Cyber Security Skill Standards Template B

Non Gamstop Casinos Non Gamstop Casinos Non Gamstop Casinos Casinos Not On Gamstop Casinos Not On Gamstop

Template B
Career Cluster: CYBERSECURITY

Critical Work Function: A. Provide Data/Information Assurance

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
A1 Gather and document data/information assurance requirements	Relevant information and requirements are completely accurate and thoroughly documented Sources of information are trustworthy and current Requirements are attainable within applicable time, technology, and cost constraints Data/information requirements are reviewed and approved by relevant stakeholders Requirements meet applicable internal and external standards and practices Requirements are periodically reviewed against performance standards and emerging security specifications	Knowledge of internal and external data/information assurance standards, recommendations, and practices Knowledge of trustworthy sources and relevant standards Knowledge of relevant and applicable technologies and business practices Ability to collect, analyze, interpret, and present security specifications in the data assurance environment	Ability to identify key sources of information Ability to analyze information for accuracy and consistency Ability to ask relevant questions Ability to accurately summarize and document information
A2 Develop data/information assurance plans and implementation strategies	Plans address critical confidentiality, integrity, and availability requirements Plans provide realistic methods to meet security specifications and data requirements Plans identify and prescribe appropriate training and implementation processes and methods Plans and strategies are consistent with relevant policies, practices, and standards Implementation strategies support customer requirements and business objectives Plans and strategies support current technologies and accommodate future technological development Plans and strategies are developed in the context of ethical and societal norms and expectations	Knowledge of relevant policies, practices, and standards Ability to determine customer requirements in the context of business goals and risk analysis Knowledge of current and emerging security tools, technologies, and practices Knowledge of security-related ethical and societal norms and expectations Ability to interpret and present security data assurance plans and strategies in the data assurance environment	Ability to synthesize and organize information Ability to manage resources and timelines to maximize effectiveness Ability to assume responsibility for accomplishing team goals Ability to create detailed supporting documents
A3 Review and test plans and strategies for compliance with applicable regulations and standards	Plans and strategies meet specifications of applicable regulations and standards Compliance is reviewed in the context of risk analysis, cost benefit analysis, and implementation feasibility Appropriate recommendations follow review and testing processes Regulations and standards are regularly monitored for updates and revisions	Knowledge of applicable business policies and analysis tools Knowledge of applicable security regulations and standards Ability to perform compliance reviews and analysis Ability to formulate and present security/data assurance plans, strategies, and recommendations	Ability to generate/evaluate solutions Ability to compare multiple viewpoints and relate intent to desired results Ability to identify key sources of information Ability to pose critical questions
A4 Implement data/information assurance plans and strategies	Data/information assurance plans and strategies are implemented according to requirements, specifications, timelines, and relevant decision points Implementation schedule and expectations are communicated to relevant stakeholders Implementation includes appropriate transition and contingency plans Plans and strategies are implemented with minimal disruptions Implementation includes applicable orientation and training	Knowledge of implementation planning processes, procedures, and requirements Knowledge of security tools and technologies Knowledge of training processes and procedures Ability to develop and implement transition and contingency plans	Ability to synthesize information Ability to create detailed supporting documentation Ability to organize and present information to users and analyze group/individual response Ability to create and develop new rules/principles
A5 Monitor performance to ensure integrity and confidentiality	Security data is collected, and documented and analyzed Security breaches are detected and reported according to applicable practices and procedures Security issues are quickly identified, escalated appropriately, and resolved Monitoring process includes routine and nonroutine self-tests and audits	Knowledge of data collection and analysis practices and techniques Knowledge of detection tools and reporting practices Knowledge of security testing and security auditing methods Ability to gather, summarize, and present performance data	Ability to establish rapport with co-workers and customers and modify actions to environment Ability to analyze organization of information Ability to compare and interpret multiple viewpoints Ability to pose critical questions Ability to read and follow written instructions Ability to recognize ethical issues Ability to maintain confidentiality
A6 Maintain and update data/information assurance plans and strategies as appropriate	Plans and strategies are regularly reviewed for update and revision Plans and strategies are evaluated against current and emerging security criteria, regulations, and standards Revised plans and strategies are appropriately communicated and effectively integrated Security policies and requirements are regularly reviewed in the maintenance and upgrade process	Knowledge of applicable security/data assurance regulations, standards, and practices Ability to analyze and recommend changes in security policies and practices Ability to organize and present technical data	Ability to create detailed supporting documents Ability to create data gathering process Ability to create plan to monitor and correct system Ability to analyze client/user needs and evaluate effectiveness of solutions Ability to devise/implement plan of action

