digital security - ITAC Talentitactalent.ca/.../2016/03/...in-Digital-Security.pdf · Digital Security permeates multiple sectors across multiple positions. Digital security graduates

digital security

BTM Learning Outcomes and Competency Standards

Digital Security Specialization Version 1.0

Digital Security Specialization

2

Copyright and Reprint Permission

The Information Technology Association of Canada (ITAC) Business Technology

Management (BTM) Learning Outcomes and Competency Standards are protected

under a Creative Commons license. This license allows others to download and share

works with others as long as ITAC is credited, but the work cannot be changed in any

way or used commercially.

This work is licensed under the Creative Commons Attribution-NonCommercial-

NoDerivatives 4.0 International License, as attached to this document (Appendix 1).

To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-

nd/4.0 .

http://creativecommons.org/licenses/by-nc-nd/4.0

http://creativecommons.org/licenses/by-nc-nd/4.0

3

Table of Contents Copyright and Reprint Permission ..................................................................................... 2

Foreword .............................................................................................................................. 4

Business Technology Management Development Team ...................................................... 6 Acknowledgements ............................................................................................................... 8 1.0 Scope of the Digital Security Specialization ................................................................ 9

2.0 Interested in offering a BTM program? ................................................................... 12

2.1 What BTM Standard is right for my program? ................................................ 13

2.2 How do I use the standard? ............................................................................... 14

2.3 Using the BTM Brand ......................................................................................... 15

2.4 Program Accreditation ...................................................................................... 18

3.0 BTM Structure and Standards Labelling ................................................................. 20

3.1 Hierarchical Structure of the BTM 2.0 ............................................................. 20

3.2 Labeling and Defining BTM Competency Standards ....................................... 22

4.0 BTM Baccalaureate Digital Security Learning Outcomes & Competency Standards ............................................................................................................................ 23

4.1 I1 – Integrative .................................................................................................. 23 4.2 F1 – Personal and Interpersonal .......................................................................... 30 4.3 F2 – Business ....................................................................................................... 33

4.4 F3 – Technology .................................................................................................. 38 4.5 F4 - Innovation .................................................................................................... 48 4.6 C1 – Technology in Business .............................................................................. 49

4.7 C2- Process, Project and Change ....................................................................... 53

4.8 DS1- Foundation: Security Technical Foundation .......................................... 60

4.9 DS2- Management: Security Management ....................................................... 64

4.10 DS3 - Legal: Privacy Laws & Regulations, Security Policies & Procedures ... 68

5.0 National Occupational Standards ............................................................................ 71

5.1 Security Manager/Officer .................................................................................. 73

5.2 Security Auditor ................................................................................................. 76 5.3 Security Consultant ............................................................................................. 79

5.4 Security Analyst .................................................................................................. 81

Appendices ......................................................................................................................... 83

Appendix 1 – Creative Commons Attribution-NonCommercial-NoDerivatives 4.0

International Public License ............................................................................................ 83

Appendix 2 - Definitions ................................................................................................ 90 Appendix 3 - BTM Competency Expectations ............................................................... 93

Appendix 4 - Revised Bloom’s Taxonomy.................................................................... 94 Appendix 5 - Industry Recognized Competency Frameworks ........................................ 95 Appendix 6 - Details and background on Competency Standards .................................. 97

Appendix 7 - Profile of BTM Graduates ...................................................................... 100

Contact Us ......................................................................................................................... 103

4

Foreword

Business Technology Management (BTM) was introduced in 2009 at the undergraduate level in response to industry’s demand for ICT graduates who have the right mix of business and technology skills. Increasingly, industries require highly skilled individuals trained by Canadian educational institutions that can adapt to new ways of working in virtual global teams that can leverage networked business models, innovate constantly, utilize emerging technologies such as cloud computing, social media, big data analytics; and, exhibit strong social skills. To meet these demands, educational institutions would be required to develop programs with the right mix of business and technology learning outcomes that reflect emerging and rapidly changing workplace roles. They must do so while responding to the strong and dynamic influences of information and communication technologies, particularly in traditional sectors such as finance and health, in cross-functional specializations such as entrepreneurship and data analytics, and in direct response to industry’s demands. Working together with academic institutions, industry and sector associations, ITAC Talent defined a set of Business and Technology Learning Outcomes and Competency Standards required by industry that drew heavily

on relevant international standards for similar programs and requirements. BTM is an innovative education solution that enhances academic and career opportunities for post-secondary business students immersed in the realm of technology and innovation. It equips graduates with the right technical and business skills to enter the workplace. The BTM program provides graduates with the required knowledge, skills and competencies to lead and support the effective and competitive use of information and communication technologies. Since its development in 2009, BTM has impacted thousands of graduates and is currently offered at dozens of post-secondary institutions across Canada. Applications into BTM programs are rising by an average of 24% per year. BTM is based on a set of learning outcomes and competency standards that does not prescribe curriculum but describes what students should learn and know upon graduation and prior to entering the workforce. The educational institution grants the academic credential, not ITAC Talent.

Expansion of the Business Technology

Management Program

In 2014, ITAC Talent received a generous grant from the Government of Canada to expand the BTM program. The three-year initiative from 2014 to 2017 provided funding to:

5

review the BTM 1.0 Learning Outcomes in light of changing technologies and labour market needs;

expand availability of actual BTM programs in two ways: 'vertically' - into colleges, polytechnics, graduate education, continuing education; and 'horizontally' - into select specialty versions like digital media, health, financial services, Digital security, data analytics, and entrepreneurship.

build a prioritized list of National Occupational Standards (NOS) for BTM as a framework for professional education and career development;

professionalize the BTM sector through program accreditation, professional certification and a BTM Association for professionals; and,

create national brand awareness of BTM and its importance to bridging the skills gap through a broad range of national marketing activities and special events.

Specializations BTM specialization degrees will offer students with opportunities to focus on areas of growing significance in today’s job market. Specialization programs combine the learning outcomes of the standard BTM with function specific skills, knowledge and competencies. The Baccalaureate Specialization in Digital Security permeates multiple sectors across multiple positions. Digital security graduates are expected to have sufficient skills to develop, deploy, and maintain security systems, identify security gaps, and provide support for a variety of security services and platforms. Graduates of this specialization assume roles such as security offices, security architect and analysts, and security testers and researchers. A list of National Occupational Standards in roles related to this degree are included in the appendix to this document. For more information on the BTM visit http://itactalent.ca/talent-initiatives/btm/

http://itactalent.ca/talent-initiatives/btm/

http://itactalent.ca/talent-initiatives/btm/

6

Business Technology Management Development Team

Academic Representatives

Dr. Yinglei Wang, Acadia University

Dr. Ozgur Turetken, Ryerson University

Dr. Patricia McLaren, Wilfrid Laurier University

Dr. Lyne Bouchard, Université Laval

Dr. Stéphane Gagnon, Université du Québec en Outaouais

Dr. Elie Elia, Université du Québec à Montréal

Dr. Raul Valverde, Concordia University

Haider Al-Saidi, Red River College

Dr. Peter King, University of Manitoba

Ben Akoh, University of Manitoba

Dr. Yau Man Cheung, University of British Columbia

Dr. Dianne Cyr, Simon Fraser University

Dr. Blaize Reich, Simon Fraser University

Industry Representatives

Parm Randhawa, BC Liquor Distributions Branch

Janet Robertson, BC Liquor Distributions Branch

Mukesh Kashyap, Government of British Columbia

Nelson Lah, CGI

David O’Leary, SIDO Capital

David Morrish, MBS Technology Services

Stephen Rudin, Telus

Mihai Dinu, Fraser Health Authority

Holly Zhang, Worksafe BC

Al Abbas, BizTechMasters Inc.

Jonathan Wilder, PCGI Consulting Services

Rod Miller, DBI Technologies Inc.

Susan Zuk PCGI Consulting Services

Jaqueline Manaigre, Manitoba Government

Kerry Augustine, Manitoba Government

Gary Craven, PCGI Consulting Services

Cal Pishak, Crown Lands and Property Agency

Barb Spurway, Protega

Patrick Hannah, Avant Systems Group

Linda Hunter, Sierra Systems Group

7

Jim Tremholme, Canadian Tire

Tanya Purchased, Scotiabank

Denise Ramnarine, Scotiabank

Sunita Guyadeen, Royal Bank of Canada

Dianne Dowsett, Hewlett Packard

Sara McCreadie, Hewlett Packard

Roxana Hedre, Xerox Canada

Sandra Biscaia, Samsung Canada

Lorena Ferino, Plexxus

Specialization Specific

Design Committee Leads:

Salah Sharieh, Ryerson University

Viera Bibr, Blackberry

Huw Morgan, Royal Bank of Canada

Steve Delaney, MCAP

Bill Brennan, Lockheed Martin

John Wiegelt, Microsoft Canada

Raul Valverde, Concordia University

Houda Trabelsi, Athabasca University

Alex Ferworn, Ryerson University

Editorial Team:

Ben Akoh, ITAC Talent, BTM Director Standards Development

Chris Drummond, ITAC Talent, Managing Director

Gina van Dalen, ITAC Talent, Senior Program Manager, BTM

8

Acknowledgements

Funding for the development of the BTM Learning Outcomes and Competency Standards has been provided by the Government of Canada. ITAC also appreciates the important work performed by the BTM 1.0 Digital Security Design Committee members. Finally, there are surely other people who have contributed to the Learning Outcomes and Competency Standards, either directly or indirectly, whose names we have inadvertently omitted. To those people, we offer our tacit appreciation and apologize for having omitted explicit recognition.

9

1.0 Scope of the Digital Security Specialization

The scope of the Digital security specialization include:

1. Security Officer / Security Manager: In addition to foundational knowledge

in Management and Information Technology, individuals must demonstrate

the ability to:

o Lead a multidisciplinary team of IT and business professionals, who

maintain security, develop and deploy systems that are secure and

resilient when attacked.

o Manage vendors and negotiate contracts.

o Plan, organize, direct, manage the activities related to security domain

o Review and approve security policies and procedures

o Work with other departments and senior management to provide

security services and advice

o Collaborate with staff, other departments, senior management,

decision makers, and other professionals / associates (external to the

organization) to share / provide information (as appropriate),

problem solve, and to clarify management objectives

o Consult with users, management, vendors, technicians, and other

professionals to discuss and assess business technology security

system requirements, specifications, costs and timelines

o Review and / or implement security project plans

o Identify and articulate potential projects to deliver changes and

improvements to business system security

o Produce analytics and metrics for business technology systems

o Establish key performance indicators, monitor ongoing performance,

and improve performance against set security goals

o Develop and deliver presentations

o Manage contractor and subcontractor activities, develop performance

specifications, and evaluate proposals to assess project feasibility and

requirements

o Control the budget and expenditures of the department or project

o Stays informed of advancements in security, privacy, and data

protection and applies this knowledge within the organization to

improve security processes

o Direct the hiring, training, supervision, mentoring, coaching, and

performance evaluations of direct reporting staff

10

2. Security Auditor: In addition to foundational knowledge in project

management and enterprise architecture ( Business Architecture),

individuals must demonstrate the ability to:

o Plan, execute and lead Information Systems audits.

o Inspect and evaluate corporate systems, processes, procedures and

security controls.

o Produce reports to document audit results

o Make recommendations to address security gaps.

o Examine systems, policies and procedures and access controls

o Interviews system administrators, business users, stakeholders, and

business leaders to determine compliance with system access.

o Evaluate compliance with operational procedures around privacy

protection

o Examine and audit security attributes for business systems and

determine compliance

o Document observation and draft recommendations for business

management and approval

o Provide audit report to business management and business system

managers

3. Security Consultant: In addition to foundation knowledge in Software /

Systems/ Networks Architecture Software / Networks Design and Software

development , individuals must demonstrate Ability to:

o Assess business requirements and provide a plan to address them.

o Provide security advice and recommendations around information

security, privacy, compliance, risks, data protection, and business

solutions security.

o Understand business solution architecture, design, and

implementation of security services.

o Anticipate threats posed by “hackers” in their attempts to gain

unauthorized access to computer systems.

o Implement mechanisms that deter and stop unauthorized access to

computer systems.

o To understand privacy principles

4. Security Analyst: In addition to foundational knowledge in requirement

definition or system administration, , individuals must demonstrate the

ability to:

11

o Specify security requirements based on the type of the application

(Enterprise Backend, Cloud-based, or Mobile-based solution)

differentiated by network type.

o Provide operational support for a variety of security services and

platforms.

o Support security operations, administration, and maintenance.

o Recognize and mitigate threats based on behavioural analysis and

signature-based detection technologies.

o Provide monitoring, analysis and response for security incidents.

o Research, plan and execute counter-tactics that address the latest

security vulnerabilities, advisories and incidents effecting enterprise

solutions and systems.

5. Security Tester: In addition to foundational knowledge in software testing

and business knowledge, an individual must:

o Be able to create non-functional test cases that check whether the

solution, the application, or the product meet security requirements.

o Execute security test cases to gain confidence that business solution is

free from vulnerabilities, either intentionally designed into the

software or unintentionally inserted at any time during its lifecycle,

and that the software functions in the intended manner.

o Be able to report any security defects

o Have a working knowledge of the concepts confidentiality, integrity,

authentication, availability, authorization and service denial.

12

2.0 Interested in offering a BTM program?

Post-secondary institutions interested in offering the BTM program should follow the steps listed below (see Figure 1). Step 1: Review existing offerings and determine if they match the BTM Learning Outcomes and Competency Standards. Step 2: Calibrate and align the learning outcomes of your courses against the BTM Learning Outcomes and Competency Standards. Step 3: Identify material gaps, determine how they may be filled and settle on the design of your BTM program. Step 4: Contact ITAC Talent when planning your program. ITAC Talent staff can assist with any specific questions you have related to the learning outcomes and competency standards. Step 5: Seek BTM Recognition or Accreditation status by providing ITAC with sufficient information indicating that your program is meeting the industry-accepted standards. Step 6: Create a BTM Advisory Board that will provide guidance and oversight to your program. Step 7: Promote your program using your individual promotion and marketing channels and using ITAC Talent and CareerMash websites. Step 8: Launch your program Participate in ITAC Talent’s BTM related events.

