Cybersecurity National Occupational Standard
Cybersecurity is not just about technical systems – it’s about people, their behaviour, and how they connect and engage with those systems.
Cybersecurity is defined as “the protection of digital information and the infrastructure on which it resides.” However, despite the internet and connected computing being around for over two decades, cybersecurity remains an emerging and evolving field of work. As such, the work has not been well defined in occupational terms and cybersecurity work is often conflated with other organizational roles. Accordingly, this National Occupational Standard (NOS) defines primary cybersecurity work as distinct from other occupations in information technology, security, business management, or public administration.
Occupational standards describe the standards of competent and safe behaviour within a specific scope of work. This NOS supports a variety of functions for cybersecurity practitioners, employers, educators and other workforce development stakeholders such as government, professional associations, sector councils, employment centers, etc. In the case of cybersecurity, it serves another purpose. Cybersecurity is a relatively new and emerging field of work where various work roles have been conflated within the domain. Accordingly, the NOS defines primary cybersecurity work as distinct from other occupations in information technology, security, business management, or public administration.
The cybersecurity NOS focuses on core cybersecurity roles within the four activity work areas as defined in the Canadian Cybersecurity Skills Framework.
Exclusive of this are a very small percentage of cybersecurity specialist work roles that are defined and performed in government national security, policing or military contexts.Learn More
In conjunction with the core roles that define the cybersecurity occupation discussed in this NOS, there are a number of adjacent roles that have cybersecurity responsibilities which typically form only part of their overall responsibilities within an organization.Learn More
Within many small and medium organizations (SMOs), and even within larger organizations that are not heavily reliant on internet-based activities, there are individuals tasked with cybersecurity responsibilities who may not have any IT or cybersecurity background.Learn More