DRAFT QUALIFICATION FILE · Web viewThe India findings of the 2015 Global Cybersecurity Status Report released by ISACA highlights that close to 30 percent of the respondents expect

NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016

CONTACT DETAILS OF THE BODY SUBMITTING THE QUALIFICATION FILE

Name and address of submitting body:

IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM)Plot No. – 7, 8, 9 & 10Sector – 126, NoidaUttar Pradesh - 201303

Name and contact details of individual dealing with the submission

Name: Dr. Sandhya Chintala

Position in the organisation: CEO

Address if different from above: Same as above

Tel number(s): Board No:0120 4990111

E-mail address: [email protected]

List of documents submitted in support of the Qualifications File

1. Functional Map for the job role 2. Occupational Analysis for IT Services Sub-sector 3. Qualification Pack 4. Career Map for the job role / occupation: vertical and horizontal mobility 5. Test Matrix Template 6. National Cyber Security Policy (1)7. 2015-India-Cybersecurity-Status-Report-Data-Sheet_mkt_Eng_01158. FrostSullivan-(ISC)²-Global-Information-Security-Workforce-Study-2015

1

NSDA ReferenceTo be added by NSDA


SUMMARY

Qualification Title Security Infrastructure Specialist

Qualification Code SSC/Q0923

Nature and purpose of the qualification

This is a Qualification Pack (QP) containing National Occupational Standards for the job role - Security Infrastructure Specialist

The main purpose of the qualification and the target learners is to get unemployed people into work and to upgrade the skills of people already in work.

Body/bodies which will award the qualification SSC NASSCOM

Body which will accredit providers to offer courses leading to the qualification

SSC NASSCOMPresently, Accreditation is not prescribed; affiliation is one of the models.

Body/bodies which will carry out assessment of learners

IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM)

Occupation(s) to which the qualification gives access

Information/ Cyber Security

Licensing requirements N/ALevel of the qualification in the NSQF

8

Anticipated volume of training/learning required to complete the qualification

800 hours approx. (customisable as per learner background)

Entry requirements and/or recommendations

Minimum Educational Qualifications - Graduate in Security/ Computer Science/Electronics and Engineering /ITExperience - 2-5 years of work experience/internship in information technology Minimum Job Entry Age - 23 Years

Progression from the qualification This entry should refer to one or more of the following:

- access to other qualifications at the same NSQF level - Consultant Network Security, Consultant application security, Consultant IOT, SOC Specialist

- access to related qualification(s) at the next NSQF level - Head SOC, Service Delivery Head, Head GRC

Planned arrangements for the Recognition of Prior learning (RPL)

- Response to market forces for RPL.- RPL assessments will be the same as our normal assessments.

International comparability where known

Not Yet Established

Date of planned review of the qualification. 26/08/2017

Formal structure of the qualification

Title of component and identification code. Mandatory/ Estimated Level

2


Optionalsize (learning

hours)SSC/N0937 (Configure cyber security infrastructure components)

Mandatory 150

SSC/N0938 (Maintain and enhance cyber security infrastructure components)

Mandatory 130

SSC/N0939 (Define the cyber security infrastructure policy or technical security policy for an organization)

Mandatory 100

SSC/N0933 (Monitor and report on performance of operational and technical cyber security measures)

Mandatory 100

SSC/N0927 (Drive interrelated cyber security actions)Mandatory 70

SSC/N0928 (Manage a project team)Mandatory 50

SSC/N9001 (Manage your work to meet requirements) Mandatory 50

SSC/N9002 (Work effectively with colleagues) Mandatory 50

SSC/N9003 (Maintain a healthy, safe and secure working environment)

Mandatory 25

SSC/N9004 (Provide data/information in standard formats) Mandatory 50

SSC/N9005 (Develop your knowledge, skills and competence)

Mandatory 25

Please attach any document giving further detail about the structure of the qualification – eg a Curriculum Document or a Qualification Pack.

Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.

1. Qualifications Pack- Security Infrastructure Specialist – Page 2

3


SECTION 1 ASSESSMENT

Body/Bodies which will carry out assessment:- SSC NASSCOM is the assessment body, which affiliates assessment providers.

How will RPL assessment be managed and who will carry it out?

• RPL assessment will be online, objective evaluation in a highly secure and proctored environment.• RPL assessments will be the same as our normal assessments. • All procedures followed will be similar to the normal assessment methodology.• Issuance of the qualification will be through the centralise SDMS (NSDC).• Quality assurance – By equating performance amongst the multiple affiliated assessment provider

(AAP) and periodic analytical review and sensitivity analysis for the reliability and validity of all aspects of assessments.

