Chapter16B2.docx
Document Details
Uploaded by ImpressedAzalea
Tags
Full Transcript
Developing the Security Team ============================ ### The need for more security professionals ### Applying NIST NICE framework to your organization - **Task statements** describe what work will be performed by a candidate. In other words, a task is defined as something that an...
Developing the Security Team ============================ ### The need for more security professionals ### Applying NIST NICE framework to your organization - **Task statements** describe what work will be performed by a candidate. In other words, a task is defined as something that an employee will perform in order to meet organizational business objectives. For example, a task could be related to configuring network equipment or configuring the Apache service on a Linux server. Task statements should not be confused with knowledge or skills statements as those achieve different objectives. - **Knowledge statements** differ from task statements in that knowledge is used to perform a task from memory. Knowledge statements could include knowledge of Cisco IOS or how to thwart certain types of threats against an organization. Knowledge statements can also define particular experiences from previous employment, such as how long a candidate has been in a particular field. These can include entry-level versus architectural or even managerial expertise. This can also be a many-to-many relationship in that we can have one or many knowledge statements for a particular task and vice versa. - **Skill statements** are those that a candidate uses to demonstrate that they can perform a task. For example, a skill would be to confi e a pfSense fi ewall for high availability or to recognize alerts that come from a **security information and event management** (**SIEM**) system. It could also be used in post-incident handling, such as performing an after-action review or root cause analysis. - - - ### Exploring cybersecurity roles #### Cybersecurity analysts #### Cybersecurity engineers #### Cybersecurity architects #### Cybersecurity compliance specialists #### Head of security ### Exploring cybersecurity architectural frameworks #### SABSA #### TOGAF - - - **Application architecture**: Used to describe or provide an overview of the types of applications that need to be developed for an organization - **Technical architecture**: Used for all the requirements for IT resources, which include hardware and software - - - - - - - - #### OSA ### Staffing -- insourcing versus outsourcing #### Structuring the cybersecurity team
