Skills, & Abilities not in any order – Additions just get tacked on the end

  27. Directions from here… • Review & Comment period for the Framework ended in January 2017 • First “official” version will be published this spring • Get it…use it…it’s free and it’s in the public domain so you can adapt it any way you want

  28. Key Bibliography Items • National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 January 10, 2017 https://www.nist.gov/cyberframework/draft-version-11 • Newhouse, Bill; Keith, Stephanie; Scribner, Benjamin; & Witte, Greg Draft NIST Special Publication 800-181 NICE Cybersecurity Workforce Framework (NCWF) National Institute of Standards and Technology November 2016 http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf • U.S. Department of Homeland Security The National Cybersecurity Workforce Framework https://www.dhs.gov/national-cybersecurity-workforce-framework • U.S. Department of Defense DoD Cyberspace Workforce Framework (DCWF) Overview February 2016 http://dcips.dtic.mil/documents/Day1_1430- 1530hrs,DoDCyberspaceWorkforceFrameworkOverview.pdf

  29. The End… • Questions? • Thank you! • Ray T y Trygst ygstad trygstad@iit.edu http://trygstad.rice.iit.edu/ 630-447-9009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pract ctical Cybersecu curity Ri Risk a and C Control Ma Maturi urity A y Asse ssessme

Pract ctical Cybersecu curity Ri Risk a and C Control Ma Maturi urity A y Asse ssessme

Pract ctical Cybersecu curity Ri Risk a and C Control Ma Maturi urity A y Asse ssessme ssments Brian Fricke, CISSP, CISM Chief Information Security Officer None of the data presented in this presentation represents the actual security

140 views • 13 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
Anchorage Demographics, Housing Market & New Construction Presented by Susan Fison

Anchorage Demographics, Housing Market & New Construction Presented by Susan Fison

Anchorage Demographics, Housing Market & New Construction Presented by Susan Fison Anchorage HAND Commission May 7, 2014 B RE AKING GRIDLOC K . B RE AKING GROU N D. B RE AKING GRIDLOC K . B RE AKING GROU N D. Housing

598 views • 38 slides
T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST

T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST

T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST , P RESENT AND F UTURE OF THE P LATFORM ON D IET , P HYSICAL A CTIVITY AND THE EU A LCOHOL AND H

179 views • 4 slides
AKING L L ITER ACY E E FFO TS TO TO THE HE N N EX EXT L L EV EL : : ERAC FFORTS EVEL T HE HE L

AKING L L ITER ACY E E FFO TS TO TO THE HE N N EX EXT L L EV EL : : ERAC FFORTS EVEL T HE HE L

T AK AKING L L ITER ACY E E FFO TS TO TO THE HE N N EX EXT L L EV EL : : ERAC FFORTS EVEL T HE HE L EC ECTIO A A PPROAC ACH FO FOR E E NHAN ED I I MPAC ACT HANCED Kelly Kulsrud, EdM Nonie K. Lesaux, PhD lectioapproach.com Todays Na%onal

234 views • 11 slides
M AKING THE R ACE F AIR FOR Y OUNG C HILDREN AT R ISK : A T ARGETED P REVENTION A PPROACH TO

M AKING THE R ACE F AIR FOR Y OUNG C HILDREN AT R ISK : A T ARGETED P REVENTION A PPROACH TO

M AKING THE R ACE F AIR FOR Y OUNG C HILDREN AT R ISK : A T ARGETED P REVENTION A PPROACH TO R EDUCING C HILD E MOTIONAL AND B EHAVIOUR P ROBLEMS Terry Bennett, MD, FRCPC, PhD D EDICATION Growing Up in Canada is like race. I dont

169 views • 14 slides
Tak aking You our Ambulatory ry Sit ites to o Stage 7 A Complimentary Webinar From

Tak aking You our Ambulatory ry Sit ites to o Stage 7 A Complimentary Webinar From

Tak aking You our Ambulatory ry Sit ites to o Stage 7 A Complimentary Webinar From healthsystemCIO.com Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck: http://goo.gl/cCkSnf Webex Support 1-866-229-3239

481 views • 35 slides
Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD Breaking down iD 15% Rendering Painting 21% Javascript 64% HTML A sample of what iD is doing behind the scenes Breaking down JS 13% Draw Vector

426 views • 27 slides
M AKING C HANGE H APPEN : Finding the Right Change Model By Randall Benson, MBA

M AKING C HANGE H APPEN : Finding the Right Change Model By Randall Benson, MBA

M AKING C HANGE H APPEN : Finding the Right Change Model By Randall Benson, MBA randall@randallbenson.com 206-527-5343 Benson SHRM Presentation Sept15 - September 14, 2015 M AKING C HANGE H APPEN : Finding the Right Change Model By Randall

373 views • 14 slides
THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING p.1/31 OUTLINE Introduction Higgs sector Tree-level masses EWSB and fine-tuning Supersymmetric spectrum Dark

361 views • 34 slides
C OHERENCE M AKING AND D EEP L EARNING S TRATEGIES FOR SYSTEM CHANGE THAT BENEFIT ALL

C OHERENCE M AKING AND D EEP L EARNING S TRATEGIES FOR SYSTEM CHANGE THAT BENEFIT ALL

C OHERENCE M AKING AND D EEP L EARNING S TRATEGIES FOR SYSTEM CHANGE THAT BENEFIT ALL STUDENTS MICHAEL FULLAN SPRING 2017 1 DRIVERS RIGHT WRONG C APACITY B UILDING A CCOUNTABILITY C OLLABORATIVE W ORK I NDIVIDUAL T EACHER AND L

