Tag: NIST

Categories
Cybersecurity NIST

Adapting Technical Writing Skills to Evolving Cybersecurity Fields

Technical writers by their very nature excel at research, organization, and communication. Cybersecurity documentation includes all of these aspects. The main directives of the National Institute of Standards and Technology (NIST) are to “identify, protect, detect, respond, and recover and aid organizations in their effort to spot, manage, and counter cybersecurity events promptly.”

I was first introduced to the NIST framework on a freelance assignment with a cybersecurity agency. I spent the next two years working with them and their clients to document the assessment process. I found the framework interesting because it could be customized based on the organization, and depending on the company, the depth of adherence depends on how strict the company wished to be with the control standards. It was that flexibility and opportunity to find the weaknesses and then create a plan to remediate those deficiencies that appealed to a documentation specialist.

Tapping into a technical writer’s innate abilities to research, organize, and communicate information, writing around this framework is a natural fit. The assessment process began with the engineer’s evaluation of internal systems and concluded with interviews to document the findings. At this point, the technical writer provides a report from the meetings for remediation steps, and any subsequent documentation (incident response, risk assessment, disaster recovery, etc.). Technical writers act as a bridge between technical experts and non-technical stakeholders, ensuring that security policies, procedures, and risks are clearly communicated.

Processes always involve documentation. Usually, policies and procedures that include complex concepts, protocols, and technologies. Additionally, it requires that each control be broken down into clear, understandable instructions. The complexity of this information requires tailoring content to different audiences, whether they are IT professionals, management, or end-users.

As a technical writer, I find assessments and cybersecurity fascinating because they are rapidly evolving fields. These fields require a documenter to learn at the same pace as well as understand the new tools and technologies which will ensure that documentation is relevant and accurate. Those with extensive experience in the technical writing fields see this constant evolution as a great challenge since they have strong research skills and can keep content current with the latest threats, technologies, and best practices.