Upload
phungthu
View
222
Download
4
Embed Size (px)
Citation preview
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
CONTACT DETAILS OF THE BODY SUBMITTING THE QUALIFICATION FILE
Name and address of submitting body:
IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM)Plot No. – 7, 8, 9 & 10Sector – 126, NoidaUttar Pradesh - 201303
Name and contact details of individual dealing with the submission
Name: Dr. Sandhya Chintala
Position in the organisation: CEO
Address if different from above: Same as above
Tel number(s): Board No:0120 4990111
E-mail address: [email protected]
List of documents submitted in support of the Qualifications File
1. Functional Map for the job role 2. Occupational Analysis for IT Services Sub-sector 3. Qualification Pack 4. Career Map for the job role / occupation: vertical and horizontal mobility 5. Test Matrix Template 6. National Cyber Security Policy (1)7. 2015-India-Cybersecurity-Status-Report-Data-Sheet_mkt_Eng_01158. FrostSullivan-(ISC)²-Global-Information-Security-Workforce-Study-2015
1
NSDA ReferenceTo be added by NSDA
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
SUMMARY
Qualification Title Security Infrastructure Specialist
Qualification Code SSC/Q0923
Nature and purpose of the qualification
This is a Qualification Pack (QP) containing National Occupational Standards for the job role - Security Infrastructure Specialist
The main purpose of the qualification and the target learners is to get unemployed people into work and to upgrade the skills of people already in work.
Body/bodies which will award the qualification SSC NASSCOM
Body which will accredit providers to offer courses leading to the qualification
SSC NASSCOMPresently, Accreditation is not prescribed; affiliation is one of the models.
Body/bodies which will carry out assessment of learners
IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM)
Occupation(s) to which the qualification gives access
Information/ Cyber Security
Licensing requirements N/ALevel of the qualification in the NSQF
8
Anticipated volume of training/learning required to complete the qualification
800 hours approx. (customisable as per learner background)
Entry requirements and/or recommendations
Minimum Educational Qualifications - Graduate in Security/ Computer Science/Electronics and Engineering /ITExperience - 2-5 years of work experience/internship in information technology Minimum Job Entry Age - 23 Years
Progression from the qualification This entry should refer to one or more of the following:
- access to other qualifications at the same NSQF level - Consultant Network Security, Consultant application security, Consultant IOT, SOC Specialist
- access to related qualification(s) at the next NSQF level - Head SOC, Service Delivery Head, Head GRC
Planned arrangements for the Recognition of Prior learning (RPL)
- Response to market forces for RPL.- RPL assessments will be the same as our normal assessments.
International comparability where known
Not Yet Established
Date of planned review of the qualification. 26/08/2017
Formal structure of the qualification
Title of component and identification code. Mandatory/ Estimated Level
2
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Optionalsize (learning
hours)SSC/N0937 (Configure cyber security infrastructure components)
Mandatory 150
SSC/N0938 (Maintain and enhance cyber security infrastructure components)
Mandatory 130
SSC/N0939 (Define the cyber security infrastructure policy or technical security policy for an organization)
Mandatory 100
SSC/N0933 (Monitor and report on performance of operational and technical cyber security measures)
Mandatory 100
SSC/N0927 (Drive interrelated cyber security actions)Mandatory 70
SSC/N0928 (Manage a project team)Mandatory 50
SSC/N9001 (Manage your work to meet requirements) Mandatory 50
SSC/N9002 (Work effectively with colleagues) Mandatory 50
SSC/N9003 (Maintain a healthy, safe and secure working environment)
Mandatory 25
SSC/N9004 (Provide data/information in standard formats) Mandatory 50
SSC/N9005 (Develop your knowledge, skills and competence)
Mandatory 25
Please attach any document giving further detail about the structure of the qualification – eg a Curriculum Document or a Qualification Pack.
Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.
