#1339 OCDV - Organisational capability development - response to security incidents change request accepted
From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.
NIST cyber security framework has subcategories for
- RS.IM-1: Response plans incorporate lessons learned
- RC.IM-1: Recovery plans incorporate lessons learned
- RC.IM-2: Recovery strategies are updated
We should review SFIA 7 Organisational capability development (OCDV) to see if it covers factors such as ...
- Continuous improvement has to be the aim for all aspects of information security if the organisation is to deal effectively with the attacks and incidents it sustains.
- The organisational development processes must include, as part of its cycle, the ongoing commitment to continuous improvement and the resources necessary to achieve it.
- Continuous improvement in all aspects of the information security system is vital for an organisation to attempt to stay ahead of the likely incidents that they might endure.
- Lessons from incidents and the implementation of the recovery plans will help in this process and should hep to ensure the processes work effectively and efficiently every time they are utilised.
- Overall review and revisions to the strategies and plans for each part of the information security activity are an essential part of the organisation's development programme.
- This development is crucial to the improvements that all organisations need to make in the security if they are not to be adversely affected by the latest forms of cyber attack.
Proposed change applies to Organisational capability development
Current status of this request: accepted
What we decided
Accepted into broader review of security skills for SFIA 8.
What we changed
Guidance notes for OCDV updated to refer to the use of this skill for improving an organisations' security capabilities.