Cybersecurity is Everyone’s Job

This guidebook outlines what each member of an organization should do to protect it from cyber threats, based on the types of work performed by the individual. It is aligned with the strategic goals of the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST).

The need for this paper was identified by the Workforce Management subgroup of the NICE Working Group (NICEWG), a voluntary collaboration of industry, academic and government representatives formed to facilitate, develop and promote cybersecurity workforce management guidance and measurement approaches that create a culture where the workforce is managed and engaged to effectively address the cybersecurity risks of their organization.

We are the greatest vulnerability in any organization. In this era of persistent cyber threats, an organization can
be secure only with the active participation of everyone. Unfortunately, many organizations limit security responsibilities to designated security personnel that perform specialized security functions. Effective security must be enterprise-wide, involving everyone in fulfilling security responsibilities. Each member of the group, from the newest employee to the chief executive, holds the power to harm or to help, to weaken or strengthen, the organization’s security posture. This guidebook outlines what each of us should do to protect the organization, based on the types of work we do.