Lesson 3A – Security, Safety, Risk, & Quality Systems

This lesson describes the relationships between systems, standards, and guidance for security, safety, quality, and risk management. Commonly implemented standards from national and international standards organizations are introduced.

Learning Objectives
  • Define “quality management system”
  • Distinguish between safety and security using the SEMA framework
  • Identify and describe the five layers of an industrial safety management system (SMS)
  • Explain how quality systems support safety and security
  • Recognize standards and guidance that are useful for quality, safety, and risk management
Files
Lesson 3A – Security, Safety, Risk, & Quality Systems Lesson Plan
CPI_Module3_Lesson3A_Presentation.pptx

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0002: * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0008: Knowledge of applicable business processes and operations of customer organizations.
  • K0027: Knowledge of organization's enterprise information security architecture system.
  • K0048: Knowledge of Risk Management Framework (RMF) requirements.
  • K0053: Knowledge of measures or indicators of system performance and availability.
  • K0054: Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0084: Knowledge of structured analysis principles and methods.
  • K0101: Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  • K0146: Knowledge of the organization's core business/mission processes.
  • K0149: Knowledge of organization's risk tolerance and/or risk management approach.
  • K0150: Knowledge of enterprise incident response program, roles, and responsibilities.
  • K0169: Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
  • K0437: Knowledge of general SCADA system components.
  • K0612: Knowledge of what constitutes a “threat” to a network.
  • S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0034: Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • S0038: Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
  • S0085: Skill in conducting audits or reviews of technical systems.
  • S0359: Skill to use critical thinking to analyze organizational patterns and relationships.
  • A0106: Ability to think critically.
  • A0117: Ability to relate strategy, business, and technology in the context of organizational dynamics.
  • A0118: Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • A0119: Ability to understand the basic concepts and issues related to cyber and its organizational impact.

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_2019_Knowledge_Units.pdf