ESKISP Conduct security testing, under supervision

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ESKISP6054.01 Conduct security testing, under supervision"

Transcription

1 Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to information security threats and vulnerabilities. Assisting applying testing methods, including penetration testing, assessing the robustness of an information system, against a coordinated attack. ESKISP

2 Performance criteria You must be able to: P1 undertake information security tests, under controlled conditions, to assess vulnerabilities and compliance against relevant internal and/or external standards P2 P3 P4 P5 P6 P7 P8 P9 use a range of appropriate methods, tools and techniques to conduct penetration testing clearly and accurately scope and plan the information security test approach, prioritising testing activity to proactively target the most significant threats and vulnerabilities first interpret information assurance requirements to produce information security test acceptance criteria carefully plan a context driven test approach to systematically test a system in order to validate its information security status design and develop accurate and clear test scripts, plans and acceptance criteria to ensure that information assurance requirements can be tested against relevant internal and/or external standards critically review the results of penetration testing and accurately identify specific vulnerabilities within any specified information system prioritise outcomes and recommend specific and timely action to address vulnerabilities identified as a result of information security testing clearly report on and communicate the results of information security testing, recommending mitigation actions P10 ensure information security testing reports are high quality and relevant to the audience ESKISP

3 Knowledge and understanding You need to know and understand: K1 K2 K3 K4 K5 K6 K7 the specific threats that may be of particular importance to any particular information system how to organise a information security testing approach following standard procedures how to use the range of tools and techniques that can be applied for penetration testing relevant UK legislation and its impact on penetration testing: K4.1 computer misuse act 1990 K4.2 human rights act 1998 K4.3 data protection act 1998 K4.4 police and justice act 2006 the latest information and data on a wide range of information security vulnerabilities the importance of ensuring that information security testing is designed to ensure testing of all aspects of information systems across the core principles: K6.1 confidentiality K6.2 integrity K6.3 availability K6.4 authorisation K6.5 authentication K6.6 non repudiation the potential impact of the vulnerabilities identified on any information system and on the organisation ESKISP

4 K8 K9 what are the different types of information security testing that can be conducted and their purpose what are the benefits of penetration testing K10 the detailed steps involved in undertaking a full penetration testing assessment K11 the legal requirements relating to penetration testing K12 how to analyse detailed penetration testing results and assess vulnerabilities in order to provide advice on how to respond K13 the interests of relevant stakeholders for information security testing K14 how to: K14.1 ensure that the design of tests incorporates the range of threats that may present themselves to the organisation K14.2 scope, plan and manage the information security testing activities conducted on any particular information system or solution K14.3 identify and prioritise specific vulnerabilities for any information system or solution K14.4 communicate the business implications of the limitations of information security testing programmes K14.5 develop and implement test programmes to assess information effectiveness through the life of a system ESKISP

5 Developed by e-skills UK Version number 1 Date approved February 2013 Indicative review date Validity Status Originating organisation Original URN Relevant occupations Suite Key words December 2015 Current Original e-skills UK ESKISP Information and Communication Technology; Information and Communication Technology Professionals; Information and Communication Technology Officer; IT Service Delivery Occupations; Software Development Information Security Cyber Security; Information Security ESKISP

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

ESKISP6053.01 Assist security testing, under supervision

ESKISP6053.01 Assist security testing, under supervision Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

ESKISP6064.03 Conducts vulnerability assessment under supervision

ESKISP6064.03 Conducts vulnerability assessment under supervision Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1 Identify change management opportunities and options for IT enabled Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1 Assist in the preparation of change management plans and assignments for IT Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction

More information

ESKITP6026 IT Security Management Level 6 Role

ESKITP6026 IT Security Management Level 6 Role Overview This sub-discipline is about the competencies required to ensure the security of all aspects of Information Technology services, systems and assets within an organisation. This includes the data,

More information

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery Overview This sub-discipline covers the competencies required to perform performance metrics. Monitoring service level performance is a complex task requiring collection of data, detailed analysis, and

More information

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management service delivery performance metrics Overview This sub-discipline covers the competencies required to direct the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1 Design and implement change management plans for IT enabled systems Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