Figure 1: Steps to Offering a BTM Program

13

2.1 What BTM Standard is right for my program?

ITAC has developed three different types of Learning Outcomes and Competency Standards to meet a wide variety of educational programs:

Baccalaureate 2.0 Certificate 1.0 Master’s 1.0

Copies of these standards can be found at: http://itactalent.ca/itac-talent-and-you/educators/btm-meeting-market-demand/ The Baccalaureate 2.0 standard captures what is referred to as the BTM Core Body of Knowledge; and from it, the Certificate 1.0 and Masters 1.0 standards derive. In addition, ITAC has developed learning outcomes and competency standards for 6 Baccalaureate specialization programs. The learning outcomes and competency standards in this document and the following 5 specializations: Baccalaureate Specialization in Digital Health The demand for BTM health-related skills and competencies continue to increase across industries, hospitals and provincial health departments. The Health Sector BTM Learning Outcomes and Competency Standards have been defined to address specific domain and technical knowledge in the health related field. Expectations of BTM graduates in this area require knowledge and competencies of health related policies, health data analytics, health technology, and ethics. Graduates of this specialization are expected to perform responsibilities for roles such as: Health Enterprise Architecture, Solutions Architect and Developer, Business, Data and Systems Analysis; and ,Solutions and Project Management. Baccalaureate Specialization in Financial Services Created to address the needs of organizations for BTM skills in the financial services area. The Core BTM Baccaleaureate Learning Outcomes and Competency Standards have been adjusted to include Financial Services specific items. For instance, Financial services graduates of the program should, in addition to their core BTM skills be able to exhibit knowledge and expertise in conducting finance related requirements analysis. Graduates of this specialization are expected to perform responsibilities for roles such as: Governance, Risk, and Compliance Management; Data Services; Enterprise architecture; and Quality Assurance. Baccalaureate Specialization in Data Analytics With the growth of analytics for business decision making, skills and competencies in data analytics are increasingly desired by industry. Graduates of this specialization are able to manipulate large data sets and produce information that

http://itactalent.ca/itac-talent-and-you/educators/btm-meeting-market-demand/


14

informs businesses. BTM Data Analytics graduates assume roles such as data scientist, data analysts, enterprise data architects and business analysts. Detailed Competency Standards and Learning Outcome can be found in Part 2 Document. Baccalaureate Specialization in Entrepreneurship and Innovation This specialization is targeted to persons interested in intrapreneurship roles in existing industries and large corporations without restricting access to small business and start-up entrepreneurs. These people assume the responsibility of transforming existing business models, creating new and innovative ideas and models, developing and resourcing them. BTM Entrepreneurship and Innovation graduates are expected to perform responsibilities for roles such as: analysts for process improvements, product innovation, and strategy innovation. Baccalaureate Specialization in Interactive Communications Experts in this domain are able to work on a variety of digital artefacts including text, audio, video, photography and graphics on a wide variety of contexts and platforms such as the Web, computer and mobile applications, social media platforms, kiosks, electronic displays, and a growing variety of electronic devices such as thermostats, watches and vehicles. Graduates of this specialization take on roles such as digital media project managers, digital design analysts, and digital business development managers. Copies of these standards can be found at: http://itactalent.ca/itac-talent-and-you/educators/btm-meeting-market-demand/

2.2 How do I use the standard?

ITAC defines BTM in specific terms that describe learning outcomes and competency standards but does not prescribe curriculum, program flow or pedagogy. New and existing post-secondary institutions are therefore encouraged to define their own unique approach to teaching the outcomes and standards. Ultimately what counts is whether a program is producing the expected graduate outcomes that are aligned with the BTM learning outcomes and competency standards. Here are just some illustrative examples how educational institutions could offer the specialization.

1. Electives: Schools can create the additional specialization courses and add these into their electives pool. Students who choose a particular elective course would have to take the other 4 to 5 courses required for the specialization. Upon graduation, they would qualify for BTM+ "specialization".

2. Minors: Similar to electives, minors are attainable if the student completes all the courses required for a minor within a specific BTM program by allowing the student to choose additional credit and courses on their own that they



15

could add to their existing program. This is however unstructured, may not create the ideal program offering for schools. The assumption for both points 1 and 2 is that there is already room for electives in the program which would allow students to decide to specialize using their elective options as a route.

In the case that there are no available room for elective courses:

3. Mainstream specialization: Schools would have to find ways of mainstreaming the learning outcomes into existing BTM courses. In this way, no new course is created but existing courses are adjusted to include the learning outcomes for any particular specialization. For instance, a school could take its existing BTM program and rework the health specialization learning outcomes into existing courses and then brand the program as BTM Health Specialization. The advantage here is that the program duration is the same and the institution's program approval process may be minimal. Plus schools could decide to focus on the specialization in which there is the greatest need in their province/region.

4. Combine the learning outcomes from two or more existing courses to make room for 4 to 5 new specialization courses. Then introduce those specializations courses into the program. Market it to students as a BTM+ Specialization. Outcome will be similar to point 3; total credit remains unchanged, program duration remains unchanged.

5. Double major: The most tasking but probably preferred option is to introduce 5 to 6 new courses per specialization. Students will graduate after one year but would have a double major: BTM + Specialization

2.3 Using the BTM Brand

To ensure market clarity and avoid confusion, ITAC has trademarked the BTM acronym and logos, and has developed a usage guide for educational institutions. The BTM brand nomenclature is aligned with the type of program your institution offers and not the learning outcomes standard you choose to use. For example, the Baccalaureate standard could be used to develop either a four year undergraduate degree program or a three year diploma program. In this case, the branding and nomenclature for the undergraduate program would be BTM Baccalaureate and for the diploma program the BTM Diploma. These brand types are represented in Table 1.

16

BTM Program Type

Description BTM Brand

Baccalaureate A discrete, structured and sequenced set of courses and requirements that a student must complete in order to obtain a specific degree or other recognized credential (e.g. diploma, post-graduate diploma) at the undergraduate level.

Baccalaureate plus Specialization

A discrete, structured and sequenced set of courses and requirements that a student must complete in order to obtain a specific degree or other recognized at the undergraduate level. For the specialization there be at least five (5) courses. At least two (2) of the courses in a specialization should be advanced courses, defined as courses that would normally be taught in the latter two years of study and build upon the introductory and intermediate courses. There must be a structure to the set of courses required; in other words, allowing students to choose any random set of courses is not appropriate, although allowing students to select from several groups of electives would be fine. Allowing students to select a custom program would also be fine provided this process is carefully guided by an advisor, such that the resulting program is coherent and meets the program objectives.

17

BTM Program Type

Description BTM Brand

Diploma A structured program of studies consisting primarily of degree credit courses equivalent to a minimum of 24 credit hours and a maximum of 60 credit hours. It may include non-degree related courses (maximum is the equivalent of 15 credit hours, but cannot exceed in total more than the equivalent of 60 credit hours). The diploma is a stand-alone program.

Certificate A structured program of studies consisting primarily of non-degree credit courses equivalent to a minimum of 180 instructional contact hours and a maximum of 400 instructional contact hours (average 1 year). A certificate is a stand-alone program.

Master’s A structured program of studies consisting primarily of graduate courses equivalent to a minimum of 18 credit hours and a maximum of 30 credit hours. A graduate program may (1) be a stand-alone program or (2) be in conjunction with a graduate degree (12 credit hours of which must be in addition to other degree requirements to a maximum of 30 credit hours). Applicants must hold a degree in a related field and meet the normal graduate studies admission requirements for entrance to the program.

Table 1: BTM Program Types

18

2.4 Program Accreditation

ITAC has established the Business Technology Management Accreditation Council (BTMAC). The Council is responsible for the development of accreditation criteria, selection of program evaluators, and ultimately the granting of the accreditation status. The accreditation process is voluntary.

A standard level of professional knowledge among all BTM professionals relies on standard education approaches and curricula. BTMAC accreditation is a non-governmental autonomous process for assessment of educational programs against industry accepted standards. It provides a professional judgement about the quality of the educational program and encourages continued improvement. It provides an indication for the public at large that a program accredited is capable of producing graduates who can function at the required level of competence to enter the industry job market.

Accreditation:

Promotes and advances all phases of BTM education with the aim of promoting public welfare through the development of better-educated computer professionals.

Fosters a cooperative approach to BTM education between industry, government, and educators to meet the changing needs of society.

Provides a credible, independently verifiable method to differentiate accredited programs from non-accredited programs that may not adhere to important industry standards.

Signifies that a program has a purpose appropriate to higher education and has resources and services sufficient to accomplish its purpose on a continuing basis.

Provides an opportunity to the educational institution for improvement and self-analysis, and shows a commitment to continuous improvement.

Two levels of recognition are offered for BTM programs:

BTM Recognized

Business Technology Management (BTM) type programs have the opportunity to seek Recognized status. The Business Technology Management Accreditation Council (BTMAC) will offer an informal review to programs that have not yet produced graduates and do not qualify for an accreditation visit. The purpose of the informal evaluation is to provide comment and advice to the institution with respect to the program. The review will focus solely on the alignment of the program to the BTM Learning Outcomes. To be successful, a program needs to demonstrate that it produces learning outcomes that are largely aligned with the BTM Learning Outcomes and Competency Standards. Programs that are successful in the review will be allowed to use the term BTM Recognized on communications for a maximum

19

of four (4) years. No undertaking is given by the BTMAC as to the eventual accreditation of the program.

BTM Accredited

Accreditation provides an opportunity for academic institutions to demonstrate they are committed to maintaining their programs' quality and that their programs are performing at the level required by the professions they serve. Programs undergo periodic accreditation to ensure that they continue to meet quality standards set by the profession. The result provides lasting benefits to students, the institution, employers, the professions, and society as a whole.

What Accreditation Means for Your Program

When a program becomes BTM Accredited it means that it:

Has received a national recognition of its quality Promotes "best practices" in education Directly involves faculty and staff in self-assessment and continuous quality

improvement processes Is based on "learning outcomes," rather than "teaching inputs"

20

3.0 BTM Structure and Standards Labelling

3.1 Hierarchical Structure of the BTM 2.0

Figure 2: BTM Learning Outcome and Competency Standard Framework

The BTM Learning Outcomes contain 70 Learning Outcomes (see Table 2: BTM Learning Outcomes) in 7 broad competency areas, namely: 1. Integrative (I1): This knowledge area contains learning outcomes that integrate

the competencies developed in the following six knowledge areas. It produces a

“deliverable” of direct relevance to employers.

2. Personal and Interpersonal (F1): The ability to make a meaningful

contribution depends upon one’s self-knowledge and ability to have

constructive, long term, interactions with others. Successful leaders have strong

personal and interpersonal competencies.

3. Business (F2): To be effective in the workplace one must have both the broad

context of business – its role and place in society – and a working knowledge of

how business operates.

4. Technology (F3): BTM graduates must understand information and

communications technologies, their current capabilities, and future trends.

5. Innovation (F4): BTM graduates are expected to be innovative in the

workplace. Innovators should be able to identify new opportunities, validate and

resource them.

6. Technology in Business (C1): This knowledge area is designed to synthesize

the knowledge and competencies gained in the foundational knowledge areas

21

and create an additional competency in understanding: the potential (economic,

personal, societal), the risks of, and the governance, acquisition, and

management of ICTs in and for business.

7. Processes, Project and Change (C2): BTM graduates will gain the foundations

that enable them to help create well-designed business processes, well-managed

projects, and support for the individuals and groups undergoing change.

Table 2: BTM Learning Outcomes

I1 ProjectManagement F3-1 ITTrends C1-1 BusinessValueofIT

I2 BusinessAnalysis F3-1.1 ITOperations C1-2 ImpactofITonPeople

I3 BusinessProcessManagement F3-1.2 SoftwareDevelopment C1-3 nnovationManagement

I4 EnterpriseArchitecture F3-1.3 InfrastructureLifecycle C1-4 ITIndustryEconomics

I5 TechnologyManagement F3-1.4 TechnologyLifecycle C1-5 ITFunctionEconomics

I6 TechnologyAssessment F3-1.5 ContemporaryTechnologyLifecycle C1-6 ITFunctionTrends

I7 DesignThinking F3-1.6 DigitalBusinessTechnology C1-7 ITProcurement

I8 CommunicateBusinessValue F3-1.7 DigitalBusiness C1-8 EnterpriseArchitecture

F1-1 Self-Awareness F3-1.8 DigitalMarketing C2-1 OrganizationalLearning

F1-2 Communication F3-2 ITSolutionDesign C2-2 ProjectManagement

F1-3 WorkplaceDiversity F3-2.1 RequirementsAnalysis C2-3 BusinessChangeManagement

F1-4 InterpersonalRelations F3-2.2 Networking C2-4 ProjectProcessManagement

F1-5 Teamwork F3-2.3 CustomSoftware C2-4.1 StakeholderRequirementAnalysis

F1-5.1 Persuasion F3-2.4 PackagedSoftware C2-4.2 BusinessProcessImprovement

F1-5.2 DecisionMaking F3-2.5 TechnologyArchitecture C2-4.3 BusinessProcessDesign

F1-5.3 Leadership F3-3 ITSecurityandCompliance C2-4.4 QualityAssurance

F1-5.4 CommunicationTechnologies F3-3.1. InformationSecurityorCyberSecurity C2-4.5 NewProcessImplementation

F1-6 Negotiation F3-3.2 Technologyaudit C2-5 KnowledgeManagement

F1-7 CoordinationSkill F3-3.3 Privacy

F2-1 BusinessandSociety F3-3.4 ITGovernanceandStandards

F2-2 BusinessModels F3-4 InformationManagement

F2-3 RiskManagement F3-4.1 BusinessIntelligence

F2-4 StrategicManagement F3-4.2 DecisionSupportSystems

F2-5 SupportFunctions F3-4.3 DataWarehousing

F2-6 ValueChain F4-1 OpportunityIdentification

F4-2 Validation

F4-3 Resourcing

TechnologyinBusiness

Processes,ProjectsandChange

Integrative

PersonalandInterpersonal

Business

Technology

Innovation

22

3.2 Labeling and Defining BTM Competency Standards

Competency Standards are defined using a formula:

<Label> {“-” <Skill Reference Code>}{“=” <Required Competency Level Code>}

Where:

<Label> indicates which model is used to define the competency standard or provide guidance. In summary:

1. BLOOM = Updated Bloom’s Taxonomy

2. SFIA = Skills Framework for the Information Age Version 6

3. PMI = Project Management Institute

4. IIBA = International Institute of Business Analysis

5. MSC = Management Standards Centre, National Occupational Standard

<Skill Reference Code>. Where a competency standard for a “doing” learning outcome is being set, a skill reference code is provided which provides a pointer to the specific description of the relevant skill in the selected competency model. The skill reference code is only required for doing competencies. Links to applicable source documents are provided or embedded to the specific competency standard.