1. Qualifications Pack- Security Infrastructure Specialist – Page 2
3
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
SECTION 1 ASSESSMENT
Body/Bodies which will carry out assessment:- SSC NASSCOM is the assessment body, which affiliates assessment providers.
How will RPL assessment be managed and who will carry it out?
• RPL assessment will be online, objective evaluation in a highly secure and proctored environment.• RPL assessments will be the same as our normal assessments. • All procedures followed will be similar to the normal assessment methodology.• Issuance of the qualification will be through the centralise SDMS (NSDC).• Quality assurance – By equating performance amongst the multiple affiliated assessment provider
(AAP) and periodic analytical review and sensitivity analysis for the reliability and validity of all aspects of assessments.
Describe the overall assessment strategy and specific arrangements which have been put in place to ensure that assessment is always valid, reliable and fair and show that these are in line with the requirements of the NSQF.
• SSC NAASCOM carries out online assessments through very robust platforms and proctoring methodology.
• AAP affiliated to SSC NASSCOM come with strong industry references and long experience and analytical ability in assessment methodologies.
• Periodic workshops are held with the vendors to bring them to a common understanding of the job role, its NSQF level, difficulty level as well as format and sample of assessment items.
• Internal moderations further ensure the validity and reliability of the assessments and consistency of difficulty levels of the test questions across AAPs.
• AAPs work with hirers on similar job roles, they use SMEs from their network to get industry relevant scenarios and assessment items aligned to the expected outcomes of the job role/QP.
• Curriculum and real time scenarios facilitate further understanding the scope of the QP with reference to process knowledge and skills.
• In addition, we conduct workshops with AAPs w.r.t. beta testing, review of the assessment analytics, performance of the test platform, moderation of NSQF levels, deployment and invigilation patterns and infrastructure requirements including malpractice avoidance.
• Inferences from benchmarking and analytics patterns are taken into consideration in the development and revision of the assessment criteria and format of assessment items.
• Reliability and validity of assessment items is standardised among AAPs.• Difficulty level of test items with reference to NSQF levels are ensured, so that the outcomes with
reference to performance criteria of the constituent NOSs are in line with the NSQF level descriptors. This is achieved through the detailed test matrix design.
Please attach any documents giving further information about assessment and/or RPL. Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.
4
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
ASSESSMENT EVIDENCE
Complete a grid for each component as listed in “Formal structure of the qualification” in the Summary.
NOTE: this grid can be replaced by any part of the qualification documentation which shows the same information – i.e. Learning Outcomes to be assessed, assessment criteria and the means of assessment.
Title of Component:
Job Role Architect Identity and Access Management
Qualification Pack SSC/Q0928
Sector Skill Council IT-ITeS
Guidelines for Assessment:
1. Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS.
2. The assessment will be conducted online through assessment providers authorised by SSC. 3. Format of questions will include a variety of styles suitable to the PC being tested such as multiple
choice questions, fill in the blanks, situational judgment test, simulation and programming test.4. To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%. 5. For latest details on the assessment criteria, please visit www.sscnasscom.com.
