Cybersecurity knowledge, skill, and ability requirements and gaps are identified for both current and future operational needs, at least in an ad hoc manner
Context and Guidance: To identify gaps, you first might create a skills inventory to identify and document the current skill set of the organisation’s personnel. This inventory provides a snapshot of current capabilities and can be used to diagnose resource shortages and gaps against both your current and future workforce needs. The skills inventory is compared to the identified cybersecurity responsibilities for the function (WORKFORCE-3a) to identify skills that the organisation does not possess. The resulting skill gap provides insight into the current and future skill needs of the organisation. These skill gaps may prevent the organisation from performing adequately in managing cyber risks and may result in additional risk.