Skip to Content

Notice

Information Technology Security Essential Body of Knowledge

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

National Protection and Programs Directorate, DHS.

ACTION:

Notice of availability.

SUMMARY:

This notice informs the public and interested stakeholders that the Department of Homeland Security (DHS) is making available for public review and comment “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development.” This framework is intended to assist the public, private, and academic sectors with strategic IT security workforce development initiatives including professional development, training and education. The EBK is not an additional set of DHS guidelines, and it is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, defines four primary functional perspectives, and establishes an IT Security Role, Competency, and Functional Matrix.

DATES:

Submit comments on or before December 7, 2007.

ADDRESSES:

To review the draft IT Security EBK, you may access the document and request comment forms through one of the following methods:

Submit completed comment forms via e-mail to ITSecurityEBK@dhs.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Brenda Oldfield, Director for Education, Training and Workforce Development, National Cyber Security Division, Department of Homeland Security, E-Mail: ITSecurityEBK@dhs.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

The IT security workforce must be prepared to meet the challenges that exist today and in the future. IT security is a strategic aspect of an organization's business or mission and as a strategic priority, it has the potential of enhancing productivity and improving the way an organization functions. As the IT security profession matures, it requires qualified professionals with the competencies to support increasingly sophisticated demands. In response to this challenge, the DHS-NCSD worked with higher education, government and private sector experts to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills that IT security practitioners must have to perform.

The DHS National Cyber Security Division (NCSD) developed the IT Security EBK as a competency-based framework that links competencies and functional perspectives to IT security roles fulfilled by personnel in the public and private sectors. Potential benefits of the IT Security EBK for both professional development and workforce management initiatives include:

  • Articulating the functions that professionals within the IT security workforce perform, in a context-neutral format and language;
  • Promoting uniform competency guidelines to increase the overall efficiency of IT security role-based training; and
  • Providing a content guideline that can be leveraged to facilitate cost-effective professional development of the IT workforce, including future training and education, academic curricula, or affiliated human resource activities.

The IT Security EBK builds directly upon the work of established bodies of knowledge; it is not an additional set of guidelines, and it is not intended to represent a standard, directive or policy by DHS. Instead, it further clarifies key Start Printed Page 56370IT security terms and concepts for well-defined competencies, identifies notional security roles, defines four primary functional perspectives, and establishes an IT Security Role, Competency and Functional Matrix to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

Start Signature

Dated: September 26, 2007.

Greg Garcia,

Assistant Secretary for Cybersecurity and Communications.

End Signature End Supplemental Information

[FR Doc. E7-19566 Filed 10-2-07; 8:45 am]

BILLING CODE 4410-10-P