OT Cybersecurity Competency Framework - V5
OT Cybersecurity Competency Framework - V5
OCTOBER 2021
CONTENTS
1 Introduction ............................................................................................................................................... 1
2 Career Map ................................................................................................................................................ 2
3 Skills Map ................................................................................................................................................... 3
4 Technical Skills & Competencies (TSC) ..................................................................................................... 47
1 INTRODUCTION
The Operational Technology Cybersecurity Competency Framework (OTCCF) aims to guide key stakeholders in the following ways:
• OT and IT system owners can refer to the OT cybersecurity capabilities required to attract the right people, train them
adequately, and map out their career pathways;
• Training providers can refer to the technical competencies required by different job roles and be guided to develop best-in-
class courses and certifications that cater to local training needs; and
• OT professionals or potential jobseekers can identify skillsets for cross- and up-skilling for a meaningful career in the OT
cybersecurity domain. The career pathways could apply to job roles inclusive of vertical and lateral advancement opportunities.
The OTCCF - jointly developed by CSA and Mercer Singapore, and supported by SkillsFuture Singapore (SSG) and Infocomm Media
Development Authority (IMDA) - maps out the various OT cybersecurity job roles and the corresponding technical skills and core
competencies required. It also captures the possible career pathways showing the options for vertical and lateral progression. It is
made up of three key components:
a) Career Pathways
The Career Pathways show the possible options for vertical and lateral progression for advancement and growth.
b) Skills Maps
The Skills Maps cover the job roles, critical work functions, key tasks and skills and competencies.
c) Skills and Competencies
Competencies identified for each of the job roles fall under two broad classifications:
(i) Technical Skills and Competencies; and
(ii) Critical Core Skills (previously known as Generic Skills and Competencies) *.
*See https://www.skillsfuture.gov.sg/skills-framework/criticalcoreskills
2 CAREER MAP
Governance, Risk and Security Design and Maintenance and Security Monitoring and Respond and
Compliance Engineering Protection Assessment Recover
CISO
Various Cybersecurity
Engineering and Maintenance roles ICT Cybersecurity roles
or Governance and Compliance
roles
*The examples shown above are some of the potential job functions or job roles which serve as advantageous entry points for upskilling and/or cross-training in the OT cybersecurity sector.
3 SKILLS MAP
Track Maintenance and Protection
Occupation OT Cybersecurity Maintenance Specialist
Job Role OT Cybersecurity Maintenance Specialist
OT Cybersecurity Maintenance Specialists lead maintenance and administration efforts across OT systems by utilising their strong understanding of OT systems
and environment. They work with cybersecurity and operational personnel to develop and/or deploy mitigation techniques in order to effectively defend against
cyber threats and vulnerabilities within the OT environment.
Job Role Description
They have deep understanding of security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security
technologies within the OT environment. They also work with the cybersecurity team to conduct research to develop or deploy new capabilities and solutions.
Establish, review or update configuration baselines for inventoried assets in order to drive
cybersecurity objectives
Define the patching and control needs of the organisation's OT system and perform
prioritisation of activities
Improve and maintain
Oversee implementation of controls or patches and ensure minimisation of disruption within
cybersecurity posture of OT
acceptable limits of risks
systems
Partner with operational and cybersecurity personnel to plan and monitor periodic
maintenance of OT security infrastructure
Establish authentication and identification rules across devices and users to drive
cybersecurity objectives within the OT environment
Monitor third party and vendor's access and activities in the OT environment
Develop standardised vocabulary for IT and OT cybersecurity teams based on the identified
standards and framework
Manage cross-team strategic projects according to guidance from the senior leadership
Work with the cybersecurity team to conduct research to develop or deploy new capabilities
and solutions.
Application Security
4 Developing People Advanced
Management
Skills & Competencies
Asset Identification and
4 Problem Solving Advanced
Inventory
Emerging Technology
4 Building Inclusivity Basic
Synthesis
OT Compliance and
3 Collaboration Advanced
Assurance
OT Cybersecurity Education
3 Transdisciplinary Thinking Advanced
and Awareness
OT Cybersecurity
Governance and Programme 4
Management
OT Cybersecurity Risk
4
Assessment and Mitigation
Stakeholder Management 4
Performance Expectations
Critical Work Functions Key Task (for legislated/regulated
occupations)
Work with architects to shape security controls, systems, remote access and
architecture for the organisation's OT infrastructure according to defined requirements
Develop OT cybersecurity architecture
and maintain oversight
Implement and configure the IT/OT network controls to protect the OT environment
Perform integration activities such as design, install, configure, test, commission and
handover to OT asset owners
Maintain OT cybersecurity system
integration
Facilitate the partition of systems under considerations into zones and conduits
Critical Work Functions
and Key Tasks /
Performance Conduct testing and evaluation of new cybersecurity technologies and controls
Manage quality and continuous
Expectations Cyber Security Act 2018, Cyber
improvement of OT cybersecurity
Security Agency of Singapore
architecture Recommend security products, services and procedures to enhance OT system
architecture designs
Verify that all connected IT and OT assets in the organisation are taken into account and
Discover and manage organisation's OT
categorized according to criticality
assets
Partner with cybersecurity and operational personnel to test or evaluate cybersecurity
impact of changes to assets
Communicate potential vulnerabilities and attack surfaces and work with cybersecurity
and operational personnel to identify and recommend security controls for mitigation
Track Maintenance and Protection / Security Monitoring and Assessment / Respond and Recover
Occupation Head of OT Cybersecurity Operations
Job Role Head of OT Cybersecurity Operations
Heads of OT Cybersecurity Operations lead various functions of OT cybersecurity: managing system control, and system hardening as well as developing frameworks
and strategies for vulnerability management, incident response and cyber forensics in the OT environment.
They have deep expertise in various OT systems and processes of the organisation as well as their cybersecurity infrastructure. They also have insights on cyber
response, investigation and operation recovery.
Job Role Description
They display strong leadership attributes in guiding, developing and managing resources within and across the team. They are also decisive in their nature and are able
to manage senior stakeholders well.
Critical Work Define standards and guidelines on third-party and vendor and remote access
Functions and Key
Tasks / Performance
Expectations Collaborate with the operations team to define minimum and essential functions of OT Cyber Security Act 2018, Cyber
systems Security Agency of Singapore
Strategise and outline the vulnerability management framework for the OT environment
Improve and maintain cybersecurity Establish and review security baseline configuration standards for operating systems,
posture of OT systems applications and network devices
Partner the operations team to define needs and initiatives of cryptography and
encryption
Provide resources and improve team capabilities in conducting penetration testing and
vulnerability assessments in the OT environment
Recommend policy changes based on the findings from the penetration testing and
vulnerability assessment exercise
Collaborate with legal department and authorities for prosecution and investigation
processes where necessary
Evaluate business continuity and recovery plans to ensure they are updated
Assign roles and responsibilities in implementing business continuity and recovery plans
Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability
Lead people and organisation Oversee the development of learning roadmaps for teams and functions
Build a cybersecurity culture in the Advise the organisation's senior leadership to endorse the design and implementation of
organisation cybersecurity strategies for the OT environment
Skills & Competencies Technical Skills & Competencies Critical Core Skills
Manpower Planning 4
Penetration Testing 3
Stakeholder Management 4
Vulnerability Assessments 4
Research and perform pro-active monitoring or scans of threats and attacks within the
OT environment
Analyse historical information and data to identify early indicators or potential threats
Critical Work Utilise existing database of threats and attack histories to pre-empt and classify potential
Functions and Key new threats
Tasks / Performance
Expectations Cyber Security Act 2018, Cyber
Prepare threat hunting reports and propose escalation steps or mitigation actions
Security Agency of Singapore
Conduct research on new and existing threats that may impact existing OT systems
Document new threats and establish threat profile based on a core set of attributes to
assist in development of threat mitigation protocols
Provide threat intelligence
Provide evaluation and feedback to improve intelligence production, reporting, collection
requirements and operations.
