Communications Security (COMSEC) Manager

Individual who manages the Communications Security (COMSEC) resources of an organization (CNSSI 4009) or key custodian for a Crypto Key Management System (CKMS).

Below are the Knowledge, Skills, Abilities and Tasks identified as being required to perform this work role.

Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004Knowledge of cybersecurity and privacy principles.
K0005Knowledge of cyber threats and vulnerabilities.
K0006Knowledge of specific operational impacts of cybersecurity lapses.
K0018Knowledge of encryption algorithms
K0026Knowledge of business continuity and disaster recovery continuity of operations plans.
K0038Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
K0042Knowledge of incident response and handling methodologies.
K0090Knowledge of system life cycle management principles, including software security and usability.
K0101Knowledge of the organization??s enterprise information technology (IT) goals and objectives.
K0121Knowledge of information security program management and project management principles and techniques.
K0126Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
K0163Knowledge of critical information technology (IT) procurement requirements.
K0267Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
K0285Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
K0287Knowledge of an organization’s information classification program and procedures for information compromise.
K0622Knowledge of controls related to the use, processing, storage, and transmission of data.
S0027Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
S0059Skill in using Virtual Private Network (VPN) devices and encryption.
S0138Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
A0177Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.
A0163Ability to interpret Communications Security (COMSEC) terminology, guidelines and procedures.
A0164Ability to identify the roles and responsibilities for appointed Communications Security (COMSEC) personnel.
A0165Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.
A0166Ability to identify types of Communications Security (COMSEC) Incidents and how they??re reported.
A0167Ability to recognize the importance of auditing Communications Security (COMSEC) material and accounts.
A0177Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.
T0003Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
T0004Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
T0025Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
T0044Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
T0089Ensure that security improvement actions are evaluated, validated, and implemented as required.
T0095Establish overall enterprise information security architecture (EISA) with the organization¡¯s overall security strategy.
T0099Evaluate cost/benefit, economic, and risk analysis in decision-making process.
T0215Recognize a possible security violation and take appropriate action to report the incident, as required.
T0229Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.