Critical Work Function: B. Ensure Infrastructure and Network Security

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
B1. Gather data and analyze security requirements	Security data requirements include devices, topology, and intrusion detection Sources and methods for gathering requirements are trustworthy and current Data is gathered continuously in a cost-effective manner Security requirements reflect current and emerging data/information assurance standards, regulations, and practices Requirements are analyzed relative to applicable time, technology, and cost constraints	Knowledge of network architecture and applicable security products and practices Knowledge of security devices, topology, and intrusion detection Knowledge of information gathering methods, procedures, and practices Ability to analyze and apply security standards, regulations, and practices	Ability to identify key sources of information Ability to ask relevant questions Ability to accurately summarize and document information Ability to recommend an ethical course of action Ability to pose critical questions
B2. Identify, analyze, and evaluate infrastructure and network vulnerabilities	Infrastructure and network devices and software are benchmarked against known limitations and vulnerabilities Corrective plan is developed and implemented based on the benchmarking data Appropriate policies and procedures are developed for access control and authentication Physical security issues are identified and resolved Routine updates and upgrades are implemented per established procedures Relevant infrastructure, topology, and hardware information is appropriately logged and maintained	Knowledge of network architecture, topology, devices, and software Knowledge of access control and authentication methods and protocols Ability to gather and evaluate technical data and maintain appropriate records Knowledge of applicable physical security requirements and practices	Ability to analyze information for accuracy and consistency Ability to evaluate system configuration Ability to use prior training/experience to predict outcomes Ability to analyze, interpret and summarize information Ability to present complex ideas and information
B3. Develop critical situation contingency plans and disaster recovery plan	Plans appropriately prioritize criticality, time, cost and human resource requirements Plans reflect realistic scenarios for recovery and restoration Plans are effectively disseminated and continuously improved	Knowledge of contingency and disaster recovery planning processes and practices Knowledge of network architecture and topology Ability to understand the IT mission and isolate critical performance elements	Ability to predict outcomes/results based on prior knowledge Ability to create detailed supporting documentation and write technical documents for a variety of audiences Ability to analyze system configuration/stability Ability to analyze, interpret and summarize information
B4. Implement/ test contingency and backup plans and coordinate with stakeholders	Contingency and backup plans are validated through successful operational testing Contingency plans and procedures are routinely practiced, reviewed, and refined Contingency and backup plans are implemented with appropriate participation of, and minimal disruption to, users Testing results in greater organizational awareness, readiness, and responsiveness Contingency and backup plans are effectively communicated to internal and external stakeholders	Knowledge of contingency and backup plan development, testing, and implementation Knowledge of networking and general systems security Ability to analyze technical problems and develop appropriate solutions Knowledge of local and wide area networking environments Ability to develop and implement backup communication and coordination plans	Ability to systematically organize information Ability to evaluate critically of problems, identify possible causes and propose solutions Ability to communicate effectively with clients/users Ability to document findings in detailed supporting documents
B5. Monitor, report, and resolve security problems	Security problems are detected quickly and reported accurately Monitoring includes all relevant devices, software, and points of access Security problems are resolved effectively and measures are taken to preclude recurrence Problem resolutions provide for improved detection and deterrence	Knowledge of security detection and deterrence methods and strategies Knowledge of security monitoring practices and procedures Knowledge of problem escalation and resolution methods	Ability to integrate multiple items of data and synthesize information Ability to interpret information, prepare basic summaries/reports and select method of communication Ability to present results clearly and concisely Ability to probe for underlying issues and pose critical questions Ability to determine system components to be modified or improved

