Competency Category:
Competency Series:

9.2 – Respond to Cybersecurity Breaches

Purpose & Context

Career Development Professionals (CDPs) report suspicious events or unusual activity when using organizational IT systems to a designated authority to determine if the incident is indicative of a security breach. A breach of security of safeguards involving personal information might result in potential harm to individuals whose personal information might have been accessed.All security breaches of personal information must be reported in compliance with data breach regulations. Affected individuals must be informed of situation as soon as possible, informed of what steps are being taken to reduce the risk of harm, and given guidance on actions required to mitigate possible further harm.

Effective Performance

Competent career development professionals must be able to:

  • P1. Recognize possible security incident, for example:
    • Unusual login times
    • Unexpected restarts
    • Configuration changes with no previous approval
    • Unexpected user account lockouts
    • Passwords changes
    • Repeated system or application crashes
    • Abnormal behaviours during browsing
  • P2. Report suspected security breach to designated authority as per organizational policies and procedures
  • P3. Assess likelihood of risk of harm of affected individuals
  • P4. Document observed incidents:
    • Date
    • Circumstances
    • Type of information at risk

Knowledge & Understanding

Competent career development professionals must know and understand:

  • K1. Legislation and regulations, e.g. Personal Information Protection and Electronic Documents Act (PIPEDA)
  • K2. Organizational policies and procedures relevant to security incidents

Contextual Variables

Competent career development professionals must be able to perform this competency in the following range of contexts:

There may be additional provincial/territorial reporting requirements depending on the CDP’s geographic location.

Glossary & Key References


Industry-specific terms contained in the standard defined here, where applicable.


Information Sources and Resources for Consideration

How to detect data breaches before it is too late. Accessed February 20, 2020. CCSI.

Context Rating Scales


Q: What is the consequence of a professional being unable to perform this skill according to the standard?

High probability of risk: VERY CRITICAL


Q: How frequent and under what conditions is this skill performed?

Unexpectedly, e.g. when emergency arises

Level of Difficulty

Q: Under routine circumstances, how would you rate the level of difficulty in performing this skill?

Moderate difficulty or complexity

Time Required to Gain Proficiency

Q: What is the average length of time or number of repeated events that are minimally necessary for an individual to become proficient in performing the skill to the standard?

A career development professional must complete required organizational training and refresher training to ensure comprehensive understanding of security policies and procedures as soon as possible upon onboarding. CDPs must take all measure to support a security culture within the organization.


Practitioners typically perform this competency without supervision, and as part of a team.


It is unlikely that this competency will automate.

Requisite Work Aids, Tools, Equipment or Materials


Career Development Professional Centre

Help us cultivate a community we all enjoy by reviewing and following the Code of Conduct.  

Our Purpose  

Thank you for being a part of the online CDPC social learning community. To ensure that all members have the best possible experience, we have a few ground rules that we ask everyone to adhere to. This code of conduct applies equally to every person in the community and is intended to foster an online space that is inclusive, safe, and welcoming to all. 

Community Rules 

Be welcoming 

We strive to be a community that welcomes and supports people of all backgrounds and identities. We aim to create and facilitate a community that promotes excellence and innovation in career and workforce development. Please extend respect to all members; we all come from different backgrounds and levels of knowledge and there is no such thing as a stupid question. 

Be respectful 

We won’t all agree all the time, but when we disagree don’t let those disagreements turn into personal attacks. A community where people feel uncomfortable or threatened will not be a productive one. Instead, when having discussions in the online community, create productive conversations around the content being presented, not the person behind the content. Any post that is determined to be “hate speech” towards any individual or group will be deleted, and the user account may be locked until an investigation regarding the post has been concluded. The user may be given a written warning or removed from the CPDC community platform depending on the findings of the investigation.  

Hate Speech could include and is not limited to:  

  • Violent threats or language directed against another person 
  • Discriminatory jokes, language, or materials 
  • Defamatory or abusive language or materials 
  • Profane or illegal materials 
  • Advocating for, or encouraging, any of the above behavior 

A good rule of thumb is to never post anything that you wouldn’t be comfortable with the world seeing or that you wouldn’t want anyone knowing came from you. We ask that you keep in mind the focus of this community, which is building excellence and innovation in career and workforce development for all individuals.  

Be considerate of the purpose of the community 

This community will be focused on building excellence and discussing innovation in the career and workforce development field. The goal of this community is to communicate goals, challenges, constructive feedback, and questions in relation to career and workforce development. The community should be a place for continued learning and development as well as a place to discuss the future of our field (solicitation without written consent by the Project or Advisory team, is strictly prohibited). Any post that is determined to be soliciting any individual or group will be deleted, and the user account may be locked until an investigation regarding the post has been concluded. The user may be given a written warning or removed from the CPDC community platform depending on the findings of the investigation. 

Post your discussions or documents in the most appropriate group or topic 

Make reasonable efforts to ensure that posts and materials are allocated to the appropriate group or topic. This will prevent cluttering the community and make it easier for everyone to find the information that they are seeking. Individuals who do this repeatedly will be contacted by one of the group admins and asked to follow these guidelines.  

Privacy and Release of Information  

CDPC-CEDC will not release your information to any third-party agencies.  

Group Admins 

There are four group admins who are available to you. Below are their names and their spoken language. 

Heather Powell | Anglophone 

Gabrielle St-Cyr | Francophone/Anglophone 

Florence Desrochers | Francophone/Anglophone

Muriel Andoblé-Yao | Francophone

Thank you and welcome to the CDPC Community!