NIST's Cybersecurity Definitions for the Workforce

With cyberattacks on the rise, it's more crucial than ever for organizations to have the right employees and experts in place to perform vital IT functions. But first, you have to hire these professionals. And to do that, you need to know which skills, experiences and specialties you're seeking -- then come up with an accurate job description. Organizations of all types struggle with this process, from hospitals and practices tackling cyber healthcare initiatives to small, medium and large businesses looking to bolster their in-house IT capabilities.

Luckily, the National Institute for Standards and Technology (NIST) has released their National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework to bridge the communication gaps in cybersecurity. As Dark Reading reports, this draft "improves communication, about how to identify, recruit, develop, and retain cyber security talent. It is a resource from which organizations or sectors can develop additional publications, or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.

There's already a shortage of qualified cybersecurity professionals in the workforce, despite the industry on track to be worth $101.6 billion by 2020. A study commissioned by the nonprofit organization (ISC)ÂÂ_ forecasts a huge shortage in cybersecurity professionals  -- 1.5 million by 2020. This means organizations may increasingly find themselves without the staff capabilities they need to handle rising cybersecurity threats.

As Harvard Business Review points out, this shortage is due in part to a narrow definition of what constitutes a qualified cybersecurity professional. The potential solution? Businesses opening themselves up to applicants with "non-traditional backgrounds rather than exclusively four-year Computer Science degrees. After all, data breaches and malicious attacks do not just affect computers; they can potentially affect health care records, patient care, IoT-connected devices, nonprofit operations, client data and financial records. Moving forward, a comprehensive approach to cybersecurity may help close loopholes, bolster defenses and minimize fallout.

The NICE Framework aims to create a common language between employers, recruiters, employees, industry leaders, HR personnel and educators so cybersecurity knowledge, skills and abilities (KSAs) are clearer to all. In the NICE Framework, seven official Categories break down into Specialty Areas, which divide further into Work Roles. Here's a broad overview:

Analyze: Reviews and evaluates cybersecurity intelligence.

Collect and Operate: Provides specialized denial and deception operations/collections.

Investigate: Investigates cybersecurity events/crimes.

Operate and Maintain: Keeps IT system running and secure with administrative support and maintenance.

Oversee and Govern: Leads, manages, directs and advocates for organization-wide cybersecurity.

Protect and Defend: Handles IT threats.

Securely Provision: Helps develop networks and systems for a more secure future.

The eventual hope is this document will help organizations shape education, training, hiring and allocation of personnel â€ùcreating a more thorough, effective cybersecurity landscape across sectors.

Having the right people in place can make or break an organization's digital security, as can pursuing a comprehensive cybersecurity plan (complete with prevention tools and insurance to mitigate the aftermath). CyberPolicy can help you strengthen cybersecurity for health care, business, financial services, retail and many more. Find a fitting policy today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375