COMSEC Manager
What does this role do? Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).
CORE KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. | Knowledge |
| 25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). | Knowledge |
| 37 | Knowledge of disaster recovery continuity of operations plans. | Knowledge |
| 55 | Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. | Knowledge |
| 61 | Knowledge of incident response and handling methodologies. | Knowledge |
| 108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). | Knowledge |
| 395 | Advise senior management (e.g., CIO) on risk levels and security posture. | Task |
| 578 | Ensure security improvement actions are evaluated, validated, and implemented as required. | Task |
| 824 | Recognize a possible security violation and take appropriate action to report the incident, as required. | Task |
| 852 | Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. | Task |
| 1141A | Knowledge of an organization’s information classification program and procedures for information compromise. | Knowledge |
| 1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. | Knowledge |
| 1158 | * Knowledge of cybersecurity principles. | Knowledge |
| 1159 | * Knowledge of cyber threats and vulnerabilities. | Knowledge |
| 6900 | * Knowledge of specific operational impacts of cybersecurity lapses. | Knowledge |
ADDITIONAL KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 129 | Knowledge of system life cycle management principles, including software security and usability. | Knowledge |
| 143 | Knowledge of the organization’s enterprise information technology (IT) goals and objectives. | Knowledge |
| 183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. | Skill |
| 299 | Knowledge of information security program management and project management principles and techniques. | Knowledge |
| 325 | Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). | Knowledge |
| 396 | Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. | Task |
| 445 | Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. | Task |
| 475 | Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. | Task |
| 596 | Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. | Task |
| 600 | Evaluate cost benefit, economic, and risk analysis in decision making process. | Task |
| 1004 | Knowledge of critical information technology (IT) procurement requirements. | Knowledge |
| 1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. | Knowledge |