Output #
- A physical demonstration of monitoring a provided network as set out in the KSBs listed.
- A written justification for the approach taken (a 1,000 word +/- 100 words written document).
KSBs #
| Type | Index | Name | Pass Description |
|---|---|---|---|
| TC | 3 | Apply statistical techniques to large data sets. Identify vulnerabilities in big data architectures and deployment. | Apply statistical techniques to large heterogeneous data sets to determine trends or anomalies as part of security analytics. Identify vulnerabilities in big data architectures. Design and set up database of relevant information. Use a declarative query language to elicit information from a database. |
| TC | 14 | Undertake ethical system reconnaissance and intelligence analysis. | Analyse multiple, potentially contradictory, sources of information, to identify patterns and hypothesise a likely picture, which can be supported by arguments and evidence based on the sources. Consider provenance of sources and how this affects the quality of evidence, arguments and conclusions. Use OSINT (Open-source Intelligence) to profile a defined target (organisation or system), and identify potential vulnerabilities (legally). Demonstrate an eye for detail and critical thinking ability. |
| TC | 15 | Undertake risk modelling, analysis and trades. | Relate cyber risk to other relevant classes of risk (business and operational risks) and perform costs analysis and present trade-off arguments in a business case, illustrating commercial or value for money judgement. Apply system modelling techniques to risk, vulnerability and impact in order to enable trade-offs and to inform risk analysis. (Employ a method such as SABSA, DBSy, CVSS scoring, STRIDE, NIST 800-154). Compose a system to create an architectural model for the purpose of risk assessment and integrate with an enterprise model. |
| TC | 16 | Undertake risk assessment to an external standard. | Undertake a security risk assessment for a simple system without direct supervision and propose remediation advice in the context of the employer. Conduct a cyber-risk assessment against an externally (market) recognised cyber security standard using a recognised risk assessment methodology. |
| TC | 17 | Apply a management system and develop and information security management plan. | Identify and follow organisational policies and security management processes for information and cyber security. Operate according to service level agreements or employer defined performance targets. Develop an information security management plan for a defined business area/activity in accordance with ISO27001 or similar. |
| TC | 22 | Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours. | Recognise anomalies in observed network data structures (including. by inspection of network packet data structures) and network behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools. Integrate and correlate information from various sources (including log files from different sources, network monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a network security breach. Characterise an anomaly in terms of its potential impact on the organisation. |
| TC | 23 | Manage intrusion response, including with 3rd parties. | Manage local response to non-major incidents in accordance with a defined procedure. Interact and communicate effectively with the incident response team/process and/or customer or other external incident response team/process for incidents. |
| TKU | 3 | Information management, big data concepts, statistical techniques, database concepts and data quality. | Understand: Benefits and limitations of ‘big data’ approaches; components and architectures employed in systems for big data (e.g. Hadoop cluster); Tools and techniques for analysing large heterogeneous data sets; Graph theory. Understand information management concepts: information storage and retrieval; information capture and representation; searching, retrieving, linking, navigating. Understand database concepts: components of database systems; design of core DBMS functions (e.g. query mechanisms, access methods); database architecture and query language. |
| TKU | 14 | Structured and ethical intelligence analysis, methods and techniques. | Know how to create a reasoned argument employing evidence to support a position. Know how typical threat actors’ actions appear in typical sources of information. Know how to source intelligence ethically so that it may be used as required. Understand methods an attacker/threat actor may use to build knowledge of a system they have limited or no direct access to: phishing; exploiting an insider; port scanning; open source intelligence. |
| TKU | 15 | Management of cyber risk, tools and techniques. | Understand: asset valuation and management concepts; risk analysis methodologies in common use; risk appetite and risk tolerance concepts; economics of security concepts; different ways of treating risk (mitigate, transfer, accept etc.); principles of system risk modelling; a system risk modelling methodology. Show awareness of at least 1 widely used enterprise modelling technique, e.g. employing UML. |
| TKU | 16 | Quantitative and qualitative risk management theory & practice, role of risk stakeholders. | Understand risk assessment and risk management methodologies and different approaches to risk treatment (mitigate, transfer, accept, etc.) and risk management in practice with examples (which may be technical, business process, or other). Understand that risks may be described in qualitative, quantitative terms or some combination thereof. Understand the role of the risk owner and contrast that role with other stakeholders. |
| TKU | 17 | Concepts and benefits of security management systems, governance & international standards. | Explain the key concepts and benefits of applying an information security management system by reference to an internationally recognised standard (ISO27001, or similar). Explain the need for appropriate governance, organisational structure, roles, policies, standards and guidelines for cyber and information security, and how they work together to deliver identified security outcomes. Explain how an organisation’s security policies, standards and governance are supported by provisioning and access rights (e.g. how identity and access management are implemented and maintained for a database, application or physical access control system). Describe how cyber security policies and procedures are used in different organisational environments and affect individuals and organisations. Understand the roles of experts in the cyber security industry, how they are recognised, and the work they do. Understand how to effectively use organisations such as a CERT, OSINT provider and incident response provider. |
| TKU | 22 | How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques. | Understand network monitoring and logging techniques and technologies. Understand how attack techniques andvulnerabilities manifest in network monitoring and logging systems so that (for example) analysis of a network log or the output of a network monitoring tool may reveal the likely means of an attack. Understand the relative merits of manual and automated techniques. Understand the relative merits of signature based anomaly detection and algorithmic anomaly detection. Understand how statistical techniques might be applied in support of analysis of cyber security incidents. |
| TKU | 23 | Cyber incident response, management, escalation, investigation & 3rd party involvement. | Understand and advises others on cyber incident response processes, incident management processes and evidence collection/preservation requirements to support incident investigation. Understand how to communicate effectively with the incident response team/process and/or customer or other external authority incident response team/process for incidents. |
| UPIBKS | Fluent in written communications and able to articulate complex issues. | Produce well-structured and concise written work that sets out complex technical matters in ways which that would be accessible to non-technical recipients as well as technical staff (as appropriate). | |
| UPIBKS | Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations. | Evaluate information and then make a rational decision on the approach to take to solve the problem, based on their findings; spot trends in data and articulate the implications. | |
| UPIBKS | Can conduct effective research, using literature and other media. | Put into practice sound research techniques (using literature and other media) and articulate in writing and/or verbally how they have utilised the findings in their work. | |
| UPIBKS | Logical thinking and creative approach to problem solving. | Observe and analyse phenomena, reactions and feedback, and draw logical conclusions based on that input. | |
| UPIBKS | Able to demonstrate a ‘security mind-set’ (how to break as well as make). | Think about how things can be made to fail, as well as about how things can be made to work. | |
| Bh | Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality. | Act in a professional way as required in the cyber security context. | |
| Bh | Flexible attitude and ability to perform under pressure. | Deliver the best project outcomes against goals, re-prioritising as necessary, even in challenging circumstances. |