Describe the overall assessment strategy and specific arrangements which have been put in place to ensure that assessment is always valid, reliable and fair and show that these are in line with the requirements of the NSQF.

• SSC NAASCOM carries out online assessments through very robust platforms and proctoring methodology.

• AAP affiliated to SSC NASSCOM come with strong industry references and long experience and analytical ability in assessment methodologies.

• Periodic workshops are held with the vendors to bring them to a common understanding of the job role, its NSQF level, difficulty level as well as format and sample of assessment items.

• Internal moderations further ensure the validity and reliability of the assessments and consistency of difficulty levels of the test questions across AAPs.

• AAPs work with hirers on similar job roles, they use SMEs from their network to get industry relevant scenarios and assessment items aligned to the expected outcomes of the job role/QP.

• Curriculum and real time scenarios facilitate further understanding the scope of the QP with reference to process knowledge and skills.

• In addition, we conduct workshops with AAPs w.r.t. beta testing, review of the assessment analytics, performance of the test platform, moderation of NSQF levels, deployment and invigilation patterns and infrastructure requirements including malpractice avoidance.

• Inferences from benchmarking and analytics patterns are taken into consideration in the development and revision of the assessment criteria and format of assessment items.

• Reliability and validity of assessment items is standardised among AAPs.• Difficulty level of test items with reference to NSQF levels are ensured, so that the outcomes with

reference to performance criteria of the constituent NOSs are in line with the NSQF level descriptors. This is achieved through the detailed test matrix design.

Please attach any documents giving further information about assessment and/or RPL. Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.

4


ASSESSMENT EVIDENCE

Complete a grid for each component as listed in “Formal structure of the qualification” in the Summary.

NOTE: this grid can be replaced by any part of the qualification documentation which shows the same information – i.e. Learning Outcomes to be assessed, assessment criteria and the means of assessment.

Title of Component:

Job Role Architect Identity and Access Management

Qualification Pack SSC/Q0928

Sector Skill Council IT-ITeS

Guidelines for Assessment:

1. Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS.

2. The assessment will be conducted online through assessment providers authorised by SSC. 3. Format of questions will include a variety of styles suitable to the PC being tested such as multiple

choice questions, fill in the blanks, situational judgment test, simulation and programming test.4. To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%. 5. For latest details on the assessment criteria, please visit www.sscnasscom.com.

Title of NOS/Unit/Component:

Assessable Outcomes Assessment Criteria for the Outcomes Total

MarksOut of Theory Skills

Practical

1. SSC/N0919 (Research and recommend options for identity and access management solutions to meet the identified security objectives)

PC1. confirm that you have complete and accurate details of and understand the security objectives

100

5 2 3

PC2. review the usage of existing IDAM technologies and protocols and Logical Physical Access to assess risks w.r.t Business and security objectives

6 2 4

PC3. consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications

7 2 5

PC4. conduct technical risk analysis, threat identification of the existing IDAM solution 8 3 5

PC5. identify level of risk acceptable for business requirements by discussing with business and technical leads

6 1 5

PC6. research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks

7 3 4

5

http://www.sscnasscom.com/


PC7. identify and record details of constraints that may have an impact on the business and security options 6 2 4

PC8. maintain the security and confidentiality of information relating to the security objectives 6 2 4

PC9. gather sufficient accurate information on which to determine potential costs, benefits and effectiveness of recommended security solutions

6 2 4

PC10. identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints

6 1 5

PC11. prepare recommendations that have the potential to meet the security objectives of the organisation 8 3 5

PC12. provide details of costs, benefits, effectiveness, limitations and constraints of recommendations 5 2 3

PC13. provide recommendations of security solutions in an agreed format to the responsible person within agreed timescales

6 2 4

PC14. provide the organisation with considered advice on the implications of accepting, modifying or rejecting security recommendations

5 1 4

PC15. take account of the organisation’s values, culture and nature of business 5 1 4

PC16. maintain the security and confidentiality of information relating to your organisation and recommendations

4 1 3

PC17. obtain necessary approvals from the responsible persons as per organisational policy 4 1 3

Total 100 31 692. SSC/N0920 (Design and develop solutions for identity management to meet the security objectives)

PC1. receive specifications of requirements and security objectives from authorized source

100

5 1 4

PC2. use an IDAM security product to design and deploy end to end identity and access management 8 3 5