Articulate potential pain points and solutions in aligning IT and OT teams or stakeholders
Manage cross-team strategic projects according to guidance from the senior leadership
Critical Work Oversee security reviews, penetration testing and red team activities
Functions and Key Perform vulnerability assessments and
Tasks / Performance penetration testing
Expectations Cyber Security Act 2018, Cyber
Deliver technical presentations and recommendations to the management
Security Agency of Singapore
Maintain oversight on OT cybersecurity threat landscape and identify the needs for new
vulnerabilities management standards based on emerging risks
Conduct threat hunting in the OT Work with cybersecurity personnel to run test attacks and simulations on the systems to
environment identify the possibilities of threats and extent of damage it could cause on OT systems
Analyse intelligence and shape designated exercises, planning activities, and time-
Provide threat intelligence
sensitive operations to develop cyber-resiliency
Identify and assess the capabilities and activities of cybersecurity criminals or foreign
intelligence entities, and produce findings to help initialise or support law enforcement
and counterintelligence investigations or activities
Present threat hunting reports and work with cybersecurity personnel to establish
mitigation actions
Improve and maintain cybersecurity
posture of OT systems
Provide guidance on threat mitigation strategies and potential threats and cyber-attacks
to ensure current cyber security standards and set-up are updated
Manage cross-team strategic projects according to guidance from the senior leadership
Lead people and organisation Contribute to the development of learning roadmaps for teams and functions
Vulnerability Assessments 4
Partner with engineering and business teams to identify and develop security design
requirements across different OT systems
Ensure that security products, services and procedures are compatible with the current
OT systems and met the organisation's requirement
Identify future risk on designs considering total operating life and possible opportunities
to upgrade cyber safeguards
Partner with the rest of the cybersecurity team to identify improvement opportunities
Manage cross-team strategic projects according to guidance from the senior leadership
They have deep expertise on the various OT systems and networks and are strongly familiar with the cybersecurity standards and frameworks used globally. They keep
abreast of cyber-related applications and hardware technologies and services and are constantly on the look-out of new technologies which could enhance the security
Job Role Description architectures of the OT environment.
They display strong leadership attributes in guiding, developing and managing resources within the team. They are also decisive in their nature and are able to manage
senior stakeholders well.
Champion the adoption of new technologies and drive the implementation to improve OT
security design and architecture
Review OT security architecture to ensure that it addresses technology shifts, threats and
Manage quality and continuous changes in regulation
improvement of OT cybersecurity
architecture Develop strategic roadmaps and tactical remediation plans to address OT cybersecurity
architectural weaknesses
Critical Work
Functions and Key Establish key performance metrics to assess the effectiveness of the OT security
Tasks / Performance architecture
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Derive OT security architecture requirements from organisation's strategy, business
requirement and external environment
Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability
Build a cybersecurity culture in the Facilitate and advise the organisation's senior leadership in deciding cybersecurity
organisation strategy in the OT environment
OT Cybersecurity Education
5 Problem Solving Advanced
and Awareness
Stakeholder Management 5
Sector OT Cybersecurity
Track Security Design and Engineering / Maintenance and Protection
Occupation OT Cybersecurity Systems Analyst
Job Role OT Cybersecurity Systems Analyst
The OT Cybersecurity System Analysts support various activities in the design, maintenance and protection functions within the OT environment. They perform
activities with relevance to OT cybersecurity administration and maintenance in order to establish a secure OT environment. This includes performing asset discovery,
managing vulnerabilities in existing OT systems, as well as performing access control management across OT systems and devices.
Job Role Description
They are familiar with security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security technologies within
the OT environment.
Audit identities and credentials for authorised devices, users and processes in order to
protect physical or remote access to OT systems or devices
Assist in performing security reviews on existing controls and identify cybersecurity gaps
Establish OT cybersecurity architecture Assist in development of cybersecurity requirement specifications for new systems or
and controls devices
Discover and manage organisation's OT Maintain and update inventory of all connected IT and OT assets and devices within the
assets organisation
Document change logs and include information about modifications that impact the
cybersecurity requirements of assets (availability, integrity, confidentiality)
OT Cybersecurity Risk
2 Sense Making Basic
Assessment and Mitigation
Manage OT cybersecurity risk Communicate acceptable level of risk tolerance to internal or external stakeholders
Analyse and classify identified cyber risks in the OT environment based on severity and
assign risk owner
Execute documentation, monitoring and assessment processes necessary to assure that
existing and new OT systems meet the organisation's cybersecurity and risk
requirements
Work with system owners and relevant internal or external stakeholders to perform risk
analysis or security reviews on OT systems and environment resulting in
recommendations for inclusion in the risk mitigation strategy.
Ensure appropriate treatment of risk, compliance, and assurance from internal and
external stakeholders in order for OT systems to perform within acceptable limits of risks
Partner with relevant internal or external stakeholders to implement corrective actions or
remediation plans in order to mitigate vulnerabilities identified during risk assessments or
audits
Provide inputs to overall Enterprise Risk Management Framework processes and
activities
Enhance IT-OT alignment and Develop standardised vocabulary for IT and OT cybersecurity teams based on the
collaboration identified standards and framework
Manage cross-team strategic projects according to guidance from the senior leadership
Establish and approve policies, standards and guidelines for managing cybersecurity
risks and protecting OT systems against cybersecurity threats
Establish and drive cybersecurity
strategies, policies, standards and Work with critical stakeholders to conduct review of policies, standards and guidelines
guidelines according to organisation's against the current cyber operating environment and cybersecurity threat landscape
needs and legislation
Develop procedures and controls to ensure regulatory and compliance within the OT
environment
Critical Work Functions
and Key Tasks / Ensure alignment of OT cybersecurity policies with other policies and operational
Performance standards
Expectations Cyber Security Act 2018, Cyber
Security Agency of Singapore
Define organisation's OT cyber risk appetite aligned with organisation's enterprise and
business risks
Define roles and responsibilities in managing OT cybersecurity risk, including reporting
lines and accountabilities across organisation, including identification and prioritisation
of OT assets
Present findings on deviations from compliance activities and audit findings with
Manage OT cybersecurity risk relevant senior management stakeholders to drive implementation of corrective actions
or remediation plans
Develop or update risk assessment techniques to ensure comprehensive coverage
across the OT environment
Develop relevant policies and procedures to verify that security postures or controls are
implemented, document deviations, and recommend required actions to correct those
deviations
Monitor cyber regulatory compliance findings and engage stakeholders with immediate
follow-up actions if required
Build organisation's awareness on the risks in the OT environment and identify need for
OT cybersecurity awareness and training programmes
Champion the cross skilling and collaboration programmes across IT and OT teams
Identify areas or strategic projects that improve IT-OT alignment, cross skilling and
improve the organisation cybersecurity capability
Vulnerability Assessment 2
Monitor OT systems for cybersecurity Maintain incidents and security data logs on OT systems and prepare regular
incidents documentation for reports
Improve and maintain cybersecurity Prepare OT system vulnerability mitigation and patch deployment report to escalate
posture of OT systems to systems and asset owners
Facilitate incident response activities according to incident response protocols and plans
Failure Analysis 2
OT Cybersecurity Governance
3 Problem Solving Basic
and Programme Management
Vulnerability Assessments 2
Performance
Expectations (for
Critical Work Functions Key Task
legislated/regulated
occupations)
Enable continued or new exploitation operations in support of organisation objectives and target
requirements.
Collaborate with other internal and external partners on target access and operational issues.
Conduct analysis of physical and logical digital technologies to identify potential avenues of access to OT
systems and networks
Conduct in-depth target and technical analysis including target-specific information (e.g., cultural,
organisational, political) that results in access
Critical Work
Functions and
Key Tasks / Perform Vulnerability Assessments Perform comprehensive exploitation activities that identify exploitable technical or operational vulnerabilities.
and/or Penetration Testing Cyber Security Act 2018,
Performance
Cyber
Expectations
Conduct or support authorised penetration testing on OT systems or simulated environments Security Agency of
Singapore
Stay abreast of possible threats that impact operation criticality and physical safety of OT systems
Communicate new developments, breakthroughs, challenges and lessons learned on outcomes of testing
Enhance IT-OT alignment and and assessments across OT and IT cybersecurity teams
collaboration
Develop standardised vocabulary for IT and OT cybersecurity teams based on the identified standards and
framework
Manage cross-team strategic projects according to guidance from the senior leadership
OT Cybersecurity Risk
3 Problem Solving Intermediate
Assessment and Mitigation
Job Role Description They are well versed with the tools, standards, protocols and frameworks of vulnerability management. They also have in-depth knowledge of threat actors relevant to the
organisation.
