Review the NICE Workforce Framework

05/19/2024

When reviewing the NICE Workforce Framework, all of the categories can be seen as important for the structure of cybersecurity. With this though, I have ranked the categories based on how much they interest myself below:

Operate and Maintain
Analyze
Protect and Defend
Oversee and Govern
Securely Provision
Collect and Operate
Investigate

The top three categories are as such because with every cybersecurity foundation, I believe that it is most important that security measures are implemented and that threats are constantly monitored to insure that the risk of an attack is low. Operate and Maintain provides the basis for both the physical and non-physical aspects of security which can range from proper continuous training to installing firewalls and network configurations appropriately. Being engaged with proper operation and maintenance of the network is always a benefit and constantly changing due to the advances of technology.

Analyzing can be viewed wider than just looking at threats. Exploitation, for instance, can be analyzed frequently to find any vulnerable areas within the cybersecurity network, and being proactive would allow for the discrepancies to be resolved before an attack is made. Determining how to analyze and perform the “detective” work ultimately provides a unique reasoning to be interested in this category. The idea of how to find these exploitations or threats allows for a lot of creativity to be used, but it also allows for the use of appropriate procedures to procure the data that is wanted as well.

Protect and Defend combines with the top two categories and rounds out the group that I find interesting because this category ultimately provides a view into what should be done if an attack were to occur. Even with the most advanced technology and compliant team of employees, attacks could still happen and the defensive measures should always be taken. The category focuses on mitigating threats, but it also provides Incident

Response details in order to recover from an attack. All of the categories come together as a collective to form a structured defense needed, but I believe that the top three that I have ranked would be the coup de grace for a basis of where to begin.

Investigation is ranked as my lowest, but does not fall short of being important. There are always cyber attacks being conducted and it is important to always be ahead of the criminals and read up on what has happened. Collecting all of the information is necessary for evidence of attacks, but I did not feel it warranted a higher spot due to this being a category that would be used after an attack has been made. I would always want to approach the threats preemptively so that resources are not lost. The idea is to always be ahead of the attacker and not behind.

References
NICCS. (2024, June 13). Workforce Framework for cybersecurity (NICE framework). National Initiative for Cybersecurity Careers and Studies. https://niccs.cisa.gov/workforce-development/nice-framework#:~:text=The%20NICE%20Framework%20is%20comprised%20of%20the%20following,required%20to%20perform%20tasks%20in%20a%20Work%20Role

Leave a Reply

Your email address will not be published. Required fields are marked *