7 NICE Cybersecurity Workforce Framework categories: Everything you need to know - Security Boulevard

7 NICE Cybersecurity Workforce Framework categories: Everything you need to know


In the world of cybersecurity, there are many roles to play. While those roles can vary, there is also the NICE (National Initiative for Cybersecurity Education) Cybersecurity Workforce Framework to tie them together. This framework includes seven categories that describe cybersecurity work and workers. You can apply the NICE Framework to any sector — public, private or academia. 

In this article, we’ll be breaking down the seven categories and how you can effectively use them to source IT talent and continue to develop your workforce. 

The seven categories

The NIST (National Institute of Standards and Technology) developed the seven categories. The organization defined these different workers to highlight the “interdisciplinary nature” of the field of cybersecurity. It seeks to standardize the roles required in the cybersecurity workforce, which encompasses both technical and non-technical roles. 

Within each category, you’ll find specialty areas representing a component of specific work or function that relates to the main category. Further down, specialty areas break down into work roles. In each work role, knowledge, skills, abilities and tasks are defined. 

Security Provision (SP)

The SP category describes workers that “conceptualize, design, procure, and build secure information technology systems.” The position is responsible for system and network development. 

SP specialty areas and work roles:

Risk Management

  • Responsible for all aspects of cybersecurity risk requirements and ensures compliance, both internally and externally
  • Work roles: Senior Official and Security Control Assessor

Software Development

  • Writing code and designing software
  • Work roles: Software Developer and Secure Software Assessor

Systems Architecture

  • Works on system concepts and capabilities of the system, translating technology and other conditions to align with security designs and processes
  • Work roles: Enterprise Architect and Security Architect

Technology R&D

  • Assesses integration processes and supports prototype capabilities
  • Work role: Research and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Beth Osborne. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/-xV9j0ewAfY/