They are systematic and analytical in performing their duties and are able to reveal threats and articulate the risks and impact to the organisation.
Perform technical risk and vulnerability assessments or scans across the OT environment
Analyse software and configuration snapshot of endpoints for possible exploitation points
Manage and operate vulnerability management systems and tools for OT cybersecurity
Provide inputs to improve assessments or scans based on emerging security and risk
management trends and issues
Support the management of cross-team strategic projects according to guidance from the
senior leadership
OT Cybersecurity Risk
3
Assessment and Mitigation
They are familiar with cyber security standards, incident response plans, procedures and protocols of the organisation, and work in compliance with them.
Engage and liaise with external parties such as vendors for forensic/recovery activities
or law enforcement personnel to carry out required incident response protocols
Prepare accurate and detailed cyber incident reports in the OT environment to facilitate
after-action review processes
Act as subject matter experts to provide insight and guidance to colleagues engaging in
incident response activities or prevention measures
Enhance IT-OT alignment and Support the development of standardised vocabulary to align IT and OT cybersecurity
collaboration teams
Stakeholder Management 4
Communication Intermediate
Job Role Description They are familiar with different types of threats, cyber security standards, protocols and frameworks with regards to forensic investigation. They are knowledgeable of
hardware and software applications to analyse threat data from various sources.
Identify, collect, examine, and preserve evidences and artefacts for the purpose of
conducting cyber forensic investigation on OT systems
Critical Work Analyse evidence and artefacts to investigate cyber incidents and examine root causes
Functions and Key
Tasks / Performance
Expectations Conduct Forensic Investigation on OT Identify attacker tools, tactics, and procedures and develop indicators of compromise
systems
Develop and implement remediation plans and investigative reports in conjunction with
incident response
Present reports and outcomes in investigations or legal proceedings to senior Cyber Security Act 2018, Cyber
management and stakeholders Security Agency of Singapore
Contribute to the development of digital forensic investigation policies and standards for
the organisation
Improve and maintain cybersecurity
posture of OT systems
Skills & Competencies Technical Skills & Competencies Critical Core Skills
Stakeholder Management 3
Communication Intermediate
Collaboration Intermediate
TSC Description
Detect, mitigate and prevent vulnerabilities to protect applications that have been deployed
TSC Description Identify and manage the organisation’s OT assets and inventory to enable the organisation in delivering cybersecurity activities across different functions
Knowledge • Asset identification tools • Lifecycle stages and • Industry best practices • Components of OT and
and techniques management of OT in configuration IT asset management
• Metadata required for assets standards plans
asset inventory • Asset identification • Elements of an • Impact of change
• Baseline configuration process organisation asset management practices
standards • Asset change management plan and on cybersecurity
• Proper asset handling, management practices procedures operations
maintenance and • Impact of asset • Industry standards and • Industry best practices
storage procedures identification tools and best practices in asset for strategies and
• Types of OT assets and techniques identification and techniques in asset
systems that exist in the • Potential cyber security management performance and
organisation risks from OT assets • Mitigation strategies to maintenance
• Vendors for OT assets deal with vulnerabilities • Emerging threats and
and weaknesses of OT trends in the OT
assets cybersecurity landscape
• Regulatory
requirements or
standards for asset
management
Abilities • Perform identification of • Review • Define scope and • Guide integration of
assets and comprehensiveness of approach for asset asset identification
maintenance of asset inventory and identification to drive updates into change
inventory utilising recommend additional comprehensiveness control processes to
identified asset tools for effective and and efficiency of asset ensure that processed
identification tools and continuous monitoring identification process changes are aligned
techniques of assets • Establish information or with asset inventory
• Maintain and update • Assess risk and additional data points • Liaise with relevant IT
data points in alignment implications on required to drive stakeholders to
with asset identification implementing IT or OT- delivery of OT leverage IT networks
requirements specific asset cybersecurity and protocols to assist
• Consolidate identification tools and • Oversee utilisation of in asset identification
configuration and techniques ongoing identification • Articulate value of asset
information on OT • Provide tools and ensure that identification in reducing
assets from existing recommendations and proper measures are in recovery times and
network maps, historical mitigation strategies on place to mitigate threat lowering organisational
data or other asset identification vulnerabilities risk to gain buy-in from
documentation approach when utilising relevant stakeholders
TSC Description
Implement cryptography and encryption to mitigate threat vectors posed to unsecured OT systems
Knowledge • Techniques for • Vulnerability points and • Strength and • Impacts of emerging
acccessing confidential threat vectors posed for weaknesses of various threats and best
data flowing through OT systems cryptography and practices affecting
different types of OT • Understanding of varied encryption techniques organisational initiatives
systems (SCADA, PLCs, algorithm creation • Impacts of encryption on • Differentiating levels of
etc.) techniques and business operations, impact to business
• Audit and monitoring application continuity, safety and operations, continuity,
techniques • Cryptography and recovery from OT safety and recovery from
• Internal guidelines for encryption techniques cybersecurity incidents OT cybersecurity
storage of encryption • Cryptography and • Business processes incidents
keys
encryption frameworks utilising encrypted • Flows of confidential
• Cryptography and
information throughout
(IPsec, etc.), standards information
encryption techniques
and skills (IEC62351, etc.) and • Vulnerabilities of OT organisational OT
techniques systems during the systems
• Industry guidelines and integration process
best practices for
storage and securing
encryption keys
Abilities • Support the testing of • Identify the need to • Create cryptography • Establish requirements
encrypted algorithms execute suitable algorithms to encrypt OT for identification and
prior to the execution of algorithms for systems communication of
cryptography and cryptography and • Facilitate cryptography confidential data
encryption initiatives encryption initiatives and encryption initiatives between OT systems to
• Support requests from • Review security logs to in-line with OT security drive encryption
other stakeholders to identify unauthorised requirements activities, in alignment
decrypt information activity • Identify the appropriate with relevant industrial
• Consolidate data on • Analyse potential threat encryption technique to standards
security logs in order to vectors on various provide expected level of • Design guidelines and
monitor effectiveness of processes for the
TSC Description Design and configure network systems to ensure integrity and reliability of network infrastructure of OT systems through segmentation of network infrastructure, incorporating uses of
apprioriate protection, detection and response mechanisms to confine and detect security incidents
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Monitor, review and execute Manage, identify and Design frameworks to
operational requirements to analyse functional and assess differentiating
ensure the integrity of OT performance security network security
network infrastructure requirements of networks requirements across varying
involved in OT systems OT systems and develop
policies to mitigate threats
Abilities • Monitor security network • Assess need for network • Define planning, building
for incidents and security segmentation in and management
identified operational order to ensure secure phases for network
threats affecting OT OT systems
security design on OT
systems • Collaborate with relevant
systems
• Propose stakeholders to keep up
recommendations to to date with current • Determine perimeters,
address network security security posture of boundaries and trust
deficiencies networks in critical OT levels for network
• Implement perimeter systems security zones in order
security, network • Identify threats to OT to limit broadcast
hardening measures and systems based on domain, restrict
authentication and user network security bandwidth usage and
account controls requirements in reduce attack surfaces
according to identified consultation with • Define security
network security relevant stakeholders requirements for network
requirements • Assess feasibility for security zones to drive
• Conduct testing to verify unidirectional gateway availability, integrity and
the key functions and implementation in highly confidentiality of critical
performance measures critical environments OT systems
of network security • Deploy and configure • Establish planning,
• Monitor packets and firewalls to control building and
information to facilitate network traffic and run management phases for
diagnosing of network inspection, on abnormal network security design
problems, investigating protocol behaviour, on OT systems
security or policy search for patterns of • Conduct research and
violations, and aiding in compromise, and verify evaluate organisational,
security incident traffic signatures against regulatory and security
response and network known malware and policies used to
forensics activities exploit traffic benchmark acceptable
• Assess if identified alerts • Deploy security network security
are false positives measures and controls standards
• Debug network security across network • Prioritise
according to test results components and zones recommendations to
address current and
• Perform collection, to reduce risk of
compromises and future security network
storing and correlation of
increase network gaps
logs utilising appropriate
security information and visibility • Evaluate degree of
event management • Analyse and recommend integration between end-
Review logs and audit configurations aligned to-end OT security
reports of security with incident response solutions with wireless
incidents, intrusions and procedure designs networks
attempts • Identify gap between • Formulate policies
expected and actual concerning VPNs and
performance for VPNs firewalls implementation
and firewalls to optimise • Collaborate with relevant
troubleshooting, stakeholders to
response practices and formulate network
forensic practices intrusion detection and
• Execute recovery plan recovery processes OT
for false positives systems
identified
• Indutrial zones
• Enterprise Zones
• Industrial Demilitarised Zones
• Cell Area Zones
Log mangement:
• Firewall logs
• Network intrusion detection logs
• Router and switch logs
• Operating system logs
• Application logs
The information contained in this document serves as a guide.
