Educause Security Discussion mailing list archives
Re: Cyber security risk component in job description
From: Brad Judy <brad.judy () CU EDU>
Date: Fri, 17 Jan 2020 18:23:42 +0000
Since Valerie noted NICE, I’ll chime in that I’ve been playing with that framework for my last two postings. My first attempt was a pretty rigid alignment to their job descriptions, duties and KSA’s (knowledge, skills and abilities). That felt a little awkward in places so with my most recent posting I have moved away from their job descriptions and duties, but kept their KSA’s (cherry picking appropriate ones). I think the KSA’s have been successful. We recently started requiring KSAs on job postings here and HR was happy to see that we not only had some, but understood the difference between K, S and A. I let them know we had help. They found the NICE framework interesting because not many fields have an independent standard for job descriptions. I find NICE a useful reference for sample descriptions of duties, knowledge, skills and abilities. Unfortunately, I think full adoption of NICE would create prohibitively long job descriptions, so I don’t expect us to totally jump into it. Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu/> [cu-logo_fl] From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Valerie Vogel <vvogel () EDUCAUSE EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Friday, January 17, 2020 at 11:16 AM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Cyber security risk component in job description Hi Mark, The EDUCAUSE Information Security Guide includes some job description templates. You might find language to use in one of those templates. https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/career-and-workforce-development You can also explore the NICE Cybersecurity Workforce Framework: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework and the framework’s resource center<https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center>. The framework, published by NIST, establishes a taxonomy and common lexicon to describe cybersecurity work and workers. For example, you could review the Risk Management specialty area<https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework/risk-management> or the Cybersecurity Management specialty area<https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework/cybersecurity-management> to see if there are descriptions under abilities, knowledge, skills, or tasks that might fit your needs. Thank you, Valerie Valerie Vogel Senior Manager, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | Follow HEISC on LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu> From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Mark Reboli <mreboli () MISERICORDIA EDU> Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> Date: Friday, January 17, 2020 at 9:59 AM To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Cyber security risk component in job description I am looking for some language to add to personnel all job descriptions in reference to cyber security especially in the IT department. I would appreciate anything you can share. Example would be security role or responsibility. Thank you M Mark Reboli Network/Telecom Manager Misericordia University (570) 674-6753 This e-mail and accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Cyber security risk component in job description Mark Reboli (Jan 17)
- <Possible follow-ups>
- Re: Cyber security risk component in job description Valerie Vogel (Jan 17)
- Re: Cyber security risk component in job description Brad Judy (Jan 17)
- Re: Cyber security risk component in job description Eric Zematis (Jan 20)
- Re: Cyber security risk component in job description Andrea Childress (Jan 21)
- Re: Cyber security risk component in job description Michael Perdunn (Jan 21)