Cyber-Security Skill Standards (Template A) | |||||||
Critical Work Functions | Key Activities | ||||||
A Provide Data/Information Assurance |
A1 Gather and document data/information assurance requirements |
A2 Develop data/information assurance plans and implementation strategies |
A3 Review and test plans and strategies for compliance with applicable regulations and standards |
A4 Implement data/information assurance plans and strategies |
A5 Monitor peformance to ensure integrity and confidentiality |
A6 Maintain and update data/information assurance plans and strategies as appropriate |
|
B Ensure Infrastructure and Network Security |
B1 Gather data and analyze security requirements |
B2 Identify, interpret, and evaluate infrastructure and network vulnerabilities |
B3 Develop critical situation contigency plans and disaster recovery plan |
B4 Implement and test contingency and backup plans |
B5 Monitor, report, and resolve security problems |
B6 Coordinate contingency and recovery plans with internal and external stakeholders |
|
C Develop, Manage, and Enforce Security Policies |
C1 Perform research and analyze requirements |
C2 Develop, assess, and document security policies, practices, and procedures |
C3 Disseminate policies and implementation practices and procedures |
C4 Implement and enforce security policies, practices, and procedures |
C5 Monitor, maintain, and revise security policies, practices, and procedures as required |
||
D Perform Security Education and Training |
D1 Identify and assess education and training requirements for all constituents |
D2 Identify resources and support materials |
D3 Design and develop education and training plans and strategies |
D4 Determine appropriate methods and models for relevant stakeholders |
D5 Deliver education and training |
D6 Assess results and determine follow up requirements |
|
E Develop and Implement Physical Security, Deterrence, and Detection |
E1 Identify and assess current and anticipated security risks and vulnerabilities |
E2 Research and evaluate alternative current and emerging practices, tools, and technologies |
E3 Select and apply relevant tools to meet security goals and requirements |
E4 Monitor and evaluate security conditions and environment |
E5 Develop and test physical security, deterrence, and detection systems and plans |
E6 Implement, extend, and refine physical security plans and practices |
|
F Perform System Design and Analysis |
F1 Define current systems-level requirements, and forecast future needs and trends |
F2 Evaluate current and emerging tools and technologies |
F3 Evaluate organization's security strategies |
F4 Make recommendations regarding organization's investment in security |
F5 Define metrics and audit systems performance |
F6 Coordinate systems testing and integration |
F7 Maintain systems performance and ensure future readiness |