Title of NOS/Unit/Component:
Assessable Outcomes Assessment Criteria for the Outcomes Total
MarksOut of Theory Skills
Practical
1. SSC/N0919 (Research and recommend options for identity and access management solutions to meet the identified security objectives)
PC1. confirm that you have complete and accurate details of and understand the security objectives
100
5 2 3
PC2. review the usage of existing IDAM technologies and protocols and Logical Physical Access to assess risks w.r.t Business and security objectives
6 2 4
PC3. consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications
7 2 5
PC4. conduct technical risk analysis, threat identification of the existing IDAM solution 8 3 5
PC5. identify level of risk acceptable for business requirements by discussing with business and technical leads
6 1 5
PC6. research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks
7 3 4
5
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
PC7. identify and record details of constraints that may have an impact on the business and security options 6 2 4
PC8. maintain the security and confidentiality of information relating to the security objectives 6 2 4
PC9. gather sufficient accurate information on which to determine potential costs, benefits and effectiveness of recommended security solutions
6 2 4
PC10. identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints
6 1 5
PC11. prepare recommendations that have the potential to meet the security objectives of the organisation 8 3 5
PC12. provide details of costs, benefits, effectiveness, limitations and constraints of recommendations 5 2 3
PC13. provide recommendations of security solutions in an agreed format to the responsible person within agreed timescales
6 2 4
PC14. provide the organisation with considered advice on the implications of accepting, modifying or rejecting security recommendations
5 1 4
PC15. take account of the organisation’s values, culture and nature of business 5 1 4
PC16. maintain the security and confidentiality of information relating to your organisation and recommendations
4 1 3
PC17. obtain necessary approvals from the responsible persons as per organisational policy 4 1 3
Total 100 31 692. SSC/N0920 (Design and develop solutions for identity management to meet the security objectives)
PC1. receive specifications of requirements and security objectives from authorized source
100
5 1 4
PC2. use an IDAM security product to design and deploy end to end identity and access management 8 3 5
PC3. design and deliver a cohesive blueprint for delivery of Identity & Access services to include technology options
8 2 6
PC4. design the user access control and privilege framework 8 3 5
PC5. design and develop group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs
8 2 6
PC6. build strategies to advance to more effective protocols and sunset ineffective protocols 6 2 4
PC7. develop local network usage policies and procedures 6 2 4PC8. use access management technologies, methodologies and role-based and security-based entitlements models to develop effective IDAM solutions
5 2 3
PC9. write applications as per designed identity and access management solution 5 3 2
PC10. write programs in CC++ or .net tool for designed identity and access management solution 4 2 2
6
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
PC11. ensure secure integration approach with different third party systems 4 1 3
PC12. ensure identification and remediation of control weaknesses; using existing methodologies 4 1 3
PC13. develop fixes, patches, & recovery procedures in the event of a security breach 7 2 5
PC14. liaise with delivery/deployment teams to ensure IAM requirements are included in all application delivery projects
6 2 4
PC15. conduct security assessments of authentication applications such as secure code reviews, application penetration testing & threat modelling/architectural risk analysis
7 2 5
PC16. ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment
4 0 4
PC17. comply with relevant legislation, standards, policies and procedures 5 1 4
Total 100 31 693. SSC/N0921 (Ensure implement and maintain identity and access management solutions follows architectural design)
PC1. clarify architectural design to the implementation team
100
12 4 8
PC2. Provide inputs for implementation strategies and plan to the implementation team(s) 12 3 9
PC3. Perform comparative analysis and evaluation of the implemented solutions against architectural design 12 3 9
PC4. Derive relevant features of the solutions for the desired requirements s per architectural design 10 3 7
PC5. Test or pilot market/in house solutions for their fitment 10 3 7
PC6. Suggest integration and interfaces for market/in-house solutions with other security solutions like SIEM or external solutions
10 2 8
PC7. Resolve queries for the implementation and administration team with respect to overall Identity and access management architectural design
12 4 8
PC8. Review the implementation steps and their outcome to ensure that they satisfy architectural objectives and adhere to design
10 2 8
PC9. Assess how implementation satisfies compliance requirements 12 4 8
Total 100 28 72
4. SSC/N9001 (Manage your work to meet requirements)
PC1. establish and agree your work requirements with appropriate people
100
7 0 7
PC2. keep your immediate work area clean and tidy 12 6 6PC3. utilize your time effectively 12 6 6PC4. use resources correctly and efficiently 19 6 13PC5. treat confidential information correctly 7 1 6PC6. work in line with your organization’s policies and procedures 12 0 12
7
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
PC7. work within the limits of your job role 6 0 6PC8. obtain guidance from appropriate people, where necessary 6 0 6