PC3. design and deliver a cohesive blueprint for delivery of Identity & Access services to include technology options

8 2 6

PC4. design the user access control and privilege framework 8 3 5

PC5. design and develop group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs

8 2 6

PC6. build strategies to advance to more effective protocols and sunset ineffective protocols 6 2 4

PC7. develop local network usage policies and procedures 6 2 4PC8. use access management technologies, methodologies and role-based and security-based entitlements models to develop effective IDAM solutions

5 2 3

PC9. write applications as per designed identity and access management solution 5 3 2

PC10. write programs in CC++ or .net tool for designed identity and access management solution 4 2 2

6


PC11. ensure secure integration approach with different third party systems 4 1 3

PC12. ensure identification and remediation of control weaknesses; using existing methodologies 4 1 3

PC13. develop fixes, patches, & recovery procedures in the event of a security breach 7 2 5

PC14. liaise with delivery/deployment teams to ensure IAM requirements are included in all application delivery projects

6 2 4

PC15. conduct security assessments of authentication applications such as secure code reviews, application penetration testing & threat modelling/architectural risk analysis

7 2 5

PC16. ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment

4 0 4

PC17. comply with relevant legislation, standards, policies and procedures 5 1 4

Total 100 31 693. SSC/N0921 (Ensure implement and maintain identity and access management solutions follows architectural design)

PC1. clarify architectural design to the implementation team

100

12 4 8

PC2. Provide inputs for implementation strategies and plan to the implementation team(s) 12 3 9

PC3. Perform comparative analysis and evaluation of the implemented solutions against architectural design 12 3 9

PC4. Derive relevant features of the solutions for the desired requirements s per architectural design 10 3 7

PC5. Test or pilot market/in house solutions for their fitment 10 3 7

PC6. Suggest integration and interfaces for market/in-house solutions with other security solutions like SIEM or external solutions

10 2 8

PC7. Resolve queries for the implementation and administration team with respect to overall Identity and access management architectural design

12 4 8

PC8. Review the implementation steps and their outcome to ensure that they satisfy architectural objectives and adhere to design

10 2 8

PC9. Assess how implementation satisfies compliance requirements 12 4 8

Total 100 28 72

4. SSC/N9001 (Manage your work to meet requirements)

PC1. establish and agree your work requirements with appropriate people

100

7 0 7

PC2. keep your immediate work area clean and tidy 12 6 6PC3. utilize your time effectively 12 6 6PC4. use resources correctly and efficiently 19 6 13PC5. treat confidential information correctly 7 1 6PC6. work in line with your organization’s policies and procedures 12 0 12

7


PC7. work within the limits of your job role 6 0 6PC8. obtain guidance from appropriate people, where necessary 6 0 6

PC9. ensure your work meets the agreed requirements 19 6 13 Total 100 25 75

5. SSC/N9002 (Work effectively with colleagues)

PC1. communicate with colleagues clearly, concisely and accurately

100

20 0 20

PC2. work with colleagues to integrate your work effectively with theirs 10 0 10

PC3. pass on essential information to colleagues in line with organizational requirements 10 10 0

PC4. work in ways that show respect for colleagues 20 0 20PC5. carry out commitments you have made to colleagues 10 0 10PC6. let colleagues know in good time if you cannot carry out your commitments, explaining the reasons 10 10 0

PC7. identify any problems you have working with colleagues and take the initiative to solve these problems 10 0 10

PC8. follow the organization’s policies and procedures for working with colleagues

10 0 10

Total 100 20 80

6. SSC/N9003 (Maintain a healthy, safe and secure working environment)

PC1. comply with your organization’s current health, safety and security policies and procedures

100

20 10 10

PC2. report any identified breaches in health, safety, and security policies and procedures to the designated person

10 0 10

PC3. identify and correct any hazards that you can deal with safely, competently and within the limits of your authority

20 10 10

PC4. report any hazards that you are not competent to deal with to the relevant person in line with organizational procedures and warn other people who may be affected

10 0 10

PC5. follow your organization’s emergency procedures promptly, calmly, and efficiently

20 10 10

PC6. identify and recommend opportunities for improving health, safety, and security to the designated person

10 0 10

PC7. complete any health and safety records legibly and accurately

10 0 10

Total 100 30 707. SSC/N9004 (Provide data/information in standard formats)

PC1. establish and agree with appropriate people the data/information you need to provide, the formats in which you need to provide it, and when you need to provide it

