Information Systems Security Manager

Work Role ID: 722 | Workforce Element: Cybersecurity

What does this work role do? Responsible for the cybersecurity of a program, organization, system, or enclave.

CORE KSATs

KSAT ID	Description	KSAT
22	* Knowledge of computer networking concepts and protocols, and network security methodologies.	Knowledge
29	Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.	Knowledge
37	Knowledge of disaster recovery continuity of operations plans.	Knowledge
49	Knowledge of host/network access control mechanisms (e.g., access control list).	Knowledge
55	Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.	Knowledge
58	Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.	Knowledge
61	Knowledge of incident response and handling methodologies.	Knowledge
66	Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.	Knowledge
77	Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.	Knowledge
108	* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	Knowledge
112	Knowledge of server administration and systems engineering theories, concepts, and methods.	Knowledge
126	Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.	Knowledge
129	Knowledge of system life cycle management principles, including software security and usability.	Knowledge
143	Knowledge of the organization’s enterprise information technology (IT) goals and objectives.	Knowledge
150	Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.	Knowledge
173	Skill in creating policies that reflect system security objectives.	Skill
183	Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.	Skill
299	Knowledge of information security program management and project management principles and techniques.	Knowledge
391	Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.	Task
395	Advise senior management (e.g., CIO) on risk levels and security posture.	Task
397	Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.	Task
440	Collect and maintain data needed to meet system cybersecurity reporting.	Task
445	Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.	Task
578	Ensure security improvement actions are evaluated, validated, and implemented as required.	Task
584	Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.	Task
585	Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).	Task
628	Identify alternative information security strategies to address organizational security objective.	Task
640	Identify information technology (IT) security program implications of new technologies or technology upgrades.	Task
677	Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.	Task
705	Manage the monitoring of information security data sources to maintain organizational situational awareness.	Task
730	Oversee the information security training and awareness program.	Task
733	Participate in the development or modification of the computer environment cybersecurity program plans and requirements.	Task
790	Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.	Task
816	Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.	Task
824	Recognize a possible security violation and take appropriate action to report the incident, as required.	Task
828	Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.	Task
852	Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.	Task
862	Track audit findings and recommendations to ensure appropriate mitigation actions are taken.	Task
919	Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.	Task
947	Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.	Task
962	Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.	Task
963	Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.	Task
964	Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.	Task
965	Knowledge of organization’s risk tolerance and/or risk management approach.	Knowledge
966	Knowledge of enterprise incident response program, roles, and responsibilities.	Knowledge
967	Knowledge of current and emerging threats/threat vectors.	Knowledge
1016	Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).	Task
1032	Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.	Task
1034A	Knowledge of Personally Identifiable Information (PII) data security standards.	Knowledge
1036	Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.	Knowledge
1037	Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.	Knowledge
1072	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).	Knowledge
1141A	Knowledge of an organization’s information classification program and procedures for information compromise.	Knowledge
1157	* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.	Knowledge
1158	* Knowledge of cybersecurity principles.	Knowledge
1159	* Knowledge of cyber threats and vulnerabilities.	Knowledge
6900	* Knowledge of specific operational impacts of cybersecurity lapses.	Knowledge
6935	* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).	Knowledge
6938	* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.	Knowledge

ADDITIONAL KSATs

KSAT ID	Description	KSAT
9	Knowledge of applicable business processes and operations of customer organizations.	Knowledge
25	Knowledge of encryption algorithms	Knowledge
62	Knowledge of industry-standard and organizationally accepted analysis principles and methods.	Knowledge
69A	Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).	Knowledge
76	Knowledge of measures or indicators of system performance and availability.	Knowledge
81A	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.	Knowledge
87	Knowledge of network traffic analysis methods.	Knowledge
88A	Knowledge of current and emerging cyber technologies.	Knowledge
92	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet ProtocoL, Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version).	Knowledge
95A	Knowledge of penetration testing principles, tools, and techniques.	Knowledge
105	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).	Knowledge
107	Knowledge of resource management principles and techniques.	Knowledge
113	Knowledge of server and client operating systems.	Knowledge
132	Knowledge of technology integration processes.	Knowledge
325	Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative duties, secure procurement, supply chain risk management).	Knowledge
392	Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.	Task
396	Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.	Task
475	Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.	Task
572	Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.	Task
590	Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.	Task
596	Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.	Task
598A	Evaluate and approve development efforts to ensure that baseline security safeguards controls/measures are appropriately installed.	Task
600	Evaluate cost benefit, economic, and risk analysis in decision making process.	Task
674	Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.	Task
676	Interpret and/or approve security requirements relative to the capabilities of new information technologies.	Task
679	Lead and align information technology (IT) security priorities with the security strategy.	Task
680	Lead and oversee information security budget, staffing, and contracting.	Task
706	Manage the publishing of Computer Network Defense guidance for the enterprise constituency.	Task
707	Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.	Task
711	Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.	Task
731A	Participate in risk assessment and authorization per Risk Management Framework processes.	Task
801	Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.	Task
810	Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.	Task
818	Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.	Task
848	Recommend policy and coordinate review and approval.	Task
869	Use federal and organization-specific published documents to manage operations of their computing environment system(s).	Task
948	Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.	Task
949	Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.	Task
1004	Knowledge of critical information technology (IT) procurement requirements.	Knowledge
1017	Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.	Task
1018	Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.	Task
1033	Knowledge of basic system administration, network, and operating system hardening techniques.	Knowledge
1034C	Knowledge of Personal Health Information (PHI) data security standards.	Knowledge
1034B	Knowledge of Payment Card Industry (PCI) data security standards.	Knowledge
1035	Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.	Task
1038B	Knowledge of local specialized system requirements.	Knowledge
1039	Skill in evaluating the trustworthiness of the supplier and/or product.	Skill
1040A	Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.	Knowledge
1041	Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.	Task
1073	Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.	Knowledge
1131	Knowledge of security architecture concepts and enterprise architecture reference models.	Knowledge
6918	Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.	Ability