PC9. ensure your work meets the agreed requirements 19 6 13 Total 100 25 75
5. SSC/N9002 (Work effectively with colleagues)
PC1. communicate with colleagues clearly, concisely and accurately
100
20 0 20
PC2. work with colleagues to integrate your work effectively with theirs 10 0 10
PC3. pass on essential information to colleagues in line with organizational requirements 10 10 0
PC4. work in ways that show respect for colleagues 20 0 20PC5. carry out commitments you have made to colleagues 10 0 10PC6. let colleagues know in good time if you cannot carry out your commitments, explaining the reasons 10 10 0
PC7. identify any problems you have working with colleagues and take the initiative to solve these problems 10 0 10
PC8. follow the organization’s policies and procedures for working with colleagues
10 0 10
Total 100 20 80
6. SSC/N9003 (Maintain a healthy, safe and secure working environment)
PC1. comply with your organization’s current health, safety and security policies and procedures
100
20 10 10
PC2. report any identified breaches in health, safety, and security policies and procedures to the designated person
10 0 10
PC3. identify and correct any hazards that you can deal with safely, competently and within the limits of your authority
20 10 10
PC4. report any hazards that you are not competent to deal with to the relevant person in line with organizational procedures and warn other people who may be affected
10 0 10
PC5. follow your organization’s emergency procedures promptly, calmly, and efficiently
20 10 10
PC6. identify and recommend opportunities for improving health, safety, and security to the designated person
10 0 10
PC7. complete any health and safety records legibly and accurately
10 0 10
Total 100 30 707. SSC/N9004 (Provide data/information in standard formats)
PC1. establish and agree with appropriate people the data/information you need to provide, the formats in which you need to provide it, and when you need to provide it
100
13 13 0
PC2. obtain the data/information from reliable sources 13 0 13PC3. check that the data/information is accurate, complete and up-to-date 12 6 6
PC4. obtain advice or guidance from appropriate people where there are problems with the data/information 6 0 6
8
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
PC5. carry out rule-based analysis of the data/information, if required 25 0 25
PC6. insert the data/information into the agreed formats 13 0 13PC7. check the accuracy of your work, involving colleagues where required 6 0 6
PC8. report any unresolved anomalies in the data/information to appropriate people 6 6 0
PC9. provide complete, accurate and up-to-date data/information to the appropriate people in the required formats on time
6 0 6
Total 100 25 758. SSC/N9005 (Develop your knowledge, skills and competence)
PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence
100
10 0 10
PC2. identify accurately the knowledge and skills you need for your job role 10 0 10
PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs
20 10 10
PC4. agree with appropriate people a plan of learning and development activities to address your learning needs 10 0 10
PC5. undertake learning and development activities in line with your plan 20 10 10
PC6. apply your new knowledge and skills in the workplace, under supervision 10 0 10
PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them 10 0 10
PC8. review your knowledge, skills and competence regularly and take appropriate action
10 0 10
Total 100 20 80
9
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Means of assessment 1Proctored online assessments (LAN and Web based), carried out using a variety of question formats applicable for linear / adaptive methodologies; performance criteria being assessed via situation judgement tests, simulations, code writing, psychometrics and multiple choice questions etc.Means of assessment 2Presently not considered.
Pass/FailTo pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%
10
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
SECTION 2EVIDENCE OF LEVEL
11
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
OPTION A
Title/Name of qualification/component: Enter the title here Level: Add level number
NSQF Domain Outcomes of the Qualification/Component How the job role relates to the NSQF level descriptors NSQF Level
Process
Professional knowledge
Professional skill
Core skill
Responsibility
12
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
OPTION B
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
Process Research and recommend options for identity and access management solutions to meet the identified security objectives confirm that you have complete and accurate details of and
understand the security objectives review the usage of existing IDAM technologies and protocols and
Logical Physical Access to assess risks w.r.t Business and security objectives
consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications
conduct technical risk analysis, threat identification of the existing IDAM solution
identify level of risk acceptable for business requirements by discussing with business and technical leads
research relevant information required to meet the security objectives based on the evaluation of assets, threats, vulnerabilities and security risks
prepare recommendations that have the potential to meet the security objectives of the organisation
provide details of costs, benefits, effectiveness, limitations and constraints of recommendations
provide recommendations of security solutions in an agreed format to
Researching and recommending options for identity and access management solutions(IdAM), requires a thorough understanding of the business priorities, existing IdAM technologies, risks faced by the organisation, security requirements, organisational structure, etc.
