Oversight and Governance
OG-WRL-002

Cybersecurity Policy and Planning

Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

  • T0226: Serve on agency and interagency policy boards
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1028: Research new vulnerabilities in emerging technologies
  • T1107: Evaluate functional requirements
  • T1158: Develop cybersecurity implementation policies and guidelines
  • T1184: Establish stakeholder communication channels
  • T1185: Maintain stakeholder communication channels
  • T1306: Conduct technology program and project audits
  • T1335: Promote cybersecurity awareness to management
  • T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
  • T1357: Determine if cybersecurity requirements have been successfully implemented
  • T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
  • T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
  • T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
  • T1396: Oversee independent cybersecurity audits
  • T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
  • T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
  • T1436: Acquire adequate funding for cybersecurity training
  • T1464: Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements
  • T1476: Promote awareness of cybersecurity policy and strategy among management
  • T1482: Conduct cybersecurity workforce assessments
  • T1492: Integrate laws and regulations into policy
  • T1518: Develop organizational cybersecurity strategy
  • T1543: Develop cybersecurity policies and procedures
  • T1605: Advise management, staff, and users on cybersecurity policy
  • K0644: Knowledge of cybersecurity operation policies and procedures
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0691: Knowledge of cyber defense tools and techniques
  • K0692: Knowledge of vulnerability assessment tools and techniques
  • K0743: Knowledge of new and emerging technologies
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0773: Knowledge of telecommunications principles and practices
  • K0812: Knowledge of digital communication systems and software
  • K0892: Knowledge of cyber defense laws and regulations
  • K0943: Knowledge of industry indicators
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0969: Knowledge of cyber-attack tools and techniques
  • K0983: Knowledge of computer networking principles and practices
  • K0990: Knowledge of cyber operations principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1023: Knowledge of network exploitation tools and techniques
  • K1079: Knowledge of web application security risks
  • K1137: Knowledge of cybersecurity requirements
  • K1180: Knowledge of organizational cybersecurity goals and objectives
  • K1183: Knowledge of organizational cybersecurity policies and procedures
  • K1186: Knowledge of organizational human resource (HR) policies and procedures
  • K1206: Knowledge of research and design processes and procedures
  • S0406: Skill in developing policy plans
  • S0497: Skill in developing client organization profiles
  • S0515: Skill in identifying partner capabilities
  • S0519: Skill in detecting exploitation activities
  • S0687: Skill in performing administrative planning activities
  • S0712: Skill in evaluating data source quality
  • S0713: Skill in evaluating information quality
  • S0729: Skill in preparing plans
  • S0821: Skill in collaborating with internal and external stakeholders