The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
NIST: NICE Cybersecurity Workforce Framework - Current version
NIST Special Publication 800-181 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
Led by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, NICE is a partnership between government, academia, and the private sector aimed at energising and promoting a robust network and an ecosystem of cybersecurity education, training, and workforce development. As such, it:
- Coordinating with government, academic, and industry partners to build on existing successful programmes, facilitating change and innovation, and bringing leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our nation secure.
- Cultivating an integrated cybersecurity workforce that is globally competitive from hire to retire and prepared to protect from existing and emerging cybersecurity challenges.
- An integrated cybersecurity workforce must be capable of designing, developing, implementing, and maintaining defensive and offensive cyber strategies.
- An integrated cybersecurity workforce includes technical and non-technical roles that are staffed with knowledgeable and experienced people.
- An integrated cybersecurity workforce can address the cybersecurity challenges inherent to preparing their organisations to successfully implement aspects of their missions and business processes connected to cyberspace.
- Providing a fundamental reference that supports a workforce capable of meeting an organisation’s cybersecurity needs by using a common, consistent lexicon to describe cybersecurity work by category, specialty area, and work role. It provides a superset of cybersecurity Knowledge, Skills, and Abilities (KSAs) and Tasks for each work role. The framework supports consistent organisational and sector communication for cybersecurity education, training, and workforce development.
The NICE Framework is a reference starting point for the content of guidance and guidelines on career paths, education, training, and credentialing programmes. It seeks to increase an organisation's ability to communicate consistently and clearly about cybersecurity work and its cybersecurity workforce. Organisations or sectors can build additional tools that meet their needs to define or give guidance on various aspects of workforce development, planning and training and education.
Important notice: The current version of the framework is under review through a public consultation. The new draft is expected in the second half of 2020.
Lookout Watch entry date: 07/08/2019 (updated July 2020)