TSC Description Facilitate compliance and assurance processes by reviewing adherence to regulations and standards involving OT systems; assess and enhance the thoroughness of compliance
and/or governance processes and organisation's internal controls to align with changing compliance standards and ensure audit’s readiness.
TSC Description Develop and implement cyber risk assessment and mititgation strategies across the systems’ life-cycle, taking into considerationthe organisation’s OT environment and external threats
implement endorsed • Analyse the likelihood of • Lead the implementation • Articulate implications of
treatments and OT cyber risk impacting of OT cyber risk potential OT cyber risks
measures to address creating operational, assessment activities and threats and translate
and mitigate risk safety or business throughout organisation them into a business
impacts • Weigh potential case
• Assess effectiveness of operational or safety • Assess overall strength
risk mitigation treatments risks associated with and preparedness of the
against organisational cyber security risks organisation's existing
policies, processes, • Evaluate options and defences in light of
procedures and key risk determine treatment identified OT cyber risks
indicators approaches for OT • Endorse strategies to
cyber risks effectively address and
• Develop key risk mitigate the OT cyber
indicators or indicators risks identified and
of compromise in evaluate potential costs
collaboration with key to the organisation to
stakeholders and asset implement the strategies
owners to categorise • Formulate strategies and
severity of risk and plans to address current
potential impact to and future risks gaps in
organisation and consultation with
operations relevant stakeholders
The information contained in this document serves as a guide.
TSC Description Develop test strategy and procedure to verify and ensure that OT solutions and products are in line with cybersecurity requirements; this includes the ability to define and verify the
cybersecurity requirements across the product life stages, the tools used to perform the test, the data and/or resources needed to conduct the test.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Conduct evaluation of OT Design evaluation plan and Define frameworks,
products and solutions in analyse test results in processes and standards to
line with defined framework alignment with cybersecurity guide cybersecurity
and processes standards evaluation of OT vendors,
products and solutions
Knowledge • Testing tools and • Different types and • Testing objectives and
processes levels of testing over scope
• Documentation product life stages • Range of tests and their
requirements of software • Range of tests, testware pros, cons, applicability
and hardware testing and applications and compatability
• Methodologies to • Optimal scheduling • Key resources, data and
implement and assess times for different tests tools required to
OT products and • Functional and implement product
solutions performance security
requirements of OT • Key components of OT
products and solutions products
• OT industry and
landscape trends
TSC Description Embed security principles into the design and specification of security architectures and controls for OT systems to meet defined OT cybersecurity needs
TSC Description Develop and implement OT cybersecurity enterprise programs, policies and standards to govern the organisation's approach towards protecting OT systems in alignment with
regulations, organisation’s context, operating environment and cyber threats
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Facilitate efforts in Assess adherence of OT Develop OT cybersecurity Develop OT cybersecurity
implementing and tracking cybersecurity policies, policies, standards, programmes at an
of OT cybersecurity standards and protocols, protocols and develop plans enterprise level, defining
programmes and driving the OT cybersecurity and resources to implement organisation’s risk appetite
conformance to policies, programme implementation the programmes and providing direction for
standards and protocols and monitoring effectiveness OT cybersecurity policies,
standards and protocols
Knowledge • Organisation • Various OT threats and • Critical elements of • Emerging trends and
cybersecurity policies, system vulnerabilities in corporate security developments in OT
standards and protocols the OT environment policies, standards and cybersecurity
• OT cybersecurity • Implementation process protocols management and
programmes and and considerations for • International OT practices
indicators of good cybersecurity policies, cybersecurity • Industry standards,
practices standards, protocols and frameworks regulations and best
• Common tools and programmes • Geographical and practices for OT
methodologies in OT • Types of security sectoral regulations and cybersecurity
security programme controls in the OT codes of practices for • Key business and
development environment of the OT cybersecurity operation implication of
• Maintenance procedures organisation • Policy, standard and changes in policies,
for OT security • Methods to assess protocol writing standards and protocols
programmes processes against techniques concerning the OT
policies, standards and • Methods to environment
protocols communicate • Methods to analyse cost
• Objectives and plans for organisation’s policies, and benefits of
OT cybersecurity standards, and protocols implementing an OT
programmes • Related operational or cybersecurity
• Metrics to evaluate OT business policies, programme
cybersecurity standards, protocols and
programmes programmes
Abilities • Coordinate efforts with • Validate compliance of • Develop OT • Define and articulate the
appropriate stakeholder cybersecurity policies, cybersecurity policies, organisation’s risk
to drive or maintain standards and protocols standard, and protocols appetite and tolerance
ongoing cybersecurity • Highlight areas for based on the • Set direction for the
programmes improvement and frameworks, regulations, organisation's
• Support the roll out and propose solutions or OT cyber threats and cybersecurity policies,
communication of OT revisions to standards, protocols and
cybersecurity policies, cybersecurity policies, risks and organisation’s programme in line with
standards, protocols and standards and protocols context business requirements
programmes • Identify lapses in or • Establish internal and the external
• Monitor existing process potential issues that may processes to regularly environment
on a daily basis and endanger the OT review the adequacy of • Review and endorse
ensure conformance to environment security controls proposals for updates or
OT cybersecurity • Propose specific action • Introduce suitable enhancements to
standards and protocols plans for different OT technologies, processes organisation’s policies,
• Monitor ongoing OT area or business units to and tools to maximise standards, protocols and
cybersecurity improve conformance compliance and programmes
programme and highlight and programmes’ programmes • Assess overall
implementation hurdles effectiveness implementation effectiveness of OT
• Consolidate feedback • Evaluate technologies • Communicate and cybersecurity
and concerns of end- and tools that can educate the organisation programme and set
users with regards to address gaps and on new or updated priorities and
ongoing OT facilitate compliance with policies, standards or improvement activities
cybersecurity security policies protocols and • Establish benchmarks
programmes • Introduce and review cybersecurity and targets with regards
adequacy of security programmes to OT cybersecurity
controls in line with • Develop plans, schedule governance and set
corporate cybersecurity and resources to processes to be
policies implement OT regularly reviewed
• Implement and partner cybersecurity against
stakeholders on programmes • Establish and regularly
implementation of new • Collaborate with senior review OT cybersecurity
or updated cybersecurity stakeholders to ensure programmes’ strategy
policies, standards, that OT cybersecurity and objectives in
protocols and policies, standards , alignment with
programme protocols and organisation’s strategic
• Drive implementation of programme are priorities and risk
OT cybersecurity executable and aligned tolerance for OT
programmes with other with other enterprise- systems
stakeholders level initiatives • Lead communication of
• Regularly monitor impact business case to key
and metrics to determine leadership roles and
effectiveness of OT ensure buy-in for OT
cybersecurity policies, cybersecurity policy
standards, protocols and changes and programme
programmes management
The information contained in this document serves as a guide.
