A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0): 1st Edition (Hardback) book cover

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0)

1st Edition

By Dan Shoemaker, Anne Kohnke, Ken Sigler

Auerbach Publications

540 pages | 155 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781498739962
pub: 2016-02-08
SAVE ~$19.39
$96.95
$77.56
x
eBook (VitalSource) : 9781315368207
pub: 2018-09-03
from $48.48


FREE Standard Shipping!

Description

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the tasks, knowledge, skill, and ability (KSA) requirements of the NICE Cybersecurity Workforce Framework 2.0. It discusses in detail the relationship between the NICE framework and the NIST’s cybersecurity framework (CSF), showing how the NICE model specifies what the particular specialty areas of the workforce should be doing in order to ensure that the CSF’s identification, protection, defense, response, or recovery functions are being carried out properly.

The authors construct a detailed picture of the proper organization and conduct of a strategic infrastructure security operation, describing how these two frameworks provide an explicit definition of the field of cybersecurity. The book is unique in that it is based on well-accepted standard recommendations rather than presumed expertise. It is the first book to align with and explain the requirements of a national-level initiative to standardize the study of information security. Moreover, it contains knowledge elements that represent the first fully validated and authoritative body of knowledge (BOK) in cybersecurity.

The book is divided into two parts: The first part is comprised of three chapters that give you a comprehensive understanding of the structure and intent of the NICE model, its various elements, and their detailed contents. The second part contains seven chapters that introduce you to each knowledge area individually. Together, these parts help you build a comprehensive understanding of how to organize and execute a cybersecurity workforce definition using standard best practice.

Table of Contents

Introduction: Defining the Cybersecurity Workforce

Cybersecurity: Failure Is Not an Option

Six Blind Men and an Elephant

Cybersecurity: An Emerging Field

Two Common Sense Factors That Make Cybersecurity Different

Instilling Order in a Virtual World

Combining Effort with Intent in Order to Get a Complete Solution

Cybersecurity: Finding the Right Set of Activities

Changing Times, Changing Players: The Stakes Get Higher

Definitive Step to Ensure Best Practice in Cybersecurity

National Initiative for Cybersecurity Education Initiative

National Cybersecurity Workforce Framework (2.0)

Knowledge Area 1: Securely Provision

Knowledge Area 2: Operate and Maintain

Knowledge Area 3: Protect and Defend

Knowledge Area 4: Investigate

Knowledge Area 5: Collect and Operate

Knowledge Area 6: Analyze

Knowledge Area 7: Oversee and Govern

Chapter Summary

Key Concepts

Key Terms

References

Creating Standard Competencies for Cybersecurity Work

The NICE Workforce Model

Structure and Intent of the NICE Workforce Framework

The NICE Framework Listing of Tasks for Each Specialty Area

Knowledge Area 1: Securely Provision

Knowledge Area 2: Operate and Maintain

Knowledge Area 3: Protect and Defend

Knowledge Area 4: Investigate

Knowledge Area 5: Collect and Operate

Knowledge Area 6: Analyze

Knowledge Area 7: Oversee and Govern

Implementing the Framework in Practice

Adapting the NICE Framework to an Organization

Planning: Converting Theory into Practice

Mapping the NICE Specialty Areas to Business Purposes

Deciding on Which Specialty Area to Employ in a Concrete Solution

Tailoring a Solution from the Concept

Tailoring Specialty Area Tasks to Specific Application

Three Factors That Ensure Proper Application of the Model

Chapter Summary

Key Terms

References

Implementing Standard Cybersecurity

Why It Is Difficult to Protect Our Critical Information Infrastructure

Background: A System of Best Practices

Distinction between This and Other Standards

Benefits

Relationship between the CSF and the NICE Framework

Standard Practice Approach to Implementation

Overview of the NIST Framework for Improving Critical Infrastructure Cybersecurity

Benefits of Adopting the Cybersecurity Framework

The Cybersecurity Framework Core

The Cybersecurity Framework Implementation Tiers

The Framework Profile

The Cybersecurity Framework Is Descriptive and Not Prescriptive

Structure of the Book’s Presentation of the NICE and Cybersecurity Framework

Chapter Summary

Key Terms

References

Securely Provision General Knowledge Area

Securely Provision Category Overview

Specialty Area 1: Secure Acquisition

Specialty Area 2: Secure Software Engineering

Specialty Area 3: Systems Security Architecture

Specialty Area 4: Technology Research and Development

Specialty Area 5: Systems Requirements Planning

Specialty Area 6: Test and Evaluation

Specialty Area 7: Systems Development

Chapter Summary

Key Terms

References

Operate and Maintain General Knowledge Area

Operate and Maintain Knowledge Area Overview

Specialty Area 1: Data Administration

Factoring Data Administration Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Data Administration

Specialty Area 2: Customer Service and Technical Support

Factoring Customer Service and Technical Support Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Customer Service and Technical Support

Specialty Area 3: Network Services

Factoring Network Services Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Network Services

Specialty Area 4: System Administration

Factoring System Administration Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for System Administration

Specialty Area 5: Systems Security Analysis

Factoring Systems Security Analysis Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Systems Security Analysis

Chapter Summary

Key Terms

References

Protect and Defend General Knowledge Area

Introduction to the Protect and Defend General Knowledge Area

Specialty Area 1: Enterprise Network Defense Analysis

Factoring Enterprise Network Defense Analysis Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Enterprise Network Defense Analysis

Specialty Area 2: Incident Response

Factoring Incident Response Workforce Tasks into the Cybersecurity Framework Functions

After-Action Reviews

Underlying Knowledge, Skill, and Ability Requirements for Incident Response

Specialty Area 3: Enterprise Network Defense Infrastructure Support

Factoring Enterprise Network Defense Infrastructure Support Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Enterprise Network Defense Infrastructure Support

Specialty Area 4: Vulnerability Assessment and Management

Factoring Vulnerability Assessment and Management Workforce Tasks into the Cybersecurity Framework Functions

Underlying Knowledge, Skill, and Ability Requirements for Vulnerability Assessment and Management

Chapter Summary

Key Terms

Reference

Investigate General Knowledge Area

Specialty Area 1: Digital Forensics

Organizing the Tasks of Digital Forensics Using Cybersecurity Framework Functions

Factoring Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Digital Forensics

Application: Organizing a Digital Forensics Function Based on the CSF

Specialty Area 2: Cyber Investigation

Application: Organizing a Digital Forensics Function Based on the CSF

Chapter Summary

Key Terms

References

Collect and Operate and Analyze General Knowledge Areas

Introduction to the Knowledge Areas of the Intelligence Community

Specialty Areas: Collect and Operate and Analyze

Body of Knowledge for Collect and Operate and Analyze

Implementing the Collect and Operate and Analyze Areas

Performing Collection and Operations and Analysis Work

Chapter Summary

Key Terms

References

Oversee and Govern General Knowledge Area

Introduction

Specialty Area 1: Legal Advice and Advocacy

Factoring Legal Advice and Advocacy Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Legal Advice and Advocacy Specialty Area

Specialty Area 2: Strategic Planning and Policy Development

Factoring Strategic Planning Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Strategic Planning and Policy Development Specialty Area

Specialty Area 3: Training, Education, and Awareness

Factoring Training, Education, and Awareness Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Training, Education, and Awareness Specialty Area

Specialty Area 4: Information Systems and Security Operations

Factoring Information Systems and Security Operations Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Information Systems and Security Operations Specialty Area

Specialty Area 5: Security Program Management

Factoring Security Program Management Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Security Program Management Specialty Area

Specialty Area 6: Risk Management

Factoring Risk Management Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Risk Management Specialty Area

Specialty Area 7: Knowledge Management

Factoring Knowledge Management Workforce Tasks into the Cybersecurity Framework Categories

Underlying Knowledge, Skill, and Ability Requirements for Knowledge Management Specialty Area

Chapter Summary

Key Terms

References

Applying the NICE Cybersecurity Workforce Model to the Real World

Why Cybersecurity Needs a Standard of Practice

Three Problems with Cybersecurity

Chapter Summary

Key Terms

Reference

About the Authors

Author

Ken Sigler

Auburn Hills, MI, United States

Learn more about Ken Sigler >>

Daniel P Shoemaker, PhD, is principal investigator and senior research scientist at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan has served 30 years as a professor at UDM with 25 of those years as department chair. He served as a co-chair for both the Workforce Training and Education and the Software and Supply Chain Assurance Initiatives for the Department of Homeland Security, and was a subject matter expert for the NICE Cybersecurity Workforce Framework 2.0. Dan has coauthored six books in the field of cybersecurity and has authored more than one hundred journal publications. Dan earned his PhD from the University of Michigan.

Anne Kohnke, PhD, is an assistant professor of IT at Lawrence Technological University and teaches courses in both the information technology and organization development/change management disciplines at the bachelor through doctorate levels. Anne started as an adjunct professor in 2002 and joined the faculty full time in 2011. Her IT career started in the mid-1980s on a help desk, and over the years, Anne developed technical proficiency as a database administrator, network administrator, systems analyst, and technical project manager. After a decade, Anne was promoted to management and worked as an IT director, vice president of IT and chief information security officer (CISO). Anne earned her PhD from Benedictine University.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. His primary research is in the areas of software management, software assurance, and cloud computing. He developed the college’s CIS program option entitled "Information Technologies for Homeland Security." Until 2007, Ken served as the liaison for the college to the International Cybersecurity Education Coalition (ICSEC), of which he is one of three founding members. Ken is a member of IEEE, the Distributed Management Task Force (DMTF), and the Association for Information Systems (AIS).

About the Series

Internal Audit and IT Audit

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
BUS041000
BUSINESS & ECONOMICS / Management
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General