Critical Work Function: C. Develop, Manage, and Enforce Security Policies

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
C1. Perform research and analyze requirements	Sources and methods for gathering requirements are trustworthy and current Security requirements are consistent with all applicable standards, laws, and regulations Requirements are analyzed relative to applicable time, technology, and cost constraints Requirements include feasibility analysis and recommendations for implementation and enforcement Requirements are regularly researched, reviewed, updated, and approved by relevant stakeholders	Knowledge of applicable standards, laws, and regulations Knowledge of information gathering methods, procedures, and practices Ability to collect, analyze, interpret, and present security requirements in the data assurance environment Knowledge of applicable conditions and limitations relative to security policy development	Ability to identify key sources of information Ability to analyze information for accuracy and consistency Ability to work cooperatively with others and contribute ideas, suggestions and assistance Ability to pose critical questions Ability to accurately summarize and document information
C2. Develop, assess, and document security policies, practices, and procedures	Policies are developed and documented according to applicable practices and procedures Policies are assessed for feasibility of application and enforcement Policies reflect system and infrastructure capabilities Assessment includes accommodation for emerging trends and technologies	Knowledge of policy development practices and methodology Knowledge of system and infrastructure architecture and capabilities Knowledge of emerging tools and technologies in security and data assurance	Ability to create detailed supporting documents Ability to use prior training/experience to predict outcomes Ability to interpret data/information Ability to present complex information/ideas and analyze group/individual response
C3. Disseminate policies and implementation practices and procedures	Security policies and practices are clear, pertinent, and effectively communicated to all staff and stakeholders Policy implementation includes opportunities for review, feedback, and revision Policy enforcement is visible, fair, and consistent with applicable laws, practices, and institutional guidelines	Knowledge of project planning and implementation Knowledge of cybersecurity policy enforcement methods and practices Ability to effectively communicate data assurance and information security concepts, procedures, and regulations to a variety of audiences Knowledge of documentation dissemination, revision, and control techniques	Ability to present security tradeoffs and risks and pose critical questions Ability to willingly help others and establish rapport with coworkers and customers Ability to identify and project resource needs Ability to create detailed supporting documents
C4. Implement, enforce, and monitor security policies, practices, and procedures
Security policies and procedures provide for performance audits and effectiveness reviews Stakeholders agree to follow security implementation guidelines and procedures Enforcement is visible, fair, and consistently follows applicable laws, practices, and regulations Security policies, practices, and procedures are routinely followed and upheld Data is continuously gathered on the performance and effectiveness of security plans and operations	Knowledge of performance audit and policy review techniques Knowledge of system security processes and procedures Knowledge of organizational, legal, and regulatory issues surrounding security policy enforcement Knowledge of evaluation criteria relevant to information assurance and data systems security Ability to apply systems performance and audit data for policy compliance	Ability to formulate plan of action and predict outcomes Ability to organize and present technical information to non-technical users and analyze group/individual response Ability to assess and modify policies/procedures Ability to plan according to resource constraints and requirements

