NWCET
Critical Work Functions and Key Activities: Cyber-Security Skill Standards
Draft: July 2002

Cyber-Security Skill Standards (Template A)

Critical Work Functions Key Activities

A
Provide Data/Information Assurance A1
Gather and document data/information assurance requirements A2
Develop data/information assurance plans and implementation strategies A3
Review and test plans and strategies for compliance with applicable regulations and standards A4
Implement data/information assurance plans and strategies A5
Monitor peformance to ensure integrity and confidentiality A6
Maintain and update data/information assurance plans and strategies as appropriate

B
Ensure Infrastructure and Network Security B1
Gather data and analyze security requirements B2
Identify, interpret, and evaluate infrastructure and network vulnerabilities B3
Develop critical situation contigency plans and disaster recovery plan B4
Implement and test contingency and backup plans B5
Monitor, report, and resolve security problems B6
Coordinate contingency and recovery plans with internal and external stakeholders

C
Develop, Manage, and Enforce Security Policies C1
Perform research and analyze requirements C2
Develop, assess, and document security policies, practices, and procedures C3
Disseminate policies and implementation practices and procedures C4
Implement and enforce security policies, practices, and procedures C5
Monitor, maintain, and revise security policies, practices, and procedures as required

D
Perform Security Education and Training D1
Identify and assess education and training requirements for all constituents D2
Identify resources and support materials D3
Design and develop education and training plans and strategies D4
Determine appropriate methods and models for relevant stakeholders D5
Deliver education and training D6
Assess results and determine follow up requirements

E
Develop and Implement Physical Security, Deterrence, and Detection E1
Identify and assess current and anticipated security risks and vulnerabilities E2
Research and evaluate alternative current and emerging practices, tools, and technologies E3
Select and apply relevant tools to meet security goals and requirements E4
Monitor and evaluate security conditions and environment E5
Develop and test physical security, deterrence, and detection systems and plans E6
Implement, extend, and refine physical security plans and practices

F
Perform System Design and Analysis F1
Define current systems-level requirements, and forecast future needs and trends F2
Evaluate current and emerging tools and technologies F3
Evaluate organization's security strategies F4
Make recommendations regarding organization's investment in security F5
Define metrics and audit systems performance F6
Coordinate systems testing and integration F7
Maintain systems performance and ensure future readiness

Copyright NWCET and BCC. All rights reserved. Copyright 2002.

Cyber-Security Skill Standards (Template A)
Critical Work Functions	Key Activities
A Provide Data/Information Assurance	A1 Gather and document data/information assurance requirements	A2 Develop data/information assurance plans and implementation strategies	A3 Review and test plans and strategies for compliance with applicable regulations and standards	A4 Implement data/information assurance plans and strategies	A5 Monitor peformance to ensure integrity and confidentiality	A6 Maintain and update data/information assurance plans and strategies as appropriate
B Ensure Infrastructure and Network Security	B1 Gather data and analyze security requirements	B2 Identify, interpret, and evaluate infrastructure and network vulnerabilities	B3 Develop critical situation contigency plans and disaster recovery plan	B4 Implement and test contingency and backup plans	B5 Monitor, report, and resolve security problems	B6 Coordinate contingency and recovery plans with internal and external stakeholders
C Develop, Manage, and Enforce Security Policies	C1 Perform research and analyze requirements	C2 Develop, assess, and document security policies, practices, and procedures	C3 Disseminate policies and implementation practices and procedures	C4 Implement and enforce security policies, practices, and procedures	C5 Monitor, maintain, and revise security policies, practices, and procedures as required
D Perform Security Education and Training	D1 Identify and assess education and training requirements for all constituents	D2 Identify resources and support materials	D3 Design and develop education and training plans and strategies	D4 Determine appropriate methods and models for relevant stakeholders	D5 Deliver education and training	D6 Assess results and determine follow up requirements
E Develop and Implement Physical Security, Deterrence, and Detection	E1 Identify and assess current and anticipated security risks and vulnerabilities	E2 Research and evaluate alternative current and emerging practices, tools, and technologies	E3 Select and apply relevant tools to meet security goals and requirements	E4 Monitor and evaluate security conditions and environment	E5 Develop and test physical security, deterrence, and detection systems and plans	E6 Implement, extend, and refine physical security plans and practices
F Perform System Design and Analysis	F1 Define current systems-level requirements, and forecast future needs and trends	F2 Evaluate current and emerging tools and technologies	F3 Evaluate organization's security strategies	F4 Make recommendations regarding organization's investment in security	F5 Define metrics and audit systems performance	F6 Coordinate systems testing and integration	F7 Maintain systems performance and ensure future readiness