[Federal Register: October 3, 2007 (Volume 72, Number 191)]
[Notices]               
[Page 56369-56370]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr03oc07-79]                         

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2007-0068]

 
Information Technology Security Essential Body of Knowledge

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: Notice of availability.

-----------------------------------------------------------------------

SUMMARY: This notice informs the public and interested stakeholders 
that the Department of Homeland Security (DHS) is making available for 
public review and comment ``Information Technology (IT) Security 
Essential Body of Knowledge (EBK): A Competency and Functional 
Framework for IT Security Workforce Development.'' This framework is 
intended to assist the public, private, and academic sectors with 
strategic IT security workforce development initiatives including 
professional development, training and education. The EBK is not an 
additional set of DHS guidelines, and it is not intended to represent a 
standard, directive, or policy by DHS. Instead, it further clarifies 
key IT security terms and concepts for well-defined competencies, 
identifies notional security roles, defines four primary functional 
perspectives, and establishes an IT Security Role, Competency, and 
Functional Matrix.

DATES: Submit comments on or before December 7, 2007.

ADDRESSES: To review the draft IT Security EBK, you may access the 
document and request comment forms through one of the following 
methods:
     IT Security EBK Web site: http://www.us-cert.gov/ITSecurityEBK.
     Send an e-mail request to ITSecurityEBK@dhs.gov.    Submit completed comment forms via e-mail to ITSecurityEBK@dhs.gov.


FOR FURTHER INFORMATION CONTACT: Brenda Oldfield, Director for 
Education, Training and Workforce Development, National Cyber Security 
Division, Department of Homeland Security, E-Mail: 
ITSecurityEBK@dhs.gov.


SUPPLEMENTARY INFORMATION: The IT security workforce must be prepared 
to meet the challenges that exist today and in the future. IT security 
is a strategic aspect of an organization's business or mission and as a 
strategic priority, it has the potential of enhancing productivity and 
improving the way an organization functions. As the IT security 
profession matures, it requires qualified professionals with the 
competencies to support increasingly sophisticated demands. In response 
to this challenge, the DHS-NCSD worked with higher education, 
government and private sector experts to develop an umbrella framework 
that establishes a national baseline representing the essential 
knowledge and skills that IT security practitioners must have to 
perform.
    The DHS National Cyber Security Division (NCSD) developed the IT 
Security EBK as a competency-based framework that links competencies 
and functional perspectives to IT security roles fulfilled by personnel 
in the public and private sectors. Potential benefits of the IT 
Security EBK for both professional development and workforce management 
initiatives include:
     Articulating the functions that professionals within the 
IT security workforce perform, in a context-neutral format and 
language;
     Promoting uniform competency guidelines to increase the 
overall efficiency of IT security role-based training; and
     Providing a content guideline that can be leveraged to 
facilitate cost-effective professional development of the IT workforce, 
including future training and education, academic curricula, or 
affiliated human resource activities.
    The IT Security EBK builds directly upon the work of established 
bodies of knowledge; it is not an additional set of guidelines, and it 
is not intended to represent a standard, directive or policy by DHS. 
Instead, it further clarifies key

[[Page 56370]]

IT security terms and concepts for well-defined competencies, 
identifies notional security roles, defines four primary functional 
perspectives, and establishes an IT Security Role, Competency and 
Functional Matrix to help advance the IT security training and 
certification landscape as we strive to ensure that we have the most 
qualified and appropriately trained IT security workforce possible.

    Dated: September 26, 2007.
Greg Garcia,
Assistant Secretary for Cybersecurity and Communications.
[FR Doc. E7-19566 Filed 10-2-07; 8:45 am]

BILLING CODE 4410-10-P