User Tools

Site Tools


cst_competency_checklist

Cyber Security Technologist

Competency Checklist

Technical Competency Able to do? When? Complete
Threats, hazards, risks and intelligence
  • Discover (through a mix of research and practical exploration) vulnerabilities in a system
  • Analyse and evaluate security threats and hazards to a system or service or processes. Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK). Combine different sources to create an enriched view.
  • Research and investigate some common attack techniques and recommend how to defend against them. Be aware of and demonstrate use of relevant external sources of vulnerabilities (e.g. OWASP)
  • Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice in the context of the employer.
Developing and using a security case
  • Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process).
Organisational context
  • Identify and follow organisational policies and standards for information and cyber security.
  • Operate according to service level agreements or employer defined organisational targets.
Future Trends
  • Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.
Design build & test a network (“Build a network”)
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, that includes servers, hubs, switches, routers and user devices to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
Analysing a security case (“Make the security case”)
  • Analyse security requirements (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.), given for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
Structured and reasoned implementation of security in a network (“Build a secure network”)
  • Design and build a simple system in accordance with a simple security case. Provide evidence that the system has properly implemented the security controls required by the security case. The system could be either at the enterprise, network or application layer.
  • Select and configure relevant types of common security hardware and software components to implement a given security policy.
  • Design a system employing a crypto to meet defined security objectives. Develop and implement a key management plan for the given scenario/system.
cst_competency_checklist.txt · Last modified: 2021/04/17 07:03 by lenshand