<Required Competency Level Code> specifies the required competency level the student must achieve using the competency level scale from the selected competency model. In cases where the competency standard is provided for guidance only, this element is omitted (see below for details).

Details of the Labels, Skill Reference Codes and Required Competency Level Codes for each competency model are described in the associated link or embedded document (See Appendix 4 for additional information).

Competency standards are created using a combination of Industry Codes, Competency Codes and Competency Levels. For instance, the competency Standard: “SFIA-PRMG=4” suggests that the BTM graduate must demonstrate a Project Management competency at Level 4 of the SFIA Industry Recognized Framework. The BTM revised BLOOMs taxonomy is used throughout the document (See Appendix 3). Chapter 4 provides the Baccalaureate 2.0 BTM Core Body of Knowledge Learning Outcomes and Competency Standards.

23

4.0 BTM Baccalaureate Digital Security Learning Outcomes & Competency Standards

These learning outcomes and competency standards derive from the BTM Core 2.0.

Section 4.8 to 4.10 describes additional Digital Security specific learning outcomes and competency standards.

4.1 I1 – Integrative

This knowledge level area contains learning outcomes that integrate the competencies developed in the other knowledge areas. It produces a “deliverable” of direct relevance to employers.

Ref (1)

Title (2)

Learning Outcome (3)

Competency Standard (4)

I1 Project Management Demonstrate the ability to effectively plan, manage and lead a business technology project.

SFIA-PRMG=4 (Project Management) Introduction to this skill: The management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilizing the necessary resources and skills, within agreed parameters of cost, timescales, and quality. Level 4 Description: Defines, documents and carries out small projects or sub-projects (typically less than six months, with limited budget, limited interdependency with other projects, and no

24

Ref (1)

Title (2)



significant strategic impact), alone or with a small team, actively participating in all phases. Identifies, assesses and manages risks to the success of the project. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. SFIA-PROF=4 (Programme and Project Support) Introduction to this Skill: The provision of support and guidance on portfolio, programme and project management processes, procedures, tools and techniques. Support includes definition of portfolios, programmes, and projects; advice on the development, production and maintenance of business cases; time, resource, cost and exception plans, and the use of related software tools. Tracking and

25

Ref (1)

Title (2)



reporting of programme/project progress and performance are also covered, as is the capability to facilitate all aspects of portfolio/programme/ project meetings, workshops and documentation. Level 4 Skill Description: Takes responsibility for the provision of support services to projects. Uses and recommends project control solutions for planning, scheduling and tracking projects. Sets up and provides detailed guidance on project management software, procedures, processes, tools and techniques. Supports programme or project control boards, project assurance teams and quality review meetings. Provides basic guidance on individual project proposals. May be involved in aspects of supporting a programme by providing a cross programme view on risk, change, quality, finance or configuration management.

I2

Business Analysis

Demonstrate the ability to understand and analyze a business problem or opportunity- collect relevant information, describe and compare options and risks, and make recommendations. Demonstrate appropriate use of relevant techniques such as systems thinking and quantitative analysis.

BLOOM BTM=4

26

27

Ref (1)

Title (2)



I3 Business Process Management

Demonstrate the ability to analyze a business process, develop the "to-be" design, and then to create the implementation plan and the business change management plan to implement this design.

MSC-C5=FL (Facilitating Change – Plan Change – First Line Manager)

I4 Enterprise Architecture

Demonstrate the ability to design and communicate a moderately complex technology-enabled solution to a business problem.

SFIA-SSUP=4 (Sales Support) Introduction to this Skill: The provision of technical advice and assistance to the sales force, sales agents, reseller/distributor staff existing or prospective customers, either in support of customer development or sales activity or fulfillment of sales obligations. Level 4 Skill Description: Works closely with the sales team to help prospects to clarify their needs and requirements; devises solutions and assesses their feasibility and practicality. Demonstrates technical feasibility using physical or simulation models. Produces estimates of cost and risk and initial project plans to inform sales proposals. Resolves technical problems.

http://www.management-standards.org/sites/default/files/Unit%20C5.pdf

http://www.management-standards.org/sites/default/files/Unit%20C5.pdf

28

Ref (1)

Title (2)



l5 Technology Management

Demonstrate understanding of how to analyze a business need, develop an RFx, evaluate the responses, and structure a contract with the successful vendor. Ability to evaluate the effectiveness, appropriateness and usability of an implemented information system

BLOOM BTM=3

l6 Technology Assessment

Demonstrate the ability to examine a new technology, understand its strengths and weaknesses, evaluate its usefulness to solve business problems, and communicate the results.

SFIA-RSCH=3 (Research) Introduction to this Skill: The advancement of knowledge by data gathering, innovation, experimentation, evaluation and dissemination, carried out in pursuit of a predetermined set of research goals. Level 3 Description: Within given research goals, builds on and refines appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation. Uses available resources to gain an up-to-date knowledge of any relevant field. Reports on work carried out and may contribute sections of material of publication quality.

I7 Design Thinking Exhibit an understanding of how to use the 5 key elements of the design-thinking framework for future projects and initiatives.

BLOOM BTM=1

29

Ref (1)

Title (2)



I8 Communicate Business Value

Demonstrate understanding of how to effectively communicate the value of current and new projects in a concise and compelling way.

BLOOM BTM=3

30

4.2 F1 – Personal and Interpersonal

The ability to make a meaningful contribution depends upon one’s self knowledge and ability to have constructive, long term, interactions with others. Successful leaders have strong personal and interpersonal competencies.

Ref (1)

Title (2)



F1-1 Self-Awareness Demonstrate self-awareness and self-management, including mastery of ethical reasoning, client relationship management, business courtesies and self-presentation

MSC-A1=TL (Manage your own resources – Team Lead) MSC-D1-TL (Developing productive working relationships with colleagues)

F1-2 Communication Demonstrate proficiency in listening, oral and written communications skills in a business context

BLOOM BTM=4

F1-3 Workplace Diversity Demonstrate understanding of the strengths of a diverse workplace (including ability, ethnicity, religion, gender, sexual orientation, age/generation).

BLOOM BTM=3

F1-4 Interpersonal Relationship

Demonstrate proficiency in working with individuals, including giving and receiving feedback and resolving differences using appropriate negotiation and conflict management skills.

MSC-D1=TL (Develop productive relationships with colleagues – Team Lead)

F1-5 Teamwork Demonstrate proficiency in leading workplace teams (within or between organizations), including the ability in the four following areas:

BLOOM BTM=4

http://www.management-standards.org/sites/default/files/A1%20-%20Manage%20your%20own%20resources.pdf

http://www.management-standards.org/sites/default/files/A1%20-%20Manage%20your%20own%20resources.pdf

http://www.management-standards.org/sites/default/files/D1%20-%20Develop%20productive%20working%20relationships%20with%20colleagues.pdf




31

32

Ref (1)

Title (2)



F1-5.1 Persuasion Demonstrate the ability to persuade, influence, motivate and provide guidance.

MSC-B6=TL (Providing direction; Provide leadership in your area of responsibility - First line managers and middle managers)

F1-5.2 Decision Making Demonstrate the ability to facilitate a range of group innovation, analysis and decision making techniques

MSC-C2=TL (Encourage innovation in your area of responsibility –First line managers and middle managers)

F1-5.3 Leadership Demonstrate the ability to engender and sustain trust

MSC-D1=TL (Develop productive relationships with colleagues – Team Lead)

F1-5.4 Communications Technologies

Demonstrate the ability to effectively use technologies to facilitate and support group activities and processes

MSC-E14=TL (Support team and virtual working – Team Lead)

F1-6 Negotiation Be able to explain the various approaches to effective negotiation.

BLOOM BTM=2

F1-7 Coordination Skill Demonstrate understanding of effective coordination of communications, time management, and task prioritization.

BLOOM BTM=3

http://www.management-standards.org/sites/default/files/B6%20-%20Provide%20leadership%20in%20your%20area%20of%20responsibility.pdf



http://www.management-standards.org/sites/default/files/C2%20-%20Encourage%20innovation%20in%20your%20area%20of%20responsibility.pdf





http://www.management-standards.org/sites/default/files/E14%20-%20Support%20team%20and%20virtual%20working.pdf

http://www.management-standards.org/sites/default/files/E14%20-%20Support%20team%20and%20virtual%20working.pdf

33

4.3 F2 – Business

To be effective in the workplace one must have both the broad context of business – its role and place in society – and a working knowledge of how business operates.

Ref (1)

Title (2)



F2-1 Business and Society Exhibit an understanding of the history, current role and future trends (e.g. globalization, social responsibility) of business within society and the global economy.

BLOOM BTM=2

F2-2 Business Models Demonstrate understanding of technology-enabled business design (e.g., digital business models including "platforms", supply networks, collaborative/proprietary innovation, disruptive innovation).

BLOOM BTM=3

F2-3 Risk Management Demonstrate the ability to conduct financial, operational, and reputational risk management including their implications for business decisions of cyclical and event-driven external risks (e.g. credit crunch, pandemics, global warming, peak oil).

BLOOM BTM=2

F2-4 Strategic Management Demonstrate understanding of the structure of various kinds of organizations by industry sector, ownership, governance and size - their business models, key performance factors, dominant structures and processes.

BLOOM BTM=3

34

35

Ref (1)

Title (2)



F2-5 Support Functions Demonstrate understanding of the role, processes and structure of support functions of a business (e.g. general management, marketing, finance, R&D, IT, human resources)

BLOOM BTM=3

F2-6 Value Chain Demonstrate understanding of the role, processes and structures of operational functions of a business (e.g. sales, manufacturing, distribution, customer support).

BLOOM BTM=3

F3-1 IT Trends Be able to explain the current and future issues in the following topics:

BLOOM BTM=2

F3-1.1

IT Operations IT operations (e.g. delivery of service levels, change control, green IT).

BLOOM BTM=2

F3-1.2

Software Development

Software development (e.g. methodologies, lifecycle, emerging techniques, usability, in-house vs. off the shelf / total cost of ownership).

BLOOM BTM=2

F3-1.3 Infrastructure Lifecycle

Infrastructure lifecycle (networks, desktop and data centre hardware, operating systems, databases).

BLOOM BTM=2

F3-1.4

Technology Lifecycle Overall application and technology landscape lifecycle (e.g. make technology choices that will ease the integration of unpredictable future technologies).

BLOOM BTM=2

36

Ref (1)

Title (2)



F3-1.5 Contemporary Technology Lifecycle

New and emerging technologies and methods (e.g. cloud computing, mobile, social media).

SFIA-EMRG= 4 (Emerging technology Monitoring) Introduction to this Skill: The identification of new and emerging hardware, software and communication technologies and products, services, methods and techniques and the assessment of their relevance and potential value as business enablers, improvements in cost/performance or sustainability. The promotion of emerging technology awareness among staff and business management. Level: Level 4 Description: Maintains awareness of opportunities provided by new technology to address challenges or to enable new ways of working. Within own sphere of influence, works to further organizational goals, by the study and use of emerging technologies and products. Contributes to briefings and presentations about their relevance and potential value to the organization.

37

Ref (1)

Title (2)



F3-1.6 Digital Business Technology

Be able to explain the overall functioning of the Internet, Web, mobile, IoT etc. Be able to explain a variety of Internet technologies, including those pertinent to Web applications, mobile apps, IoT., HTML, CSS etc.; scripting, such as JavaScript Web APIs; graphics such as SVG WebGL, etc; Other Web authoring tools; and, Web analytics tools.

BLOOM BTM=3

F3-1.7 Digital Business Demonstrate understanding of Digital Commerce and the application of IT, and especially digital technology, to developing innovative business models within an existing or new business strategy; understand the business opportunities from innovative digital technology for both small and large enterprises, including e-commerce development platforms in the cloud, e-commerce hubs or marketplaces, e-commerce process and payment automation, etc.

BLOOM BTM=3

F3-1.8 Digital Marketing Demonstrate understanding of Digital Marketing concepts and the tools which support them: Market research and analysis; Search engine optimization (SEO); Social media marketing (SMM - blogging, LinkedIn, Twitter, etc); Online advertising tools (such as Google Adwords); The use of analytics and scorecards; Digital marketing programs; Marketing automation;

BLOOM BTM=3

38

Ref (1)

Title (2)



Measurement and web performance optimization.

4.4 F3 – Technology

BTM graduates must understand information and communications technologies, their current capabilities, and future trends.

Ref (1)

Title (2)



F3-2

IT Solution Design Demonstrate the ability to meet business requirements by planning, designing, integrating into an existing landscape, implementing, configuring and operating contemporary technologies in each of the following:

The following seven (7) competency standards apply to all parts of F3-2 Skill (1) SFIA-REQM=3 (Requirements Definition and Management) Introduction to this Skill: The definition and management of the business goals and scope of change initiatives. The specification of business requirements to a level that enables effective delivery of agreed changes. Level 3 Description:

39

Ref (1)

Title (2)



Defines scope and business priorities for small-scale changes and may assist in larger scale scoping exercises. Elicits and discovers requirements from operational management and other stakeholders. Selects appropriate techniques for the elicitation of detailed requirements taking into account the nature of the required changes, established practice and the characteristics and culture of those providing the requirements. Specifies and documents business requirements as directed, ensuring traceability back to source. Analyses them for adherence to business objectives and for consistency, challenging positively as appropriate. Works with stakeholders to prioritize requirements. Skill (2) SFIA UNAN=3 (User Experience Analysis) Introduction to this Skill: The identification, analysis, clarification and communication of the context of use in which applications will operate, and of the goals of products, systems or services. Analysis and prioritization of stakeholders’ “user experience” needs and definition of required system behaviour and performance. Resolution of potential

40

Ref (1)

Title (2)



conflicts between user requirements and determination of usability objectives. Level 3 Skills Descriptions Identifies and engages with users/ stakeholders, defines relevant characteristics (e.g. “personas”) and describes users goals and tasks (e.g. as “user stories”). Describes the environment within which the system will be used. Identifies and describes requirements of users with special needs (e.g. resulting from physical disabilities). Skill (3) SFIA-DESN=2 (Systems design) Introduction to this Skill: The specification and design of information systems to meet defined business needs in any public or private context, including commercial, industrial, scientific, gaming and entertainment. The identification of concepts and their translation into implementable design. The design or selection of components. The retention of compatibility with enterprise and solution architectures, and the adherence to corporate standards within constraints of

41

Ref (1)

Title (2)



cost, security and sustainability. Level 2 Description: Undertakes complete design of simple applications using simple templates and tools. Assists as part of a team on design of components of larger systems. Produces detailed designs including for example: physical data flows, file layouts, common routines and utilities, program specifications or prototypes, and backup, recovery and restart procedures. Skill (4) BLOOMS BTM=3 (Quality Standards) Level 3 Description: Demonstrate understanding and can develop standards of quality based on business needs. Skill (5) BLOOMS BTM=3 (Quality Assurance) Level 3 Description: Demonstrate understanding of measuring, monitoring, reporting and recommending with respect to quality.

