DHS offers baseline for U.S. IT security skills

DHS offers baseline for U.S. IT security skills
DHS offers baseline for U.S. IT security skills 

By Brian Robinson
October 10, 2007

The Homeland Security Department recently published a draft [1] of a 
framework of knowledge and skills it believes the United States needs to 
prevent cyberattacks.

Development of the IT Security Essential Body of Knowledge (EBK) began 
in 2003, when the DHS National Cyber Security Division (NCSD) began 
working with the Defense Department, academia and private industry to 
examine workforce IT certifications and what would be needed to advance 
security skills.

Starting with the DODs Information Assurance Skill Standards document, 
which had goals considered close to those for the national workforce, 
the NCSD development team isolated what it considered the core IT 
security competencies.

It then compared those with other domain-based IT security models to 
come up with a list of 14 key competencies to cover all public and 
private security roles and functions.

The EBK contains the key terms and concepts from all of those 
competencies that NCSD officials feel individuals in at least some IT 
security roles should know.

The EBK is not an additional set of guidelines that DHS believes 
organizations should follow, said Greg Garcia, DHS assistant secretary 
for cybersecurity and communications, in comments included with the 
recent Federal Register announcement of the EBK draft [2]. It is also 
not intended to represent a directive from DHS, he said.

The intent is for the document it to help advance the IT security 
training and certification landscape as we strive to ensure that we have 
the most qualified and appropriately trained IT security workforce 
possible, he said.

The public can comment on EBK through the Federal Register notice. Those 
comments will build on initial reviews by working groups and role-based 
focus groups prior to the documents final publication.

The deadline for those comments is Dec. 7.


CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - 

Site design & layout copyright © 1986-2015 CodeGods