Designing and developing complete IdAM architecture solutions also requires an in depth understanding of diverse fields like IT architecture; HR systems; IdAM concepts, technologies, protocols and tools as well as business priorities. It requires well developed practical skills to think creatively to find customised solutions for organisations that could be small, medium large, across geographies, with complex security and privileges
8
13
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
the responsible person within agreed timescales
Design and develop solutions for identity management to meet the security objectives receive specifications of requirements and security objectives from
authorized source use an IDAM security product to design and deploy end to end identity
and access management design and deliver a cohesive blueprint for delivery of Identity & Access
services to include technology options design the user access control and privilege framework design and develop group policies and access control lists to ensure
compatibility with organizational standards, business rules, and needs build strategies to advance to more effective protocols and sunset
ineffective protocols develop local network usage policies and procedures conduct security assessments of authentication applications such as
secure code reviews, application penetration testing & threat modelling/architectural risk analysis
ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment
Ensure implementation of identity and access management solution follows architectural design
related requirements.
Hence as indicated by the requirements of the job role in the in “Process” and “Professional Knowledge”, the job role holder has to apply comprehensive, cognitive, theoretical knowledge and practical skills to develop creative solutions, to abstract problem.
Further the job role holder needs to research for solutions available as per the requirements, that would suit the organisation. This requires them to be up to date with the latest technologies in the market. Which is also constantly evolving as Cyber security and Identity and Access management these day is a new area of focus for organisations and new technologies are coming up and constantly getting upgraded.
Hence the job role holder will need to
14
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
clarify architectural design to the implementation team provide inputs for implementation strategies and plan to the
implementation team(s) perform comparative analysis and evaluation of the implemented
solutions against architectural design derive relevant features of the solutions for the desired requirements s
per architectural design test or pilot market/in house solutions for their fitment suggest integration and interfaces for market/in-house solutions with
other security solutions like SIEM or external solutions resolve queries for the implementation and administration team with
respect to overall Identity and access management architectural design review the implementation steps and their outcome to ensure that
they satisfy architectural objectives and adhere to design assess how implementation satisfies compliance requirements
undertake self-study.
They will also need to work in collaboration with stakeholders that range from Business heads to Security teams, IT teams, users, vendors, specialists in order to 1) Understand their needs 2) customize solutions 3) clarify to the implementation team 4) resolve queries regarding the solution, etc. This requires a person with good communication and interpersonal skills.
Since a lot of time, money and resources will be used by the job role holder the responsibility is high that the solutions suggested meet the requirements. Apart from that the work is very complex and requires a lot of analysis and evaluation and innovation as well as working with a large number of stakeholders hence the job role holder must display intellectual independence and a high
Professional knowledge
cyber security concepts relevant networking concepts, devices and terminologies relevant IdAM technologies and Protocols the range of tools, software and techniques that are used for identity
and access management and how to apply them information technology (IT) security principles and methods infrastructure Design the enterprise information technology (IT) architecture service-oriented architecture (SOA)
8
15
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
architecture and solution design for High available and distributed systems
server administration and systems engineering theories, concepts, and methods Systems Life Cycle
Segregation of Duties (SoD) configuration end-to-end user lifecycle management role-based and security-based entitlements models user account provisioning and workflow processes Best practices for IAM implementation new technological developments in identity and access management ID as a Service HR systems
level of analytical rigour.