Critical Work Function: D. Perform Security Education and Training

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
D1. Identify and assess education and training requirements for all constituents	Requirements reflect immediate training and education needs Requirements include long term and strategic IT workforce development goals Requirements are periodically reviewed for currency and applicability Requirements include appropriate assessments and certifications	Knowledge of training and professional development methods and practices Knowledge of industry and enterprise IT workforce development trends and needs Ability to develop and maintain education and training plans Knowledge of skill and competency assessment methods and tools	Ability to analyze relationship between parts/whole Ability to create organized and detailed supporting documents Ability to assess and recommend training alternatives Ability to understand constraints, generate alternatives, consider risks, evaluate options and formulate action plans Ability to predict outcomes/results based on experience or prior knowledge
D2. Identify resources and support materials	Resources and source materials are current Resources and source materials are based on industry-derived standards Resources and source materials reflect acceptable quality of instructional design Resources and source materials support desired learner outcomes, competencies, skills assessments and certifications	Knowledge of sources of applicable training and educational resources and materials Ability to assess and determine quality and suitability of education and training resources and source materials Knowledge of outcomes assessment and certification	Ability to research additional information sources Ability to follow rules and procedures Ability to compile multiple viewpoints Ability to be creative in identifying and locating sources of information
D3. Design and develop education and training plans and strategies	Plans and strategies support enterprise skill development needs Plans and strategies reflect accepted industry practices and policies Plans and strategies result in consistent outcomes Plans and strategies support immediate IT workforce skill needs and future IT workforce development goals	Knowledge of IT workforce professional development planning processes Ability to accurately determine current and future needs Knowledge of enterprise and business goals and strategies Knowledge IT and security policies, methods, practices and strategies Knowledge of budgetary and contractual aspects of workforce professional development	Ability to analyze and respond to client/user needs Ability to work cooperatively with others and contribute ideas, suggestions and assistance Ability to compare multiple viewpoints and relate intent to desired results Ability to organize and present complex information to users
D4. Deliver education and training	Education and training programs are delivered in a timely manner Education and training programs are delivered within budget Education and training programs are convenient and accessible Education and training programs result in expected outcomes, skills, and knowledge gains	Knowledge of education and training program development and delivery Knowledge of training program budgeting and accounting Knowledge of learner and environmental variability Knowledge of education and training program outcomes assessment	Ability to gather, analyze and categorize information Ability to present complex ideas/information and analyze responses Ability to listen attentively and compare multiple viewpoints Ability to speak clearly and present well-organized presentations Ability to identify training needs and conduct task-specific training
D5. Assess results and determine followup requirements	Education and training programs result in appropriate or required credentials and / or certifications Education and training programs are routinely evaluated with regard to needs, outcomes, and cost Education and training program requirements are periodically reviewed with stakeholders and systematically revised as needed	Knowledge of applicability of appropriate degrees, certificates, and certifications Ability to comprehensively evaluate education and training programs Knowledge of IT education and training program development, delivery, and evaluation Ability to present and discuss IT workforce education, training and professional development programs to non-technical audiences	Ability to use logic to draw conclusions from available information Ability to analyze information and formulate proposals Ability to analyze goals/constraints and examine proposed modifications and improvements Ability to present recommendations in a clear, concise and persuasive manner Ability to evaluate/adjust plan of action

Critical Work Function: E. Develop and Implement Physical Security, Deterrence, and Detection