42

Ref (1)

Title (2)



Skill (6) BLOOMS BTM=3 (Testing) Level 3 Description: Demonstrate understanding of testing including the planning, design, management, execution and reporting of tests. Skill (7) SFIA-SLMO=3 (Service Level Management) Introduction to this skill: The planning, implementation, control, review and audit of service provision, to meet customer business requirements. This includes negotiation, implementation and monitoring of service level agreements, and the ongoing management of operational facilities to provide the agreed levels of service, seeking continually and proactively to improve service delivery and sustainability targets. Level 3 Description: Monitors service delivery performance metrics and liaises with managers and customers to ensure that service level agreements are not breached without the stakeholders being given the opportunity of planning for a deterioration in service.

43

Ref (1)

Title (2)



F3-2.1 Requirement Analysis Requirements Analysis Same as above

F3-2.2 Networking A network and computing platform. Same as above

F3-2.3 Custom Software A custom software solution (implemented locally or in the cloud).

Same as above plus: SFIA-PROG=2 (Programming/software development) Introduction to this Skill: The design, creation, testing and documenting of new and amended software components from supplied specifications in accordance with agreed development and security standards and processes. Level 2 Description: Designs, codes, tests, corrects, and documents simple programs, or scripts and assists in the implementation of software which forms part of a properly engineered information or communications system.

F3-2.4 Packaged Software A packaged software solution (implemented locally or in the cloud).

Same as above

F3-2.5 Technology Architecture

Exhibit an understanding of technology architecture, and the various IT runtime infrastructures available to organizations of varying sizes to implement IT solutions.

BLOOM BTM=1

F3-3 IT Security and Compliance

Demonstrate an understanding of IT security and compliance in the following areas:

BLOOM BTM=1

44

Ref (1)

Title (2)



F3-3.1

Information Security or Digital Security

Demonstrate understanding of management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

SFIA REQM=3 (Requirements definition and management) Introduction to this Skill: The definition and management of the business goals and scope of change initiatives. The specification of business requirements to a level that enables effective delivery of agreed changes. Level 3 Description: Defines scope and business priorities for small-scale changes and may assist in larger scale scoping exercises. Elicits and discovers requirements from operational management and other stakeholders. Selects appropriate techniques for the elicitation of detailed requirements taking into account the nature of the required changes, established practice and the characteristics and culture of those providing the requirements. Specifies and documents business requirements as directed, ensuring traceability back to source. Analyses them for adherence to business objectives and for consistency, challenging positively as appropriate. Works with stakeholders to prioritize requirements.

F3-3.2 Technology Audit The independent, risk-based assessment of the adequacy and integrity of controls in

BLOOMS BTM=2

45

Ref (1)

Title (2)



information processing systems, including hardware, software solutions, information management systems, security systems and tools, and communications technologies - both web-based and physical. The structured analysis of the risks to achievement of business objectives, including the risk that the organisation fails to make effective use of new technology to improve delivery and internal effectiveness. Assessment of the extent to which effective use has been made of techniques and tools to achieve sustainability and business continuity.

46

Ref (1)

Title (2)



F3-3.3 Privacy Exhibit an understanding of federal and provincial privacy laws such as HIPPA and PIPEDA and their impact on IT operations within an enterprise.

BLOOM BTM=1

F3-3.4 IT Governance and Standards

Exhibit an understanding of external Canadian and international IT governance and standards organizations such as ITIL, ISO, COBIT, and their impact on IT operations within an enterprise

BLOOM BTM=1

F3-4 Information Management

Demonstrate the ability to develop the role, management and uses of information, including (Two skills required):

BLOOM BTM=4

F3-4.1 Business Intelligence The role of information and data to support operations, decision making, planning and risk management.

Skill (1): SFIA-DTAN=4 (Data analysis) Introduction to this Skill: The investigation, evaluation, interpretation and classification of data, in order to define and clarify information structures which describe the relationships between real world entities. Such structures facilitate the development of software systems, links between systems or retrieval activities. Level 4 Description: Investigates corporate data requirements, and applies data analysis, data modelling and quality assurance techniques, to establish, modify or maintain data structures

47

Ref (1)

Title (2)



and their associated components (entity descriptions, relationship descriptions, attribute definitions). Provides advice and guidance to database designers and others using the data structures and associated components.

F3-4.2 Decision Support Systems

Demonstrate the ability to model, prepare, and structure data to support the creation and use of information and knowledge.

Skill (2): SFIA-DBDS=4 (Database design) Introduction to this Skill: The specification, design and maintenance of mechanisms for storage and access to both structured and unstructured information, in support of business information needs. Level 4 Description: Develops and maintains specialist knowledge of database concepts, object and data modelling techniques and design principles and a detailed knowledge of database architectures, software and facilities. Analyses data requirements to establish, modify or maintain object/data models. Evaluates potential solutions, demonstrating, installing and commissioning selected products.

F3-4.3 Data Warehousing Describe technologies for information management (e.g. reporting, analysis), knowledge management, collaboration management and content management.

BLOOM BTM=3

48

4.5 F4 - Innovation

BTM graduates are expected to be innovative in the workplace. Innovators should be able to identify new opportunities, validate and resource them.

Ref (1)

Title (2)



F4-1 Opportunity Identification

Demonstrate understanding of how to use various approaches to generate new opportunities for projects, processes, and initiatives

BLOOM BTM=3

F4-2 Validation Demonstrate understanding of how to use frameworks and tools to establish the value and cost associated with an opportunity (from the customer, market, and technology perspectives)

BLOOM BTM=3

F4-3 Resourcing Exhibit an understanding of how to optimize the contributions of IT to competitive strategy, innovation, decision-making and operations in various sizes and types of organizations, industry sectors, processes and functions.

BLOOM BTM=1

49

4.6 C1 – Technology in Business

This knowledge area is designed to synthesize the knowledge and competencies gained in the foundational knowledge areas and create an additional competency in understanding: the potential (economic, personal, societal), the risks of, and the governance, acquisition, and management of ICTs in and for business.

Ref (1)

Title (2)



C1-1 Business Value of IT Demonstrate understanding of optimizing the contributions of IT to competitive strategy, innovation, decision-making and operations in various sizes and types of organizations, industry sectors, processes and functions.

BLOOM BTM=3

C1-2

Impact of IT on People

Demonstrate understanding of utilizing IT to impact individuals, families, organizations and communities, including culture, social and environmental issues, considering both collaboration and competitive analysis.

BLOOM BTM=3

C1-3 Innovation Management

Be able to explain the innovation process, and how to introduce, adopt, and practice innovation.

BLOOM BTM=2

C1-4

IT Industry Economics

Be able to explain the structure, business value, offerings, and dynamics of the Canadian and international IT industries. This includes the economics of ICTs and specific subsectors (e.g., ERP, open source, outsourcing, web, mobility).

BLOOM BTM=2

50

Ref (1)

Title (2)



C1-5 IT Function Economics

Be able to explain the economics and governance of IT and the IT function within organizations, including IT’s role, structure, challenges processes, economics, maturity and career paths.

BLOOM BTM=2

C1-6

IT Function Trends Demonstrate understanding of the risks and mitigation strategies to business operations inherent in the implementation of information and communications technologies (e.g. systems development, data security and privacy, business continuity, outsourcing, off-shoring and infrastructure).

SFIA-CORE=3 (Compliance review) Introduction to this skill: The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, firewalls and internet security, sustainability, real-time systems, application design and specific certifications. Level 3 Description: Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.

C1-7 IT Procurement Demonstrate understanding of and be able to evaluate the choices and activities in procurement and management of purchased IT products and services.

SFIA-CSMG=3 (Customer Service Support) Introduction to this skill: The management and operation of one or more customer service or service desk

51

Ref (1)

Title (2)



functions. Acting as a point of contact to support service users and customers reporting issues, requesting information, access, or other services. Level 3 Description: Acts as the routine contact point, receiving and handling requests for support. Responds to a broad range of service requests for support by providing information to fulfill requests or enable resolution. Provides first line investigation and diagnosis and promptly allocates unresolved issues as appropriate. Assists with the development standards, and applies these to track, monitor, report, resolve or escalate issues. Contributes to creation of support documentation.

C1-8 Enterprise Architecture

Demonstrate understanding in Enterprise Architecture in the three components listed below:

1. Demonstrate understanding of enterprise architecture as the application of architecture principles and practices to guide organizations through the business, information, process, and technology changes necessary to execute their strategies.

BLOOM BTM=3

52

Ref (1)

Title (2)



2. Demonstrate understanding of enterprise analysis, design, planning, and implementation, using a holistic approach at all times, for the successful development and execution of strategy.

BLOOM BTM=3

3. Demonstrate the ability to utilize the various aspects of an enterprise to identify, motivate, and achieve these changes.

BLOOM BTM=3

53

4.7 C2- Process, Project and Change

BTM graduates will gain the foundations that enable them to help create well-designed business processes, well-managed projects, and support for the individuals and groups undergoing change.

Ref (1)

Title (2)



C2-1 Organizational Learning

Be able to explain the overall organizational learning and innovation process / life cycle, and its role in organizational success.

BLOOM BTM=2

C2-2 Project Management Project Management - demonstrate appropriate understanding of the Project Management Institute's Project Management Body of Knowledge (PMBOK)

(Two skills required) Skill (1) SFIA-PRMG=4 (Project management) Introduction to this skill: The management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilizing the necessary resources and skills, within agreed parameters of cost, timescales, and quality. Level: Level 4 Description: Defines, documents and carries out small projects or sub-projects (typically less than six months, with limited budget, limited interdependency with other projects, and no significant strategic impact), alone or with a small team, actively participating in all phases. Identifies, assesses and manages risks to the

http://www.pmi.org/Pages/default.aspx

http://www.pmi.org/Pages/default.aspx

http://www.pmi.org/Movies/4StandardsVideos/PMBOKonly.html

http://www.pmi.org/Movies/4StandardsVideos/PMBOKonly.html

54

Ref (1)

Title (2)



success of the project. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded.

Skill (2): SFIA-PROF=4 (Portfolio, Programme and Project Support) Introduction to this skill: The provision of support and guidance on portfolio, programme and project management processes, procedures, tools and techniques. Support includes definition of portfolios, programmes, and projects; advice on the development, production and maintenance of business cases; time, resource, cost and exception plans, and the use of related software tools. Tracking and reporting of programme/project progress and performance are also covered, as is the capability to facilitate all aspects of

55

Ref (1)

Title (2)



portfolio/programme/ project meetings, workshops and documentation. Level 4 Description: Takes responsibility for the provision of support services to projects. Uses and recommends project control solutions for planning, scheduling and tracking projects. Sets up and provides detailed guidance on project management software, procedures, processes, tools and techniques. Supports programme or project control boards, project assurance teams and quality review meetings. Provides basic guidance on individual project proposals. May be involved in aspects of supporting a programme by providing a cross programme view on risk, change, quality, finance or configuration management.

C2-3 Business Change Management

Demonstrate understanding and application of best practices in organizational IT change management.

SFIA-CHMG=3 (Change Management) Introduction to this skill: The management of change to the service infrastructure including service assets, configuration items and associated documentation. Change management uses requests for change (RFC) for standard or emergency changes, and changes due to incidents or problems to provide effective control and reduction of risk to the availability, performance, security and

56

Ref (1)

Title (2)



compliance of the business services impacted by the change. Level 3 Description: Develops, documents and implements changes based on requests for change. Applies change control procedures.

C2-4 Business Process Management

Demonstrate competence in process analysis and design using applicable knowledge areas from the International Institute of Business Analysis (IIBA) Business Analysis Body of Knowledge (BABOK).

(Two skills required) SFIA-BUAN=3 (Business analysis) Introduction to this skill: The methodical investigation, analysis, review and documentation of all or part of a business in terms of business functions and processes, the information used and the data on which the information is based. The definition of requirements for improving processes and systems, reducing their costs, enhancing their sustainability, and the quantification of potential business benefits. The collaborative creation and iteration of viable specifications and acceptance criteria in preparation for the deployment of information and communication systems. Level 3 Description: Investigates operational needs and problems, and opportunities, contributing to the recommendation of improvements in

57

Ref (1)

Title (2)



automated and non-automated components of new or changed processes and organization. Assists in defining acceptance tests for these recommendations. Skill (2) SFIA-BSMO=2 (Business modelling) Introduction to this skill: The production of abstract or distilled representations of real world, business or gaming situations in traditional or trans-media applications, to aid the communication and understanding of existing, conceptual or proposed scenarios. Predominantly focused around the representation of processes, roles, data, organization and time. Models may be used to represent a subject at varying levels of detail and decomposition. Level 2 Description: Understands the purpose and benefits of modelling. Uses established techniques as directed to model simple subject areas with clearly defined boundaries. May assist in more complex modelling activities. Develops models with input from subject matter experts and communicates the results back to them for review and confirmation.

58

Ref (1)

Title (2)



C2-4.1 Stakeholder Requirement Analysis

Demonstrate understanding of stakeholder requirements analysis.

