Mission Critical Functions
An essential first step in addressing the challenge of developing the right workforce is to ensure the right people are at the top: the cybersecurity role which are critical to the organization's mission and essential to the security function, while requiring the most advanced technical knowledge, skills and abilities. The intersection of the parameters are where the very best talent must be focused, even while the overall cybersecurity mission depends on the action of people throughout the organization and across the spectrum of technical understanding.
The Center for Internet Security (CIS) has built upon the work of previous efforts to identify and validate the mission critical cybersecurity functions- the top ten list of roles which defines the apex of professional skill in the field. These roles, if properly staffed, will provide the capability needed to both implement broad, effective, foundational controls (namely the CIS Critical Security Control, as well as address new, unforeseen threats and vulnerabilities).Mission Critical Function Paper
Secure Power Systems Professionals
In order to identify the capabilities and competencies needed to protect the modernized electric grid, a project was initiated in 2011 by Pacific Northwest National Laboratory, in partnership with NBISE, on behalf of the U.S. Department of Energy. The first phase of this three-phase project identified operational security functions for day-to-day power systems operations (but not development, engineering, and architecture), and power system environments. The project examined the technical, problem-solving, social and analytical skills identified by stakeholders as used by existing power systems cybersecurity staff in the daily execution of their responsibilities.
The second phase of this project identified existing frameworks, training courses, and certification programs that may contribute to developing the necessary knowledge, skills, and abilities required of this special workforce.
Roles and Controls
CIS believes that all three elements of the cyber ecosystem- people, technology, and policy- must be considered together and brought into alignment in order to create a foundation of security practices that are understandable and usable by each user and scalable for every user. The effective implementation and management of essential measures, namely the CIS Controls, requires an understanding of the roles- cybersecurity and otherwise- involved in this process. CIS is exploring, mapping and developing recommendations for this essential relationship.