Cybersecurity Planning and Management (2020)
The intent of the Cybersecurity Planning and Management Knowledge Unit is to provide students with the ability to develop plans and processes for a holistic approach to cybersecurity for an organization.
To complete this KU, students should be able to:
- Examine the placement of security functions in a system and describe the strengths and weaknesses
- Develop contingency plans for various size organizations to include: business continuity, disaster recovery and incident response.
- Develop system specific plans for:
- The protection of intellectual property
- The implementation of access controls
- Patch and change management
- Outline and explain the roles of personnel in planning and managing security, including:
- The Board of Directors
- Senior Management
- The Chief Information Security Officer (CISO)
- IT Management (CIO, IT Director, etc)
- Functional Area Management
- Information Security personnel
- End users
- Broad coverage of the cybersecurity Common Body of Knowledge (CBK) and how it affects planning and management.
- Differentiate and provided examples of Operational, Tactical, and Strategic Planning and Management
- Examine C-Level Functions which impact cybersecurity.
- Making cybersecurity a strategic essential (part of core organizational strategy)
- Identify requirements and create plans for Business Continuity / Disaster Recovery
- Develop processes and procedures for incident response
- Planning for protection of intellectual property
- Managing the implementation of access controls
- Managing patch and change control
- Use resources to assemble and adjust plans for:
- Business continuity
- Disaster recovery
- Other related areas.
NICE Framework Categories
- Data Management Systems Security
- Industrial Control Systems-SCADA Security
- Security Incident Analysis and Response
Related Knowledge Units
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials