National Occupational Standard for the Cybersecurity Workforce

Designation Number:
CAN/DGSI 112
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
Reaffirmation
ICS code(s):
03.100.30; 03.180; 35.240.90
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Scope

This Standard specifies minimum core requirements for the qualification of entry-level cybersecurity professionals including roles that focus on information technology (IT) security, information security that involves digital artifacts, and digital security. 

 

This Standard is intended to apply broadly, and not only to specific technologies or techniques. It is intended to be platform and vendor agnostic.

 

This Standard applies to professionals in all sectors and industries, including publicly traded and privately held companies, governments and public bodies, and not-for-profit organizations.

Project need:

Project Need

Cybersecurity is defined as the protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cybersecurity includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. However, despite the internet and connected computing being around for over two decades, cybersecurity remains an emerging and evolving field of work. As such, the work has not been well defined in occupational terms and cybersecurity work is often conflated with other organizational roles. Accordingly, the NOS defines primary cybersecurity work as distinct from other occupations in information technology, security, business management, or public administration. Cybersecurity is not, however, just about technical systems, it’s also about people, their behaviour and how they connect and engage with those systems. 

 

The value of effective cybersecurity and the services and products supported by the cybersecurity professional cannot be overstated. Cybersecurity work is achieving visibility across the globe as a critical and enduring career within the digital economy. In Canada, for instance:

 

  • Our reliance on information and data systems has increased exponentially over the past decade as organizations digitize their operations and move to an online presence. This requires professionals who can design, build, implement and maintain safe, secure and reliable information systems that can support a variety of business, operational and personal needs, and which facilitates compliance with cybersecurity and privacy laws.
  • Canadian citizens have become more aware of their Privacy rights and are increasingly concerned about how their personal data is protected by organizations. This requires experts in both online security and privacy who can advise on the various national and international standards, develop policies, identify requirements and support monitoring to better protect the privacy of Canadians.
  • Cybercrime is an ever-increasing threat. With technology either as a target that can be exploited or a tool that can be used to commit other criminal acts such as theft, fraud, sexual harassment and child exploitation, cybersecurity and protective services are critical to protecting Canadians. This requires expertise to support detection and response to cyber threats as well as those who will investigate and collect digital evidence that can be used in improving protections and, when required, prosecuting offenders.   

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.