TSC Description
Deploy vulnerability mitigations and patches in phases to minimise operation disruption during testing, deployment and validation to mitigate vulnerabilities in OT systems
TSC Description
Manage OT cybersecurity risks associated with services or systems that are dependent on vendors or external entities through formulation of frameworks, guidelines and processes
impact cybersecurity on • Establish key controls to protect the posed by supply chain
OT systems performance indicators organisation against dependencies and gain
• Consolidate feedback for assessment of cybersecurity threats buy-in for proposed
• Establish processes to mitigation or actions to
from end-users and vendor service delivery,
enable the monitoring of from key stakeholders
external depencdencies conformance testing, service performance and • Establish organisational
to analyse future assessment and validate compliance with cybersecurity
demands and needs to performance levels cybersecurity requirements across OT
deliver secure OT • Review dependencies’ requirements systems and
systems and assets ability to continually • Collaborate with relevant dependencies in
• Facilitate information meet cybersecurity stakeholders to build OT consultation with key
cybersecurity awareness stakeholders
sharing on relevant OT requirements for delivery
for external • Establish benchmarks
cybersecurity information of services and identify dependencies on against regulatory
or incidents actions for improvement prevailing OT standards to guide the
of service levels cybersecurity threats,
development of supply
• Evaluate the impact of impacts and mitigations
chain framework from a
contractual issues and • Develop contractual
provisions to pre-empt OT cybersecurity
problems on
and address significant perspective
cybersecurity of OT
OT cybersecurity risks • Formulate detection
systems, and determine associated with varying strategy for critical
if a major contractual dependencies components in the
breach has occurred • Evaluate overall
supply chain to detect for
• Identify stakeholders to performance of vendors
early signs of
be involved in to review and endorse
information-sharing compromise
decisions on future
processes based on • Assess need to
contract renewals, renegotiate the terms of
shared interest in risk to
OT systems and assets changes or termination SLAs or outsourcing
• Assess the proportion contracts in the event of
and type of clients new legal or regulatory
served by the vendors requirement
for potential conflict of
interest and threats
• Establish alternative
sourcing plans in the
event of operation
disruptions
Range of Application • Suppliers
• Customers
• Single-source or other essential dependencies
The information contained in this document serves as a guide.
TSC Description
Plan, design and test contingency plans to ensure organisational resilience and maintenance of the availability, stability and integrity of OT systems in the events of cybersecurity incidents
TSC Description Examine the root cause of OT system failures and execute appropriate analysis and mitigation techniques for both physical and digital incidents to ensure compliance with
organisational and regulatory requirements
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support and respond to Conduct failure analysis to Lead failure analysis and Outline procedures,
failure incidents and initiate determine cause of defect review the results to guidelines and plan failure
process of failure analysis and impact to OT assets determine root causes analysis activities and lead
communication and
remediation plans
Abilities • Respond to failure • Evaluate incidents and • Review failure incident to • Create process and
incidents and initiate identify appropriate determine appropriate guidelines to document
appropriate process for failure analysis failure analysis and conduct failure
failure analysis technique procedures for physical analysis activities
according to • Execute failure analysis and digital assets • Incorporate and update
organisational and
organisation guidelines on OT systems in line • Identify and segregate regulatory requirements
and procedures with organisational list of possible failure into failure analysis
• Draft failure report and guidelines and techniques for potential process
incident log for review procedures physical and cyber • Set the depth and level
• Support communications • Review failure reports incidents and of analysis standards
with asset owners and • Conduct physical failure appropriate required for compliance
with regulatory and
other stakeholders in analysis on OT systems, • Define time-frame for
organisational
preparation for failure keeping abreast of failure analysis to requirements
analysis organisation’s safety minimise operation • Identify best practices
guidelines disruption and emerging
• Prepare communication • Analyse result of failure technology in the failure
materials and conduct reports and develop analysis field
communication session remediation plans • Assess and approve
changes to existing
processes and
TSC Description Monitor to provide for optimum levels of network performance and minimisation of downtime. This includes detection, isolation, recovery and limitation of the impact of failures on the
network as well as provision of support to system users through ongoing maintenance information sharing and training
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Monitor network Review, optimise and align Assess network capabilities
performance, investigate network performance with and set network rules to
and resolve network faults operation needs, and ensure support OT networks and
or downtime adherence to configuration systems, as well as and
rules optimise performance in
changing environments
TSC Description Perform forensics investigations on cyber-related incidents on OT systems through preservation of digital evidence
Abilities • Facilitate collection and • Combine digital • Perform investigation • Develop forensic
preservation of digital evidence and identify activities and forensic investigation plan,
evidence in consultation patterns, or analysis to determine including the tools,
with relevant stakeholders unauthorised access the underlying causes processes and
• Coordinate execution of from digital evidence and effects of incidents methodologies to be used
forensic investigation plan • Combine digital • Establish processes to • Develop guidelines and
in compliance with evidence from several facilitate the digital Standard Operating
organisational physical sources and methods to evidence acquisition to Procedures (SOP) for
safety guidelines analyse forensic minimise impact to OT investigation procedures
• Monitor a range of internal evidence, document systems functionality including guidelines for
and external OT data inferences, patterns and and uptime physical and digital
sources to identify correlation of events to • Assess suitability of new interviews, data handling,
relevant information to draw evidence and emerging forensic surveillance etc.
incident at hand • Prepare report on digital tools, given investigation • Identify types and time-
forensics finding in requirements and OT sensitivity of data gathered
compliance with legal operation requirements from OT systems
regulations and • Determine the key tasks, • Collaborate with external
standards timelines, milestones vendors to identify
• Access and extract and accountabilities for a appropriate forensics tools
evidence from OT specific forensic and potential conflict with
systems utilising investigation integration to OT systems
appropriate forensic • Lead forensic • Assess and approve
tools investigations, involving recommendations for
• Document OT system interaction with OT changes to minimise
security incidents systems involving time- impact to OT systems and
including detail, trend sensitve, critical OT improve the digital
and handling assets, large data sets evidence integrity validity
• Store original and copied and networks • Formulate plans to identify
evidence in safe considerations types of data and
environments with • Review multi-source appropriate methods and
limited access evidence and tools required to acquire
• Extract digital evidence conclusions drawn in digital evidence from OT
from various sources, in light of broader trends systems while minimising
compliance with and contextual impact to digital evidence
authorised procedures considerations integrity validity
• Identify alternatives and • Lead presentation of
solutions for potential reports and outcomes in
barriers and conflicts for significant investigations or
communication between legal proceedings
investigative methods,
tools, procedures and
OT systems that
prevents data collection
The information contained in this document serves as a guide.
