Information Systems Security Manager

Information Systems Security Manager Work Role ID: 722 (NIST: OV-MG-001) Category/Specialty Area: Oversee & Govern / Cybersecurity Management Workforce Element: Cybersecurity

Responsible for the cybersecurity of a program, organization, system, or enclave.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
37

Knowledge of disaster recovery continuity of operations plans.

Knowledge
49

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge
55

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
66

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

Knowledge
69

Knowledge of Risk Management Framework (RMF) requirements.

Knowledge
77

Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
112

Knowledge of server administration and systems engineering theories, concepts, and methods.

Knowledge
126

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
143

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
173

Skill in creating policies that reflect system security objectives.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
299

Knowledge of information security program management and project management principles and techniques.

Knowledge
391

Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.

Task
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
397

Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.

Task
440

Collect and maintain data needed to meet system cybersecurity reporting.

Task
445

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Task
578

Ensure security improvement actions are evaluated, validated, and implemented as required.

Task
584

Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.

Task
585

Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).

Task
598

Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.

Task
628

Identify alternative information security strategies to address organizational security objective.

Task
640

Identify information technology (IT) security program implications of new technologies or technology upgrades.

Task
677

Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.

Task
705

Manage the monitoring of information security data sources to maintain organizational situational awareness.

Task
730

Oversee the information security training and awareness program.

Task
731

Participate in an information security risk assessment during the Security Assessment and Authorization process.

Task
733

Participate in the development or modification of the computer environment cybersecurity program plans and requirements.

Task
790

Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.

Task
816

Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.

Task
824

Recognize a possible security violation and take appropriate action to report the incident, as required.

Task
828

Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.

Task
852

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Task
862

Track audit findings and recommendations to ensure appropriate mitigation actions are taken.

Task
919

Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.

Task
947

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

Task
962

Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.

Task
963

Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Task
964

Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.

Task
965

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge
966

Knowledge of enterprise incident response program, roles, and responsibilities.

Knowledge
967

Knowledge of current and emerging threats/threat vectors.

Knowledge
1016

Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).

Task
1032

Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.

Task
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1036

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
9

Knowledge of applicable business processes and operations of customer organizations.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
62

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge
76

Knowledge of measures or indicators of system performance and availability.

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
87

Knowledge of network traffic analysis methods.

Knowledge
88

Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
95A

Knowledge of penetration testing principles, tools, and techniques.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
107

Knowledge of resource management principles and techniques.

Knowledge
113

Knowledge of server and client operating systems.

Knowledge
132

Knowledge of technology integration processes.

Knowledge
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
392

Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.

Task
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
475

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Task
590

Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.

Task
596

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
674

Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.

Task
676

Interpret and/or approve security requirements relative to the capabilities of new information technologies.

Task
679

Lead and align information technology (IT) security priorities with the security strategy.

Task
680

Lead and oversee information security budget, staffing, and contracting.

Task
706

Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.

Task
707

Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.

Task
711

Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.

Task
801

Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.

Task
810

Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

Task
818

Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.

Task
848

Recommend policy and coordinate review and approval.

Task
869

Use federal and organization-specific published documents to manage operations of their computing environment system(s).

Task
948

Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.

Task
949

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Task
1004

Knowledge of critical information technology (IT) procurement requirements.

Knowledge
1017

Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.

Task
1018

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Task
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1035

Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.

Task
1038

Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.

Knowledge
1039

Skill in evaluating the trustworthiness of the supplier and/or product.

Skill
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1041

Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Task
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
1131

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge