OV-EXL-001 Executive Cyber Leadership

Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

Supervises, manages, and/or leads work and workers performing cyber and cyber-related and/or cyber operations work.

Executes decision-making authorities and establishes vision and direction for an organization's cyber and cyber-related resources and/or operations.

Knowledges 14

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0009	Knowledge of application vulnerabilities.	6
K0070	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).	13
K0106	Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.	6
K0314	Knowledge of industry technologies’ potential cybersecurity vulnerabilities.	2
K0296	Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.	2
K0147	Knowledge of emerging security issues, risks, and vulnerabilities.	4
K0624	Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)	13
K0628	Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.	3

Skills 5

Code	Description	Work Roles
S0018	Skill in creating policies that reflect system security objectives.	3
S0356	Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).	4
S0357	Skill to anticipate new security threats.	1
S0358	Skill to remain aware of evolving technical infrastructures.	2
S0359	Skill to use critical thinking to analyze organizational patterns and relationships.	1

Abilities 12

Code	Description	Work Roles
A0033	Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.	5
A0070	Ability to apply critical reading/thinking skills.	9
A0085	Ability to exercise judgment when policies are not well-defined.	9
A0094	Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.	6
A0105	Ability to tailor technical and planning information to a customer’s level of understanding.	7
A0106	Ability to think critically.	9
A0116	Ability to prioritize and allocate cybersecurity resources correctly and efficiently.	2
A0117	Ability to relate strategy, business, and technology in the context of organizational dynamics.	3
A0118	Ability to understand technology, management, and leadership issues related to organization processes and problem solving.	5
A0119	Ability to understand the basic concepts and issues related to cyber and its organizational impact.	7
A0129	Ability to ensure information security management processes are integrated with strategic and operational planning processes.	1
A0130	Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.	1

Tasks 29

Code	Description	Work Roles
T0263	Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.	2
T0264	Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.	3
T0282	Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.	2
T0337	Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel.	3
T0356	Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.	2
T0429	Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.	3
T0445	Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.	3
T0509	Perform an information security risk assessment.	2
T0001	Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.	3
T0002	Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.	2
T0004	Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.	5
T0006	Advocate organization's official position in legal and legislative proceedings.	2
T0025	Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.	4
T0066	Develop and maintain strategic plans.	3
T0130	Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.	2
T0134	Lead and align information technology (IT) security priorities with the security strategy.	2
T0135	Lead and oversee information security budget, staffing, and contracting.	2
T0148	Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.	2
T0151	Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.	2
T0227	Recommend policy and coordinate review and approval.	2
T0229	Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.	4
T0229	Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.	4
T0248	Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.	3
T0254	Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.	2
T0763	Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.	4
T0871	Collaborate on cyber privacy and security policies and procedures	2
T0872	Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation	2
T0927	Appoint and guide a team of IT security experts.	1
T0928	Collaborate with key stakeholders to establish a cybersecurity risk management program.	1