OV-MGT-001 Information Systems Security Manager

Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

Oversees the cybersecurity program of an information system or network, including managing information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.

Responsible for the cybersecurity of a program, organization, system, or enclave.

Knowledges 53

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0008	Knowledge of applicable business processes and operations of customer organizations.	5
K0018	Knowledge of encryption algorithms	11
K0021	Knowledge of data backup and recovery.	9
K0026	Knowledge of business continuity and disaster recovery continuity of operations plans.	5
K0033	Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).	5
K0038	Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.	6
K0040	Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).	5
K0042	Knowledge of incident response and handling methodologies.	7
K0043	Knowledge of industry-standard and organizationally accepted analysis principles and methods.	7
K0046	Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.	4
K0048	Knowledge of Risk Management Framework (RMF) requirements.	8
K0053	Knowledge of measures or indicators of system performance and availability.	4
K0054	Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.	3
K0058	Knowledge of network traffic analysis methods.	10
K0059	Knowledge of new and emerging information technology (IT) and cybersecurity technologies.	12
K0061	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).	11
K0070	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).	13
K0072	Knowledge of resource management principles and techniques.	7
K0076	Knowledge of server administration and systems engineering theories, concepts, and methods.	2
K0077	Knowledge of server and client operating systems.	4
K0087	Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.	4
K0090	Knowledge of system life cycle management principles, including software security and usability.	10
K0092	Knowledge of technology integration processes.	2
K0101	Knowledge of the organization’s enterprise information technology (IT) goals and objectives.	8
K0106	Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.	6
K0121	Knowledge of information security program management and project management principles and techniques.	2
K0126	Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)	14
K0149	Knowledge of organization's risk tolerance and/or risk management approach.	1
K0150	Knowledge of enterprise incident response program, roles, and responsibilities.	2
K0151	Knowledge of current and emerging threats/threat vectors.	1
K0163	Knowledge of critical information technology (IT) procurement requirements.	3
K0167	Knowledge of system administration, network, and operating system hardening techniques.	7
K0168	Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.	11
K0169	Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.	14
K0170	Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.	12
K0179	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).	19
K0180	Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.	9
K0199	Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).	6
K0260	Knowledge of Personally Identifiable Information (PII) data security standards.	16
K0261	Knowledge of Payment Card Industry (PCI) data security standards.	17
K0262	Knowledge of Personal Health Information (PHI) data security standards.	17
K0267	Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.	8
K0287	Knowledge of an organization's information classification program and procedures for information compromise.	18
K0332	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.	14
K0342	Knowledge of penetration testing principles, tools, and techniques.	8
K0622	Knowledge of controls related to the use, processing, storage, and transmission of data.	6
K0624	Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)	13

Skills 3

Code	Description	Work Roles
S0018	Skill in creating policies that reflect system security objectives.	3
S0027	Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.	7
S0086	Skill in evaluating the trustworthiness of the supplier and/or product.	2

Abilities 3

Code	Description	Work Roles
A0128	Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.	3
A0161	Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).	1
A0170	Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.	11

Tasks 53

Code	Description	Work Roles
T0263	Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.	2
T0264	Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.	3
T0265	Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.	2
T0275	Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).	2
T0276	Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.	1
T0277	Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.	6
T0280	Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.	1
T0281	Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary.	1
T0282	Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.	2
T0001	Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.	3
T0002	Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.	2
T0003	Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.	3
T0004	Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.	5
T0005	Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.	1
T0024	Collect and maintain data needed to meet system cybersecurity reporting.	1
T0025	Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.	4
T0044	Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.	3
T0089	Ensure that security improvement actions are evaluated, validated, and implemented as required.	2
T0091	Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.	1
T0092	Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).	1
T0093	Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.	1
T0095	Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.	2
T0097	Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.	1
T0099	Evaluate cost/benefit, economic, and risk analysis in decision-making process.	4
T0106	Identify alternative information security strategies to address organizational security objective.	1
T0115	Identify information technology (IT) security program implications of new technologies or technology upgrades.	1
T0130	Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.	2
T0132	Interpret and/or approve security requirements relative to the capabilities of new information technologies.	1
T0133	Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.	2
T0134	Lead and align information technology (IT) security priorities with the security strategy.	2
T0135	Lead and oversee information security budget, staffing, and contracting.	2
T0147	Manage the monitoring of information security data sources to maintain organizational situational awareness.	1
T0148	Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.	2
T0149	Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.	1
T0151	Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.	2
T0157	Oversee the information security training and awareness program.	1
T0158	Participate in an information security risk assessment during the Security Assessment and Authorization process.	1
T0159	Participate in the development or modification of the computer environment cybersecurity program plans and requirements.	1
T0192	Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.	1
T0199	Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.	3
T0206	Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.	1
T0211	Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.	1
T0213	Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.	1
T0215	Recognize a possible security violation and take appropriate action to report the incident, as required.	2
T0219	Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.	1
T0227	Recommend policy and coordinate review and approval.	2
T0229	Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.	4
T0234	Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.	1
T0239	Use federal and organization-specific published documents to manage operations of their computing environment system(s).	1
T0248	Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.	3
T0254	Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.	2
T0255	Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.	2
T0256	Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.	5