Manufacturers often do not have a true cyber security plan because they just don’t know where to start. That may change because there is tool out that allows users to assess cyber security workforce needs.
Developed by the Department of Homeland Security’s National Initiative for Cybersecurity Education (NICE), the NICE Diagnostic Tool characterizes organizations by their responses to risk exposure and risk tolerance questions to help identify an organization’s practices toward risk from internal exposure, external exposure and the amount of risk an organization is willing to accept.
The purpose of this tool is to introduce a qualitative management aid to help organizations identify the data they need to gather to execute effective cyber security workforce planning.
By considering implications of specific organizational characteristics around two factors – risk exposure and risk tolerance – organizations will gain insight into what types of data they need to better plan for and manage their cyber security workforce.
The Cybersecurity Workforce Planning Diagnostic Tool provides organizations with:
1. A qualitative tool to identify their cyber security risk exposure and their willingness to take on greater cyber security risk (risk tolerance) due to the nature of their organization and the types of activities in which they engage.
2. Placement within a quadrant aligning to one of four potential risk exposure/risk tolerance types: Low risk/low tolerance; high risk/high tolerance; high risk/low tolerance; and low risk/high tolerance.
3. Specific guidelines on the type of data an organization needs to collect to perform effective cyber security workforce planning processes based on the risk exposure/risk tolerance type.
The tool will help private and federal organizations identify general cyber security risk exposure and risk tolerance. It is not a substitute for in-depth, organization-specific risk assessment and analysis– questions listed within the diagnostic are representative. Organizations can use Diagnostic questions to create a foundational knowledge about their cybersecurity workforce risk. Organizations can use this knowledge to create more questions based on their technical and specific mission imperatives, and organizational structures.
Click here to learn more about the Cybersecurity Workforce Planning Diagnostic Tool.
Click here to download the tool.