Print this page

The NICE Framework: Why You Need to Understand this Important Initiative

Abstract - Cybersecurity is an emerging profession. It is far too vast and complex to be a specialty area of one of the electronic disciplines. Instead it is a fully defined discipline in-and-of itself. The National Institute for Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE) represents a body of knowledge for this new field and in that respect it defines the concepts and practices that are legitimate areas of professional work and workforce education and training. The rationale and the detailed structure of this groundbreaking model are presented here along with how it fits with substantive efforts to ensure the U.S. critical infrastructure.

The issues associated with cybersecurity can be dated to the advent of the commercial internet. Thus, the entire profession has a less than twenty year lifespan. In that time cybercrime, cyberespionage, and even cyberwarfare have become future visions with realworld consequences. Yet, even with its newfound national prominence, there is still a lot of disagreement about what legitimately constitutes the right set of actions to prevent harmful, or adversarial actions. That disagreement was captured in a 2013 report sponsored by the National Academy of the Sciences (Bishop & Burley, 2013).

The report asserts that cybersecurity is at best ill-defined, and that it is subject to a range of interpretation by numerous special interest groups. Since there has been heretofore no clear definition of the field the profession and the actual protection of computers and information tends to be characterized by a long track record of hit-and-miss failures.

Dan Shoemaker's article is attached below:

Dan Shoemaker. "The NICE Framework: Why You Need to Understand this Important Initiative." The EDP Audit Control, and Security Newsletter 51, no. 6 (2015): 1-7.