Oversight and Governance
OG-WRL-002
Cybersecurity Policy and Planning
Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
- T0226: Serve on agency and interagency policy boards
- T1020: Determine the operational and safety impacts of cybersecurity lapses
- T1028: Research new vulnerabilities in emerging technologies
- T1107: Evaluate functional requirements
- T1158: Develop cybersecurity implementation policies and guidelines
- T1184: Establish stakeholder communication channels
- T1185: Maintain stakeholder communication channels
- T1306: Conduct technology program and project audits
- T1335: Promote cybersecurity awareness to management
- T1336: Verify the inclusion of sound cybersecurity principles in the organization's vision and goals
- T1357: Determine if cybersecurity requirements have been successfully implemented
- T1358: Determine the effectiveness of organizational cybersecurity policies and procedures
- T1394: Develop independent cybersecurity audit processes for application software, networks, and systems
- T1395: Implement independent cybersecurity audit processes for application software, networks, and systems
- T1396: Oversee independent cybersecurity audits
- T1397: Determine if research and design processes and procedures are in compliance with cybersecurity requirements
- T1398: Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities
- T1436: Acquire adequate funding for cybersecurity training
- T1464: Determine if cybersecurity workforce management policies and procedures comply with legal and organizational requirements
- T1476: Promote awareness of cybersecurity policy and strategy among management
- T1482: Conduct cybersecurity workforce assessments
- T1492: Integrate laws and regulations into policy
- T1518: Develop organizational cybersecurity strategy
- T1543: Develop cybersecurity policies and procedures
- T1605: Advise management, staff, and users on cybersecurity policy
- K0644: Knowledge of cybersecurity operation policies and procedures
- K0674: Knowledge of computer networking protocols
- K0675: Knowledge of risk management processes
- K0676: Knowledge of cybersecurity laws and regulations
- K0677: Knowledge of cybersecurity policies and procedures
- K0678: Knowledge of privacy laws and regulations
- K0679: Knowledge of privacy policies and procedures
- K0680: Knowledge of cybersecurity principles and practices
- K0681: Knowledge of privacy principles and practices
- K0682: Knowledge of cybersecurity threats
- K0683: Knowledge of cybersecurity vulnerabilities
- K0684: Knowledge of cybersecurity threat characteristics
- K0691: Knowledge of cyber defense tools and techniques
- K0692: Knowledge of vulnerability assessment tools and techniques
- K0743: Knowledge of new and emerging technologies
- K0751: Knowledge of system threats
- K0752: Knowledge of system vulnerabilities
- K0773: Knowledge of telecommunications principles and practices
- K0812: Knowledge of digital communication systems and software
- K0892: Knowledge of cyber defense laws and regulations
- K0943: Knowledge of industry indicators
- K0962: Knowledge of targeting laws and regulations
- K0963: Knowledge of exploitation laws and regulations
- K0969: Knowledge of cyber-attack tools and techniques
- K0983: Knowledge of computer networking principles and practices
- K0990: Knowledge of cyber operations principles and practices
- K1014: Knowledge of network security principles and practices
- K1023: Knowledge of network exploitation tools and techniques
- K1079: Knowledge of web application security risks
- K1137: Knowledge of cybersecurity requirements
- K1180: Knowledge of organizational cybersecurity goals and objectives
- K1183: Knowledge of organizational cybersecurity policies and procedures
- K1186: Knowledge of organizational human resource (HR) policies and procedures
- K1206: Knowledge of research and design processes and procedures
- S0406: Skill in developing policy plans
- S0497: Skill in developing client organization profiles
- S0515: Skill in identifying partner capabilities
- S0519: Skill in detecting exploitation activities
- S0687: Skill in performing administrative planning activities
- S0712: Skill in evaluating data source quality
- S0713: Skill in evaluating information quality
- S0729: Skill in preparing plans
- S0821: Skill in collaborating with internal and external stakeholders
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)