OV-SPP-002 Cyber Policy and Strategy Planner
Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
Develops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements.
Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Knowledges 17
| Code | Description | Work Roles |
|---|---|---|
| K0001 | Knowledge of computer networking concepts and protocols, and network security methodologies. | 52 |
| K0002 | Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). | 52 |
| K0003 | Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. | 52 |
| K0004 | Knowledge of cybersecurity and privacy principles. | 52 |
| K0005 | Knowledge of cyber threats and vulnerabilities. | 52 |
| K0006 | Knowledge of specific operational impacts of cybersecurity lapses. | 52 |
| K0070 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). | 13 |
| K0127 | Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). | 2 |
| K0146 | Knowledge of the organization's core business/mission processes. | 10 |
| K0168 | Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. | 11 |
| K0234 | Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation). | 2 |
| K0248 | Knowledge of strategic theory and practice. | 1 |
| K0309 | Knowledge of emerging technologies that have potential for exploitation. | 2 |
| K0311 | Knowledge of industry indicators useful for identifying technology trends. | 2 |
| K0313 | Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). | 3 |
| K0335 | Knowledge of current and emerging cyber technologies. | 2 |
| K0624 | Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) | 13 |
Skills 2
| Code | Description | Work Roles |
|---|---|---|
| S0176 | Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures. | 4 |
| S0250 | Skill in preparing plans and related correspondence. | 5 |
Abilities 3
| Code | Description | Work Roles |
|---|---|---|
| A0003 | Ability to determine the validity of technology trend data. | 1 |
| A0033 | Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. | 5 |
| A0037 | Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. | 2 |
Tasks 19
| Code | Description | Work Roles |
|---|---|---|
| T0341 | Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials. | 2 |
| T0369 | Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices. | 2 |
| T0384 | Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals. | 3 |
| T0390 | Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards. | 2 |
| T0408 | Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy. | 2 |
| T0425 | Analyze organizational cyber policy. | 3 |
| T0429 | Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. | 3 |
| T0441 | Define and integrate current and future mission environments. | 2 |
| T0445 | Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. | 3 |
| T0472 | Draft, staff, and publish cyber policy. | 2 |
| T0505 | Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. | 2 |
| T0506 | Seek consensus on proposed policy changes from stakeholders. | 2 |
| T0529 | Provide policy guidance to cyber management, staff, and users. | 2 |
| T0533 | Review, conduct, or participate in audits of cyber programs and projects. | 2 |
| T0537 | Support the CIO in the formulation of cyber-related policies. | 2 |
| T0074 | Develop policy, programs, and guidelines for implementation. | 2 |
| T0094 | Establish and maintain communication channels with stakeholders. | 2 |
| T0222 | Review existing and proposed policies with stakeholders. | 2 |
| T0226 | Serve on agency and interagency policy boards. | 2 |