Professional skill consult with engineering teams in the areas of authentication and authorization mechanism for its usage in channels such as web, mobile, applications
conduct technical risk analysis, threat identification of the existing IDAM solution
identify level of risk acceptable for business requirements by discussing with business and technical leads
identify and record details of constraints that may have an impact on the business and security options
identify and determine the cost, potential benefits, and effectiveness of recommended security solutions, based on valid assumptions, considerations and information, including possible constraints
prepare recommendations that have the potential to meet the security
8
16
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
objectives of the organisation design and deliver a cohesive blueprint for delivery of Identity & Access
services to include technology options ensure technology risk considerations are identified and adequately
addressed for new application developments, integration and deployment
Core skill provide the organisation with considered advice on the implications of accepting, modifying or rejecting security recommendations
take account of the organisation’s values, culture and nature of business
liaise with delivery/deployment teams to ensure IAM requirements are included in all application delivery projects
clarify architectural design to the implementation team provide inputs for implementation strategies and plan to the
implementation team(s) perform comparative analysis and evaluation of the implemented
solutions against architectural design suggest integration and interfaces for market/in-house solutions with
other security solutions like SIEM or external solutions resolve queries for the implementation and administration team with
respect to overall Identity and access management architectural design review the implementation steps and their outcome to ensure that
they satisfy architectural objectives and adhere to design assess how implementation satisfies compliance requirements
The job role holder has to advice the top management; liaise with the delivery/deployment team; clarify and resolve queries of the implementation team and administration teams; check the work of the implementation team; ensure that their work is as per the design requirements. All this work requires the job role holder to exercise management and supervision in the context of work.
Since this is a complex work involving multiple teams and stakeholders, there can be many unpredictable changes, however the responsibility to ensure that the solution meets the requirements is of the job role holder.
8
Responsibility 8
17
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Title/Name of qualification/component: Architect Identity and Access Management Level: 8
NSQF Domain Key requirements of the job role How the job role relates to the NSQF level descriptors
NSQF Level
ensure technology risk considerations are identified and adequately addressed for new application developments, integration and deployment
develop fixes, patches, & recovery procedures in the event of a security breach
best practices for IAM implementation new technological developments in identity and access management
Since this is a very dynamic and constantly evolving area the job role holder has also got to be responsible for development of self and others so that solution is implemented as per the design and the design is as per the requirements, keeping in mind the latest available technologies for the same.
18
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
SECTION 3EVIDENCE OF NEED
What evidence is there that the qualification is needed?
The National Cyber Security policy 2013 acknowledges the need for training Information/cyber security personnel by taking on the agenda of creating a workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training. (Copy attached)
The India findings of the 2015 Global Cybersecurity Status Report released by ISACA highlights that close to 30 percent of the respondents expect their organization to face a cyber attack in 2015 and a whopping 92 percent believe cyber attacks are one of the top three threats facing organizations today. Yet an alarming 87 percent say there is a shortage of skilled cybersecurity professionals in the country, and only 41 percent feel prepared to fend off a sophisticated attack. (Copy attached)
This is not restricted to India, it seems. As per The 2015 (ISC)2 Global Information Security Workforce Study by Frost too, globally the information security workforce shortfall is widening. In this year’s survey, 62% of the survey respondents stated that their organizations have too few information security professionals. This compares to 56% in the 2013 survey. Also in a shift from the 2013 survey, the reasons for this hiring shortfall are less about money as more organizations are making the budgets available to hire more personnel. Rather, an insuffiient pool of suitable candidates is causing this shortfall. (copy attached)
The Industry is very aware of the urgent need to fill this shortfall in Information/cyber security personnel within India as well as abroad. They can also predict that this requirement of Cyber Security experts is going to increase in the future. That is why the development of Qualification Packs for Information/Cyber Security was initiated by National Association of Software and Services Companies (Nasscom), the Data Security Council of India (DSCI) and security software company Symantec. The objective is to enhance cybersecurity skills and develop standards for talent development within India which can cater to the cyber security manpower need in India and abroad.
