Tuesday, January 3, 2012

NICE Cyber

The National Initiative for Cyber Education (NICE) is hard at work.  From their website, we learn that: "Today, there is little consistency in how cybersecurity work is defined and described throughout the nation. The lack of a common language to discuss and understand the work requirements of cybersecurity professionals hinders our nation's ability to:
-Baseline capabilities,
-Identify skill gaps,
-Develop cybersecurity talent in the workforce, and
-Prepare the pipeline of future talent."

Thus, a workforce framework has been developed by NICE, a unit of the National Institute of Standards and Technology (NIST).

The seven NICE categories are:

1. Securely provision - conceptualizing, designing and building secure IT systems;
  • Information assurance compliance
  • Software engineering
  • Enterprise architecture
  • Technology Demonstration
  • Systems requirements planning
  • Test and evaluation
  • Systems development.

2. Operate and maintain - the support, administration and maintenance necessary to ensure effective and efficient IT system performance and security;
  • Data administration
  • Information system security management
  • Knowledge management
  • Customer service and technical support
  • Network services
  • System administration
  • Systems security analysis.

3. Protect and defend - the identification, analysis, and mitigation of threats to IT systems and networks;
  • Computer network defense
  • Incident response
  • Computer network defense infrastructure support
  • Security program management
  • Vulnerability assessment and management.
4. Investigate - investigation of cyber events or crimes, which occur within IT systems or networks, as well as the processing and use of digital evidence;
  • Investigation
  • Digital forensics.

5. Operate and collect - the highly specialized collection of cybersecurity information that may be used to develop intelligence;
  • Collection operations
  • Cyber operations planning
  • Cyber operations.
6. Analyze - review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence;
  • Cyber threat analysis
  • Exploitation analysis
  • All source intelligence
  • Targets.
7. Support - specialty areas that provide critical support so that others may effectively conduct their cybersecurity work;
  • Legal advice and advocacy
  • Strategic planning and policy development
  • Education and training.