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
E1. Identify and assess current and anticipated security risks and vulnerabilities	Security risks are assessed using appropriate standards and practices Security risks assessments include a variety of scenarios Assumptions are tested and verified Risk assessments include provisions for prevention as well as detection	Knowledge of IT physical security standards and practices Ability to apply imagination and abstract reasoning to security problems Knowledge of theoretical and operational security systems performance and application Knowledge of prevention strategies and practices relating to IT systems	Ability to recognize ethical issues Ability to use prior training/experience to predict outcomes Ability to troubleshoot system malfunction and/or failure Ability to distinguish trends in performance and diagnose performance deviations Ability to analyze possible cause of problems and recommend action plans for resolution
E2. Research and evaluate alternative current and emerging practices, tools, and technologies	Appropriate literature is continuously reviewed to determine current and emerging practices, tools and technologies Methods are developed and implemented to routinely share information with appropriate stakeholders Policies are developed and followed that ensure routine evaluation of currently used technologies and practices Routine security audits are performed Security audit findings and outcomes result in appropriate action	Knowledge of relevant IT security information resources Knowledge of security systems evaluation and assessment Ability to develop, monitor, and implement IT physical security policies and plans Knowledge of applicable business practices Knowledge of enterprise risks, vulnerabilities, and budgets	Ability to formulate approaches and generate unique solutions Ability to compose well-organized presentations and debate issues Ability to adapt principles to new applications and judge logical consistency
E3. Select and apply relevant tools to meet security goals and requirements	Alternative technologies and methods are explored for effectiveness, benefits, and cost Alternative tools are evaluated completely and accurately New tools and technologies are evaluated for compatibility with applicable existing systems and practices All stakeholders agree to selection criteria and selection process	Knowledge of sources of information on emerging IT and physical security technologies, tools, and methods Ability to perform cost/benefit, ROI, and technical evaluations Knowledge of options for technology use Knowledge of enterprise IT and physical security systems Ability to present IT physical and systems security information to diverse stakeholders	Ability to compare multiple viewpoints Ability to demonstrate honesty and trustworthiness Ability to analyze information and formulate proposals Ability to communicate/present in a clear and concise manner Ability to critically investigate various security tools
E4. Monitor, evaluate, and test security conditions and environment	Policies are developed and implemented that allow detection of ordinary and non-ordinary occurrences Policies are developed and disseminated that effectively communicate deterrence and detection practices and procedures Normal conditions are monitored with minimal intrusion Periodic tests are conducted to determine effectiveness of monitoring and deterrence practices Routine environmental scans are conducted to expose need for changes to security practices and procedures	Knowledge of development and implementation effective security deterrence and detection policies Ability to effectively and unobtrusively monitor and enforce IT physical and system security Knowledge of physical security systems testing and evaluation Ability to effectively communicate plans and implement procedures across organizational boundaries	Ability to devise and implement plan of action Ability to create plan to monitor and correct system Ability to responsibly challenge unethical practices/decision Ability to monitor and interpret trends in technology and industry Ability to evaluate and interpret data
E5. Implement, extend, and refine physical security plans and practices	Physical security plans are implemented with minimal intrusion Data regarding effectiveness of physical security practices is routinely gathers from all stakeholders Physical security plans are regularly reviewed and evaluated against emerging trends and practices Physical security plans and practices are regularly updated and improved	Knowledge of security plan development, implementation, and extension practices and methods Ability to gather and present user and stakeholder data Knowledge of information resources relevant to IT physical security practices and trends Ability to develop, implement, and maintain continuous improvement plans for physical security	Ability to analyze security problems and recommend solutions Ability to implement and evaluate/adjust plan of action Ability to use previous training/experiences to predict outcomes Ability to organize and clearly present complex information

