Transcription
The National Initiative for Cybersecurity Education (NICE) Framework, a WorkforceFramework for Cybersecurity by the National Institute of Standards and Technology, is apartnership between the US Department of Commerce, Academia, and the Private sector.SECURELY PROVISION ConceptDesignOPERATE & MAINTAINProcureSupportInformation Techology (IT) SystemAdministrateOVERSEE & GOVERNMaintainInformation Technology (IT)PerformanceSystems & Network DevelopmentStrategizeLeadPROTECT & DEFENDManageIdentifyCybersecurity Systems & OperationsCybersecurity ThreatsInformation Technology (IT) SecurityANALYZEReviewCybersecurity InformationCOLLECT & OPERATEEvaluateCollectOperateDenial and Deception IT systems & Network EvidenceMitigate
SECURELY PROVISIONConceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibilityfor aspects of system and/or network development.Risk Management (RSK)Systems Architecture(ARC)Technology R&D (TRD)Systems RequirementsPlanning (SRP)SoftwareDevelopment (DEV)SystemsDevelopment (SYS)Test andEvaluation (TST)Oversees, evaluates, andDevelops system conceptsConducts technology assess-Consults with customers toDevelops and writes/codesWorks on the developmentDevelops and conducts testssupports the documentation,and works on the capabilitiesment and integration process-gather and evaluate function-new (or modifies existing)phases of the systems devel-of systems to evaluate com-validation, assessment, andphases of the systems devel-es; provides and supports aal requirements and trans-computer applications, soft-opment life cycle.pliance with specificationsauthorization processes nec-opment life cycle; translatesprototype capability and/orlates these requirements intoware, or specialized utilityand requirements by applyingessary to assure that existingtechnology and environmentalevaluates its utility.technical solutions. Providesprograms following softwareprinciples and methods forand new information tech-conditions (e.g., law and regu-guidance to customers aboutassurance best practices.cost-effective planning, evalu-nology (IT) systems meet thelation) into system and securi-applicability of informationating, verifying, and validatingorganization’s cybersecurityty designs and processes.systems to meet businessof systems or elements ofneeds.systems incorporating IT.and risk requirements.Roles :Authorizing Official/Designating RepresentativeRoles :Enterprise ArchitectSecurity ArchitectRoles :-Roles :-Research & DevelopmentSystems RequirementsSpecialistPlannerRoles :Software DeveloperSecure Software AssessorSecurity Control AssessorRoles :-Roles :-Information Systems SecuritySystem Testing and EvaluationDeveloperSpecialistSystems DeveloperOur Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Certified Chief InformationCertified Network Defender V2Certified Ethical Hacker V11Certified Network Defender V2Certified Application SecurityCertified Network Defender V2Certified Network Defender V2Security Officer(CND)(CEH)(CND)Engineer (CASE Java)(CND)(CND)CompTIA Security CompTIA Advanced SecurityCompTIA PenTest CompTIA Advanced SecurityCertified Application SecurityCompTIA Advanced SecurityCompTIA Advanced SecurityPractitioner (CASP )Engineer (CASE .Net)Practitioner (CASP )Practitioner (CASP )CompTIA Cloud CompTIA PenTest CompTIA Cybersecurity AnalystCompTIA Cybersecurity Analyst(CySA )(CySA )CompTIA Cloud CompTIA Cloud CompTIA PenTest CompTIA CybersecurityAnalyst (CySA )CompTIA Advanced SecurityPractitioner (CASP )CompTIA Cloud Practitioner (CASP )CompTIA Cloud CompTIA Cybersecurity Analyst(CySA )CompTIA Advanced SecurityPractitioner (CASP )CompTIA Cloud CompTIA PenTest
OPERATE & MAINTAINConceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibilityfor aspects of system and/or network development.Data Administration(DTA)Knowledge Management(KMG)Customer Service andTechnical Support (STS)Network Services (NET)Systems Administration(ADM)Systems Analysis (ANA)Develops and administers da-Manages and administers pro-Addresses problems, installs,Installs, configures, tests,Installs, configures, trouble-Studies an organization’s cur-tabases and/or data manage-cesses and tools that enableconfigures, troubleshoots,operates, maintains, andshoots, and maintains serverrent computer systems andment systems that allow forthe organization to identify,and provides maintenancemanages networks and theirconfigurations (hardwareprocedures, and designs infor-the storage, query, protection,document, and access intel-and training in response tofirewalls, including hardwareand software) to ensure theirmation systems solutions toand utilization of data.lectual capital and informa-customer requirements or(e.g., hubs, bridges, switches,confidentiality, integrity, andhelp the organization operatetion content.inquiries (e.g., tiered-levelmultiplexers, routers, cables,availability. Manages ac-more securely, efficiently, andcustomer support). Typical-proxy servers, and protectivecounts, firewalls, and patches.effectively. Brings