Threat Intelligence

8/7/2017
07:35 PM
50%
50%

NIST Releases Cybersecurity Definitions for the Workforce

In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.

Employers and recruiters may have an easier time describing the type of infosec professionals they are seeking to hire or advance in their careers now that the government's National Institute of Standards and Technology (NIST) has released the finalized draft version of its cybersecurity lexicon framework.

NIST's National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework aims to provide organizations with a common vocabulary when describing the role, area of specialty, category of work, and the knowledge, skills, and abilities (KSA) of cybersecurity professionals.

"The NICE Cybersecurity Workforce Framework improves communication, about how to identify, recruit, develop, and retain cyber security talent," according to the NIST report. "It is a resource from which organizations or sectors can develop additional publications, or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education."

Employers, recruiters, and guidance counselors, for example, may use the framework as a resource when writing cybersecurity job descriptions, or use it to define with greater clarity the types of IT security professionals in the workforce, according to the NIST report.

As for cybersecurity professionals, the IT security vocabulary framework may aid in giving job seekers and employers a common language and understanding when various skills and abilities are listed in job openings, NIST states.

In the education and training fields, the framework may provide guideposts in developing curriculum or training certificate programs, because industry players will have a common understanding of the skills and tasks that will be needed in a job.

Definitions for Cybersecurity Workers
The creation of the framework relied on more than 20 government departments and agencies, the private sector, and academia to create a broad understanding of the cybersecurity market. The committee has created two earlier versions of the framework before this final version was approved, according to the report.

The definitions that emerged addressed the broader categories of work roles, which include a detailed list of cybersecurity work role groupings and the tasks that they perform. Specialty areas, meanwhile, include functions or concentrated work done in the cybersecurity industry, the report states. KSAs represent the required tasks needed to get the job done, as well as relevant education and training.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.