BLOOM BTM=3

C2-4.2 Business Process Improvement

Describe business process improvement or re-engineering process

BLOOM BTM=3

C2-4.3 Business Process Design

Demonstrate understanding of Business Process notations/symbology – BPMN, UML

BLOOM BTM=3

C2-4.4 Quality Assurance Demonstrate understanding of quality assurance and testing, go-live, end of life, life cycle management, ticket management (help desk).

SFIA-QUAS=3 (Quality Assurance) Introduction to this skill: The process of ensuring that the agreed quality standards within an organization are adhered to and that best practice is promulgated throughout the organization. Level 4 Description: Uses appropriate methods and tools in the development, maintenance, control and distribution of quality and environmental standards. Makes technical changes to quality and environmental standards according to documented procedures. Distributes new and revised standards.

C2-4.5 New Process Implementation

Demonstrate understanding of new process implementation and maintenance.

SFIA-ORDI=5 (Organization design and implementation) Introduction to this skill: The design and implementation of an integrated organization structure, role profiles, culture, performance measurements, competencies and skills, to facilitate strategies

59

Ref (1)

Title (2)



for change and for training to enable the change. The identification of key attributes of the culture and the key principles and factors for addressing location strategy. Level 5 Description: Conducts business impact assessment to identify how the changes from the "as-is" processes, systems, and structures to the "to-be" processes, systems and structures impact specific organizations and roles. Outlines how the organization structure, jobs, teams and roles and staff development need to change to enable the future business processes. Aligns existing jobs/organizational structures to new processes.

C2.5 Knowledge Management

Be able to explain the importance of knowledge transfer, development, and dissemination for both explicit and tacit knowledge

BLOOM BTM=2

60

4.8 DS1- Foundation: Security Technical Foundation

These learning outcomes and competency standards are consistent with the requirements for the Certified Information Systems Security Professional (CISSP) certification path.

Ref (1)

Title (2)



DS1-1 Security Trends Exhibits an understanding of current and future security trends. Exhibits an understanding of how these trends might impact security policies, procedures, and business systems.

BLOOM BTM=1

DS1-2 Emerging Technology Exhibits an understanding of emerging technologies, their security impacts and methods (e.g. big data, machine learning, cloud computing, mobile, social media, robotics, Internet of Things)

BLOOM BTM =1

DS1-3 Enterprise Architecture

Exhibits an understanding of the role of security in the enterprise architecture as the application of architecture principles and practices to guide organizations through the business, information, process, and technology changes necessary to execute their strategies and produce secure solutions. Exhibits an understanding of the role of security in relation to these practices.

BLOOM BTM =1

DS1-4 Secure Solution Requirements

Exhibits an understanding of the security requirements for the business including network,communications ,custom software, and packaged software.

BLOOM BTM =1

61

Ref (1)

Title (2)



DS1-5 Software Development Security

Exhibits an understanding of the need for guidiance and direction with the security requirements for new software (e.g. off the shelf or built internally) that utilizes emerging technologies.

BLOOM BTM =1

DS1-6 Security Assessment and Testing

Exhibits an understanding of how to validate and verify security requirements through the quality assurance process.

BLOOM BTM =1

DS1-7 Information Security Exhibits an understanding of the data protection requirements for business intelligence data, decision support systems data, and data warehousing.

BLOOM BTM =1

DS1-8 Secure Infrastructure Lifecycle & Compliance

Exhibits an understanding of the infrastructure security requirements and audit compliance.

BLOOM BTM =1

DS1-9 Communications and Network Security

Exhibits an understanding of the infrastructure security requirements and audit compliance.

BLOOM BTM =1

DS1-10 Security and Compliance

Exhibits an understanding of the process to define and to enforce security compliance.

BLOOM BTM =1

DS1-11 Security Operations Exhibits an understanding of the security operational requirements in an IT business system. Exhibits an understanding of the compliance of security policies and operational procedures.

BLOOM BTM =1

DS1-12 Security Governance and Standards

Exhibits an understanding of security governance and standards.

BLOOM BTM =1

62

Ref (1)

Title (2)



DS1-13 Security Audit Exhibits an understanding of the risk-based assessment of the adequacy and integrity of controls in information processing systems, including hardware, software solutions, information management systems, security systems and tools, and communications technologies - both digital and physical.

BLOOM BTM =1

DS1-14 Social media Exhibits an understanding of how to use social media as a source of security threats . Exhibits an understanding of how to use social media to collect intelligence and anticipate threat types and provide solutions or mechanisms to minimize the impact.

BLOOM BTM =1

DS1-15 Digital Forensics Exhibits an understanding of how to use social media as a source of security threats . Exhibits an understanding of how to use social media to collect intelligence and anticipate threat types and provide solutions or mechanisms to minimize the impact.

BLOOM BTM =1

DS1-16 Basic Information Security Model and Risk Management

Exhibits an understanding of the components of the basic information security model, risk ,and the relationships between the elements of the basic information security model. Exhibits and understanding of the common classification of information security controls: assets; vulnerabilities; threats; controls.

BLOOM BTM =1

63

Ref (1)

Title (2)



DS1-17 Asset Security, Asset Identification and Characterization

Exhibits an understanding of the Importance of asset identification, asset types, asset characterization, asset sensitivity, asset criticality asset lifecycle, asset ownership, and operational responsibilities.

BLOOM BTM =1

DS1-18 Threats and vulnerabilities

Exhibits an understanding of the different threat models and threat actions. Exhibits an understanding of vulnerability concepts, vulnerability trends and vulnerability categories.moreover Exhibits an understanding of the releationship between threat ,vulnerability and risk

BLOOM BTM =1

DS1-19 Confidentiality, Integrity, Availability

Exhibits an understanding of confidentiality, integrity, availability.Exhibits an understanding of Repudiation & Authentication

BLOOM BTM =1

DS1-20 Encryption technologies

Exhibits an understanding of encryption technologies.

BLOOM BTM =1

DS1-21 Identity and Access Management

Exhibits an understanding of Identity management, access management, authentication, single sign-on, federation, etc.

BLOOM BTM =1

64

4.9 DS2- Management: Security Management

These learning outcomes and competency standards are consistent with the requirements for the Information Systems Security Management Professional (CISSP-ISSMP) certification path.

Ref (1)

Title (2)



DS2-1 Security Life Cycle Management

Demonstrates an understanding of management of and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

BLOOM BTM =3

DS2-2 Strategic Management

Demonstrates an understanding of the use of strategic management in managing the security life cycle.

BLOOM BTM =3

DS2-3 Business Value of Secure IT

Demonstrates an understanding of how to optimize the contributions of secure IT to competitive strategy, innovation, decision-making and operations in various sizes and types of organizations, industry sectors, processes and functions and how to balance security risk with business value.

BLOOM BTM =3

DS2-4 Security in relation to Business and Society

Be able to explain the current global geopolitical environment and its impact on digital security.

BLOOM BTM =2

65

Ref (1)

Title (2)



DS2-5 Security Management Demonstrates an understanding of the use of tactical management including crisis management, critical incidence response: plan, design, implement and respond. ITIL (Protect, detect, respond, recover – active security).

BLOOM BTM =3

DS2-6 Security Operational Management

Be able to explain the requirements to manage the operational security aspect on a day to day basis including social media listening, policies and procedures, audit, and security monitoring.

BLOOM BTM =2

DS2-7 Project Management Be able to explain the project management principles and methodologies and where it fits in the relationship with the security life cycle.

BLOOM BTM =2

DS2-8 Business Change Management

Demonstrates an understanding of how change management can be utilized to implement security changes and introduce new security practices.

BLOOM BTM =3

DS2-9 Stakeholder Management

Demonstrates an understanding of the impact of security on project stakeholders.

BLOOM BTM =3

DS2-10 Impact of Secure IT on People

Demonstrates an understanding of the individuals role with regards to securing IT and their role in creating a secuirity aware culture.

BLOOM BTM

DS2-11 Innovation Management

Demonstrates an understanding of the role of security in the innovation process.

BLOOM BTM =3

66

Ref (1)

Title (2)



DS2-12 Security Industry Economics

Demonstrates an understanding of the impact of security on the business structure, business value, offerings, and dynamics of the Canadian and international IT industries. This includes the economics of ICTs and specific subsectors (e.g., platform firms, traditional players, professional services, outsourcing, telecom).

BLOOM BTM =3

DS2-13 Security Function Economics

Demonstrates an understanding of the relationship between security and economics and governance of IT and the IT function within organizations, including securty's roles, structures, challenges, processes, economics, maturity and career paths.

BLOOM BTM =3

DS2-14 Security Role Demonstrates an understanding of the risks and mitigation strategies to business operations that can arise from the implementation of secure information and communications technologies (e.g. secure systems development, data security and privacy, business continuity, outsourcing, off-shoring and infrastructure).

BLOOM BTM =3

DS2-15 Security role in Procurement

Demonstrates an understanding of the choices and activities in procurement and management of purchased secure IT products and services.

BLOOM BTM =3

DS2-16 Supply Chain Management

Be able to explain the role of security on system integrations across enterprise in a supply chain relationship.

BLOOM BTM =2

67

Ref (1)

Title (2)



DS2-17 Business Process Design, New Process Implementation

Be able to explain the role of security in business process design and enhancement of any existing process. Demonstrate an understanding of the impact and implication of security on the new process implementation.

BLOOM BTM =2

DS2-18 Security Leadership and Management

Be able to explain the security management requiremements.

BLOOM BTM =2

68

4.10 DS3 - Legal: Privacy Laws & Regulations, Security Policies & Procedures

These learning outcomes and competency standards are consistent with the requirements for the Information Systems Security Management Professional (CISSP-ISSMP) certification path.

Ref (1)

Title (2)



DS3-1 Security Values Be able to understand the need to demonstrate: Honesty, trust and engagement, serving the interest of the organization that you work for, serving the needs and protecting your stakeholders.

BLOOM BTM =2

DS3-2 Professional Code of Conduct

Be able to explain the need for ethical requirements and obligations of a security professional.

BLOOM BTM =2

DS3-3 Security Interpersonal Relations

Demonstrate an understanding of the need to demonstrate proficiency in diplomacy and tact when working with individuals to communicate complex and sensitive security topics that have a broad impact.

BLOOM BTM =2

DS3-4 Security Creative Thinking

Be able to demonstrate the understanding of the need for creativity awareness: The ability to think in an orthogonal basis, and out of the box thinking to anticipate security threats.

BLOOM BTM =2

DS3-5 Risk Management Be able to explain the relevance of risk management to top management: IT Risk management frameworks; risk analysis - identification and assessment; risk management - mitigation, preparation and response.

BLOOM BTM =2

69

Ref (1)

Title (2)



DS3-6 Security Risk Be able to explain and evaluate the security risk implications to the business.

BLOOM BTM =2

DS3-7 Security Policies and Procedures

Be able to explain the impact of security policies and procedures on employee productivity and the business operation. Ability to understand security issues and to positively influence policies.

BLOOM BTM =2

DS3-8 Compliance and Guidelines

Be able to explain the difference between security and compliance requirements. Distinguish between policies, standards, and procedures. Understands the life cycle of a policy. Identify a set of policies considered “a must” for any organization.

BLOOM BTM =2

DS3-9 Privacy Be able to explain the federal and provincial privacy laws and requlations such as HIPPA and PIPEDA and their impact on IT operations within an enterprise. Ability to define privacy requirements and adherene of the privacy principles and be able to perform privacy impact assessments. Ability to understand privacy assessment findings and provide guidance on implementing recommended changes. Able to deal with privacy requests and compliants to comply with legal requirements.

BLOOM BTM =2

DS3-10 Legal Be able to explain the scope and authority of law and regulatory agencies overseeing aspects of information security and privacy and the various types of audits and breaches.

BLOOM BTM =2

70

Ref (1)

Title (2)



DS3-11 Incident Handling & Analysis

Be able to explain and Identify the major components of dealing with an incident. Be able to explain the incident handling life cycle. Be able to explain the process to prepare a basic policy outlining a methodology for the handling an incident. Be able to explain the incident to improve preparation for a similar incident in the future.

BLOOM BTM =2

71

5.0 National Occupational Standards

National Occupational Standards (NOS) are: Statements of the standards of performance individuals must achieve when carrying

out functions in the workplace, together with specifications of the underpinning knowledge and understanding

National because they can be used in every part of Canada Occupational because they describe the performance required of an individual when

carrying out functions in the workplace Standards because they are statements of effective performance which have been

agreed by a representative sample of employers and other key stakeholders The goal of the BTM-NOS is to define a set of occupational standards that exists in the BTM specialization field defined in this document, in particular the skills and competencies that practitioner need to perform successful in a particular occupations. The purpose of the NOS is to:

assist organizations in recruitment and HR planning; identify career path for employees and help to promote employee retention; help to educate students/parents and the public at large about BTM as a career.

The NOS also assisted in the development of BTM specialization programs that target

specific business requirements and allowed us to design learning outcomes and

competency standards for the specialist BTM programs.

Scope of the NOS Project

The scope of the BTM NOS project includes the following phases:

1. Review academic and industry research The research component consisted of a

review of a number of existing published NOS from other organizations. This

review was undertaken with four goals in mind. To obtain some clear notions of the

contents of comparable NOS’s, the methodology and processes used, the timing, and

results that other organizations set out to obtain at the various stages in their

development work.

2. Conduct multi-sector stakeholder consultation A formal process whereby

detailed information on the scope, general activities, related tasks and subtasks, as

well as skills and knowledge required to perform them was gathered and analysed

through research on the occupation and stakeholder consultations.

3. Select the set of priority occupations The selection of the priority occupations

was based on the research and analysis of the results of the stakeholder

consultation.

72

4. Develop, test, refine occupations Validated by broad group of representative

stakeholders. Comments received from the stakeholders during review and

validation were compiled and a revised final draft of the NOS was then produced.

5. Publish online report of research/consultation results, occupational

standards The NOS is now published and made available to the public.

6. Develop Learning Tools Development of NOS provided in-depth information of all

tasks performed by an individual in that occupation and guided the development of

the BTM Learning Outcomes and Competency Standards. By cross-referencing this

information with curricula or program courses offered in training program, it is

possible to assess the regional availability and to what extent specific tasks are

covered by these programs. Those not addressed through formal learning/training

can be identified and, through consultation with industry and training providers, the

need for specific learning can be defined.

