Information Systems Security Manager

Responsible for the cybersecurity of a program, organization, system, or enclave.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1016 additional Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).
• T1017 additional Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
• T1018 additional Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
• T1032 additional Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• T1035 additional Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.
• T1041 additional Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.
• T391 additional Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• T392 additional Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
• T395 additional Advise senior management (e.g., CIO) on risk levels and security posture.
• T396 additional Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• T397 additional Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• T440 additional Collect and maintain data needed to meet system cybersecurity reporting.
• T445 additional Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• T475 additional Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
• T572 additional Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
• T578 additional Ensure security improvement actions are evaluated, validated, and implemented as required.
• T584 additional Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• T585 additional Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
• T590 additional Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
• T596 additional Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.
• T598A additional Evaluate and approve development efforts to ensure that baseline security safeguards controls/measures are appropriately installed.
• T600 additional Evaluate cost benefit, economic, and risk analysis in decision making process.
• T628 additional Identify alternative information security strategies to address organizational security objective.
• T640 additional Identify information technology (IT) security program implications of new technologies or technology upgrades.
• T674 additional Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
• T676 additional Interpret and/or approve security requirements relative to the capabilities of new information technologies.
• T677 additional Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.
• T679 additional Lead and align information technology (IT) security priorities with the security strategy.
• T680 additional Lead and oversee information security budget, staffing, and contracting.
• T705 additional Manage the monitoring of information security data sources to maintain organizational situational awareness.
• T706 additional Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
• T707 additional Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• T711 additional Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.
• T730 additional Oversee the information security training and awareness program.
• T731A additional Participate in risk assessment and authorization per Risk Management Framework processes.
• T733 additional Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• T790 additional Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• T801 additional Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
• T810 additional Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
• T816 additional Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• T818 additional Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.
• T824 additional Recognize a possible security violation and take appropriate action to report the incident, as required.
• T828 additional Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
• T848 additional Recommend policy and coordinate review and approval.
• T852 additional Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• T862 additional Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
• T869 additional Use federal and organization-specific published documents to manage operations of their computing environment system(s).
• T919 additional Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• T947 additional Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• T948 additional Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
• T949 additional Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
• T962 additional Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.
• T963 additional Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• T964 additional Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• K0029 knowledge core Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• K0037 knowledge core Knowledge of disaster recovery continuity of operations plans.
• K0049 knowledge core Knowledge of host/network access control mechanisms (e.g., access control list).
• K0055 knowledge core Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0058 knowledge core Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
• K0061 knowledge core Knowledge of incident response and handling methodologies.
• K0066 knowledge core Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• K0077 knowledge core Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0112 knowledge core Knowledge of server administration and systems engineering theories, concepts, and methods.
• K0126 knowledge core Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
• K0129 knowledge core Knowledge of system life cycle management principles, including software security and usability.
• K0143 knowledge core Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
• K0150 knowledge core Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• K0299 knowledge core Knowledge of information security program management and project management principles and techniques.
• K069A knowledge core Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
• K0965 knowledge core Knowledge of organization's risk tolerance and/or risk management approach.
• K0966 knowledge core Knowledge of enterprise incident response program, roles, and responsibilities.
• K0967 knowledge core Knowledge of current and emerging threats/threat vectors.
• K1034A knowledge core Knowledge of Personally Identifiable Information (PII) data security standards.
• K1036 knowledge core Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
• K1037 knowledge core Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
• K1072 knowledge core Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust).
• K1141A knowledge core Knowledge of an organization's information classification program and procedures for information compromise.
• S173 skill core Skill in creating policies that reflect system security objectives.
• S183 skill core Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• A6918 ability additional Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
• K0009 knowledge additional Knowledge of applicable business processes and operations of customer organizations.
• K0025 knowledge additional Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).
• K0062 knowledge additional Knowledge of industry-standard and organizationally accepted analysis principles and methods.
• K0076 knowledge additional Knowledge of measures or indicators of system performance and availability.
• K0087 knowledge additional Knowledge of network traffic analysis methods.
• K0092 knowledge additional Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0105 knowledge additional Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0107 knowledge additional Knowledge of resource management principles and techniques.
• K0113 knowledge additional Knowledge of server and client operating systems.
• K0132 knowledge additional Knowledge of technology integration processes.
• K0325 knowledge additional Knowledge of secure acquisitions (e.g., relevant Contracting Officer's Technical Representative [COTR] duties, secure procurement, supply chain risk management).
• K081A knowledge additional Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K088B knowledge additional Knowledge of new and emerging control systems technologies.
• K095A knowledge additional Knowledge of penetration testing principles, tools, and techniques.
• K1004 knowledge additional Knowledge of critical information technology (IT) procurement requirements.
• K1033 knowledge additional Knowledge of basic system administration, network, and operating system hardening techniques.
• K1034B knowledge additional Knowledge of Payment Card Industry (PCI) data security standards.
• K1034C knowledge additional Knowledge of Personal Health Information (PHI) data security standards.
• K1038B knowledge additional Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).
• K1040A knowledge additional Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
• K1073 knowledge additional Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• K1131 knowledge additional Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).
• S1039 skill additional Skill in evaluating the trustworthiness of the supplier and/or product.

EWU courses that develop this role

Other roles in this element