TSC Description Detect and report cyber incidents in the OT environment, identify affected systems and user groups, trigger alerts and announcements to ensure efficient resolution of the situation
Knowledge • OT systems and network • Prioritisation criteria for • Mechanics of incident • Industry standards and • Political, national and
in the organisation OT incidents alert triggers in the OT best practices in incident international sensitivities
• Incident detection and • Procedures and system management in the OT regarding cyber crimes
reporting protocols processes to conduct • OT cyber Incident environment in OT sectors
• Types of security Root cause analysis and remediation solutions • Key components of an • Potential impact of
incidents timeline analysis of OT and strategies incident management incidents to the
• Types of threats, cyber incidents • OT cyber Incident playbook for the OT organisation and
attacks and breach in • Tools and processes to mitigation strategies environment stakeholders and
the OT environment conduct remediation of • Criteria and community
• Categorisation OT cyber incidents requirements of an OT • Best practice and types
guidelines for incidents • Security implications of incident response team of OT cyber incident
• Impact of incidents on incidents • Key stakeholders for OT management strategies
systems and operations incident management • Risk mitigation strategies
• Post-mortem processes for OT cyber incidents
for OT cyber incidents • Procedures to manage
• Communication OT cyber incidents on an
strategies and protocols industry, national or
• Prosecution processes international scale
and requirement related
to cyber attack
Abilities • Provide real-time • Review categorisation of • Define incident alerts • Establish incident • Direct the management
status reporting on incidents in the OT mechanisms, processes management of OT cyber incidents on
affected OT systems environment and and relevant parties in procedures for the an industry, national or
• Maintain logs of determine its priority the OT environment detection, reporting and international scale
incidents level • Develop a holistic view handling of incidents in • Manage OT cyber
• Report incidents, in • Conduct containment of of OT incidents by the OT environnment incidents to minimise
line with incident cyber incidents in the OT integrating information, • Develop a playbook for significant reputational
management systems data, alerts and analysis OT cyber incident risk to the organisation
protocols • Escalate alerts to from detection system management • Lead collaboration
• Gather relevant relevant stakeholder logs to • Lead the remediation across industries to
information or groups upon the • Distil key insights and and resolution of cyber manage manage OT
collection of occurrence of incidents impact from analyses of and data incidents at the cyber risk and incident
evidence from to facilitate execution of incidents organisational level management
stakeholders and information collection • Co-develop incident
plan of evidence management strategies
asset owners about • Perform first responder • Manage the containment • Resolve large-scale, on a national level with
incidents troubleshooting by of incidents within the unpredictable OT cyber external experts and
• Categorise the following pre-determined organisation incidents stakeholders for the OT
importance of procedures • Lead recovery and • Develop framework and sectors
incidents based on • Analyse incident reports, preservation of key lead the communication • Lead critical
established log files and affected evidence in line with activities to different communications to the
guidelines systems to identify organisational needs of critical stakeholders public, authorities,
• Identify the OT threats and root causes contained OT incidents • Direct post-mortem internal and external
systems and affected of incidents • Establish and drivee the activities following stakeholders
parties by the • Perform incident triage implementation of critical incidents in the • Define required
incident based on to assess severity of mitigation and OT environment standards of
information gathered incidents and security prevention processes • Develop OT cyber preservation of evidence
• Assist in mitigation of implications and policies incident mitigation in line with
incidents as directed • Implement plans and strategies organisational legal or
• Document the processes for • Support the legal action regulatory needs
modifications made remediation and prosecution
to troubleshoot and activities where
resolve problems or necessary
incidents in the • Collaborate with key
system internal stakeholders,
• Coordinate efforts to external stakeholders,
facilitate incident OT system vendors and
response processes asset owners to create
across different evidence collection and
stakeholders preservation plans
TSC Description Conduct penetration testing to reveal vulnerabilities or lapses in the existing OT systems
TSC Description Conduct analysis of new and incoming threats, to examine their characteristics, behaviours, capabilities, intent and interactions with the environment as well as the develop defence and
mitigation strategies and techniques to effectively combat such threats
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Perform static, dynamic or Examine threat behaviours Define and establish an
behavioural analysis on and capabilities and enterprise threat defence
malicious code and threats, circumventing anti-analysis and mitigation strategy,
debug malware, thraw mechanisms, incorporating new
attacks and document recommending techniques techniques to combat
incidents to block and mitigate emerging threats and
malicious code and attacks attacks
TSC Description
Monitor and anticipate potential threats to OT systems and its components
Knowledge • Methods and tools for • Range of intrusion • Mechanisms for threat • Multiple fields in cyber
monitoring network detection and monitoring detection and monitoring intelligence, including
activities, systems and technologies for OT for OT systems intelligence collection
mechanisms systems • Advanced statistical and operations and cyber
• Intrusion detection • Applied principles and tools trend analysis techniques counter-intelligence
techniques, software, and of information security • Emerging trends and • Emerging threats,
their functions • Techniques for analysis developments in OT perpetrators, doctrines and
• Types of security threats and integration of threat cybersecurity methods of operation
and intrusions affecting OT data • Types of impact analyses • Types of business,
systems • Relevant data sources of of cyber threats for OT financial, operational and
• Security protocols, threat intelligence in the systems safety impacts of
standards and data form of firewall logs, • Range of possible tactics, cybersecurity threats
encryption intrusion detection system techniques and procedures
• Indicators of attacks logs, open source internet used for security attacks
• Attack patterns and threat searches, honeypots • Key components and
vectors • Types and features of objectives of intelligence
• Techniques, methods and exploits and malware products and mission
technologies in threat data reports
collection
Abilities • Perform security monitoring • Identify resources and • Develop strategies for • Formulate mechanisms
to detect intrusions utilising technologies required for threat monitoring and and processes for
appropriate tools and intrusion detection tracking efforts across detection and identification
applications according to technical and enterprise systems of cybersecurity events as
• Monitor access control cost guidelines • Synthesise multiple well as collation and
mechanisms, network • Implement intrusion information sources and analysis of events, threats
activities and operating detection and analysis analysis reports into a or incidents affecting OT
systems based on key objectives holistic view of potential systems and its
• Interpret information from and stakeholders' threats components
logs and scanners to detect requirements • Draw insights about the • Manage the research,
threats and intrusion • Analyse collected potential impact of analysis, and data
attempts information to identify integration across a wide
• Apply detection vulnerabilities and potential estimated cyber threat variety of information
technologies, checks and for exploitation scenarios for OT systems sources
techniques to identify • Review multiple sources of • Develop threat hunting and • Determine the tactics,
anomalous activity and data and intelligence feeds intelligence reports so as to techniques and procedures
patterns • Conduct intelligence present analysis of threat used for intrusions and
• Identify indicators of analysis of OT cyber data to key stakeholders attacks on OT systems
attacks during the detection activities to identify entities • Lead comprehensive • Present an informed and
process of interest, potential evaluation of the robust point of view on both
• Escalate security threats or methods, motives, and capabilities and activities of current and anticipated
intrusions detected with capabilities cyber criminals, foreign threats, perpetrators,
with relevant parties • Assess and identify critical intelligence entities or motivations, doctrine and
contextual information for perpetrators modus operandi
cyber events • Conduct in-depth research • Articulate significance of
into OT cybersecurity evolving OT cybersecurity
issues of industry-wide or threats to critical decision-
nation-wide significance makers and senior
• Produce findings to help management in the
initialise or support law organisation
enforcement and • Present policy
counterintelligence
recommendations and
investigations or activities
impact assessments to
critical industry
stakeholders and leaders
The information contained in this document serves as a guide.