Four occupational standards are represented in this section.

73

5.1 Security Manager/Officer

Occupational Standard (for use in the development of Business Technology Management related job descriptions,

performance evaluations, career development plans, educational learning outcomes etc.)

Description of Position Security Manager/Officers lead a multidisciplinary team of IT and

business professionals, who maintain security, develop and

deploy systems that are secure and resilient when attacked.

Manage vendors and negotiate contracts and build relationships

with stakeholders.

Position Development Advancement to Senior Security Director level positions is

possible through increase in project scope and size of team and

increase in business and technology domain knowledge. Increased

responsibility in leadership positions and management experience.

The career path will be determined by the size, type, geographic

scope, culture, and organizational structure of the firm offering

employment.

Required Qualifications (Education, Training, Related Work Experience)

Education Completion of post-secondary school in any of the following

areas: computer science, business administration, commerce or

engineering, business technology management, legal, finance.

Training Security Manager/Officer may require several years of on-the-job

training, management experience but typically organizations

require that the individual will already have the mandatory skills,

knowledge, work related experience, and/or training.

Related Work Experience Security Manager/Officers may require ten years of experience

information or business technology or business administration. At

least two year of security related experience.

Tasks

Security Manager/Officers some

or all of the following tasks: Plan, organize, direct, manage the activities related to

security domain

Review and approve security policies and procedures

Work with other departments and senior management to

provide security services and advice

Collaborate with staff, other departments, senior

management, decision makers, and other professionals /

associates (external to the organization) to share / provide

information (as appropriate), problem solve, and to clarify

management objectives

Consult with users, management, vendors, technicians,

and other professionals to discuss and assess business

technology security system requirements, specifications,

costs and timelines

74

Review and / or implement security project plans

Identify and articulate potential projects to deliver changes

and improvements to business system security

Produce analytics and metrics for business technology

systems

Establish key performance indicators, monitor on-going

performance, and improve performance against set

security goals

Develop and deliver presentations

Manage contractor and subcontractor activities, develop

performance specifications, and evaluate proposals to

assess project feasibility and requirements

Control the budget and expenditures of the department or

project

Stays informed of advancements in security, privacy, and

data protection and applies this knowledge within the

organization to improve security processes

Direct the hiring, training, supervision, mentoring,

coaching, and performance evaluations of direct reporting

staff

Tools and Technology

Security Software and general Computer Software and Hardware

and Business Technology Solutions (e.g., websites, mobile

applications, content management systems, collaborative

technologies, security administration tools, databases, database

user interface and query, electronic mail, word processing,

spreadsheet, and presentation, desk top and server software

components.

Required Competencies (Knowledge, Skills, Personal Attributes)

Knowledge Security Manager/Officers should have in depth knowledge of

business domain, security and privacy and data protection

standards and best practices, systems hardware, software,

electronics, telecommunications, administration and management.

English language (and other languages as applicable), legal,

privacy, risk, and compliance, human resources, and project

management. Technical knowledge and experience of network-

related system components and system administration.

Skills Security Manager/Officer should have the following skill sets:

negotiation, persuasiveness, interpersonal skills, political acumen,

analytical, reading comprehension, active listening, critical

thinking, complex problem solving, writing, coordination,

speaking, judgment and decision making, social perceptiveness,

service orientation, financial, communication, and time

management.

Personal Attributes (Abilities, Work Values, Work Styles)

75

Abilities The following abilities are important to the role of Security

Manager/Officer: organizational awareness, political acumen,

analytical, critical thinking, process and policy driven, inductive

and deductive reasoning, problem sensitivity, prioritization, oral

expression and comprehension, written comprehension and

expression.

Work Values Individuals who will succeed in this position:

lead by example and offer supportive management

seek and incorporate input from others;

empower employees to work independently; and

encourage employees to use their strongest abilities and

promote achievement and accomplishment

Work Styles The following work styles are attributable to a Security

Manager/Officer: leadership, integrity, analytical thinking,

dependability, attention to detail, cooperation, persistence, self-

control, initiative, innovation, concern for others, and adaptability

/ flexibility.

Essential Skills Profile Essential Skills are the skills needed for work, learning and life.

They provide the foundation for learning all other skills and

enable people to evolve with their jobs and adapt to workplace

change. For more detailed essential skills profiles please refer to

the ESDC website:

http://www.esdc.gc.ca/eng/jobs/les/index.shtml The Employment

and Social Development Canada (ESDC) Essential Skills Profiles

focused on occupations requiring a secondary school diploma or

less and on-the-job training. As such a formal Essential Skills

Profile for the occupation of Security Manager/Officer has not yet

been created by ESDC. The following section contains essential

skills information identified in existing occupational standards

and classified using the nine Essential Skills categories. Note that

the content is not associated with ESDC and the Essential Skills

Profiles.

76

5.2 Security Auditor



Description of Position Security Auditors plan, execute, and lead Information systems

audits. They inspect and evaluate corporate systems, processes,

procedures and security controls; produce reports to document

audit results, and make recommendations to address security

gaps.

Position Development Advancement to Security Officer/Manager level positions is

possible through increased business domain knowledge and

increased responsibility in leadership positions and management

experience.



employment.




engineering, business technology management, legal, finance.

Training Security Auditor may require several years of on-the-job training,

management training and consulting experience but typically

organizations require that the individual will already have the

mandatory skills, knowledge, work related experience, and/or

training.

Related Work Experience Security Auditors may require seven years of experience

information or business technology. Three years of experience in

security related discipline.

Tasks

Security Auditors some or all of

the following tasks: Examine systems, policies and procedures and access controls

Interviews system administrators, business users,

stakeholders, and business leaders to determine compliance

with system access.

Evaluate compliance with operational procedures around

privacy protection

Examine and audit security attributes for business systems and

determine compliance

Document observation and draft recommendations for

business management and approval

Provide audit report to business management and business

system managers




applications, content management systems, collaborative

77




components.


Knowledge Security Auditors should have in depth knowledge of at least two

business domains, security and privacy and data protection

standards and best practices, systems hardware, software,

electronics, telecommunications. English language (and other

languages as applicable), legal, privacy, risk, and compliance,

human resources, and project management. Technical knowledge

and experience of network-related system components and system

administration.

Skills Security Auditor should have the following skill sets:

interpersonal skills, political acumen, analytical, reading

comprehension, active listening, critical thinking, writing,

coordination, speaking, judgment and decision making, social

perceptiveness, service orientation, communication, and time

management.



Auditor: organizational awareness, political acumen, analytical,

critical thinking, process and policy driven, inductive and

deductive reasoning, prioritization, oral expression and

comprehension, written comprehension and expression.


Detailed oriented

Ability to identify issues and patterns

Ability to interact with diverse stakeholders

Ability to deal with ambiguity and complexity

Work Styles The following work styles are attributable to a Security Auditor:

analytical thinking, independent, persistent, and ability to meet

deadlines.





the ESDC website:





Profile for the occupation of Security Auditor has not yet been

created by ESDC. The following section contains essential skills

information identified in existing occupational standards and

78

classified using the nine Essential Skills categories. Note that the

content is not associated with ESDC and the Essential Skills

Profiles.

79

5.3 Security Consultant



Description of Position Security Consultants assess the business requirements and provide

a plan to address the security issues. Provide security advice and

recommendations around information security, privacy,

compliance, risks, data protection, and business solutions security.

Position Development Advancement to Security Auditor or Security Officer level

positions is possible through increased business domain

knowledge and increased responsibility in leadership positions

and management experience. The career path will be determined

by the size, type, geographic scope, culture, and organizational

structure of the firm offering employment.



areas:

computer science, business administration, commerce or

engineering, business technology management, legal.

Training Security Consultant may require several years of on-the-job

training, management training and consulting experience but

typically organizations require that the individual will already

have the mandatory skills, knowledge, work related experience,

and/or training.

Related Work Experience Security Consultants may require five years of experience

information or business technology. Two years of experience in

security related discipline.

Tasks

Security Consultants some or all

of the following tasks: Interviews stakeholders to determine the scope of the work.

Draft statement of work

Lead and implement security attributes for business systems

Conduct privacy assessments

Write recommendations for security related processes,

procedures, and systems.

Deal with security incidents by evaluating causes and course

of action

Perform root cause analysis

Conduct penetration testing and produce result reports




applications, Cloud, content management systems, collaborative



80


components.


Knowledge Security Consultants should have in depth knowledge of at least

one business domain, security and privacy standards and best

practices, systems hardware, software, electronics,

telecommunications. English language (and other languages as

applicable), legal, privacy, risk, and compliance, human

resources, and project management. Technical knowledge and

experience of network-related system components and system

administration.

Skills Security Consultant should have the following skill sets:

interpersonal skills, analytical, reading comprehension, active

listening, critical thinking, complex problem solving, writing,

coordination, speaking, judgment and decision making, social

perceptiveness, service orientation, communication, and time

management.



Consultant: problem sensitivity, planning and organizational,

political acumen, analytical, critical thinking, outside the box

thinking, adaptability, flexibility, inductive and deductive

reasoning, prioritization, oral expression and comprehension,

written comprehension and expression.


Collaborate with diverse stakeholders

Consensus building

Ability to deal with ambiguity and complexity

Work Styles The following work styles are attributable to a Security

Consultant: relationship building, analytical thinking,

cooperation, collaboration, and adaptability / flexibility, ability to

meet deadlines.





the ESDC website:





Profile for the occupation of Security Consultant has not yet been




81


Profiles.

5.4 Security Analyst



Description of Position Security Analysts write and document security requirements

based on the domain of the business and the technology that will

be used in the solution. Provide operational support for a variety

of security services and platforms and write policies and business

processes to administration and maintain the security integrity of

the system. Provide monitoring, analysis and response for security

incidents. Research, plan and execute counter-tactics to address

the latest security vulnerabilities, advisories and incidents

effecting enterprise solutions and systems

Position Development Advancement to security Auditor or security Consultant level

positions is possible through increased knowledge in business or

technology domain and increased responsibility in leadership

positions and consulting experience.



employment.




engineering, business technology management.

Training Security Analyst may require several years of on-the-job training

but typically organizations require that the individual will already

have the mandatory skills, knowledge, work related experience,

and/or training.

Related Work Experience Security Analysts may require two years of experience

information or business technology.

Tasks

Security Analysts some or all of

the following tasks: Interview the business and technology team to understand

their requirements

Review business requirements

Review the technical solution

Create or recommend modifying operational procedures

Document administration requirements including

authorization and authentication

Collaborate with legal and compliance to ensure the solution

will meet legal, privacy, and compliance requirements.


82

Computer Software and Hardware and Business Technology

Solutions (e.g., websites, mobile applications, content

management systems, collaborative technologies, security

administration tools, databases, database user interface and query,

electronic mail, word processing, spreadsheet, and presentation,

desk top and server software components.


Knowledge Security Analysts should have in depth knowledge of security

concepts and best practices, systems hardware, software,

electronics, and telecommunications. English language (and other

languages as applicable), legal, privacy, risk, and compliance, and

project management. Technical knowledge and experience of

network-related system components and system administration.

Skills Security Analyst should have the following skill sets: analytical,

reading comprehension, active listening, critical thinking,

complex problem solving, writing, coordination, speaking,

judgment and decision making, social perceptiveness, service

orientation, communication, and time management.



Analyst: analytical, critical thinking, outside the box thinking,

adaptability, flexibility, inductive and deductive reasoning,

prioritization, oral expression and comprehension, written

comprehension and expression.


Collaborate with diverse stakeholders

Consensus building

detailed oriented and thorough;

process oriented;

ability to deal with complexity

Work Styles The following work styles are attributable to a Security Analyst:

analytical thinking, dependability, attention to detail, cooperation,

collaboration, and adaptability / flexibility.





the ESDC website:





Profile for the occupation of Security Analyst has not yet been




83


Profiles.

Appendices

Appendix 1 – Creative Commons Attribution-NonCommercial-NoDerivatives

4.0 International Public License

By exercising the Licensed Rights (defined below), You accept and agree to be bound by the

terms and conditions of this Creative Commons Attribution-NonCommercial-NoDerivatives

4.0 International Public License ("Public License"). To the extent this Public License may be

interpreted as a contract, You are granted the Licensed Rights in consideration of Your

acceptance of these terms and conditions, and the Licensor grants You such rights in

consideration of benefits the Licensor receives from making the Licensed Material available

under these terms and conditions.

Section 1 – Definitions.

a. Adapted Material means material subject to Copyright and Similar Rights that is

derived from or based upon the Licensed Material and in which the Licensed Material is

translated, altered, arranged, transformed, or otherwise modified in a manner requiring

permission under the Copyright and Similar Rights held by the Licensor. For purposes of

this Public License, where the Licensed Material is a musical work, performance, or sound

recording, Adapted Material is always produced where the Licensed Material is synched in

timed relation with a moving image.

b. Copyright and Similar Rights means copyright and/or similar rights closely

related to copyright including, without limitation, performance, broadcast, sound

recording, and Sui Generis Database Rights, without regard to how the rights are labelled

or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-

(2) are not Copyright and Similar Rights.

c. Effective Technological Measures means those measures that, in the absence of

proper authority, may not be circumvented under laws fulfilling obligations under Article

11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar

international agreements.

d. Exceptions and Limitations means fair use, fair dealing, and/or any other

exception or limitation to Copyright and Similar Rights that applies to Your use of the

Licensed Material.

84

e. Licensed Material means the artistic or literary work, database, or other material

to which the Licensor applied this Public License.

f. Licensed Rights means the rights granted to You subject to the terms and

conditions of this Public License, which are limited to all Copyright and Similar Rights that

apply to Your use of the Licensed Material and that the Licensor has authority to license.

g. Licensor means the individual(s) or entity(ies) granting rights under this Public

License.

h. NonCommercial means not primarily intended for or directed towards commercial

advantage or monetary compensation. For purposes of this Public License, the exchange of

the Licensed Material for other material subject to Copyright and Similar Rights by digital

file-sharing or similar means is NonCommercial provided there is no payment of monetary

compensation in connection with the exchange.

i. Share means to provide material to the public by any means or process that

requires permission under the Licensed Rights, such as reproduction, public display, public

performance, distribution, dissemination, communication, or importation, and to make

material available to the public including in ways that members of the public may access

the material from a place and at a time individually chosen by them.

j. Sui Generis Database Rights means rights other than copyright resulting from

Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the

legal protection of databases, as amended and/or succeeded, as well as other essentially

equivalent rights anywhere in the world.

k. You means the individual or entity exercising the Licensed Rights under this Public

License. Your has a corresponding meaning.