businessly provides initial incidentdistributor systems) and soft-Responsible for access con-and information technologyinformation to the Incidentware that permit the sharingtrol, passwords, and account(IT) together.Response (IR) Specialty.and transmission of all spec-creation and administration.trum transmissions.Roles :Database AdministratorRoles :-Roles :-Roles :-Roles :-Roles :-Knowledge ManagerTechnical Support SpecialistNetwork Operations SpecialistSystem AdministratorSystems Security AnalystOur Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-CompTIA Cybersecurity AnalystCompTIA Cloud Certified Network Defender V2Certified Network Defender V2Certified Network Defender V2Certified Network Defender V2(CySA )(CND)(CND)(CND)(CND)CompTIA Security CompTIA A CompTIA A CompTIA A CompTIA Security CompTIA Network CompTIA Network CompTIA Network CompTIA Cloud CompTIA Security CompTIA Security CompTIA Security CompTIA PenTest CompTIA Cybersecurity AnalystCompTIA Cloud CompTIA Cloud CompTIA Server CompTIA Server CompTIA Advanced SecurityompTIA Advanced SecurityPractitioner (CASP )Practitioner (CASP )CompTIA Server CompTIA Cybersecurity AnalystData Analyst(CySA )CompTIA Cloud CompTIA PenTest CompTIA Server (CySA )
OVERSEE & GOVERNProvides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.Legal Advice andAdvocacy (LGA)Training, Education,and Awareness (TEA)CybersecurityManagement (MGT)Strategic Planning andPolicy (SPP)Executive Cyber Leadership(EXL)Program/Project Management(PMA) and AcquisitionProvides legally sound ad-Conducts training of person-Oversees the cybersecurityDevelops policies and plansSupervises, manages, and/orApplies knowledge of data,vice and recommendationsnel within pertinent subjectprogram of an informationand/or advocates for changesleads work and workers per-information, processes, orga-to leadership and staff ondomain. Develops, plans,system or network, includingin policy that support organi-forming cyber and cyber-re-nizational interactions, skills,a variety of relevant topicscoordinates, delivers and/ormanaging information secu-zational cyberspace initiativeslated and/or cyber operationsand analytical expertise, aswithin the pertinent subjectevaluates training courses,rity implications within theor required changes/ en-work.well as systems, networks,domain. Advocates legal andmethods, and techniques asorganization, specific pro-hancements.policy changes and makes aappropriate.gram, or other area of respon-capabilities to manage ac-case on behalf of client via asibility, to include strategic,quisition programs. Executeswide range of written and oralpersonnel, infrastructure,duties governing hardware,work products, including legalrequirements, policy enforce-software, and informationbriefs and proceedings.ment, emergency planning,system acquisition programssecurity awareness, and otherand other program manage-resources.ment policies.Roles :Cyber Legal AdvisorPrivacy Officer/Privacy ComplianceManagerRoles :-Roles :-Roles :-Cyber Instructional CurriculumInformation Systems SecurityCyber Workforce DeveloperDeveloperManagerand ManagerCyber InstructorCommunications SecurityCyber Policy and Strategy(COMSEC) ManagerPlannerand information exchangeRoles :Executive Cyber LeadershipRoles :Program ManagerIT Project ManagerProduct Support ManagerIT Investment/ PortfolioManagerIT Program AuditorOur Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-CompTIA Cybersecurity AnalystCompTIA Cloud Certified Network Defender V2Certified Network Defender V2Certified Network Defender V2Certified Network Defender V2(CND)(CND)(CND)(CND)CompTIA Advanced SecurityCompTIA Advanced SecurityPractitioner (CASP )Practitioner (CASP )(CySA )CompTIA Cloud CompTIA Advanced SecurityPractitioner (CASP )
PROTECT & DEFENDIdentifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.Cybersecurity Defense Analysis (CDA)Cybersecurity DefenseInfrastructure Support (INF)Incident Response (CIR)Vulnerability Assessmentand Management (VAM)Uses defensive measures and information collect-Tests, implements, deploys, maintains, reviews,Uses defensive measures and information collect-Uses defensive measures and information collect-ed from a variety of sources to identify, analyze,and administers the infrastructure hardware anded from a variety of sources to identify, analyze,ed from a variety of sources to identify, analyze,and report events that occur or might occur with-software that are required to effectively manageand report events that occur or might occur with-and report events that occur or might occur with-in the network to protect information, informa-the computer network defense service providerin the network to protect information, informa-in the network to protect information, informa-tion systems, and networks from threats.network and resources. Monitors network totion systems, and networks from threats.tion systems, and networks from threats.actively remediate unauthorized activities.Roles :-Roles :-Roles :-Roles :-Cyber Legal