Policy paper

Common Understanding of Terminology used in Cyber Security Workforces

Published 31 January 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/international-coalition-on-cyber-security-workforces/common-understanding-of-terminology-used-in-cyber-security-workforces

Shared glossary

Adapted from the glossaries of Australia, Canada, Dubai, Agency of the European Union - ENISA, Ghana, Ireland, Japan, Singapore, UK and USA. 

Note: These parties have agreed to the common understanding of the below terms. These are not definitive definitions of these terms. 

Accreditation  

  • The formal recognition or attestation by an assessor or independent body that an individual, organisation, or learning programme has achieved an agreed-upon, recognised standard of qualification, behaviour, or adherence to specific definitions and/or standards. As a verb, “to accreditate” represents the action of the assessor awarding this recognition. 

Apprenticeship 

  • A regime of education that combines classroom and off-line study with paid, on-the-job, practical, hands-on training. The aim is to equip the apprentice with a specific set of skills, knowledge, and experience required in each industry. 

A Body of Knowledge  

  • A structured collection of expert-sourced information, including terminology, concepts, models, and theories. It forms the core knowledge base for a profession, aiming to guide education, training, and foster a shared professional vision. 

Certification  

  • The awarding of a recognised title by an independent/competent body, based on assessment of an individual’s or organisation’s skills, knowledge, or a system’s adherence to specific and defined requirements. 

Competency 

  • The proven ability to apply knowledge, skills, and/or behaviours to successfully perform tasks in a specific domain.  

Cyber Security  

  • The ability to protect or defend the use of cyber space from cyber attack.  

Cyber Security Workforce 

  • Individuals whose primary focus is on cyber security as well as those in the workforce who need specific cyber security-related knowledge and skills to perform their work in a way that enables organisations to properly manage cyber security-related risks. 

Job 

  • A single job may be responsible for one or more Work Role or for only a portion of a role. 

Knowledge 

  • A retrievable set of concepts within memory which can be learned through education or experience 

Profession 

  • A category of jobs that are similar with respect to the work performed and the skills possessed by workers. 

Professional Development  

  • The ongoing process of building new or enhancing existing skills and capabilities in one’s career, often demonstrated through activities like training, research, or attending seminars and networking. 

Proficiency  

  • An assessed measure of an individual’s degree of capability in a particular domain. 

Skill 

  • The personal skills that ensure you do your job well, such as being adept at teamwork, time management, or solving problems. Occasionally, some refer to these as “human skills,” “employability skills,” or “soft skills.” 

Task 

  • An activity that is directed toward the achievement of organisational objectives. 

Workforce Framework 

  • An ontology that is used to define a standard approach and common language for describing work and the capabilities of people who do that work for a defined workforce. Workforce frameworks use task, knowledge, and skill (TKS) statements to establish relevant work roles and competency areas. 

Work Role 

  • A grouping of work for which an individual or team is responsible or accountable. 

Workforce Skills 

  • The personal skills that ensure you do your job well, such as being adept at teamwork, time management, or solving problems (see also ‘skill’). 

Annex 1: Glossaries and Frameworks  

Australia - Australian Signals Directorate (ASD) Cyber Skills Framework 

Canada - Canadian Cyber Security Skills Framework 

European Union Agency, ENISA - European Cybersecurity Skills Framework (ECSF) 

Singapore - Skills Framework for ICT (SFw for ICT) 

AND  

Operational Technology Cybersecurity Competency Framework (OTCCF) 

Skills Framework for Infocomm Technology 

UK - UK Cyber Security Council Cyber Career Framework 

USA - NICE Workforce Framework for Cybersecurity (NICE Framework) 

Annex 2: Country/Framework Specific Terms 

Canada 

  • Work Role - Within the NICE framework, a Work Role is a grouping of work for which an individual or team is responsible or accountable. Work Roles are composed of Tasks that correlate to Knowledge and Skill statements. Work Roles are not synonymous with jobs or position titles, and a single job may consist of one or more Work Roles. They are used in career exploration, education and training, hiring and career development. Assessment for Work Roles typically occurs at the Task level. 

ENISA 

  • Role Profile - A context-specific and detailed description of what an employee does to assure that the job holder has no doubts about their tasks, duties, responsibilities and often those to whom they report. It usually contains precise information about the competences, skills and knowledge required and practical information about health and safety and remuneration. 

Ghana 

  • Accredited Cybersecurity Professional (CP) – as defined in law, under (1) Vulnerability Assessment and Penetration Testing, (2) Digital Forensics Services, (3) Managed Cybersecurity Services, and (4) Cybersecurity Governance, Risk and Compliance 

UK 

  • Licence Body - A body to whom the process of assessing and, if the assessment proves satisfactory, admitting individuals or organisations to membership of the delegating body.  

  • In the sense of the UK Cyber Security Council, a member organisation that is permitted to nominate its members for inclusion on the Council’s Register.  

  • Licensee - See Licensed Body.   

  • Professional Registration - As a verb, the process of becoming registered with a professional body that maintains a register of Professionals in its industry. As a noun, the situation of being so registered.  

  • In the sense of the UK Cyber Security Council, the process by which an individual is admitted to the Council’s Register.  

  • Royal Charter - As defined by the Privy Council, “an instrument of incorporation, granted by The Queen, which confers independent legal personality on an organisation and defines its objectives, constitution and powers to govern its own affairs.” Incorporation by Charter is widely recognised as a prestigious way of acquiring legal personality and reflects the high status of that body.  

USA 

  • Work Role - Within the NICE framework, a Work Role is a grouping of work for which an individual or team is responsible or accountable. Work Roles are composed of Tasks that correlate to Knowledge and Skill statements. Work Roles are not synonymous with jobs or position titles, and a single job may consist of one or more Work Roles. They are used in career exploration, education and training, hiring and career development. Assessment for Work Roles typically occurs at the Task level
Back to top