Quantitative Data: Cybersecurity Knowledge and Skills

CAPABILITY & SKILLS MODELING FOR OPERATIONAL AWARENESS

Explore Recent Workshop by Dr. Dustin Fraser, CASP+, SSCP at 2023 MA-3CS

CONTINUED WORK: Quantitative Analysis of Cybersecurity Knowledge and Skills Data

Summary of the Current State Dynamics

  • • Strategic alignment of organizational goals
  • • Gap analysis of existing enterprise dynamics

Theory & Practical Implementations
Analysis of state from certification and accreditation
Evaluation of applicable framework implementation
Risk Management
Risk assessment, evaluation, and recommendations
Security test and evaluation
Compliance
Evaluation of the trilogy: compliance, privacy, and security
Maturity Assessment
Cybersecurity program integrity and growth

Application of Fuzzy Logic & Analytic Capabilities

  • • Policy alignment with standard implementation
  • • Exception management and risk evaluation

Policy
Evaluate discursive changes to policy
Policy centralization
Standards
Evaluate strategic alignment with IT implementations and Cyber Governance
Exceptions
Manage discursive change and control aligned to policy and standards

Analysis of Networks, Systems & Integrations

  • • Consensus and exploration of the business impact
  • • Deviations from accepted organizational norms

Vulnerability Remediation
Patch and Configuration Management
Prioritization by Criticality and Sensitivity
Indentification & Authentication
User and Entity Behaviour Analytics (UEBA)
Audit
Incident Response
Correlation between Asset Bill of Materials, UEBA, and Threat Surface

Integration of Administrative & Technical Data Sources

  • • Qualitative inquiry into IT administration
  • • Analysis of tactical and technical changes

CISO Dashboard
Metrics for Decision Making
IT Change and Cyber Program Integrity
Network & Security Operations
Operational and Situational Awareness through tailored analysis
Runbooks
Communication & Information Feedback
Enterprise analysis through Fuzzy Logic

Attestation of the Investments in Security

  • • Skills evaluation of the “human-in-the-loop”
  • • Socio-cognitive cybersecurity work

Knowledge, Skills & Abilities
Measure competencies based on job duties, operational environment, and resiliency
Human-In-The-Loop
Man-Machine Analysis of Controls
Evaluation of human security operators
Balanced Scorecards
Evaluation of risk management in context of cyber capabilities and operational environment

Cybersecurity risk management frameworks function across the linear capabilities to Identify, Protect, Detect, Respond, and Recover from threats to critical systems.

What are the opportunities?

The human, as a function, contributes by inputting knowledge and skills to the cybersecurity process, which outputs high assurance across the protected infrastructure.

How does the employee function across systems?

How do we obtain visibility of the relationship between human and technical security capabilities?

The application of our framework ensures correlation between gaps in the workforce capabilities and the existing security posture of the organization.

How to correlate the application of knowledge and perspectives to understanding the role of the human driving effective governance and program integrity?

Subscribe to learn more

Qualitative research on the importance of a skilled cybersecurity workforce is extensive. The challenge is developing a skilled workforce with the requisite knowledge, skills, and competence to protect organizations today and in the future.

We'll never share your email with anyone else.

© 2024 1GCYBER. All rights reserved.