The global skills and competency framework for the digital world

Reviewing information and cyber security for SFIA 8

We plan to publish SFIA 8 in Q3 2021. The consultation process for SFIA 8 includes a review of how SFIA supports information and cyber security.

There are several activities planned to support this. If you have some ideas or you can help please contact the SFIA Updates Manager.

Disclaimer: The SFIA 8 project depends on contributions from volunteers.

While the SFIA Foundation does commit to delivering updates to the core SFIA framework (SFIA skills, skills and level descriptions, generics).

We cannot commit to all activities listed below without volunteer effort.

SFIA 8 consultation activities

  1.  Publish SFIA 7 information and cybersecurity view as a baseline (reminds current and potential users that security has been part of SFIA since its earliest versions)
  2. Key design principles for how SFIA 7 supports Cybersecurity - e.g. security for all, specialist security skills, other skills which have a security element. Does SFIA use the term "information security", "cyber security" or both.
  3. Mapping SFIA with security industry frameworks
  4. Review industry job/position descriptions
  5. Readability–review and recommendations – e.g. long, difficult to read/translate sentences
  6. SFIA skills profiles for common security roles/career families such as the NICE roles and these examples
  7. SFIA framework fit-gap analysis (SFIA skills, skills and level descriptions, generics) - see change requests #1328-1341
    • BURM - Business risk management - add a level 3 skill level description #1328 
    • COPL - Continuity Management add skill level descriptions for level 2, 3 and 6  #1329 
    • GOVN - Enterprise IT governance - amend level 7  #1341 
    • INAS - Information assurance - add level 4  #1340 
    • IRMG - Information governance - amend level 4  #1334 
    • ITCM - Contract management - add a level 3 skill level description  #1332 
    • ITOP - IT infrastructure - amend level 3  #1336 
    • OCDV - Organisational capability development - response to security incidents  #1339 
    • PENT - Penetration testing - add level 2 and 3 skill level description  #1330 
    • PENT - Penetration testing - separate research and testing elements  #1331 
    • RLMT - Relationship management - consider coverage of "public relations"  #1338 
    • SCAD - Security administration - amend level 3  #1335 
    • SUPP - Supplier management - amend level 4  #1337 
    • USUP - Incident management - addition to level 5 description  #1333 
  8. SFIA eco-system fit-gap analysis (views, framework mappings, guidance, profiles)

Peter Leather, SFIA Updates Manager