Critical Work Function: F. Perform System Design and Analysis

KEY ACTIVITY	Performance Indicator How do we know when the key activity is performed well?	Technical Knowledge Skills, Abilities, Tools	Employabilty Skills SCANS Skills and Foundational Abilities
F1. Define current systems-level requirements, and forecast future needs and trends	Current systems level security requirements are defined according to industry standard terms and metrics Current systems level requirements accurately reflect organizational needs and current operational conditions Current systems level requirements are complete and accurate and can serve as the foundation for forecasting future needs Forecasts of future systems level needs and trends reflect enterprise goals and requirements Forecasts of future systems level needs and trends include applicable emerging technologies and practices Forecasts of future systems level needs and trends embrace changing legal, agency, or policy considerations	Knowledge of relevant industry terminology and metrics Knowledge of business rules, budgets, and operations Ability to develop and present systems level security planning forecasts Knowledge of relevant resources regarding applicable legal, agency, and policy developments and recommendations Knowledge of relevant resources regarding emerging systems level IT security technology and trends Ability to develop and present IT security information to diverse and non-technical stakeholders	Ability to follow policies, procedures, and regulations, pay attention to detail and follow up on assigned tasks Ability to compare multiple viewpoints Ability to examine information for relevance and accuracy and adapt principles/rules to new applications Ability to develop forecasts and evaluate scenarios
F2. Evaluate current and emerging tools and technologies	Current tools and technologies are evaluated according to industry standard benchmarks and metrics Current tools and technologies adequately meet organizational needs and current operational conditions Current tools and technologies provide organizational framework for the implementation of emerging technologies and tools Emerging tools and technologies are evaluated according to industry standard benchmarks and metrics Evaluation of emerging technologies provides basis for implementation plan	Knowledge of relevant industry benchmarks and metrics Knowledge of business rules, budgets, and operations Knowledge of relevant resources regarding emerging IT security tools and technologies Ability to develop evaluation rationale and develop implementation recommendations or plans	Ability to examine data for relevance/accuracy and present complex ideas/information Ability to analyze and understand system organization and configuration Ability to use logic to draw conclusions from available information and make recommendations Ability to stay current on cutting edge tools and technologies Ability to clarify, interpret, and influence communication
F3. Evaluate organization�s security strategies	Security strategies reflect relevant technology, tools, and practices Security strategies support organization goals and mission Security strategies include clearly stated outcomes and evaluation criteria Security strategies allow for response to unforeseen events Security strategies conform to applicable laws, agency regulations, relevant recommendations and applicable evaluation criteria	Knowledge of IT security technology, tools, and practices Knowledge of business rules and practices Knowledge of criteria used to develop and evaluate IT security strategic plans Knowledge of security laws, agency regulations, and bureaucratic recommendations	Ability to compare multiple viewpoints and relate intent to desired results Ability to interpret and analyze information Ability to adapt rules/principles to new applications Ability to evaluate and communicate security strategies Ability to generate unique solutions, formulate new ideas, and recommend new directions and processes
F4. Make recommendations regarding organization�s investment in security	Security recommendations are complete and accurately reflect organizational requirements and goals Recommendations are communicated appropriately Recommendations include risk assessment and cost/benefit analysis Security recommendations are compatible with operational systems and technology strategic plans	Knowledge of business rules and practices Knowledge of IT strategic planning Ability to assess, categorize, and rank risks, benefits, and costs Knowledge of systems and enterprise level IT systems operation and technology	Ability to analyze goals/constraints and examine proposed modifications and improvements Ability to pose critical questions, formulate proposals, and create original documents Ability to adapt technology for complex alternative uses and evaluate application of technology Ability to forecast future security needs
F5. Coordinate systems testing and integration	Tests are appropriately designed and accurately measure required operational characteristics Testers are properly identified and trained Test results are documented in accordance with applicable procedures Test results are appropriately disseminated and reviewed	Knowledge of IT security systems testing tools, processes and procedures Knowledge of system operational characteristics and measurement Ability to identify and train qualified testers Knowledge of test documentation practices	Ability to understand continuous improvement process and analyze goals/constraints Ability to summarize and translate mathematical data Ability to detect underlying issues and resolve technical conflicts Ability to analyze systems operation, monitor systems, distinguish trends in performance, and evaluate systems performance Ability to create detailed supporting documents
F6. Audit and maintain systems performance and ensure future readiness	Systems audits are conducted in accordance with organizational procedures Systems audits reflect applicable industry practices and recommendations Systems audits are reviewed and acted upon by appropriate stakeholders Systems readiness plans reflect anticipated growth Systems readiness considerations are included in IT strategic plans Readiness plans include all human and capital resource requirements	Knowledge of systems performance and readiness audit procedures and techniques Knowledge of applicable industry performance audit standards and practices Ability to assess and determine anticipated systems growth needs Knowledge of IT strategic planning and organizational and enterprise level IT issues and trends Knowledge of business forecasting processes, tools, and techniques Knowledge of applicable information resources for IT and information assurance strategic planning	Ability to analyze and adjust goals Ability to integrated multiple items of data and contrast conflicting data Ability to align resources with testing and integration needs Ability to solicit and accept feedback Ability to plan and communicate effectively

Worth checking out