100

13 13 0

PC2. obtain the data/information from reliable sources 13 0 13PC3. check that the data/information is accurate, complete and up-to-date 12 6 6

PC4. obtain advice or guidance from appropriate people where there are problems with the data/information 6 0 6

8


PC5. carry out rule-based analysis of the data/information, if required 25 0 25

PC6. insert the data/information into the agreed formats 13 0 13PC7. check the accuracy of your work, involving colleagues where required 6 0 6

PC8. report any unresolved anomalies in the data/information to appropriate people 6 6 0

PC9. provide complete, accurate and up-to-date data/information to the appropriate people in the required formats on time

6 0 6

Total 100 25 758. SSC/N9005 (Develop your knowledge, skills and competence)

PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence

100

10 0 10

PC2. identify accurately the knowledge and skills you need for your job role 10 0 10

PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs

20 10 10

PC4. agree with appropriate people a plan of learning and development activities to address your learning needs 10 0 10

PC5. undertake learning and development activities in line with your plan 20 10 10

PC6. apply your new knowledge and skills in the workplace, under supervision 10 0 10

PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them 10 0 10

PC8. review your knowledge, skills and competence regularly and take appropriate action

10 0 10

Total 100 20 80

9


Means of assessment 1Proctored online assessments (LAN and Web based), carried out using a variety of question formats applicable for linear / adaptive methodologies; performance criteria being assessed via situation judgement tests, simulations, code writing, psychometrics and multiple choice questions etc.Means of assessment 2Presently not considered.

Pass/FailTo pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%

10


SECTION 2EVIDENCE OF LEVEL

11


OPTION A

Title/Name of qualification/component: Enter the title here Level: Add level number

NSQF Domain Outcomes of the Qualification/Component How the job role relates to the NSQF level descriptors NSQF Level

Process

Professional knowledge

Professional skill

Core skill

Responsibility

12


OPTION B

Title/Name of qualification/component: Architect Identity and Access Management Level: 8

NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors

NSQF Level

Process Research and recommend options for identity and access management solutions to meet the identified security objectives confirm that you have complete and accurate details of and

understand the security objectives review the usage of existing IDAM technologies and protocols and

Logical Physical Access to assess risks w.r.t Business and security objectives

consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications

conduct technical risk analysis, threat identification of the existing IDAM solution

identify level of risk acceptable for business requirements by discussing with business and technical leads

research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks

prepare recommendations that have the potential to meet the security objectives of the organisation

provide details of costs, benefits, effectiveness, limitations and constraints of recommendations

provide recommendations of security solutions in an agreed format to

Researching and recommending options for identity and access management solutions(IdAM), requires a thorough understanding of the business priorities, existing IdAM technologies, risks faced by the organisation, security requirements, organisational structure, etc.

Designing and developing complete IdAM architecture solutions also requires an in depth understanding of diverse fields like IT architecture; HR systems; IdAM concepts, technologies, protocols and tools as well as business priorities. It requires well developed practical skills to think creatively to find customised solutions for organisations that could be small, medium large, across geographies, with complex security and privileges

8

13




NSQF Level

the responsible person within agreed timescales

Design and develop solutions for identity management to meet the security objectives receive specifications of requirements and security objectives from

authorized source use an IDAM security product to design and deploy end to end identity

and access management design and deliver a cohesive blueprint for delivery of Identity & Access

services to include technology options design the user access control and privilege framework design and develop group policies and access control lists to ensure

compatibility with organizational standards, business rules, and needs build strategies to advance to more effective protocols and sunset

ineffective protocols develop local network usage policies and procedures conduct security assessments of authentication applications such as

secure code reviews, application penetration testing & threat modelling/architectural risk analysis

ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment

Ensure implementation of identity and access management solution follows architectural design

related requirements.

Hence as indicated by the requirements of the job role in the in “Process” and “Professional Knowledge”, the job role holder has to apply comprehensive, cognitive, theoretical knowledge and practical skills to develop creative solutions, to abstract problem.

Further the job role holder needs to research for solutions available as per the requirements, that would suit the organisation. This requires them to be up to date with the latest technologies in the market. Which is also constantly evolving as Cyber security and Identity and Access management these day is a new area of focus for organisations and new technologies are coming up and constantly getting upgraded.

