Capability Methodology

About the Methodology

The CIISec Capability Development Methodology (CDM) has been designed to help organisations to develop, recruit and retain talent. It can be adapted and tailored for your organisation and will align comfortably with your internal standards and any external standards that may use.

Implementing the Capability Development Methodology
The exact process by which an information security skills capability is implemented is likely to differ from organisation to organisation - and will be influenced by factors such as the current level of information security maturity in the organisation and the extent to which a structured approach to skills management is already in place. 

The process set out in this guide sets out suggested steps for implementing a skills capability ‘from scratch’ using the concept of ‘roles families’. However, the process could also be applied to validate the adequacy of an existing skills capability. The process is summarised in the diagram below.


Capability Development Methodology Diagram

At the heart of the methodology are the CIISec Skills, Knowledge, Roles and Accreditation Frameworks that have been developed over a number of years via collaboration with private and public sector organisations, world-renowned academics, security leaders and authoritative bodies.

The Frameworks

Skills Framework

The CIISec Skills Framework describes the range of competencies expected of Information Security and Information Assurance Professionals in the effective performance of their roles. It was developed through collaboration between both private and public sector organisations and world-renowned academics and security leaders.. View details...

Roles Framework

The CIISec Roles Framework sets out a typical set of skills expected of Information Security and Information Assurance Professionals in the effective performance of their roles. It was developed through collaboration between both private and public sector organisations and world-renowned academics and security leaders. View details...

Knowledge Framework

The CIISec Knowledge Framework expands upon the widely used CIISec Skills Framework allowing Information Security professionals to have a consistent view of Cyber Security and Information Security. The Framework is also a baseline for the ICSF entry-level exam as a self-study material. View details...


Accreditation Framework

The CIISec Accreditation Framework has been developed to define the competency requirements for Cyber Security Professionals to gain Associate, Full and Fellow levels of accreditation. Our approach has been used to underpin external schemes run by the NCSC and law enforcement. View details...