Section 2 – Scope.

a. License grant.

1. Subject to the terms and conditions of this Public License, the Licensor hereby

grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable

license to exercise the Licensed Rights in the Licensed Material to:

A. reproduce and Share the Licensed Material, in whole or in part, for

NonCommercial purposes only; and

B. produce and reproduce, but not Share, Adapted Material for NonCommercial

purposes only.

85

2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions and

Limitations apply to Your use, this Public License does not apply, and You do not

need to comply with its terms and conditions.

3. Term. The term of this Public License is specified in Section 6(a).

4. Media and formats; technical modifications allowed. The Licensor authorizes You to

exercise the Licensed Rights in all media and formats whether now known or

hereafter created, and to make technical modifications necessary to do so. The

Licensor waives and/or agrees not to assert any right or authority to forbid You

from making technical modifications necessary to exercise the Licensed Rights,

including technical modifications necessary to circumvent Effective Technological

Measures. For purposes of this Public License, simply making modifications

authorized by this Section 2(a)(4) never produces Adapted Material.

5. Downstream recipients.

A. Offer from the Licensor – Licensed Material. Every recipient of the Licensed

Material automatically receives an offer from the Licensor to exercise the Licensed

Rights under the terms and conditions of this Public License.

B. No downstream restrictions. You may not offer or impose any additional or

different terms or conditions on, or apply any Effective Technological Measures to,

the Licensed Material if doing so restricts exercise of the Licensed Rights by any

recipient of the Licensed Material.

6. No endorsement. Nothing in this Public License constitutes or may be construed as

permission to assert or imply that You are, or that Your use of the Licensed Material

is, connected with, or sponsored, endorsed, or granted official status by, the

Licensor or others designated to receive attribution as provided in Section

3(a)(1)(A)(i).

b. Other rights.

1. Moral rights, such as the right of integrity, are not licensed under this Public License,

nor are publicity, privacy, and/or other similar personality rights; however, to the

extent possible, the Licensor waives and/or agrees not to assert any such rights held

by the Licensor to the limited extent necessary to allow You to exercise the Licensed

Rights, but not otherwise.

2. Patent and trademark rights are not licensed under this Public License.

3. To the extent possible, the Licensor waives any right to collect royalties from You

for the exercise of the Licensed Rights, whether directly or through a collecting

86

society under any voluntary or waivable statutory or compulsory licensing scheme.

In all other cases the Licensor expressly reserves any right to collect such royalties,

including when the Licensed Material is used other than for NonCommercial

purposes.

Section 3 – License Conditions.

Your exercise of the Licensed Rights is expressly made subject to the following conditions.

a. Attribution.

1. If You Share the Licensed Material, You must:

A. retain the following if it is supplied by the Licensor with the Licensed

Material:

i. identification of the creator(s) of the Licensed Material and any others

designated to receive attribution, in any reasonable manner requested by the Licensor

(including by pseudonym if designated);

ii. a copyright notice;

iii. a notice that refers to this Public License;

iv. a notice that refers to the disclaimer of warranties;

v. a URI or hyperlink to the Licensed Material to the extent reasonably

practicable;

B. indicate if You modified the Licensed Material and retain an indication of any

previous modifications; and

C. indicate the Licensed Material is licensed under this Public License, and

include the text of, or the URI or hyperlink to, this Public License.

For the avoidance of doubt, You do not have permission under this Public License to Share

Adapted Material.

2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based

on the medium, means, and context in which You Share the Licensed Material. For example,

it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource

that includes the required information.

3. If requested by the Licensor, You must remove any of the information required by

Section 3(a)(1)(A) to the extent reasonably practicable.

87

Section 4 – Sui Generis Database Rights.

Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of

the Licensed Material:

a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract,

reuse, reproduce, and Share all or a substantial portion of the contents of the

database for NonCommercial purposes only and provided You do not Share Adapted

Material;

b. if You include all or a substantial portion of the database contents in a

database in which You have Sui Generis Database Rights, then the database in which

You have Sui Generis Database Rights (but not its individual contents) is Adapted

Material; and

c. You must comply with the conditions in Section 3(a) if You Share all or a

substantial portion of the contents of the database.

For the avoidance of doubt, this Section 4 supplements and does not replace Your

obligations under this Public License where the Licensed Rights include other Copyright

and Similar Rights.

Section 5 – Disclaimer of Warranties and Limitation of Liability.

a. Unless otherwise separately undertaken by the Licensor, to the extent

possible, the Licensor offers the Licensed Material as-is and as-available, and makes

no representations or warranties of any kind concerning the Licensed Material,

whether express, implied, statutory, or other. This includes, without limitation,

warranties of title, merchantability, fitness for a particular purpose, non-

infringement, absence of latent or other defects, accuracy, or the presence or

absence of errors, whether or not known or discoverable. Where disclaimers of

warranties are not allowed in full or in part, this disclaimer may not apply to You.

b. To the extent possible, in no event will the Licensor be liable to You on any

legal theory (including, without limitation, negligence) or otherwise for any direct,

special, indirect, incidental, consequential, punitive, exemplary, or other losses,

costs, expenses, or damages arising out of this Public License or use of the Licensed

Material, even if the Licensor has been advised of the possibility of such losses,

costs, expenses, or damages. Where a limitation of liability is not allowed in full or in

part, this limitation may not apply to You.

88

c. The disclaimer of warranties and limitation of liability provided above shall

be interpreted in a manner that, to the extent possible, most closely approximates

an absolute disclaimer and waiver of all liability.

Section 6 – Term and Termination.

a. This Public License applies for the term of the Copyright and Similar Rights

licensed here. However, if You fail to comply with this Public License, then Your

rights under this Public License terminate automatically.

b. Where Your right to use the Licensed Material has terminated under Section

6(a), it reinstates:

1. automatically as of the date the violation is cured, provided it is cured within

30 days of Your discovery of the violation; or

2. upon express reinstatement by the Licensor.

For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor

may have to seek remedies for Your violations of this Public License.

c. For the avoidance of doubt, the Licensor may also offer the Licensed Material

under separate terms or conditions or stop distributing the Licensed Material at any

time; however, doing so will not terminate this Public License.

d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.

Section 7 – Other Terms and Conditions.

a. The Licensor shall not be bound by any additional or different terms or

conditions communicated by You unless expressly agreed.

b. Any arrangements, understandings, or agreements regarding the Licensed

Material not stated herein are separate from and independent of the terms and

conditions of this Public License.

Section 8 – Interpretation.

a. For the avoidance of doubt, this Public License does not, and shall not be

interpreted to, reduce, limit, restrict, or impose conditions on any use of the

Licensed Material that could lawfully be made without permission under this Public

License.

b. To the extent possible, if any provision of this Public License is deemed

unenforceable, it shall be automatically reformed to the minimum extent necessary

89

to make it enforceable. If the provision cannot be reformed, it shall be severed from

this Public License without affecting the enforceability of the remaining terms and

conditions.

c. No term or condition of this Public License will be waived and no failure to

comply consented to unless expressly agreed to by the Licensor.

d. Nothing in this Public License constitutes or may be interpreted as a limitation

upon, or waiver of, any privileges and immunities that apply to the Licensor or You,

including from the legal processes of any jurisdiction or authority

90

Appendix 2 - Definitions

Unless defined otherwise, the following key terms and their definitions are used throughout the document.

Learning Outcome

A learning outcome specifies what learners’ new behaviours will be after a learning experience: the knowledge, skills, and aptitudes that the students will gain. A learning outcome begins with an action verb and describes something observable or measurable.

Bloom’s Taxonomy

Traditional Bloom’s Taxonomy: Remembering: Retrieving, recognizing, and recalling

relevant knowledge from long-term memory. Understanding: Constructing meaning from oral, written,

and graphic messages through interpreting, exemplifying, classifying, summarizing, inferring, comparing, and explaining.

Applying: Carrying out or using a procedure through executing, or implementing.

Analysing: Breaking material into constituent parts, determining how the parts relate to one another and to an overall structure or purpose through differentiating, organizing, and attributing.

Evaluating: Making judgments based on criteria and standards through checking and critiquing.

Creating: Putting elements together to form a coherent or functional whole; reorganizing elements into a new pattern or structure through generating, planning, or producing.

For the BTM, Bloom’s taxonomy has been simplified so it has 4 levels:

Level 1: Remembering and Understanding. Learning outcomes at this level starts with “Exhibit an understanding of…”

Level 2: Applying. Learning outcomes at this level start with “Be able to explain…”

Level 3: Analysing and Evaluating. Learning outcomes at this level start with “Demonstrate understanding of…” or “Describe…”

Level 4: Creating. Learning outcomes at this level start with “Demonstrate the ability to…”

91

Competency Standard

A competency standard is a description of the employers’ requirements for a BTM graduate’s level of competency for a learning outcome. Defining competency standards for each learning outcome has the following objectives and benefits:

Students need to reach minimum levels of competency to: o Be qualified for and benefit from co-op and other

work experience during the program o Be hireable upon graduation into full time positions

Employers clearly understand the minimum level of competency BTM graduates will have in each learning outcome.

Educators clearly understand the level of competency that must be achieved.

Competency Standards used in this document are drawn from recognized industry and professional bodies. These include:

Skills Framework for Information Age Version 4 (SFIA) published by the SFIA Foundation (publicly available)

Project Management Institute (PMI) Career Framework for Organizations (Version at www.pmi.org as of July 2009) which includes: the Project Manager Competency Development Framework (PMCDF) Second Edition (must be a PMI member to download, hard copy available for purchase), and PMI PathPro Job Ladders (must be a PMI member to access). The Project Management Body of Knowledge 4th Edition (PMBOK®) is referenced extensively in these documents. A Guide to the Project Management Body of Knowledge 4th Edition (PMBOK® Guide) is also a useful reference.

International Institute of Business Analysis (IIBA) Business Analyst Career Ladder (Version at www.theiiba.org as of July 2009) (must be a IIBA member to download). The Business Analysis Body of Knowledge version 2.0 (BABOK®) is referenced in this document.

Management Standards Centre (MSC)1, (part of the Chartered Management Institute) National Occupational Standards (NOS) for Management and Leadership 2008 Edition (publicly available, printed copy available for purchase)

1 “The Standards Setting Body for Management and Leadership”

http://www.sfia.org.uk/

http://www.pmi.org/

http://www.pmi.org/Marketplace/Pages/ProductDetail.aspx?GMProduct=00101024401


https://pathpro.pmi.org/

http://www.pmi.org/GetInvolved/Pages/PMBOK-Guide-Digital-Edition.aspx

http://www.pmi.org/GetInvolved/Pages/PMBOK-Guide-Digital-Edition.aspx




http://www.theiiba.org/

http://www.theiiba.org/AM/Template.cfm?Section=Roles&Template=/CM/HTMLDisplay.cfm&ContentID=4204



http://www.management-standards.org/

http://www.managers.org.uk/

http://www.management-standards.org/content_1.aspx?id=10:5406&id=10:1917



92

Competencies

A competency level refers to the level of proficiency required or exhibited of a skill. The same skill may be acquired, employed, or required at quite differing levels of competency. For example, communication skills may be a requirement for most entry-level jobs as well as at the Executive levels; however, the amount of communication proficiency needed at these two levels may be quite different.

93

Appendix 3 - BTM Competency Expectations

BTM graduates must demonstrate that 3 elements of learning have taken place: theories/best practices have been taught, students have received feedback, and students have reflected and improved.

BTM graduates will demonstrate competency in:

1. Knowing. For all learning outcomes students must be able to define, discuss, compare and use applicable concepts analytically.

2. Doing. For some learning outcomes, students must be able to demonstrate the ability to use their knowledge and skills in a practical way. Students demonstrate “doing” when they can use knowledge to create a practical artifact (e.g., business process model, project plan, data model, business case).

Employers understand that many of these “doing” competency standards cannot be fully achieved in a purely classroom situation. BTM programs will require support from employers if these standards are to be reliably achieved.

The BTM draws on existing competency models defined by recognized professional standards bodies and/or leading academics `in the field of learning.

For learning outcomes that only have knowing requirements, the competency standard uses a summarized version of Bloom’s taxonomy2 of levels of learning. Outcomes that have a doing competency requirement draw on higher levels of blooms combined with recognized industry professional standards. More detail about these competency levels is discussed in the following section.

2 An introduction to Bloom’s original taxonomy can be found here. A second reference, located here, introduces the

updates to Blooms original taxonomy proposed in the 1990s.

http://en.wikipedia.org/wiki/Taxonomy_of_Educational_Objectives

http://projects.coe.uga.edu/epltt/index.php?title=Bloom%27s_Taxonomy

94

Appendix 4 - Revised Bloom’s Taxonomy

BTM professionals will demonstrate competencies in “Knowing”. For all learning outcomes, students must be able to define, discuss, compare, and use applicable concepts analytically to demonstrate their knowledge. In this document, a BTM revised Bloom’s taxonomy (represented by the code BLOOM) containing 4 levels is used, instead of the traditional 6 levels found in the original Bloom’s taxonomy to describe the various levels of knowledge competencies expected of BTM CE professionals. Table 3 shows the BTM revised Bloom.

Table 3: BTM Revised Blooms Taxonomy

Blooms Original BTM Revised

Taxonomy Level Description Taxonomy Level Description.

Learning

outcomes

begins with…

Remembering 1 Retrieving, recognizing, and recalling relevant knowledge from long-term memory.

Remember and Understanding

1 Exhibit an understanding of…

Understanding 2 Constructing meaning from oral, written, and graphic messages through interpreting, exemplifying, classifying, summarizing, inferring, comparing, and explaining.

Applying 3 Carrying out or using a procedure through executing, or implementing.

Applying 2 Be able to explain…

Analysing 4 Breaking material into constituent parts, determining how the parts relate to one another and to an overall structure or purpose through differentiating, organizing, and attributing.