Hence the job role holder will need to

14




NSQF Level

clarify architectural design to the implementation team provide inputs for implementation strategies and plan to the

implementation team(s) perform comparative analysis and evaluation of the implemented

solutions against architectural design derive relevant features of the solutions for the desired requirements s

per architectural design test or pilot market/in house solutions for their fitment suggest integration and interfaces for market/in-house solutions with

other security solutions like SIEM or external solutions resolve queries for the implementation and administration team with

respect to overall Identity and access management architectural design review the implementation steps and their outcome to ensure that

they satisfy architectural objectives and adhere to design assess how implementation satisfies compliance requirements

undertake self-study.

They will also need to work in collaboration with stakeholders that range from Business heads to Security teams, IT teams, users, vendors, specialists in order to 1) Understand their needs 2) customize solutions 3) clarify to the implementation team 4) resolve queries regarding the solution, etc. This requires a person with good communication and interpersonal skills.

Since a lot of time, money and resources will be used by the job role holder the responsibility is high that the solutions suggested meet the requirements. Apart from that the work is very complex and requires a lot of analysis and evaluation and innovation as well as working with a large number of stakeholders hence the job role holder must display intellectual independence and a high

Professional knowledge

cyber security concepts relevant networking concepts, devices and terminologies relevant IdAM technologies and Protocols the range of tools, software and techniques that are used for identity

and access management and how to apply them information technology (IT) security principles and methods infrastructure Design the enterprise information technology (IT) architecture service-oriented architecture (SOA)

8

15




NSQF Level

architecture and solution design for High available and distributed systems

server administration and systems engineering theories, concepts, and methods Systems Life Cycle

Segregation of Duties (SoD) configuration end-to-end user lifecycle management role-based and security-based entitlements models user account provisioning and workflow processes Best practices for IAM implementation new technological developments in identity and access management ID as a Service HR systems

level of analytical rigour.

Professional skill consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications

conduct technical risk analysis, threat identification of the existing IDAM solution

identify level of risk acceptable for business requirements by discussing with business and technical leads

identify and record details of constraints that may have an impact on the business and security options

identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints

prepare recommendations that have the potential to meet the security

8

16




NSQF Level

objectives of the organisation design and deliver a cohesive blueprint for delivery of Identity & Access

services to include technology options ensure technology risk considerations are identified and adequately

addressed for new application developments, integration and deployment

Core skill provide the organisation with considered advice on the implications of accepting, modifying or rejecting security recommendations

take account of the organisation’s values, culture and nature of business

liaise with delivery/deployment teams to ensure IAM requirements are included in all application delivery projects

clarify architectural design to the implementation team provide inputs for implementation strategies and plan to the

implementation team(s) perform comparative analysis and evaluation of the implemented

solutions against architectural design suggest integration and interfaces for market/in-house solutions with

other security solutions like SIEM or external solutions resolve queries for the implementation and administration team with

respect to overall Identity and access management architectural design review the implementation steps and their outcome to ensure that

they satisfy architectural objectives and adhere to design assess how implementation satisfies compliance requirements

The job role holder has to advice the top management; liaise with the delivery/deployment team; clarify and resolve queries of the implementation team and administration teams; check the work of the implementation team; ensure that their work is as per the design requirements. All this work requires the job role holder to exercise management and supervision in the context of work.

Since this is a complex work involving multiple teams and stakeholders, there can be many unpredictable changes, however the responsibility to ensure that the solution meets the requirements is of the job role holder.

8

Responsibility 8

17




NSQF Level

ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment

develop fixes, patches, & recovery procedures in the event of a security breach

best practices for IAM implementation new technological developments in identity and access management

Since this is a very dynamic and constantly evolving area the job role holder has also got to be responsible for development of self and others so that solution is implemented as per the design and the design is as per the requirements, keeping in mind the latest available technologies for the same.

18


SECTION 3EVIDENCE OF NEED

What evidence is there that the qualification is needed?

The National Cyber Security policy 2013 acknowledges the need for training Information/cyber security personnel by taking on the agenda of creating a workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training. (Copy attached)

The India findings of the 2015 Global Cybersecurity Status Report released by ISACA highlights that close to 30 percent of the respondents expect their organization to face a cyber attack in 2015 and a whopping 92 percent believe cyber attacks are one of the top three threats facing organizations today. Yet an alarming 87 percent say there is a shortage of skilled cybersecurity professionals in the country, and only 41 percent feel prepared to fend off a sophisticated attack. (Copy attached)

