Over the past several decades, technological advancement has enhanced the rates at which the world societies transform into the digital culture. As a result, there exist huge disparities in the composition of the Information Technology (IT) security workforce. As a result, it leads to various natural consequences which include variations in training, expertise, and experience. Moreover, there is the pressing challenge of cybersecurity concerns influenced by the dynamic technological trends coupled with globalization (Shoemaker & Conklin, 2011). With these trends in place, it will be hard to find the solution to problems concerning critical information technology security and others. The increasing importance of IT security professionals to solve the dynamic challenges and proactively address future ones has prompted the formulation and implementation of the Essential Body of Knowledge (EBK). The aim of this paper is to prepare a detailed procedure specification for one of the work functions of the Essential Body of Knowledge (EBK). The paper will specify the skill requirements for the selected EBK work function and how the requirements can be insured. Furthermore, the paper will specify the evaluation process as well as make suggestions for the recommended practices.
Essential Body of Knowledge (EBK) Framework and Its Work Functions
One of the fundamental elements of an information security platform is constant training and awareness creation. However, many organizations find it complicated to select what groups of the workforce to train and comprehend to what levels training should be done. In response to these challenges, a task force was formed and was mandated to determine the proper levels of cybersecurity training and awareness. The department’s efforts led to the preparation and establishment of the Essential Body of Knowledge (Shoemaker & Conklin, 2011). EBK has proven to be successful by acting as a basis for addressing complex challenges with regard to security workforce development.
The Essential Body of Knowledge is associated with four main work functions. Firstly, there is the work function known as Manage, which is concerned with the management roles such as overseeing the operational and technical activities from the executive level. Secondly, the function Design is related to the design and development of security-related functionality (Shoemaker & Conklin, 2011).
Thirdly, there is the work function known as Implement, which involves tasks associated with the implementation of operational training and security measures. Hereby, they involve programs, policies, and procedures. Finally, the work function Evaluation comprises audit processes designed to assess whether the existing programs, policies, and procedures are effective in achieving the forecasted security objectives (Shoemaker & Conklin, 2011).
For the purpose of this paper, the work function known as Manage is selected. The main task of this function is to ensure that the specific competency areas remain useful within the existing environment and that all activities to be implemented are correct and justified.
One of the fundamental roles that the Essential Body of Knowledge plays is the provision of a comprehensive framework of practices for ensuring that organizations remain secure. It offers knowledge, skills, and abilities necessary for executing the ultimate cybersecurity functional roles. In this context, it was selected the work function Manage, which recognizes the vast contribution of different participants to information technology training and professional development. The primary purpose it seeks to fulfill is to create a path for better alignment of efforts within a unifying framework. In the context of training and awareness creation programs, the work function seeks to aid in solving the challenges relating to the identification of certifications that authenticate specific workforce competencies and those that are superlative choices for selection to build the strengths of personnel.
The use of such a work function of the Essential Body of Knowledge (EBK) as Manage in information technology security training applies to both the private and public domains. The work function helps to articulate the functions of professionals within the information technology security teams on the standard base that conveys the goals to be accomplished. It provides a reference and a basis for comparing the contents of information technology security certifications. Moreover, it promotes uniformity among competencies and thus contributes to the overall efficiency of the IT security education, training, and professional development.
Business and Assurance Case
Dove Computer and Financial Solutions Limited is an organization based in Watson, Desha County, Arkansas. The company was founded 15 years ago, and until nowadays it continues to thrive due to its successful marketing efforts. Currently, the company has more than 35 branch offices, especially in the southeastern regions of the USA. The company primarily provides computers and computer accessories repair services. Moreover, it offers financial and consulting services to customers in need of financial and technical support relating to the acquisition of computer systems. The company maintains an extensive information technology infrastructure based in the Watson head office, where the branch offices provide primary technical and network services. In recent years, the company has been a major target of the ongoing waves of cybercrimes. In fact, in the recent past, it has experienced incidents such as cyber-attacks, data theft, identity theft, and fraud. With regard to the audit of its information technology infrastructure, it was established that most of the employees entrusted with information technology security were not profoundly aware of the information technology security protocols. As a result, they were unable neither to detect nor to prevent most of the cybersecurity incidents. In response to this informative discovery, Dove Computer and Financial Solutions Limited consulted Jama Information Technology Security Solutions Inc. for savvy advice on how to handle the critical information technology security challenges it was facing. Jama Information Technology Security Solutions Inc. suggested that there was a dire need for Dove Computer and Financial Solutions Limited to establish an information technology security training and awareness creation program. The company was also advised to determine the training needs. Without further ado, Dove Computer and Financial Solutions Limited started a program intended to teach its information technology security workforce about the protocols to ensuring that the organization’s information technology infrastructure and other informational assets remained secure.
