The global skills and competency framework for the digital world

#1302 Move Security component from the Business Skill generic change request accepted

Security is addressed at all levels in the Business Skill generic attribute. It should be brought out as a generic attribute in its own right.

In SFIA7 security was explicitly addressed as part of the Business Skill Generic Atttribute at all levels - this complements the 5 Security skills and the 14 other skills which embrace security. To reflect the SFIA View that security is part of everyone's job it is recommended that Security is brought out as a Generic Attribut in its own right. The Business Skills Generic Attribute is overloaded as it is.

This has a number of advantages:

  1. It provides emphasis of the importance of security across all aspecgts of skills and competency
  2. It shows the SFIA View that security is part of every activite.
  3. It provides opportunity to raise the issue of security as not just relevant for security specialists but for all roles - something that is missing from the security specialists in general

Additionally such a security Generic Attribute could be extended to be Security and Privacy to reflect the close relationship and also to enable a clearer interface to emerging security initiatives.

Question do we use the encompassing "Security" term or the more fashionable "Cyber Security" term ... 

Current status of this request: accepted

What we decided

  1. Fits general direction for privacy and security in the industry (security is everyone's responsibility)
  2. It's the most effective way to model this in SFIA
  3. Emphasises the importance by having a distinct component of the level of responsibility. 

What we changed

Generic attributes related to Security, privacy and ethics have been made a distinct component of the level of responsibility. 

Ian Seward
Apr 27, 2020 02:05 PM

This is possible to be progressed at an early stage as the current security wording is already in the generics and actioning this change would nut affect other parts of the framework.
1) The starting point for wording is already there in the Business Skills generic
2) It could be separately reviewed by security specialists to ensure it has the right message.

Paul D Jagger
Jun 04, 2020 11:23 AM

I concur, Security spans the whole of SFIA and should be viewed as part of the DNA of a career in IT - not just as a specialism for a sub-set of IT. I am not in favour of the nebulous and populist phrase 'Cyber Security'... ditto 'Cyber Warfare', 'Cyber Crime' or any other headline grabbing phrase. Security is both a more catholic (small c) and impactful term - all of us has a responsibility for the security of our own data and that of our clients, colleagues, etc.