ESKITP6036 IT Disaster Recovery Level 5 Role

ESKITP6036 IT Disaster Recovery Level 5 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1 Performance criteria You

More information

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP6034 IT Disaster Recovery Level 4 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6034 1 Performance criteria You

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role IT/Technology Infrastructure Design and Planning Level 2 Role Overview This sub-discipline is part of overall service design. It concerns the design of, and planning for, resilient IT/ technology infrastructure

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

Overview TECHIS60341. Carry out security architecture and operations activities

Overview TECHIS60341. Carry out security architecture and operations activities Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical

More information

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements Develop, maintain and evaluate business continuity plans and arrangements Overview This standard is about developing, maintaining and evaluating business continuity plans to ensure that organisations continue

More information

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1 GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY CONTENTS PAGE 1. Occupational Health and Safety Policy Statement 1 2. Occupational Health and Safety Management System 2 3. Organisational Management

More information

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP7072 IT/Technology Capacity Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the capacity of IT/technology services, systems and assets that support an organisation. Capacity management covers a range of

More information

SFJCCAD2 Promote business continuity management

SFJCCAD2 Promote business continuity management Overview This unit is about providing advice and assistance on business continuity management, including general advice for the business and voluntary sectors, and specific advice and assistance to individual

More information

ESKITP5022 Software Development Level 2 Role

ESKITP5022 Software Development Level 2 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

ESKITP5023 Software Development Level 3 Role

ESKITP5023 Software Development Level 3 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL

TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL Presented By: Sunita Ramsumair Legal Officer Ministry of National Security September 29, 2014 Format of Presentation Background Trinidad and Tobago

More information

Developing Health and Independence. Pt 22-27, 19,621-22,958 (depending on experience)

Developing Health and Independence. Pt 22-27, 19,621-22,958 (depending on experience) Developing Health and Independence JOB DESCRIPTION Job Title: NJC Point: Hours: Scale Annual Leave: Location: Pension: Accountable to: Responsible for: Criminal Justice Worker Pt 22-27, 19,621-22,958 (depending

More information

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role IT/Technology Service Help Desk and Incident Management Level 5 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation Assess and mitigate the compliance risks relevant to your Overview This unit is about assessing the probability and impact of compliance breaches occurring in your, and completing a risk assessment of

More information

Promote security system and service sales

Promote security system and service sales Page 1 of 5 Promote security system and service sales Level 3 Credits 2 Purpose This unit standard is for people who work, or intend to work, as security system or service sales representatives, or in

More information

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role IT/Technology Asset and Configuration Management Level 2 Role Overview This sub-discipline is about the competencies required to maintain the integrity and consistency of the IT/technology configuration

More information

SFSMHS1 Receive mail safely and securely

SFSMHS1 Receive mail safely and securely SFSMHS1 Receive mail safely and securely Overview This standard sets out the skills, knowledge and understanding for mail handlers receiving mail of all types, doing so safely and securely, following organisational

More information

Northern Ireland Social Care Council. Job Description

Northern Ireland Social Care Council. Job Description Northern Ireland Social Care Council Job Description Post: Location: Band: Reporting to: Responsible to: Head of Workforce Development Northern Ireland Social Care Council, 7 th Floor, Millennium House,

More information

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients Complete reports for mortgage and/or financial planning clients Overview You must be able to accurately complete reports of a complex nature, and take a proactive approach to the preparation of valuations

More information

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 106 LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 Leicestershire County Council believes that managing current and future risk, both opportunity and threat, is increasingly vital

More information

CFABAI132 Inform and facilitate organisational decision-making

CFABAI132 Inform and facilitate organisational decision-making Overview This standard is about informing and facilitating organisational decision-making. It includes presenting information and advice to decision-makers, recording and communicating decisions made by

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

ESKITP5065 Software Development Process Improvement Level 5 Role

ESKITP5065 Software Development Process Improvement Level 5 Role Software Development Process Improvement Level 5 Role Overview This sub-discipline covers the competencies required by an information technology and/or telecoms organisation to ensure that appropriate

More information

ESKITP6032 IT Disaster Recovery Level 2 Role

ESKITP6032 IT Disaster Recovery Level 2 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an. ESKITP6032 1 Performance criteria You must be able

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Information Security Policy ISO 27001:2013 Version 2.6. June 2016

Information Security Policy ISO 27001:2013 Version 2.6. June 2016 Information Policy ISO 27001:2013 Version 2.6 June 2016 Information Policy A safe and secure working environment is fundamental to business success and we seek to protect our personnel, physical assets,

More information

Contribute to IT architecture work

Contribute to IT architecture work Overview This sub-discipline is concerned with the competencies required to create, maintain and manage IT architecture models representing the operating model for an organisation and their lower level

More information

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process Evaluate the effectiveness of the operational delivery business process Overview This standard concerns evaluating the effectiveness of new and adapted business processes. The scope of work needs to address

More information

FINPP07 Support the ongoing client relationship

FINPP07 Support the ongoing client relationship Overview This unit is for those who provide paraplanning services to financial planners in the delivery of bespoke solutions to clients as part of the financial advice process. You must be able to support

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose

More information

SFJFRSFF2 SQA Unit Code (FA6J 04) Take responsibility for effective performance in fire and rescue

SFJFRSFF2 SQA Unit Code (FA6J 04) Take responsibility for effective performance in fire and rescue Overview The standard is recommended for firefighters, control room staff, and others with a remit for community safety within fire and. This standard is about making a positive contribution to the work

More information

Information Security Seminar 2013

Information Security Seminar 2013 Information Security Seminar 2013 Mr. Victor Lam, JP Deputy Government Chief Information Officer Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative

More information

ISO 27001 Information Security Management Services (Lot 4)

ISO 27001 Information Security Management Services (Lot 4) ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...

More information

ESKITP7052 IT/Technology Management and Support Level 2 Role

ESKITP7052 IT/Technology Management and Support Level 2 Role Overview This sub-discipline is about the competencies required to ensure that the infrastructure required to support the delivery of IT/technology systems, services and assets for an organisation remain

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

3. OPERATING COMPANY'S ANNUAL ROAD SAFETY REVIEW 1

3. OPERATING COMPANY'S ANNUAL ROAD SAFETY REVIEW 1 SCOTTISH MINISTERS' REQUIREMENTS 1. SCHEDULE 8 PART 3 ROAD SAFETY AND ACCIDENT INVESTIGATION AND PREVENTION CONTENTS Page No. 1. GENERAL 1 1.1 Introduction 1 2. ROUTE SAFETY FILES 1 3. OPERATING COMPANY'S

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight

More information

AOD Support Services Classification Level: 7.1 Aboriginal Community Organisation Award. 004 Supervisor AOD Support Services

AOD Support Services Classification Level: 7.1 Aboriginal Community Organisation Award. 004 Supervisor AOD Support Services ABORIGINAL ALCOHOL AND DRUG SERVICE POSITION DESCRIPTION SECTION 1: OFFICE IDENTIFICATION EFFECTIVE DATE OF DOCUMENT: SEPTEMBER 2012 Position Description Number: 006 Job Title: AOD Counsellor/Educator

More information

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role IT/Technology Service Help Desk and Incident Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing April 2014 Page 1 of 8 Thales Pricing Schedule

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service.

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service. JOB PROFILE Job Title: Principal Commissioning Officer Consultant 3 Department: Corporate Resources Ref: DCC/14/0344 Section: Transformation Service Job Family: Transformation Job grade: 12 Purpose of

More information

DWP INFORMATION SECURITY POLICY

DWP INFORMATION SECURITY POLICY DWP INFORMATION SECURITY POLICY Contents Background... 1 Scope... 1 Accountabilities... 2 Policy Statements... 2 Responsibilities... 3 Background 1.1 DWP is committed to ensuring that effective security

More information

INFORMATION SECURITY TESTING

INFORMATION SECURITY TESTING INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

ESKICAS1 Computerised accounting software

ESKICAS1 Computerised accounting software Overview This is the ability to select and use a computerised accounting or bookkeeping software application to input and process data for orders and invoices, receipts and payments and prepare management

More information

Location including building: Lansdowne Campus (Studland House) / University Wide

Location including building: Lansdowne Campus (Studland House) / University Wide Job Description Post/Job Title: Principal PHP Developer Postholder: Ref: 502890/ITS65 Location including building: Lansdowne Campus (Studland House) / University Wide School/Support Service: Group/Section:

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Review Policy Reference Number Title CSD-014 Information Security Review Policy Version Number 1.2 Document Status Document Classification Active Open Effective

More information

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

ESKITP5022v2 Perform software development activities under direction

ESKITP5022v2 Perform software development activities under direction Perform development activities under direction Overview This sub discipline covers the core competencies required to create to address business problems and realise opportunities, resulting in a variety

More information

Service Management. 702 IT/Technology Service Help Desk and Incident Management

Service Management. 702 IT/Technology Service Help Desk and Incident Management 702 IT/Technology Service Help Desk and Incident Management This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services and assets,

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Policy. VBA Enterprise Risk Management. Governance Unit

Policy. VBA Enterprise Risk Management. Governance Unit Policy VBA Enterprise Risk Management Governance Unit Keywords: Policy; risk; governance. ID: Version no: Status: VBAPOL-0074 2.0 Final Issue date: Date of effect: Next review date: 14/07/2015 14/07/2015

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies Aon Risk Solutions Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies A terrorist incident at or near your operations, could result in human casualties, property damage, business

More information

SFJ ZI02 Monitor and review the performance of technical support systems and equipment

SFJ ZI02 Monitor and review the performance of technical support systems and equipment Monitor and review the performance of technical support systems and Overview This unit covers monitoring and reviewing the performance of systems and i.e. common and complex audio, video and communication

More information

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber Security Solutions Integrated. Proactive. Resilient. Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY ISO 27002 5.1 Author: Owner: Organisation: Chris Stone Ruskwig TruePersona Ltd Document No: SP- 5.1 Version No: 1.0 Date: 10 th January 2010 Copyright

More information

G-Cloud Definition of Services Security Penetration Testing

G-Cloud Definition of Services Security Penetration Testing G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We

More information

Career proposition for software developers and web operations engineers

Career proposition for software developers and web operations engineers Career proposition for software developers and web operations engineers Introduction The Government Digital Service is at the centre of the digital transformation of government, making information and

More information

Job Description. Corporate Information Lead (Hub) Band 8a

Job Description. Corporate Information Lead (Hub) Band 8a Job Description Corporate Information Lead (Hub) Band 8a Job Title: Team / Directorate: Band: Responsible to: Accountable to: Corporate Information Lead (Hub) Commissioning Intelligence, Commercial Directorate

More information

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines NATO Communications and Information Agency (NCI Agency) - Industry Cyber Security Information Sharing at the Technical Level Guidelines Effective date: 28 March 2014 Revision No: Rev 1 Change History Revision

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

FSPAMFPI01 Provide an administrative service for mortgage and/or financial planning clients

FSPAMFPI01 Provide an administrative service for mortgage and/or financial planning clients FSPAMFPI01 Provide an administrative service for mortgage and/or financial planning clients Overview You must be able to deal with clients as well as internal colleagues, whether you are responding to

More information

CFACC29 Develop and enhance performance management in a contact centre

CFACC29 Develop and enhance performance management in a contact centre Develop and enhance performance management in a contact centre Overview What this standard is about Efficiency and effectiveness in contact centres rely on close management of performance. With defined

More information

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION 1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information

More information

Penetration testing systems since 1989

Penetration testing systems since 1989 Pantone 641C Pantone 377C Penetration testing systems since 1989 Enex TestLab offers fully independent, cost effective and flexible penetration testing services. Our prices are compelling just ask but

More information

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK

More information

ESKIDMS1 Database management software

ESKIDMS1 Database management software Overview This is the ability to use a software application designed to store and retrieve data needed for a variety of business functions. It also includes an understanding of the features and facilities

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information