TSC Description Conduct threat modelling and vulnerability assessment to reveal vulnerabilities or lapses in the existing OT systems
Knowledge • Application and usage • Process and techniques • Organisational • Design guidelines and
of basic vulnerability for secured source objectives of best practices for
assessment tools and code review vulnerability threat modelling,
tests for OT systems • Threat modelling assessment vulnerability
• Types of OT system techniques • Key components and assessment and
security vulnerabilities • Network monitoring methodologies in the source code review
and threats tools and their usage design of security • Organisation priorities
• Internal and external • Vulnerability testing activities and OT security
security standards assessment tests and • Advanced threat objectives
interpretation of results modelling, hacking, and • New and emerging
• Range and types of source code review trends in cyber-
security loopholes and techniques attacks, hacking
threats • Data and trend analysis techniques and
in cyber attacks security threats
Abilities • Perform technical • Carry out threat • Design security testing • Establish organisation
coordination of modelling and secured plan and evaluation guidelines and
vulnerability source code review criteria for vulnerability methodologies for the
assessments according • Deploy a suite of assessments design and conduct of
to test plan templates network monitoring and • Manage the vulnerability
• Execute vulnerability vulnerability scanning implementation of assessments
scans on smaller tools to assess the vulnerability • Lead security reviews,
systems, using basic threats and assessments activities, specifying the OT
vulnerability vulnerabilities in an OT in line with the systems, applications,
assessment tools and system organisation-wide processes, people to
tests • Identify vulnerability strategy be assessed
• Document the results of exploitations and • Implement advanced • Develop
security assessments potential attack vectors threat modelling and comprehensive criteria
and tests, according to into an OT system source code review for assessing the
test plan guidelines • Analyse vulnerability techniques effectiveness of
• Identify security lapses scan results to size and • Analyse patterns in security mechanisms
in the system or assess security incident data to identify and controls
security mechanisms, loopholes and threats new and emerging • Develop
based on issues • Evaluate if current trends in vulnerability implementation
documented from systems can overcome strategies for
TSC Description Drive education and awareness of potential risks, mitigation strategies and best practices in OT cybersecurity; this includes facilitation of communication and training to ensure
employee capabilities, adoption and adherence to security policies and protocols.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support delivery of security Define activities required Develop communication
activities and programmes to bridge gaps in priorities and strategies in
to drive education and knowledge and alignment with industrial
trends and business priorities
awareness of OT capabilities of key
to drive awareness of OT
cybersecurity in existing personnel to effectively cybersecurity and capability
work practices deliver OT cybersecurity development in the
functions and processes to organisation
the organisation
TSC Description Prepare organisational budgets to support short- and long-term business plans through forecasting, allocation and financial policy setting
Knowledge • Objectives, parameters • Analyse business • Recommend parameters • Determine short- and
and types of budgets function strategies, and assumptions for long-term financial
• Key principles of functional objectives and budget forecasting in needs to assess current
accounting and financial operational plans accordance with financial situations
systems • Carry out forecasting organisational needs • Formulate financial plans
• Types of data sources and budgeting for the and market conditions aligned to overall
and data required to financial year • Prepare financial organisational strategies
prepare a budget • Calculate the business forecasts to facilitate • Allocate budget
• Accounting principles unit’s cash flow financial and business resources in accordance
and practices related to requirements planning with organisational
budget preparation • Determine the business • Implement budget plans financial plans
• Key principles of unit’s financing needs for to manage resource • Review financial
budgetary control and the financial year allocation to business forecasts to anticipate
budget plans, budgetary activities changes in business and
• Compare budget data
control techniques • Manage actual budget to operational
with estimations to
• Requirements of highlight discrepancies
enable financial circumstances
Singapore’s taxation operation n to be • Review draft budgets in
• Report budget
policies measured against accordance with
calculations and
• Functional objectives discrepancies to
forecasted business organisational guidelines
and key requirements plans • Monitor and evaluate
organisation
• Organisational financial • Monitor budget actual expense figures
management to facilitate
data outcomes to ensure against budget to identify
decisions on budget
• Financial analytical allocation
proper utilisation and and address variances
techniques and accounting of resources • Report findings,
• Ensure adherence to
methodology against their intended recommendations and
financial controls in
• Stakeholders to consult purposes options to organisation
accordance with relevant
on budget calculations • Present financial management for review
organisational corporate
forecasts, budgets and in accordance with
governance and financial
budget outcomes to organisational policies
policies, legislation and
immediate supervisors
regulations
for review and approval
Abilities • Analyse business • Recommend parameters • Determine short- and • Set direction for
function strategies, and assumptions for long-term financial organisational budget
functional objectives and budget forecasting in needs to assess current planning in consultation
operational plans accordance with financial situations with stakeholders
• Carry out forecasting organisational needs • Formulate financial plans • Align budget plans with
and budgeting for the and market conditions aligned to overall organisation’s strategic
financial year • Prepare financial organisational strategies plans
• Calculate the business forecasts to facilitate • Allocate budget • Review organisational
unit’s cash flow financial and business resources in accordance financial and treasury
requirements planning with organisational management policies,
• Determine the business • Implement budget plans financial plans systems, budgets and
unit’s financing needs for to manage resource • Review financial plans
the financial year allocation to business forecasts to anticipate • Evaluate effectiveness in
activities changes in business and increasing business
• Compare budget data
• Manage actual budget to operational value
with estimations to
highlight discrepancies
enable financial circumstances • Evaluate implications of
operation n to be • Review draft budgets in financial and treasury
• Report budget
measured against accordance with management policies,
calculations and
forecasted business organisational guidelines systems, budgets and
discrepancies to
plans • Monitor and evaluate plans on the
organisation
• Monitor budget actual expense figures organisation
management to facilitate
outcomes to ensure against budget to identify • Advise senior
decisions on budget
proper utilisation and and address variances management on
allocation
accounting of resources • Report findings, refinements to financial
• Ensure adherence to
against their intended recommendations and and treasury
financial controls in
purposes options to organisation management policies,
accordance with relevant
• Present financial management for review systems, budgets and
organisational corporate
forecasts, budgets and in accordance with plans
governance and financial
budget outcomes to organisational policies • Evaluate financial and
policies, legislation and
immediate supervisors treasury management
regulations
for review and approval policies, systems,
budgets and plans for
endorsement purposes
Range of Application
TSC Description Identify and scope business requirements and priorities through rigorous information gathering and analysis as well as clarification of the solutions, initiatives and programmes to enable
effective delivery. This also involves the development of a compelling and defensible business case and the articulation of the potential impact of the solution to the business.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Document business Elicit and analyse business Investigate existing business Lead comprehensive
requirements and identify requirements from key processes, evaluate analysis to understand
basic needs as well as stakeholders and assess requirements and define the underlying drivers and
potential solutions relevant solutions and their scope for recommended present a compelling
potential impact solutions and programmes business case for proposed
IT solutions
or solutions for and their underlying initiatives and • Obtain formal agreement
consideration drivers programmes from stakeholders and
• Explore relevant • Analyse requirements for recipients to the scope,
solutions or alignment with business prioritised requirements
programmes, from an objectives and priorities and establishment of a
existing repertoire, that • Obtain formal agreement baseline for solution
can address business by stakeholders or delivery
needs recipients to the scope • Manage effective
• Present solution options and establish baseline business processes,
for consideration for commencement of through changes and
• Explain how solutions solution delivery enhancements in IT
will impact the business • Evaluate potential systems, management
and address options and recommend and processes
requirements effective solutions and • Establish the
programmes that can be contribution that IT
combined or customised initiatives, programmes
to address root of and solutions can make
business needs to business objectives
• Present business case • Oversee development
for recommended and implementation of
solutions, defining solutions, taking into
potential benefits, account the change
options, associated risks implications to the
and impact organisation and all
stakeholders
• Utilise in-depth analysis
and business models to
present a strong,
compelling business
case for proposed IT
changes and solutions
• Project long-term costs
and benefits, options,
risks and impact to
senior stakeholders
Range of Application
TSC Description Monitor and integrate emerging technology trends and developments, structured data gathering for the identification of new and emerging technological products, services and
techniques. In addition, the performance of cost-benefit analysis and evaluation of their relevance, viability, sustainability and potential value add to the business.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Conduct research and Evaluate new and emerging Establish internal structures Establish an emerging
identify opportunities for new technology and trends and processes to guide the technology strategy and
and emerging technology to against the organisational exploration, integration and spearhead organisational
support the business needs and processes evaluation of new norms to synthesise and
technologies leverage new technologies
and trends to propel
business growth
Knowledge • Market scanning and • Current industry and • Key sources of • Critical elements of an
research techniques for technology information information on new emerging technology
emerging technology sources technologies in adjacent, blueprint
• Similar or relevant • Industry-accepted competing or relevant • Short and long-term
industries hardware and software industries impact of new and
• New technologies and IT products • Risk analysis of the new emerging technologies
products and services in • Emerging trends in technologies, and • Trends and
the market technological products implications on legal, developments in
• Typical business and services in the IT ethical or security adjacent industries
process flows industry dimensions of the • Potential impact and
• Cost-benefit analysis business disruptions to process
and evaluation methods • Change management norms in the Infocomm
for assessing new and implementation Technology (ICT)
technologies considerations relating to industry or field
• Business process flows introduction of new • Strategic partnership
and interdependencies technologies and alliance
• Business priorities, development
planning, value chain
and key processes
• Current and future
impact analysis
Abilities • Explore relevance of • Determine the suitable • Lead the identification • Develop an emerging
technologies or IT sources and relevant and evaluation of new technology strategy and
processes in use and sectors or industries to and emerging blueprint
under development in explore new technologies, techniques • Harness new
other industry sectors technologies in detail and models technologies and trends
• Conduct research on • Monitor the market to • Decipher impact of new in moulding business
new technologies keep abreast of new and emerging strategy
• Assess potential of technologies that will technologies on • Decipher the impact of
emerging technologies impact the ICT market business operations emerging technology on
to address challenges • Evaluate emerging • Experiment with the the ICT industry or field
or enhance processes technology against the integration of new and • Establish organisational
within the organisation existing business needs emerging technology norms of evaluating
• Identify processes that and infrastructure in a into the existing emerging technologies in
will be improved by the nimble and iterative business context a rapid, nimble and
application of new and manner • Establish internal iterative manner
emerging technologies • Review market research processes and • Synthesise different
and approaches and validate the new guidelines to facilitate emerging technologies
• Put forth technologies against the the research on and and trends into initiatives
recommendations or organisational needs evaluation of new or products that propel
options of technology • Provide technologies business growth
models that offer recommendations with • Establish organisational • Establish alliances to
process improvement strong rationale for the need and selection facilitate emerging
outcome of the criteria for new technology exploration
evaluation technologies across organisations
• Communicate with • Articulate the business • Build strategic
external partners to considerations and partnerships with
obtain and explore parameters relating to organisations and
emerging technologies the adoption of new suppliers to optimise
technologies access to new and
• Manage collaborations emerging technology
with external partners to • Create thought
gain access to and leadership around
explore emerging emerging technologies
technologies and their impact
Contexts in which this skill may be applied includes, but is not limited to:
Range of Application
• Overall business operations
• New IT products or services
• IT operations
• Marketing function
• Sales function
The information contained in this document serves as a guide.