Analysing and Evaluating

3 Demonstrate understanding of… OR Describe…

Evaluating 5 Making judgments based on criteria and standards through checking and critiquing.

Creating 6 Putting elements together to form a coherent or functional whole; reorganizing elements into a new pattern or structure through generating, planning, or producing.

Creating 4 Demonstrate the ability to…

95

Appendix 5 - Industry Recognized Competency Frameworks

BTM CE professionals are expected to demonstrate competency in “Doing”. They must demonstrate the ability to use their knowledge and skills in practical ways through creating artefacts (e.g. a business process model, project plan, data model, business case). BTM Learning Outcomes are matched to industry recognized competency Frameworks represented by Industry Codes (A), specific competencies within this framework (B), and an expected level of competency (C) that the professional must demonstrate.

Industry Recognized Framework (A). Six industry-recognized frameworks are used

throughout this document. Table 4 describes them. Each industry framework is

represented by an industry code. For instance, SFIA represents the Skills

Framework for Information Age.

Competency Code (B). Various competency areas are described within a given

competency framework. For instance ITMG is a reference code to represent

competency in IT Management within the Skills Framework for Information Age

(SFIA). More information about the different competency codes can be found on the

websites of the different Industrial frameworks.

Competency Level (C). A Competency Level describes the levels of competencies

within a specific Competency code.

Industry

Recognized

Competency

Framework.

Institution Industry

Code (A)

Competency Code (Sample) (B)

Competency

Levels (C)

1 Skills Framework for Information Age Version 6

SFIA Foundation3 SFIA FMIT (Financial Management) ITMG (IT Management)

Levels 1 to 7

2 PMI Career Framework for Organizations (CFO) Project Manager Competency Development Framework (PMCFD) PMI PathPro Job Ladders

Project Management Institute4

PMI N/A N/A

3 http://www.sfia-online.org/en 4 http://www.pmi.org/

96

Industry

Recognized

Competency

Framework.

Institution Industry

Code (A)

Competency Code (Sample) (B)

Competency

Levels (C)

Project Management Body of Knowledge (PMBOK)

3 Business Analysis Body of Knowledge (BABOK)

International Institute of Business Analysis

BABOK N/A N/A

4 National Occupational Standards for Management and Leadership

Management Standard Center (MSC)

MSC AI CS

N/A

5 Blooms Taxonomy Blooms Taxonomy

BLOOM N/A 1 to 4

Table 4: Industry Recognized Competency Standards

To create a BTM competency standard an Industry Code (A) is combined with a Competency Code (B) and a Competency Level (C). For instance, the BTM competency Standard: “SFIA-PRMG=4” suggests that the CE professional must demonstrate a competency level of 4 within the Project Management Competency area of the SFIA Industry Recognized Framework.

97

Appendix 6 - Details and background on Competency Standards

Defining competency standards vs. providing guidance The definition of the BTM is forward looking, and ITAC wanted to leverage professional competency models as fully as possible to describe competency requirements in version 1.0 of the BTM.

However, some professional models are not yet mature enough to provide a competency standard whose achievement can be tested and measured.

We have used these less mature models to provide guidance – i.e. the model, in general terms, is directionally aligned with employer needs but lacks sufficient detail to be used to set a specific competency standard.

Later versions of the BTM learning outcomes and competency standards will use improved versions of the professional bodies’ models as these become available.

Overview of professional body models 1. SFIA. Provides the largest number of “doing” competency standards, mostly in the

Technology knowledge area.

A later version of the learning outcomes may use a Canadian equivalent5 should one become available.

For specific learning outcomes, specific SFIA skills are referenced for guidance.

2. PMI. PMI competency models are not used to define specific competency standards for individual learning outcomes. This is because they are built from the perspective of a certified project manager (i.e. an individual holding the PMP designation) – above the expected maturity of competency of a BTM graduate.

The PMI does have a junior certification, the Certified Associate in Project Management (CAPM). The CAPM certification demonstrates an understanding of the fundamental knowledge, processes and terminology of project management (see PMBOK and PMBOK Guide) that are needed for effective project management performance. CAPM is a standard that BTM graduates can realistically attain.

5 Three approaches to defining maturity of competency are currently taken by industry bodies:

Skill by skill (e.g. the UK based – SFIA and MSC)

Role by role (e.g. the Canadian based Information and Communications Technology Council - ICTC ICT

Competency Profiles Framework

Discipline by discipline (e.g. the UK based e-skills PROCOM. Built on IT professional National

Occupational Standards, PROCOM defines knowledge, understanding and competencies for seven broad

disciplines (and their sub-disciplines) at five levels of progression, incorporating technical, business and

personal skills. e-skills PROCOM Overview and Diagram

The skill by skill approach has been found to be more flexible and maintainable by the professional bodies

themselves, and most have plans to move in this direction, if they don’t already take this approach. Further, from a

BTM perspective, it is much easier to map skills, rather than the positions (aka rungs on the career ladders) to

individual learning outcomes. For this reason skill by skill models from elsewhere are being used to define the

competency standards at this time, even if a Canadian model exists covering the same professional domain.

http://www.pmi.org/CareerDevelopment/Pages/AboutCredentialsCAPM.aspx

http://www.pmi.org/CareerDevelopment/Pages/AboutCredentialsCAPM.aspx

http://www.ictc-ctic.ca/

http://www.ictc-ctic.ca/en/Content.aspx?id=2178

http://www.ictc-ctic.ca/en/Content.aspx?id=2178

http://www.e-skills.com/

http://http/www.e-skills.com/e-skills-procom-consultation/Model-overview-and-diagram/2251

98

We recommend that BTM students who have an interest in project management write the CAPM examination during their final year of study. This will illustrate their commitment to the project management to potential employers.

CAPM spans multiple learning outcomes in the Personal and Interpersonal, Process, Projects and Change and Integrative Knowledge areas. PMI-CAPM is indicated on the applicable learning outcomes.

The following PMI documents / sections of documents have been consulted for BTM learning outcomes and competency standards:

PMBOK and PMBOK Guide

PMCDF (especially chapters 2 and 3 that define professional and personal competency requirements for project management)

PMI PathPro Job Ladder Title Project Manager I (the most junior level)

These PMI documents span the same learning outcomes as CAPM. As guidance PMI-PMCDF, PMI-BABOK, and PMI-Project Manager I is indicated on the applicable learning outcomes.

3. IIBA. At this time the IIBA Career Ladder does not define specific competency standards.

However, the IIBA Business Analysis Body of Knowledge (BABOK) in general, the BABOK Chapter 8 - Underlying Competencies, and the definition of the Business Analysis role (the most junior) on the Business Analysis Career ladder have been consulted during the development of the learning outcome and competency standards.

We strongly recommenced these be consulted for guidance on the meaning of, and competency requirements for the relevant learning outcomes.

As the IIBA Career Ladder and associated skills and competency models mature, subsequent versions of BTM learning outcomes will define competency standards based on these refined models.

4. MSC. Used to define “doing” competency standards in the Personal and Interpersonal and Integrative knowledge areas.

A later version of the learning outcomes may use a Canadian equivalent should one become available.

The National Occupational Standards (NOS) for Management and Leadership has been consulted during the development of the learning outcomes and competency standards. We recommenced this be consulted for guidance on the meaning of, and competency requirements for the relevant learning outcomes.

Details of Professional Bodies’ Models use to Define Competency Standards The following describes, for those professional bodies whose models are used to define competency standards (not guidance), how each model is specifically used.

Skills Framework for the Information Age The SFIA model defines 7 skill levels and provides detailed descriptions of the applicable skill levels for each of approximately 100 skills grouped into 6 categories. 20 of these skills, from all 6 of the categories, are used to define competency standards.

99

The skill level selected to define the competency standard varies by skill – but is always towards the junior end of the 7 levels (e.g. 2 – assist, 3 – apply, 4 – enable).

For a learning outcome with a SFIA related competency standard the SFIA 4 character skill code (e.g. DTAN for Data Analysis, PROG for Programming) is quoted along with the required skill level number.

For example SFIA-BSMO=3 should be taken to mean that competence in a learning outcome can be demonstrated by achieving level 3 (Apply) of the SFIA framework in Business Modelling (BSMO).

Management Standards Centre The MSC National Occupational Standards (NOS) model defines 6 broad skill sets (from junior to senior) and provides detailed descriptions of the applicable skill sets for each of approximately 74 skills (known as units). 5 of these skills are used to define competency standards.

The skill level selected to define the BTM competency standard varies – but is always towards the junior end of the 6 broad skills sets (e.g. 1 – Team Leader or 2 – First Line Manager).

For a learning outcome with a MSC NOS related competency standard the NOS 2 character skill code (e.g. A1 for Manage Your Own Resources) is quoted along with the required skill set (e.g. TL for Team leader, or FL for First Line Manager).

For example MSC-A1=TL should be taken to mean that competence in a learning outcome can be demonstrated by achieving Team Leader of the MSC NOS skill Manage Your Own Resources (A1).

100

Appendix 7 - Profile of BTM Graduates

BTM graduates must demonstrate a set of competency standards upon completion of any program leading to their desired credential. Defined by representatives of industry and education professionals, competency standards which are linked to learning outcomes and delivered through continuing education programs are framed using recognized industry standards such as the Skills Framework for Information Age (SFIA), the Management Standards Center’s (MSC) National Occupational Standards, and the BTM revised version of Bloom’s taxonomy (See Appendix 2). Upon graduation, BTM graduates are expected to demonstrate competency at different levels of the SFIA’s 7-Level Generic Levels of Responsibilities and Skills (See Figure 3). Consistent with BTM, SFIA’s levels of responsibility and skills6 are used to:

1. To provide generic levels of responsibility, with descriptions at each of the seven levels for the following attributes: AUTONOMY · INFLUENCE · COMPLEXITY · BUSINESS SKILLS

2. To reflect experience and competency levels within SFIA. The definitions describe the behaviours, values, knowledge and characteristics that an individual should have in order to be identified as competent at that level. Each level has a guiding word or phrase that acts as a brief indicator: FOLLOW · ASSIST · APPLY · ENABLE · ENSURE, ADVISE · INITIATE, INFLUENCE · SET STRATEGY, INSPIRE, MOBILISE

Figure 3: SFIA 7-Point Generic Levels of Responsibilities and Skills

6 SFIA 6: The Complete Reference Guide. Available from the SFIA site.

101

Graduates from programs defined around the BTM Baccalaureate are expected to demonstrate responsibilities and skills at the SFIA Level 4 (Enable). Graduates from programs defined around the BTM Certificate are expected to demonstrate responsibilities and skills at the SFIA Level 5 (Ensure, Advise), and graduates from BTM Master’s programs are expected to demonstrate responsibilities and skills at the SFIA Level 6 (Initiate, Influence). Table 3 below represents the different levels of SFIA Competencies and Skills expected from BTM graduates.

Academic Program

BTM Baccalaureate BTM Certificate BTM Master’s

SFIA Level SFIA Level 4 SFIA Level 5 SFIA Level 6 Attributes Description Description Description Autonomy Works under general direction

within a clear framework of accountability. Exercises substantial personal responsibility and autonomy. Plans own work to meet given objectives and processes.

Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.

Has defined authority and accountability for actions and decisions within a significant area of work, including technical, financial and quality aspects. Establishes organisational objectives and assigns responsibilities

Influence Influences customers, suppliers and partners at account level. May have some responsibility for the work of others and for the allocation of resources. Participates in external activities related to own specialism. Makes decisions which influence the success of projects and team objectives.

Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments.

Influences policy and strategy formation. Initiates influential relationships with internal and external customers, suppliers and partners at senior management level, including industry leaders. Makes decisions which impact the work of employing organisations, achievement of organisational objectives and financial performance.

Complexity Work includes a broad range of complex technical or professional activities, in a variety of contexts. Investigates, defines and resolves complex issues.

Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of

Has a broad business understanding and deep understanding of own specialism(s). Performs highly complex work activities covering technical, financial and quality aspects. Contributes to the implementation of policy and strategy.

102

Academic Program

BTM Baccalaureate BTM Certificate BTM Master’s

contexts. Understands the relationship between own specialism and wider customer/organisational requirements.

Creatively applies a wide range of technical and/or management principles.

Business Skills

Selects appropriately from applicable standards, methods, tools and applications. Communicates fluently, orally and in writing, and can present complex information to both technical and non-technical audiences. Facilitates collaboration between stakeholders who share common objectives. Plans, schedules and monitors work to meet time and quality targets. Rapidly absorbs new information and applies it effectively. Maintains an awareness of developing technologies and their application and takes some responsibility for driving own development.

Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives. Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Assesses and evaluates risk. Communicates effectively, both formally and informally. Demonstrates leadership. Facilitates collaboration between stakeholders who have diverse objectives. Takes all requirements into account when making proposals. Takes initiative to keep skills up to date. Mentors colleagues. Maintains an awareness of developments in the industry. Analyses requirements and advises on scope and options for continuous operational improvement. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder.

Absorbs complex information and communicates effectively at all levels to both technical and non-technical audiences. Manages and mitigates risk. Understands the implications of new technologies. Demonstrates clear leadership. Understands and communicates industry developments, and the role and impact of technology in the employing organisation. Promotes compliance with relevant legislation. Takes the initiative to keep both own and colleagues' skills up to date.

Table 5: SFIA Level 5 Attributes

103

As Canada’s national ICT business association, ITAC champions the development of a robust and sustainable digital economy in Canada. A vital connection between business and government, we provide our members with the advocacy, networking and professional development services that help them to thrive nationally and compete globally. A prominent advocate for the expansion of Canada’s innovative capacity, ITAC encourages technology adoption to capitalize on productivity and performance opportunities across all sectors. A member-driven not-for-profit, ITAC has served as the authoritative national voice of the $150 billion ICT industry for 60 years. For more information about ITAC visit www.itac.ca

Contact Us

For more information contact us.

ITAC 5090 Explorer Drive

Suite 801 Mississauga, Ontario

L4W 4T9 Tel: 905-602-8345 [email protected]

http://www.itac.ca/

mailto:[email protected]

Documents

digital security - ITAC Talentitactalent.ca/.../2016/03/...in-Digital-Security.pdf · Digital Security permeates multiple sectors across multiple positions. Digital security graduates