•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Security Program Management

The intent of the Security Program Management Knowledge Unit is to provide students with the knowledge necessary to define and implement a security program for the protection of an organizations systems and data.

Topics

  1. Measuring the effectiveness of a security program (metrics).
  2. Security program: a. Physical Security b. Personnel Security c. System and Data Identification d. System security plans e. configuration and patch management f. System Documentation g. Incident Response Progra h. Disaster Recovery Program i. Certification and Accreditation
  3. Security program addresses: a. Physical Security b. Personnel Security c. System and Data Identification d. System security plans. e. Configuration and Patch management f. System Documentation g. Incident Response Program h. Disaster Recovery Program. i. Certification and Accreditation
  4. Security Policies. a. Compliance with Applicable Laws and Regulations b. Security best practices and frameworks.
  5. Roles and Responsibilities of the Security Organization
  6. Goals and objectives of a security program.
  7. Security Program addresses
  8. Security Awareness, Training and Education
  9. System Documentation
  10. Security Policies.
  11. Compliance with Applicable Laws and Regulations
  12. Security best practices and frameworks.
  13. e. Configuration and Patch management
  14. Security program addresses:
  15. Security Policies. a. Compliance with Applicable Laws and Regulations
  16. Configuration and Patch management
  17. Security Baselining
  18. System and Data Identification
  19. System security plans.

Outcomes

  1. Apply their knowledge to develop a security program, identifying goals, objectives and metrics.
  2. Apply their knowledge to effectively manage a security program.
  3. Assess the effectiveness of a security program.
  4. Security Policies. a. Compliance with Applicable Laws and Regulations
  5. Apply their knowledge to develop a security program, identifying goals, objectives and metrics

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0053 Knowledge of measures or indicators of system performance and availability.
K0497 Knowledge of operational effectiveness assessment.
K0026 Knowledge of business continuity and disaster recovery continuity of operations plans.
K0041 Knowledge of incident categories, incident responses, and timelines for responses.
K0042 Knowledge of incident response and handling methodologies.
K0230 Knowledge of cloud service models and how those models can limit incident response.
K0157 Knowledge of cyber defense and information security policies, procedures, and regulations.
K0377 Knowledge of classification and control markings standards, policies and procedures.
K0579 Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
K0101 Knowledge of the organization??s enterprise information technology (IT) goals and objectives.
K0243 Knowledge of organizational training and education policies, processes, and procedures.
K0215 Knowledge of organizational training policies.
K0226 Knowledge of organizational training systems.
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0410 Knowledge of cyber laws and their effect on Cyber planning.
K0524 Knowledge of relevant laws, regulations, and policies.
K0168 Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
K0222 Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.
K0275 Knowledge of configuration management techniques.
K0150 Knowledge of enterprise incident response program, roles, and responsibilities.
K0073 Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
ID DESCRIPTION
S0077 Skill in securing network communications.
S0365  Skill to design incident response for cloud service models. 
S0054 Skill in using incident handling methodologies.
S0367 Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
S0145 Skill in integrating and applying policies that meet system security objectives.
S0354 Skill in creating policies that reflect the business??s core privacy objectives.
ID DESCRIPTION
A0121  Ability to design incident response for cloud service models. 
A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
A0019 Ability to produce technical documentation.
A0171 Ability to conduct training and education needs assessment.
A0006 Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures.
A0033 Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
A0094 Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
ID DESCRIPTION