The occupational map was made and the specific qualification packs have been developed in consultation with organizations in sectors such as IT/ITeS, financial services and consultancy advisory services.
Also aiming to provide cybersecurity skills training and certification to women professionals in India, Symantec has also introduced scholarships to 1,000 women undertaking the cyber security certification by sector skills council at Nasscom.
Read more at: http://economictimes.indiatimes.com/articleshow/51875529.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
What is the estimated uptake of this qualification and what is the basis of this estimate?
As per The 2015 (ISC)2 Global Information Security Workforce Study conducted by Frost & Sullivan’s – “new observations and others generated from this extensive survey (almost 14,000 respondents globally) allowed Frost & Sullivan, for the first time, to estimate the shortfall in the global information security workforce; which we project will reach 1.5 million in five years.”“Examining changes in job titles from the 2013 survey to the 2015 survey, demand for security architects (consulting) leads job growth (3.8% of survey respondents in 2013 versus 4.3% in 2015). Security engineers (application) and security architect (products, solution) are the next two in the top fie leaders in job title growth. Security consultant (management), security tester, and security engineer round out the top five.”“The top area for training and development for security professionals over the next three years is dominated by the technologies that require protection. Not surprisingly, cloud computing and bring-your-own-device
19
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
(BYOD) top the list. Other technology-related topics include information risk management, applications and systems development, and access control.”
What steps were taken to ensure that the qualification(s) does (do) not duplicate already existing or planned qualifications in the NSQF?
Cleared by QRC at NSDC.
What arrangements are in place to monitor and review the qualification(s)? What data will be used and at what point will the qualification(s) be revised or updated?
Monitoring and review of the qualifications is a project executed every two years. While adoption by industry and academia is one good indicator for the usefulness of a qualification
pack, we adopt multiple approaches for periodic review and maintenance of the qualifications. 1. Sub-sector wise Industry council, headed by council chair is a formal part of our governing structure. The council participates and steers the qualifications creation and upkeep. This council is a body elected by over 1800 member companies of NASSCOM.2. Special interest groups are formed for a more focused and detailed review of the qualifications in the light of emerging knowledge and skill areas. 3. Events and workshops are conducted periodically to validate, monitor and review the qualification. 4. As a part of due diligence process for affiliating Training providers, we do ask them for validation from their hirers – thus covering even medium, small and micro segment of the hiring companies.5. Any institution / individual is welcome to send feedback, which is recorded and considered during next review cycle.
The above data is used to update the Qualification and this revision is published annually. Nonetheless, if a major feedback is received prior to the planned review period, the change is considered in consultation with the industry council.
Please attach any documents giving further information about any of the topics above.
20
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.
Occupation analysis report for IT Services Sub-sector National Cyber Security Policy (1) 2015-India-Cybersecurity-Status-Report-Data-Sheet_mkt_Eng_0115 FrostSullivan-(ISC)²-Global-Information-Security-Workforce-Study-2015
SECTION 4
21
NSQF QUALIFICATION FILE GUIDANCEVersion 6: Draft of 08 March 2016
EVIDENCE OF PROGRESSION
What steps have been taken in the design of this or other qualifications to ensure that there is a clear path to other qualifications in this sector?
This qualification has been through workshops and consultations. Adequate NOSs / performance criteria have been added to ensure progression to related path ways identified as per the occupational career map.
Please attach any documents giving further information about any of the topics above. Give the titles and other relevant details of the document(s) here. Include page references showing where to find the relevant information.
NA
This publication has been produced with the assistance of the European Union. The contents are the sole responsibility of the EU Skills Development Project and can in no way be taken to reflect the views of the European Union.
22