Skip to Content

Enterprise Security Competency Model

The Employment and Training Administration (ETA) collaborated with technical and subject matter experts from education, business, and industry to develop a comprehensive competency model for the Enterprise Security Industry. The model is designed as a resource supporting workforce development efforts to prepare the security workers that fulfill critical roles in the protection of national and global economies, providing a multitude of career opportunities ranging from managers and directors of enterprise security to intelligence analysts and chief security officers with major multinational corporations.

The Apollo Education Group and University of Phoenix developed the model and validated it in partnership with the ASIS Foundation. The ASIS International Chief Security Officer (CSO) Roundtable Leadership and Development Committee provided input and conducted with Apollo Education Group and the ASIS Foundation a series of validation sessions that included international delegates, subject matter experts and sessions with Bridge School of Management in New Delhi, India. The ASIS Foundation will continue to ensure that the model evolves to accommodate changing skill requirements.

ASIS Foundation Logo      

Apollo Education Group Logo     

University of Phoenix Logo

Scroll down to view the industry model selected. OR Click on the left menu bar to select another model.

Download the industry model and worksheets in several formats  Download Image

Enterprise Security Competency Model


Enterprise Security Building Blocks Pyramid

Interpersonal Skills and Teamwork Displaying skills to work with others from diverse backgrounds. Integrity Displaying accepted social and work behaviors. Professionalism Maintaining a professional demeanor at work. Initiative Demonstrating a willingness to work. Adaptability and Flexibility Displaying the capability to adapt to new, different, or changing requirements. Dependability and Reliability Displaying responsible behaviors at work. Lifelong Learning Displaying a willingness to learn and apply new knowledge and skills. Security Fundamentals Understands and can apply basic security principles to the security of the enterprise or a specific structure, system or process. Business Foundations Understand basic business principles, trends, and economics. Critical and Analytical Thinking Using logic, reasoning, and analysis to address problems. Communication Giving full attention to what others are saying, and communicating in English well enough to be understood by others. Reading & Writing Understanding written sentences and paragraphs in work-related documents.  Using standard English to compile information and prepare written reports. STEM Literacy (Science, Technology, Engineering, Mathematics) Understand and apply science, technology, engineering and mathematics to work within individual roles and responsibilities and in collaborating with allied workers Teamwork Working cooperatively with others to complete work assignments. Planning and Organizing Planning and prioritizing work to manage time effectively and accomplish assigned tasks. Innovative Strategic Thinking Generating innovative and creative solutions. Problem Solving and Decision Making Applying critical-thinking skills to solve problems by generating, evaluating, and implementing solutions. Working with Tools and Technology Selecting, using, and maintaining tools and technology to facilitate work activity. Business Acumen Understand basic business principles, trends, and economics. Risk Management Demonstrate ability to identify threats/risks and vulnerabilities taking into account the frequency, probability, speed of development, severity and reputational impact to achieve a holistic view of risk across the entity Compliance & Legal Aspects Develop and maintain security policies, procedures and practices that comply with relevant elements of criminal, civil, administrative and regulatory law to minimize adverse legal consequences Personnel Security & Business Continuity Develop, implement and manage systems and security practices that protect people and practices to ensure enterprise continuity and risk resilience Physical Security Measures that are designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm, involving the use of multiple layers of interdependent systems and techniques Cyber/Information Security The practice of protecting physical and electronic information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction Crisis Management The process by which an enterprise deals with a critical incident or major event that threatens to harm the organization, its property, assets, systems, continuity and or people Investigations The methodology the enterprise undertakes to collect and preserve information in reports to enable the enterprise to make reliable decisions in response to situations effectively interface with all stakeholders. Case Management A system to manage, analyze, report and present findings from investigations for internal enterprise stakeholders and external systems. Globalization & Cultural Awareness Integrating cultures and global dynamics into security systems, metrics and responses. Governance Specialty areas providing leadership, management, direction, and or development and advocacy so that individual and organization may effetely conduct security work. Loss Prevention Is a set of practices employed by retail companies and other corporate sectors reducing preventable losses and secure corporate systems, policies and procedures to mitigate losses caused by deliberate or inadvertent human actions. Banking and Financial Services Is a specialized security field including retail banking, mortgage, credit/debit cards, internet banking, commercial and consumer lending to stock brokerages, insurance companies, and other financial institutions requiring a sophisticated application of various regulatory agencies. Engineering & Design Is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. Government Services Government/industrial security professionals provide a variety of services from the protection of classified information in accordance with the National Industrial Security Program (NISP) to the protection of buildings, people and assets. Hospitality & Entertainment Security specialists operate in the hospitality, hotel, lodging, entertainment, event and gaming applying risk and personnel management, budgeting and finance, and a host of other areas in this specialized security segment. Healthcare Security in the healthcare industry involves in a work environment oriented toward patient protection and service, and may also include safety and community emergency management, supply chain security, pharmaceutical security and other areas of specialization. Manufacturing The security of manufacturing and industrial, as well as food and beverage production and processing and warehouse and distribution, facilities and operations includes industry specific risks and security risks. Services Sales, Equipment Is a specialized area of security-related products and services have resulting from emerging threats and evolving high technology. Transportation Specialized security segment that includes shipping, carrying, railroads, highways, freight, trucking, tourism, air cargo, ports, and other transportation domains with unit standards for security within the industry. Utilities Utilities refers to the security operations within telecommunications, water, electric, and nuclear power plants and related private corporations. Even though sources of power differ, there are common facilities to all utility operations. Click here to search for O*NET Occupational Competencies Profiles