Download to read offline
Uploaded byMark Stockman
Cybersecurity Discipline
This document discusses cybersecurity as a discipline and proposes frameworks for defining the cybersecurity workforce. It summarizes a report that defines cybersecurity as an interdisciplinary field involving technology, people, processes, and risk management. It also outlines frameworks developed by the National Initiative for Cybersecurity Education (NICE) and ACM/IEEE that define the cybersecurity workforce using categories, specialty areas, and typical tasks and skills. The NICE framework establishes seven categories and thirty-one specialty areas to describe all cybersecurity work.
More Related Content
Similar to Cybersecurity Discipline
Cybersecurity Discipline
- 1.
- 2.
- 5. DIATOMIC Cybersecurity Behavioral CyberthreatAssessment Identify risk at multiple levels (1) Organization (2) Department (3) Individual DIATOMIC database + Surveys + Interviews Behavioral Cyberthreat Mitigation Empirically-driven, customized solutions Address causes
- 6. • University ofCincinnati • ACM • ABET/CSAB
- 7. JTFCC (2005) “TheOverview Report”, Joint Task Force for Computing Curricula, ACM
- 8. JTFCC (2005) “TheOverview Report”, Joint Task Force for Computing Curricula, ACM
- 9. IS - Whydo we need it? CS/CE - How do we make it? IT - How do we make it work?
- 10.
- 12. CYBER? JTFCC (2005) “TheOverview Report”, Joint Task Force for Computing Curricula, ACM
- 13. DHS/NSA Centers ofAcademic Excellence (CAE) • Cyber Defense - designated based on their robust degree programs and close alignment to specific cybersecurity-related knowledge units (KUs) • Cyber Operations - a deeply technical, inter- disciplinary, higher education program firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines
- 15. ACM/IEEE Joint TaskForce on Cybersecurity Education - 2015 “computing-based discipline involving technology, people, information, and processes to enable assured operations. It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management often in the context of adversaries.”
- 16. ACM/IEEE Draft KnowledgeAreas 1. Cyber Defense 2. Cyber Operations 3. Digital Forensics 4. Cyber Physical Systems 5. Secure Software Engineering 6. Cyber Ethics 7. Cyber Policy, Governance, and Law 8. Cyber Risk Management 9. Behavioral Science cybereducationproject.org
- 17. “The National CybersecurityWorkforce Framework”, National Initiative for Cybersecurity Education (NICE), NIST
- 18. Home UsingThis Document Sample JobTitles Securely Provision Operateand Maintain Protect and DefendInvestigate Collect and Operate Analyze Oversight and Development D e f in in g t h e Cy b e r s e c u r it y w o r k f o r c e Def ning the cybersecurity population using common, standar dized labels and def nitions is an essential step in ensuring that our country is able to educate, recruit, train, develop, and retain a highly-qualif ed workforce. The NICE, in collaboration with federal gover nment agencies, public and private experts and organizations, and industry partners, has published version 1.0 of the National Cybersecurity Workforce Framework (“the Framework”) to provide a common understanding of and lexicon for cybersecurity work. The National Cybersecurity Workforce Framework establishes the common taxonomy and lexicon that is to be used to describe all cybersecurity work and workers irrespective of where or for whom the work is performed. The Framework is intended to be applied in the public, private, and academic sectors. Use of the Framework does not require that organizations change organizational or occupational structures. In fact, the Framework was developed because requiring such changes would be costly, impractical, ineffective, and ineff cient. The Framework is agnostic to the particulars of a given or ganization and is overarching by design so that it can be overlaid onto any existing occupational structure to facilitate achieving an agile, highly-quali f ed cybersecurity workforce. The Framework consists of thirty-one specialty ar eas organized into seven categories. These categories, serving as an overar ching structure for the Framework, group related specialty areas together. In essence, specialty areas in a given category are typically more similar to one another than to specialty areas in other categories. Within each specialty area, typical tasks and knowledges, skills, and abilities (KSAs) are provided. This interactive document provides the Framework in its entirety. The seven categories and a description of the types of specialty ar eas included in each are below SECURELY PROVISION - Specialty areas responsible for conceptualizing, designing, and building secure information technology (IT) systems (i.e., responsible for some aspect of systems development). OPERATE AND MAINTAIN - Specialty areas responsible for providing support, administration, and maintenance necessary to ensure effective and eff cient information technology (IT) system performance and security. PROTECT AND DEFEND - Specialty areas responsible for identif cation, analysis, and mitigation of threats to internal information technology (IT) systems or networks. INVESTIGATE - Specialty areas responsible for investigation of cyber events and/or crimes of information technology (IT) systems, networks, and digital evidence. COLLECT AND OPERATE - Specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. ANALYZE - Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. OVERSIGHT AND DEVELOPMENT - Specialty areas providing leadership, management, direction, and/or development and advocacy so that individuals and organizations may effectively conduct cybersecurity work. INTRODUCTION DEFININGTHECYBERSECURITYWORKFORCE THECALLTOACTION NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE)
- 20. Thanks! • mark.stockman@uc.edu • @PutrNrd •linkedin.com/in/putrnrd • pinterest.com/putrnrd
Editor's Notes
- #2 Armco Steel UC hire
- #3 30 Years ago A few years later, coop student at DoD
- #5 Before get into workforce, a pitch about my research Embedded with criminologists Hundreds of years of vetted theories for crime and prevention Evidence-based rather than just heuristics
- #7 Associate Professor, School of IT – teach system admin, cloud/IaaS, Cyber UC – NSA Center for Academic Excellence in both Operations and Defense Hired – applied computing – CST/IET -> IT Research – Immersion w/ Criminologists
- #8 Progression of IT discipline, CS ignored need of applied computing ACM Curriculum Guidelines Accreditation
- #10 Cyber? Hiring folks for these jobs.
- #12 My notion of needing ninjas CS ignoring security (Cloudpassage – none of top 10 require, 3 have no classes, 2 of top 50 require – mich/BYU) Strategic v. Tactical New industry/jobs
- #13 Everywhere Industry specific and growing ubiquity Includes non-computing to tackle people and process (law, CJ, POLS, Business, Psychology) – interdisciplinary actually a good thing Runs contrary to goals of other computing/business (increase revenue, decrease costs)
- #14 Government run standards
- #15 Cyber education project, Curriculum Guidelines/Accreditation
- #17 Computing Curriculum guidelines – 2017 – input at CISSE Accreditation following these, would need some coverage of each Read some Cybereducationproject.org
- #19 Good working document – find job titles and duties