[Owasp-leaders] Comments / Tomatos
tomb at owasp.org
Mon Dec 5 18:13:15 EST 2011
Leaders/GEC please take a moment to review/comment that will help raise awareness on target with our mission.
> The SwA Community is invited to comment on National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework at http://csrc.nist.gov/nice/framework/. At the recent Winter Working Group Sessions, Peggy Maxson, Director of National Cybersecurity Education, Department of Homeland Security (DHS), described the NICE program. This framework will dramatically impact the work of SwA Workforce, Education, and Training Working Group (WET) as well as other SwA Working Groups. Comments are due via Email NICEFrameworkComments at nist.gov by December 16, 2011.
> Our aim is to find ways to align and harmonize the work of the WET WG with the NICE Workforce Framework http://csrc.nist.gov/nice/framework/. Here are some questions to consider when reviewing the NICE Framework:
> · Is it clear that software assurance part of the framework?
> · If not, how do suggest that the requisite software assurance knowledge, skills and abilities are properly represented?
> · What would the outcome look like and how do we produce it?
> · Traditional information security frameworks have not paid attention to the issue of the security of the software that processes that information. What additional development Is required to make the connection between their body of knowledge (BOK) and the SwA BOK? - or do the two need to be explicitly merged?
> Based on our discussions at the Winter meeting, we ask the SwA Community to:
> 1. Submit individual comments concerning NICE to NIST
> 2. Ask your organization to develop comments on the framework as well
> This is the holiday season, and we apologize for the short time period, but please get those comments in by December 16.
> Thanks for your support,
> Dan Shoemaker, Art Conklin, and Nancy Mead
> Workforce, Education, and Training Working Group (WET)
> NICE Cybersecurity Workforce Framework
> Today, there is little consistency in how cybersecurity work is defined and described throughout the nation. The lack of a common language to discuss and understand the work requirements of cybersecurity professionals hinders our nation's ability to:
> Baseline capabilities,
> Identify skill gaps,
> Develop cybersecurity talent in the workforce, and
> Prepare the pipeline of future talent.
> Establishing and using a unified framework for cybersecurity work and workers is not merely practical but vital to the nation's cybersecurity. Much as other professions have defined their specialties (e.g., law, medicine), it is now time to forge a common set of definitions for the cybersecurity workforce.
> The NICE Cybersecurity Workforce Framework offers a working taxonomy and common lexicon that can be overlaid onto any organization's existing occupational structure. Although much work has gone into this framework, we need to ensure that it can be adopted and used across the nation. We are actively seeking to refine this framework with input from every sector of our nation's cybersecurity stakeholders.
> You are an integral part of this process. NICE requests that you please contribute your expertise in the field of cybersecurity by reviewing the NICE Cybersecurity Workforce Framework document and providing your public comments using the comments template.
> Your comments will help us refine the framework for national release. Please act now as we are accepting public comments through December 16, 2011.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders