Cyber safety technologist / Institute for Apprenticeships and Technical Schooling

Threats, hazards, dangers and intelligence

• Uncover (by means of a mixture of analysis and sensible exploration) vulnerabilities in a system
• Analyse and consider safety threats and hazards to a system or service or processes. Concentrate on and exhibit use of related exterior sources of menace intelligence or recommendation (e.g. CERT UK). Mix completely different sources to create an enriched view.
• Analysis and examine some widespread assault methods and advocate the way to defend in opposition to them. Concentrate on and exhibit use of  related exterior sources of vulnerabilities (e.g. OWASP)
• Undertake a safety danger evaluation for a easy system with out direct supervision and suggest fundamental remediation recommendation within the context of the employer.

Creating and utilizing a safety case

• Supply and analyse a safety case (e.g. a Widespread Standards Safety Profile for a safety element) and describe what threats, vulnerability or dangers are mitigated and establish any residual areas of concern.
• Develop a easy safety case with out supervision. (A safety case ought to describe the safety goals, threats, and for each recognized assault method establish mitigation or safety controls that would embrace technical, implementation, coverage or course of).

Organisational context

• Determine and comply with organisational insurance policies and requirements for info and cyber safety.
• Function in accordance with service stage agreements or employer outlined efficiency targets. Future Developments
• Examine completely different views of the longer term (utilizing a couple of exterior supply) and traits in a related know-how space and describe what this would possibly imply for your small business, with supporting reasoning.

Understands the fundamentals of cyber safety together with:

• Why cyber safety issues – the significance to enterprise and society
• -Primary concept – ideas akin to safety, identification, confidentiality, integrity, availability, menace, vulnerability, danger and hazard. Additionally how these relate to one another and result in danger and hurt
• Safety assurance – ideas (can clarify what assurance is for in safety, and ‘reliable’ versus ‘trusted’) and the way assurance could also be achieved in observe (can clarify what penetration testing is and the way it contributes to assurance; and extrinsic assurance strategies)
• Easy methods to construct a safety case – deriving safety goals with reasoned justification in a consultant enterprise state of affairs
• Cyber safety ideas utilized to ICT infrastructure – can describe the elemental constructing blocks and typical architectures and establish some widespread vulnerabilities in networks and programs.
• Assault methods and sources of menace – can describe the primary kinds of widespread assault methods; additionally the position of human behaviour. Clarify how assault methods mix with motive and alternative to change into a menace.
• Cyber defence – describe methods to defend in opposition to assault methods
• Related legal guidelines and ethics – describe safety requirements, laws and their penalties throughout at the very least two sectors; the position of legal and different legislation; key related options of UK and worldwide legislation
• The present menace panorama – can describe and know the way to apply related methods for horizon scanning together with use of recognised sources of menace intelligence
• Menace traits – can describe the importance of recognized traits  in cyber safety and perceive the worth and danger of this analyss

Design construct & take a look at a community (“Construct a community”)

• Design, construct, take a look at and troubleshoot a community incorporating a couple of subnet with static and dynamic routes, that features servers, hubs, switches, routers and consumer units to a given design requirement with out supervision. Present proof that the system meets the design requirement.

Analysing a safety case (“Make the safety case”)

• Analyse safety necessities (useful and non-functional safety necessities that could be introduced in a safety case) in opposition to different design necessities (e.g. usability, value, measurement, weight, energy, warmth, supportability and many others.), given for a given system or product. Determine conflicting necessities and suggest, with reasoning, decision by means of acceptable trade-offs.

Structured and reasoned implementation of safety in a community (“Construct a safe community”)

• Design and construct a easy system in accordance with a easy safety case. Present proof that the system has correctly carried out the safety controls required by the safety case.The system could possibly be both on the enterprise, community or utility layer.
• Choose and configure related kinds of widespread safety {hardware} and software program parts to implement a given safety coverage.
• Design a system using a crypto to fulfill outlined safety goals. Develop and implement a key administration plan for the given state of affairs/system.

• Understands the fundamentals of networks: information, protocols and the way they relate to one another; the primary routing protocols; the primary elements affecting community efficiency together with typical failure modes in protocols and approaches to error management.
• Understands, at a deeper stage than from Data Module 1, the way to construct a safety case: describe what good observe in design is; describe widespread safety architectures; concentrate on respected safety architectures that includes {hardware} and software program parts, and sources of structure patterns and steering. Perceive the way to construct a safety case together with context, threats, justifying the chosen mitigations and safety controls with reasoning and recognising the dynamic and adaptable nature of threats.
• Understands how cyber safety know-how parts are usually deployed in networks and programs to supply safety performance together with: {hardware} and software program
• Understands the fundamentals of cryptography – can describe the primary methods, the importance of key administration, admire the authorized points

Cyber safety danger evaluation

• Conduct a cyber-risk evaluation in opposition to an externally (market) recognised cyber safety normal utilizing a recognised danger evaluation methodology.
• Determine threats related to a particular organisation and/or sector. Info safety coverage and course of
• Develop an info safety coverage or course of to handle an recognized danger.
• Develop an info safety coverage inside an outlined scope to take account of a minimal of 1 legislation or regulation related to cyber safety.

Audit and assurance

• Take an energetic half in a safety audit in opposition to a recognised cyber safety normal, undertake a niche evaluation and make suggestions for remediation.

Incident response and enterprise continuity

• Develop an incident response plan for approval (inside an organisations governance preparations for incident response).
• Develop a enterprise continuity plan for approval (inside an organisations governance preparations for enterprise continuity).

Cyber safety tradition in an organisation

• Assess safety tradition utilizing a recognised method.
• Design and implement a easy ‘safety consciousness’ marketing campaign to handle a particular facet of a safety tradition.

Understands related kinds of danger evaluation methodologies and approaches to danger remedy; can establish the vulnerabilities in organisations and safety administration programs; perceive the menace intelligence lifecycle; describe completely different approaches to danger remedy. Perceive the position of the danger proprietor and distinction that position with different stakeholders.

Understands, at a deeper stage than from Data Module 1, the authorized, requirements, laws and moral requirements related to cyber safety: governance, organisational construction, roles, insurance policies, normal, pointers and the way these all work collectively to ship recognized safety outcomes. Additionally consciousness of the authorized framework, key ideas making use of to ISO27001 (a specification for info safety administration), and consciousness of authorized and regulatory obligations for breach notificatio