AdvisorCyber Défense Infrastructure Support SpecialistCyber Defense Incident ResponderVulnerability Assessment AnalystOur Solutions :-Our Solutions :-Our Solutions :-Our Solutions :-CompTIA Security CompTIA Security CompTIA Security CompTIA Security CompTIA Network CompTIA A CompTIA Network CompTIA Network CompTIA PenTest CompTIA Network CompTIA PenTest CompTIA PenTest CompTIA Cybersecurity Analyst (CySA )CompTIA PenTest CompTIA Cybersecurity Analyst (CySA )CompTIA Cybersecurity Analyst (CySA )CompTIA Advanced Security Practitioner (CASP )CompTIA Cybersecurity Analyst (CySA )CompTIA Advanced Security Practitioner (CASP )CompTIA Advanced Security Practitioner (CASP )Certified Ethical Hacker V11 (CEH)CompTIA Advanced Security Practitioner (CASP )Certified Incident Handler (ECIH)Certified Incident Handler (ECIH)CompTIA Cloud Certified Network Defender V2 (CND)CompTIA Project
ANALYZE Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.Threat Analysis (TWA)Exploitation Analysis (EXP)All-Source Analysis (ASA)Targets (TGT)Language Analysis (LNG)Identifies and assesses the capabilitiesAnalyzes collected information to iden-Analyzes threat information from mul-Applies current knowledge of one orApplies language, cultural, and tech-and activities of cybersecurity crim-tify vulnerabilities and potential fortiple sources, disciplines, and agenciesmore regions, countries, non-statenical expertise to support informationinals or foreign intelligence entities;exploitation.across the Intelligence Community.entities, and/or technologies.collection, analysis, and other cyberse-produces findings to help initialize orSynthesizes and places intelligencesupport law enforcement and counter-information in context; draws insightsintelligence investigations or activities.about the possible implications.curity activities.Performs highly-specialized review andevaluation of incoming cybersecurityinformation to determine its usefulness for intelligence.Roles :-Roles :-Roles :-Roles :-Roles :-Cyber Legal AdvisorCyber Legal AdvisorAll-Source AnalystTarget DeveloperMulti-Disciplined Language AnalystMission Assessment SpecialistTarget Network AnalystOur Solutions :-Our Solutions :-Our Solutions :-CompTIA PenTest CompTIA PenTest CompTIA Cloud CompTIA Cybersecurity Analyst (CySA )CompTIA Cybersecurity Analyst (CySA )ompTIA Advanced Security PractitionerCompTIA PenT CompTIA Advanced Security(CASP )Practitioner (CASP )Certified Ethical Hacker V11 (CEH)
COLLECT & OPERATE Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.Threat Analysis (TWA)Exploitation Analysis (EXP)All-Source Analysis (ASA)Executes collection using appropriate strategies and withinPerforms in-depth joint targeting and cybersecurity planningPerforms activities to gather evidence on criminal or for-the priorities established through the collection managementprocess. Gathers information and develops detailed Operationaleign intelligence entities to mitigate possible or real-timeprocess.Plans and Orders supporting requirements. Conducts strategicthreats, protect against espionage or insider threats,and operational-level planning across the full range of operationsforeign sabotage, international terrorist activities, or tofor integrated information and cyberspace operations.support other intelligence activitiesRoles :-Roles :-Roles :-Cyber Legal AdvisorCyber Legal AdvisorAll-Source AnalystMission Assessment SpecialistOur Solutions :-Our Solutions :-Our Solutions :-CompTIA Cybersecurity Analyst (CySA )CompTIA Cybersecurity Analyst (CySA )CompTIA Cybersecurity Analyst (CySA )CompTIA Advanced Security Practitioner (CASP )CompTIA Advanced Security Practitioner (CASP )CompTIA Advanced Security Practitioner (CASP )CompTIA PenTest CompTIA PenTest CompTIA Project
INVESTIGATEInvestigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence.Cyber Investigation (INV)Digital Forensics (FOR)Applies tactics, techniques, and procedures for a full range of investigative tools and processes toCollects, processes, preserves, analyzes, and presents computer-related evidence in support ofinclude, but not limited to, interview and interrogation techniques, surveillance, counter surveil-network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcementlance, and surveillance detection, and appropriately balances the benefits of prosecution versusinvestigations.intelligence gathering.Roles :-Roles :-Cyber Legal AdvisorCyber Legal AdvisorOur Solutions :-Our Solutions :-Computer Hacking Forensic Investigator V10Computer Hacking Forensic Investigator V10CompTIA PenTest CompTIA PenTest CompTIA Security CompTIA Cybersecurity Analyst (CySA )CompTIA Advanced Security Practitioner (CASP )CompTIA Network
Certified Ethical Hacker V11 (CEH) CompTIA Advanced Security Practitioner (CASP ) Certified Incident Handler (ECIH) Certified Incident Handler (ECIH) CompTIA Cloud CompTIA Project Certified Network Defender V2 (CND) Roles :- Roles :- Roles :- Roles :- Our Solutions :- Our Solutions :- Our Solutions :- Our Solutions :- .
