Knowledge ID: K0728
Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
Work roles with this Knowledge
Cybersecurity Instruction
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-005Responsible for developing and conducting cybersecurity awareness, training, or education.
Executive Cybersecurity Leadership
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-007Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.
Product Support Management
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-009Responsible for planning, estimating costs, budgeting, developing, implementing, and managing product support strategies in order to field and maintain the readiness and operational capability of systems and components.
Program Management
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-010Responsible for leading, coordinating, and the overall success of a defined program. Includes communicating about the program and ensuring alignment with agency or organizational priorities.
Secure Project Management
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-011Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built into projects to protect the organization’s critical infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates project status and demonstrates project value to the organization.
Security Control Assessment
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-012Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
Systems Authorization
Category: Oversight and GovernanceNICE Framework ID: OG-WRL-013Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.
Cybersecurity Architecture
Category: Design and DevelopmentNICE Framework ID: DD-WRL-001Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Enterprise Architecture
Category: Design and DevelopmentNICE Framework ID: DD-WRL-002Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Secure Software Development
Category: Design and DevelopmentNICE Framework ID: DD-WRL-003Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.
Secure Systems Development
Category: Design and DevelopmentNICE Framework ID: DD-WRL-004Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Software Security Assessment
Category: Design and DevelopmentNICE Framework ID: DD-WRL-005Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.
Systems Requirements Planning
Category: Design and DevelopmentNICE Framework ID: DD-WRL-006Responsible for consulting with internal and external customers to evaluate and translate functional requirements and integrating security policies into technical solutions.
Systems Testing and Evaluation
Category: Design and DevelopmentNICE Framework ID: DD-WRL-007Responsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.
Systems Administration
Category: Implementation and OperationNICE Framework ID: IO-WRL-005Responsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Systems Security Analysis
Category: Implementation and OperationNICE Framework ID: IO-WRL-006Responsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.
Defensive Cybersecurity
Category: Protection and DefenseNICE Framework ID: PD-WRL-001Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Infrastructure Support
Category: Protection and DefenseNICE Framework ID: PD-WRL-004Responsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Vulnerability Analysis
Category: Protection and DefenseNICE Framework ID: PD-WRL-007Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Exploitation Analysis
Category: Cyberspace EffectsNICE Framework ID: CE-WRL-003Responsible for identifying access and intelligence collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)