Saturday, February 3, 2018

NIST Publication on Cybersecurity excerpt

Below is an excerpt from a recent government publication. I have read the entire document. I think that even novice cybersecurity participants would be able to read and understand the information presented. I will include it in our CyberPatriot reading list. Here is the link: NIST document on cybersecurity

Draft NIST Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1  December 5, 2017

4.3. Cybersecurity Workforce
A skilled cybersecurity workforce is needed to meet the unique cybersecurity needs of
critical infrastructure. There is a well-documented shortage of cybersecurity
practitioners;15; there is an even more serious shortage of qualified cybersecurity
practitioners who also have an understanding of the unique challenges facing critical
infrastructure owners and operators. As threats, vulnerabilities, and technology
environments evolve, the cybersecurity workforce must continue to adapt to design,
develop, implement, maintain and continuously improve the necessary cybersecurity
practices within critical infrastructure environments.

Various efforts, including the National Initiative for Cybersecurity Education (NICE), are
fostering the education and training of a cybersecurity workforce for the future and
establishing an operational, sustainable and continually improving cybersecurity education
approach to provide a pipeline of skilled workers for the private sector and government.
Organizations must understand their current and future cybersecurity workforce needs
and develop hiring, acquisition, and training resources to raise the level of technical
competence of those who build, operate, and defend data, systems, and networks
delivering critical infrastructure services.

Building on several years’ work with the Department of Defense (DoD) and the Department
of Homeland Security (DHS), and via extensive public-private partnerships, NIST has
published the NICE Cybersecurity Workforce Framework (NICE Framework).16 The NICE
Framework provides a fundamental reference resource for describing and sharing
information about cybersecurity work roles, the discrete tasks performed by staff within
those roles, and the knowledge, skills, and abilities (KSAs) needed to complete the tasks
15 [LINK] http://cyberseek.org/ - Interactive jobs heat map and career pathways portal
16 [LINK] https://doi.org/10.6028/NIST.SP.800-181
7 DRAFT
successfully. The NICE Framework provides a common lexicon to categorize and describe
cybersecurity work, improving communication about how to identify, recruit, develop, and
retain cybersecurity staff.

Many of the outcomes described in the Cybersecurity Framework Core are directly related
to the roles, activities, and responsibilities of organizational personnel. The NICE
Framework provides a complementary approach, describing the work roles that support
accomplishment of the Cybersecurity Framework outcomes. In using the Cybersecurity
Framework’s steps to develop a measurable action plan, organizations can identify the
specific tasks and KSAs needed by those who will fulfill the functions, categories, and
subcategories described in the Cybersecurity Framework Core. Appendix D.1 of the NICE
Framework includes examples of this integration.

Through NICE, NIST promotes cybersecurity workforce development activities via a public
working group structure.17 These activities may include further definition of how NICE
Framework work roles, tasks, and KSAs help to fulfill Cybersecurity Framework objectives.
Additional future activities are expected to include:
Continue to extend and integrate NICE activities across critical infrastructure
sectors to raise awareness of workforce development tools;
Emphasize coordination of K-12, higher education, and local employers in regions
across the nation;
Identify and support applied research opportunities in areas including
cybersecurity education, training, and workforce; and
Convene conferences, workshops, webinars, and other events that support the
development of cybersecurity education, training, and workforce resources; and

Evolve NICE publications and resources as informed by the above activities.

No comments:

Post a Comment