828 views • 25 slides
MEFEPO M aking the Project aim and objectives E uropean Aim is to support the transition towards

MEFEPO M aking the Project aim and objectives E uropean Aim is to support the transition towards

MEFEPO M aking the Project aim and objectives E uropean Aim is to support the transition towards an ecosystem approach to the management of European marine F isheries Gerjan Piet fisheries by developing operational strategies for the IMARES

273 views • 3 slides
M AKING THE G IG E CONOMY W ORK * * FOR E VERYONE Some Strategies to Reduce Precarity for

M AKING THE G IG E CONOMY W ORK * * FOR E VERYONE Some Strategies to Reduce Precarity for

M AKING THE G IG E CONOMY W ORK * * FOR E VERYONE Some Strategies to Reduce Precarity for Contingent Workers Ric Kolenda, Ph.D. DePaul University School of Public Service W HAT I S THE G IG E CONOMY ? Formerly known as: flexible

382 views • 21 slides
Finding Out How Well M AKING P ROGRAM A SSESSMENT W ORK FOR Y OU Students Are Learning The Ohio

Finding Out How Well M AKING P ROGRAM A SSESSMENT W ORK FOR Y OU Students Are Learning The Ohio

PowerPoint slides for a workshop session in Finding Out How Well M AKING P ROGRAM A SSESSMENT W ORK FOR Y OU Students Are Learning The Ohio State University What Were Teaching 2:00-3:30 PM, Friday 8 March 2013 Dr. Tom Angelo, Adjunct

704 views • 6 slides
Political Reform. The beginning, middle and end. 1 Sp e aking no t e s only . There are three

Political Reform. The beginning, middle and end. 1 Sp e aking no t e s only . There are three

Elaine Byrne 30 th Annual MacGill Summer School 2010 Glenties July 2010 Political Reform. The beginning, middle and end. 1 Sp e aking no t e s only . There are three parts to my presentation. The beginning, middle and end. (Analogy of swimming

372 views • 15 slides
Sh Shak aking g th the e Sn Snow Globe: e: How to to Shift a College to to Support Ma

Sh Shak aking g th the e Sn Snow Globe: e: How to to Shift a College to to Support Ma

Sh Shak aking g th the e Sn Snow Globe: e: How to to Shift a College to to Support Ma Market eting Megan Shearin At At a Glance: The Darden College of Education & Pro rofessional Studies 1 of 6 academic colleges

378 views • 20 slides
A Digital Geneva Convention: Why it is needed and how it can be created Alaa Ajweh Financial

A Digital Geneva Convention: Why it is needed and how it can be created Alaa Ajweh Financial

A Digital Geneva Convention: Why it is needed and how it can be created Alaa Ajweh Financial Sector Lead Microsoft QSTP LLC. Agenda The need for a Digital Geneva Convention 1 Where the discussions are today 2 3 The importance of

490 views • 29 slides
SPACE AND CYBER GOVERNANCE ERICA SYMONDS, UNIVERSITY OF MARYLAND SCHOOL OF PUBLIC POLICY CAPSTONE

SPACE AND CYBER GOVERNANCE ERICA SYMONDS, UNIVERSITY OF MARYLAND SCHOOL OF PUBLIC POLICY CAPSTONE

COMPARING AND CONTRASTING SPACE AND CYBER GOVERNANCE ERICA SYMONDS, UNIVERSITY OF MARYLAND SCHOOL OF PUBLIC POLICY CAPSTONE PROJECT CLIENT: SECURE WORLD FOUNDATION OCTOBER 22, 2019 OBJECTIVE Consider how characteristics of space and cyber

200 views • 8 slides
Maritime Cyber Security Its definitely a VUCA* environment * Army War College

Maritime Cyber Security Its definitely a VUCA* environment * Army War College

Maritime Cyber Security Its definitely a VUCA* environment * Army War College 1990s Maritime Cyber Security Its definitely a VUCA environment Volatile Maritime Cyber Security Its definitely a VUCA environment

323 views • 13 slides
Digital Ecosystem 21 November 2019 The Global Trend The Technologies Today The Emerging

Digital Ecosystem 21 November 2019 The Global Trend The Technologies Today The Emerging

2019 MCMC Research Symposium Cyber Security vs. Cyber Resilience ~Knowing the difference and relevance in strengthening the Digital Ecosystem 21 November 2019 The Global Trend The Technologies Today The Emerging Technologies The Near

303 views • 12 slides
Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security Research Scientist Oak Ridge National Laboratory Main Points Information Sharing Enable discovering and sharing information about real threats to

216 views • 6 slides
Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent

FOR OFFICIAL USE ONLY Executive Order 13636: Improving Critical Infrastructure Cybersecurity Cyber-Dependent Infrastructure Identification Working Group (CDIIWG) March 11, 2013 FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Agenda 12:30

217 views • 20 slides
The Australian Defence Forces Evolving Approach to Information Operations: The View from 2020

The Australian Defence Forces Evolving Approach to Information Operations: The View from 2020

The Australian Defence Forces Evolving Approach to Information Operations: The View from 2020 Presentation to EW Asia 2020 Conference Mr Jeff Malone Vice President Australian Chapter Association of Old Crows Caveat This presentation

785 views • 26 slides
The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found

The cybersecurity dimension of critical [energy] infrastructure it appears that someone found remote access and started tripping breakers. - Scadasec commentator 2015-12-26 Vytautas Butrimas Views expressed in this presentation

376 views • 15 slides

More recommend