#Extracted from SkillsFuture ICT Framework
TSC Description Manage employees’ learning and development activities to maximise employee’ potential and capabilities to contribute to the organisation
Knowledge • Legal and ethical • Legal and ethical • Legal and ethical
considerations relating to considerations relating to considerations relating to
identification of individual the broader development succession planning,
training requirements and provision of human and organisational
• Market trends and resource information and learning and
developments in relation services development
to business functions • Links between human • Organisational policies
which may aid in resource and and procedures relating
identifying new and organisational strategies to succession planning,
emerging skill • Communication and organisational
requirements techniques and channels learning and
• Roles and accountability relevant for development
for identifying disseminating • Relevant professional or
appropriate employee • Facilitation and industry codes of
skill requirements communication skills for practice and standards
• Methods of facilitation of working with relating to learning and
individual learning stakeholders in the development
opportunities development of human • Implications and impact
• Instructional techniques resource activities, on employees and the
and methods for working services and organisation arising from
with team members to programmes succession management
increase performance • Models and methods for processes, learning and
• Relevant professional or evaluating the development processes,
industry codes of effectiveness of human and engagement
practice and standards resource activities, activities
• Communication services and • Relationship between
techniques and channels programmes engagement and
relevant for • Legal and ethical performance
disseminating considerations relating to • Concepts and theories of
information regarding consultation and succession planning and
communication with employee engagement
TSC Description Estimate and fulfil manpower requirements to achieve business goals and targets
Abilities • Determine job roles and • Review workforce • Gather data to forecast
positions required execution plans needed demand of headcount
• Identify skills needs to meet project and/or and skills at
related to job positions functional objectives organisational level
• Develop job descriptions • Adapt mathematical • Review internal
to articulate role and skill models to conduct education and training
requirements statistical analyses of programmes to verify
• Assist in developing manpower demand manpower supply
recruitment strategies • Review productivity against future demand
with Human Resource metrics of existing • Prepare contingency
department residential contractors plans to meet the turn of
• Negotiate with (RCs) and common economic and
residential contractors contractors (CCs) technological change
(RCs) and common • Develop manpower circumstances
contractors (CCs) on forecast based on job • Initiate changes to
manpower needs roles and positions Human Resource
required activities, services and
programmes
• Guide key stakeholders
with information on how
manpower decisions
assist in achieving
strategic organisational
goals
Range of Application
TSC Description Build cooperative partnerships with inter-organisational and external stakeholders and leveraging of relations to meet organisational objectives. This includes coordination and
strategising with internal and external stakeholders through close cooperation and exchange of information to solve problems.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Support the development Propose strategic initiatives Evaluate and drive inter- Inspire direction and define
and coordination of with other organisations organisational initiatives, key imperatives for inter-
partnerships with external based on identification of and negotiate strategic organisational partnerships,
stakeholders and mutual benefits, and analyse information exchange with leading negotiations with
organisations their impact key partners senior leaders and on an
international scale
Range of Application
TSC Description Establish organisation-wide performance management strategies to facilitate performance management, including identification of key performance indicators and employee
performance assessment
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Implement performance Develop performance Establish organisation-wide
management programmes management programmes performance management
strategies
Knowledge • Organisational • Industry codes of • Organisational strategy
performance practice related to and the impact on
management performance human resource (HR)
programmes management strategies
• Statistical analysis • Best practices in • Emerging trends and
techniques for evaluating performance developments related to
current performance management performance
management • Market trends pertaining management
programmes to performance • Relationship between
• Key performance management performance
indicators (KPIs) used in • Roles and management
performance responsibilities of key programmes and
management stakeholders in development of business
programmes performance objectives
• Types on competency management • Stakeholder
frameworks in • Behaviours that engagement techniques
organisation influence employees’ • Links between
performance performance
• Statistical analysis management and
techniques for organisational strategy
evaluating performance
management data
Abilities • Facilitate the • Review the key • Cascade organisational
identification of KPIs for performance indicators level key performance
teams and individuals (KPIs) as identified by indicators (KPIs) to
with managers line managers departments
• Conduct research on • Cascade departmental • Engage stakeholders in
the best practices in KPI level KPIs to teams and identifying performance
development individuals management
• Communicate KPI • Provide guidance on the requirements
guidelines to line use of performance • Develop performance
managers management tools and management strategies
• Implement performance resources available aligned to organisational
management • Engage employees in strategies
programmes according understanding their
TSC Description Manage stakeholder expectations and needs by aligning those with requirements and objectives of the organisation. This involves planning of actions to effectively communicate with,
negotiate with and influence stakeholders.
Level 1 Level 2 Level 3 Level 4 Level 5 Level 6
TSC Proficiency
Description Identify key stakeholder Serve as the organisation's Develop a stakeholder Define a strategic Establish the overall vision
relationships, needs and main contact point for engagement plan and stakeholder management for the alignment of
interests, and coordinate stakeholder negotiate with stakeholders roadmap, and lead critical organisation's and
with stakeholders on a day- communications, clarifying to arrive at mutually- discussions and stakeholders' objectives, co-
to-day basis responsibilities among beneficial arrangements negotiations, addressing creating shared goals and
stakholders, and engaging escalated issues or strategic initiatives with
them to align expectations problems encountered senior stakeholders.
Knowledge • Key stakeholder • Stakeholder mapping • Analysis of stakeholder • Analysis and planning • Key processes and
relationships techniques relationships and levels approaches in considerations in
• Basic stakeholder • Stakeholders' roles and of interest, power and stakeholder formulating stakeholder
communication relationships, and their impact management management strategy
techniques impact on the • Process of setting and • Evaluation techniques to • Changes and trends in
organisation aligning expectations prioritise stakeholder stakeholders' demands
• Range of communication • Negotiation techniques relationships and priorities
channels, approaches and approaches • Negotiation styles and • Senior stakeholder
and techniques • Conflict resolution skills to gain consensus engagement strategies
• Stakeholder techniques and • Value added from and techniques
engagement strategies approaches stakeholder relationships
• Escalation procedures
for handling disputes
Abilities • Identify key stakeholders • Conduct stakeholder • Analyse the complexities • Prioritise stakeholder • Establish the overall
and the organisation's mapping to identify of stakeholder relationships based on vision for how the
relationship with them facets and nature of relationships and in-depth analysis and the organisation's and
• Identify stakeholder relationships with and determine their level of organisation's strategic stakeholders' objectives
needs, positions and between stakeholders interest, power and objectives and direction can be shared or aligned
interests • Manage stakeholders' impact on the • Develop a strategic • Anticipate changes in
• Coordinate basic expectations and needs, organisation stakeholder stakeholders' needs,
activities and processes based on the • Examine stakeholder management roadmap, demands, priorities and
with stakeholders on a organisation's position positions, agendas and aligned to the expectations
day-to-day basis and resources priorities which may be organisation's vision • Optimise alignment of
• Apply knowledge of the • Articulate each explicitly articulated or • Lead discussions and stakeholder
organisatisation's stakeholder's role and unspoken negotiations to influence management strategy
position to respond to responsibilities • Develop a stakeholder key stakeholder with organisational goals
simple queries from • Serve as the engagement plan to decisions • Lead strategic
stakeholders organisation's main guide communications • Address escalated negotiations, discussions
contact point or with different groups of issues raised by or and engagement
representative for stakeholders encountered with initiatives with key
communicating with stakeholders