Communication is the heart of all management activities. The reason is that the effectiveness of communication skills determines how successful management activities will be. In the work function of an internet security training and awareness program known as Manage, approximately 80 percent of a manager’s work would be communication. The better the management workforce performs the task of sharing ideas and disseminating information, the more internet security needs will be understood and the more favorable policies, procedures, and programs will be. Hereby, effective communication skills can be insured through mastering skills such as speaking, listening, asking questions, and providing feedback.
Good Relationship Management Skills
People entrusted with information technology security and awareness creation should exhibit superior people management skills. In fact, this allows a better understanding of organizational information technology security needs and the extent of training needed. The workforce can ensure effective management relationship skills by making sure that they work as teams so as to encourage, motivate, and teach each other.
Effective Decision-Making Skills
Undoubtedly, the cyberspace continues to be a challenging domain due to its dynamic nature. For the EBK work function Manage to succeed, effective decisions are required to address various challenges and issues such as risk management, malware, and intrusion detection, development of high assurance systems, and network security. Decision-making skills should be coupled with good judgment, which entails clear vision and consistent communication. Thus, managers can ensure effective decision-making skills by liaising with top-level and experienced managers.
Conflict Management Skills
Many parties with differing opinions, preferences, and needs are met within an organization. As a result of such differences, the cyberspace becomes an ideal ground for conflicts. The management can solve emergent issues through effective interpersonal negotiation skills to translate the conflicts into opportunities for growth. Apparently, effective conflict management helps to create a healthy environment for learning and production while reducing the exposure to information technology security risks. Conflict management skills can be insured through communicating effectively and clearly, understanding oneself and others, and exercising careful listening.
One way through which Dove Computer and Financial Solutions Limited measure the success of its efforts at the provision of information technology security and knowledge is a self-evaluation basis through various metrics. These include policy compliance scorecard and detailed technology and procedural metrics.
Firstly, it is the policy compliance scorecard, which helps to measure the extent to which it has complied with its security policy needs. On the other hand, there are technology and procedural metrics. In fact, these show the number of critical vulnerabilities to which it has been exposed. Thus, while insuring information technology training and awareness, Dove Computer and Financial Solutions Limited can employ the monetary-based risk exposure, which would be used to assess the costs incurred in training and covering losses as a result of inadequate security controls.
In managing the security of information technology and other informational assets effectively, various recommendations on best practices and principles can be suggested for Dove Computer and Financial Solutions Limited. Firstly, the promotion of information technology security should be a must for everyone. Hereby, all members of the information technology workforce involved directly or indirectly consider organizational information technology security as a top priority. Therefore, all workers are responsible for security and compliance with organizational policies, procedures, and controls. Secondly, it is recommendable that Dove Computer and Financial Solutions Limited implement real-time monitoring to identify changes in security, knowledge, and awareness needs, and change accordingly. The reason for this is that information technology security threats are constantly emerging, and there is thus a need to remain dynamic and equipped for change. Dove Computer and Financial Solutions Limited can adopt Security Information and Event Management (SIEM) tools, which regularly assess the cyberspace for anomalies and tendencies of malicious behaviors. Constant monitoring allows information technology security teams to detect malicious activities ahead in time and implement measures to counter their execution.
In order to address the pressing issues of information technology security and the need for training and awareness creation one requires not solely technological implementation. Solutions to the issues require advanced research and extensive experience in enabling Dove Computer and Financial Solutions Limited to create comprehensive solutions that accurately pinpoint the most pressing IT security issues. Dove Computer and Financial Solutions Limited would need to define the scope of its problems, frame a strategy, and develop suitable programs to address its needs as they are connected to information technology platforms and the environment. There are various solutions that Dove Computer and Financial Solutions Limited can apply.
The first one is outsourcing information technology security management and training and awareness services. In fact, they would relieve the burdens of lack of knowledge and awareness of information technology security protocols in Dove Computer and Financial Solutions Limited. The second solution is a continuous auditing. Regular checking of the security practices in place can help ensure that organizational rules are well implemented and that all teams are compliant and committed. Regular audits on a monthly or quarterly basis can help Dove Computer and Financial Solutions Limited to hold fast to its spirit of security policies.
Finally, the company may seek savvy assistance in designing proper network protocols. Dove Computer and Financial Solutions Limited can amass significant benefits as it would gain professional assistance in integrating people, processes, and products in the promotion of IT security and enhancement of knowledge and awareness. As a result, these would help to detect and isolate vulnerabilities and threats as well as various performance hindrances.