National Initiative for Cybersecurity Education Cybersecurity Workforce Framework
Since NIST published the first version of Special Publication (SP) 800-181 (the National Initiative for Cybersecurity Education), the nature of work has changed dramatically and, so too, should our approach to educating our employees about cybersecurity.
First Revision of the NICE Framework
According to NIST, the “NICE Framework has been developed to help provide a reference taxonomy—that is, a common language—of the cybersecurity work and of the individuals who carry out that work.” Recently, NIST released their first revision of the NICE framework, taking a back-to-basics approach, focusing on the foundation of a workforce framework. It provides a common language for organizations to use internally and with others.
How has the NICE Framework Changed?
The NICE Framework provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams.
- Streamlined Building Blocks: The framework includes components like Tasks, Knowledge, and Skills to describe concepts around “the work” versus “the learner” who is the person executing cybersecurity activities or learning about them.
- Abilities Combined with Skill Statements: In Revision 1, NIST updated Ability statements to be included in Skill statements, focusing on learner actions. By describing both the “work” and the “learner,” the NICE Framework provides organizations a common language to describe their cybersecurity work.
- Creating a Common Language: The Framework is interoperable, meaning it facilitates communication across organizations at a peer level, sector level, national level, or international level by using the same taxonomy for common language and meaning.
- Competencies Repurposed: Competencies, which is a mechanism for organizations to assess learners, was repurposed in the revision to further describe the “learners” of cybersecurity work. Competencies allow students, current employees, and job seekers to succinctly communicate and effectively demonstrate that they have the requisite Knowledge and Skills to perform cybersecurity work.
- Shorter, Static Document Plus Agile Working Content: Another major update was streamlining the Framework to include only core, static content, decreasing the material to just 12 pages. Supplemental content — lists of Competencies, Work Roles, Tasks, Knowledge, and Skill statements — has been removed from the static publication. This gives flexibility for more frequent updates to regularly-reference materials.
Build a Common Understanding of Cybersecurity with NICE Framework
How are you building a common understanding, and language, around cybersecurity in your organization? Help your employees, business leaders, and technical staff communicate with less friction and confusion. For cybersecurity education recommendations or virtual leadership support, look to CyLumena.