The National Institute of Standards and Technology (NIST) recently released a resource to help U.S. employers more effectively identify, recruit, develop, and maintain cybersecurity talent. The NICE Cybersecurity Workforce Framework (NCWF) provides a common language to categorize and describe cybersecurity work to help organizations build a strong cybersecurity staff.
“When identifying their cybersecurity staff, many organizations overlook cybersecurity tasks being performed by lawyers, auditors, and procurement officers,” said Bill Newhouse, NICE deputy director and lead author of the document. “The NCWF can help an organization identify cybersecurity tasks within a work role that are vital to its mission and then examine if its current staff can perform those tasks and, if not, hire staff who can.”
The NCWF can be viewed as a cybersecurity workforce dictionary that will help organizations define and share information in a detailed, consistent, and descriptive way. The NCWF will serve as a building block for the development of training standards–by helping educate, recruit, train, and retain a qualified cybersecurity workforce.
According to the framework, the NCWF helps organizations to organize roles and responsibilities through the following components:
- Categories–A high-level grouping of common cybersecurity functions.
- Specialty Areas–Distinct areas of cybersecurity work.
- Work Roles–The most detailed groupings of IT, cybersecurity, or cyber-related work, which include specific knowledge, skills, and abilities required to perform a set of tasks.
- Tasks–Specific work activities that could be assigned to a professional working in one of the NCWF’s Work Roles.
- Knowledge, Skills, and Abilities (KSAs)–Attributes required to perform tasks, generally demonstrated through relevant experience or performance-based education and training.
“Cybersecurity tactics are ever-changing, always identifying new ways to gain information advantage through technology,” said the authors of the framework. “As we evolve, the ways we perform cybersecurity functions continue to evolve, as must the components of the NCWF.”
The framework is open for revision/public comment until Jan. 6, 2017.