This is not restricted to India, it seems. As per The 2015 (ISC)2 Global Information Security Workforce Study by Frost too, globally the information security workforce shortfall is widening. In this year’s survey, 62% of the survey respondents stated that their organizations have too few information security professionals. This compares to 56% in the 2013 survey. Also in a shift from the 2013 survey, the reasons for this hiring shortfall are less about money as more organizations are making the budgets available to hire more personnel. Rather, an insuffiient pool of suitable candidates is causing this shortfall. (copy attached)

The Industry is very aware of the urgent need to fill this shortfall in Information/cyber security personnel within India as well as abroad. They can also predict that this requirement of Cyber Security experts is going to increase in the future. That is why the development of Qualification Packs for Information/Cyber Security was initiated by National Association of Software and Services Companies (Nasscom), the Data Security Council of India (DSCI) and security software company Symantec. The objective is to enhance cybersecurity skills and develop standards for talent development within India which can cater to the cyber security manpower need in India and abroad.

The occupational map was made and the specific qualification packs have been developed in consultation with organizations in sectors such as IT/ITeS, financial services and consultancy advisory services.

Also aiming to provide cybersecurity skills training and certification to women professionals in India, Symantec has also introduced scholarships to 1,000 women undertaking the cyber security certification by sector skills council at Nasscom.

Read more at: http://economictimes.indiatimes.com/articleshow/51875529.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

What is the estimated uptake of this qualification and what is the basis of this estimate?

As per The 2015 (ISC)2 Global Information Security Workforce Study conducted by Frost & Sullivan’s – “new observations and others generated from this extensive survey (almost 14,000 respondents globally) allowed Frost & Sullivan, for the first time, to estimate the shortfall in the global information security workforce; which we project will reach 1.5 million in five years.”“Examining changes in job titles from the 2013 survey to the 2015 survey, demand for security architects (consulting) leads job growth (3.8% of survey respondents in 2013 versus 4.3% in 2015). Security engineers (application) and security architect (products, solution) are the next two in the top fie leaders in job title growth. Security consultant (management), security tester, and security engineer round out the top five.”“The top area for training and development for security professionals over the next three years is dominated by the technologies that require protection. Not surprisingly, cloud computing and bring-your-own-device

19


(BYOD) top the list. Other technology-related topics include information risk management, applications and systems development, and access control.”

What steps were taken to ensure that the qualification(s) does (do) not duplicate already existing or planned qualifications in the NSQF?

Cleared by QRC at NSDC.

What arrangements are in place to monitor and review the qualification(s)? What data will be used and at what point will the qualification(s) be revised or updated?

Monitoring and review of the qualifications is a project executed every two years. While adoption by industry and academia is one good indicator for the usefulness of a qualification

pack, we adopt multiple approaches for periodic review and maintenance of the qualifications. 1. Sub-sector wise Industry council, headed by council chair is a formal part of our governing structure. The council participates and steers the qualifications creation and upkeep. This council is a body elected by over 1800 member companies of NASSCOM.2. Special interest groups are formed for a more focused and detailed review of the qualifications in the light of emerging knowledge and skill areas. 3. Events and workshops are conducted periodically to validate, monitor and review the qualification. 4. As a part of due diligence process for affiliating Training providers, we do ask them for validation from their hirers – thus covering even medium, small and micro segment of the hiring companies.5. Any institution / individual is welcome to send feedback, which is recorded and considered during next review cycle.

The above data is used to update the Qualification and this revision is published annually. Nonetheless, if a major feedback is received prior to the planned review period, the change is considered in consultation with the industry council.

Please attach any documents giving further information about any of the topics above.

20


Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.

Occupation analysis report for IT Services Sub-sector National Cyber Security Policy (1) 2015-India-Cybersecurity-Status-Report-Data-Sheet_mkt_Eng_0115 FrostSullivan-(ISC)²-Global-Information-Security-Workforce-Study-2015

SECTION 4

21


EVIDENCE OF PROGRESSION

What steps have been taken in the design of this or other qualifications to ensure that there is a clear path to other qualifications in this sector?

This qualification has been through workshops and consultations. Adequate NOSs / performance criteria have been added to ensure progression to related path ways identified as per the occupational career map.

Please attach any documents giving further information about any of the topics above. Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.

NA

This publication has been produced with the assistance of the European Union. The contents are the sole responsibility of the EU Skills Development Project and can in no way be taken to reflect the views of the European Union.

22

Documents

DRAFT QUALIFICATION FILE · Web viewThe India findings of the 2015 Global Cybersecurity Status Report released by ISACA highlights that close to 30 percent of the respondents expect