The recent spate of cyber-attacks affecting Channel Nine, hospitals in Melbourne’s East and Parliament are indicative of escalating intent and motivation by foreign state-based actors and cyber-criminals to disrupt, steal, or deny access to data.
The situation effects many organisations and businesses that supply or support critical infrastructure and services. As we become more dependent on data-driven technology, internet services and data control systems, we must understand and comprehend the threats and issues that will accompany this advancement.
When assessing your current and future needs and dependencies in terms of technology, you need to consider reviewing your security arrangements and employing a highly skilled and talented cybersecurity workforce.
Ask yourself three key questions:
- How do you assess your workforce capability and capacity needs related to cybersecurity?
- How do you organise and manage your cybersecurity workforce to establish new roles and responsibilities?
- How do you prepare your workforce for changing cybersecurity capability and capacity needs?
To develop a strategy to improve your cybersecurity workforce, you should take a look at the standards available to guide you. One in particular worth knowing about is the National Institute of Standards and Technology (NIST) Special Publication 800-181.
This standard describes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework — a reference structure that describes the interdisciplinary nature of cybersecurity work. It serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skill, and abilities needed to complete tasks that can strengthen the cybersecurity posture of your organisation.
It categorises and describes cybersecurity work using a framework that supports effective communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework can be used as a reference source from which your organisation can develop additional tools that meet your needs to provide guidance on the various aspects of cybersecurity workforce development, planning, training, and education, including:
- Recruitment By using the NICE Framework, organisations can strategise and plan workforce hiring. You can develop job descriptions by examining the required tasks and matching the position duties and responsibilities with the knowledge, skills and abilities needed for the position.
- Education and Training The NICE Framework allows educators and trainers to prepare learners with specific skills to perform cybersecurity tasks.
- Development of Talent It’s important to develop a cybersecurity workforce that is capable and ready. The NICE Framework is helpful for employers to develop training programs that support personnel and their career development in improving skills relevant for current and future positions, and tasks as required by the organisation.
- Identification of Needs Cybersecurity is a rapidly changing and advancing field. Keeping up requires addressing your organisation’s needs and identifying what is required to manage current and future cybersecurity risks.
- Future Planning The NICE Framework supports those already in the cybersecurity field as well as those who might wish to enter the field, to explore tasks within cybersecurity categories and work roles. It also assists staffing specialists to understand cybersecurity work roles and the associated knowledge, skills and abilities which are in demand by employers.
The NIST NICE Framework is currently being used as a preferred standard by many Defence Industry suppliers and is an accepted standard by Australian Government authorities.