Application Guidance CCP Penetration Tester Role, Practitioner Level

Size: px
Start display at page:

Download "Application Guidance CCP Penetration Tester Role, Practitioner Level"

Transcription

1 August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level

2 Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document is for the purposes of issuing advice to UK Government, public and private sector organisations and/or related organisations. The copying and use of this document for any other purpose, such as for training purposes, is not permitted without the prior approval of CESG. The copyright of this document is reserved and vested in the Crown. Document History Version Date Comment 1.0 August 2014 First issue This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ on x30306 or

3 Purpose & Intended Readership Executive Summary This document is intended as a guide on how to structure evidence when applying for certification as a CESG Certified Professional (CCP) Penetration Tester at Practitioner level and includes suggestions of what you need to learn and know before applying. It complements the CESG Certification for IA Specialists Standard (reference [a]) and the CESG Guidance to Certification for IA Specialists document (reference [b]), to be found at ing/pet/pages/professional-ia-roles-.aspx CESG has developed a framework for certifying IA Professionals who meet competency and skill requirements for specified IA roles. The purpose of certification is to enable better matching between requirements for IA Professionals and the competence and skills of those undertaking common IA roles. The framework was developed in consultation with Government departments, academia, industry, the certification bodies and members of the CESG Listed Adviser Scheme (CLAS). The framework includes a set of IA role definitions and a certification process. This document provides guidance for applicants for certification as a CCP Penetration Tester at Practitioner level. Feedback CESG Information Assurance Guidance and Standards welcomes feedback and encourage readers to inform CESG of their opinions, positive or otherwise, in respect to this document. Please Page 1 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ on x30306 or

4 Contents: Purpose & Intended Readership... 1 Executive Summary... 1 Feedback... 1 Overall Requirements for the Penetration Tester Role, Practitioner Level... 3 Key Principles... 3 Penetration Testing... 4 Practitioner Penetration Tester Role Headline Statement SFIA Responsibility Level Applying for CCP Scheme Certification... 4 Knowledge... 8 Skills... 9 Experience The Certification Process next steps The CCP Scheme Certification Learning Cycle References Glossary Page 2 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ on x30306 or

5 Overall Requirements for the Penetration Key Principles This document is intended as a guide on how to structure evidence when applying for certification as a CESG Certified Professional (CCP) Penetration Tester at Practitioner level and includes suggestions of what you need to learn and know before applying. It complements the CESG Certification for IA Specialists Standard (reference [a]) and the CESG Guidance to Certification for IA Specialists document (reference [b]). Learning comes through acquiring skills and knowledge (from training, experience and seeing how others work) and putting these into practice. Some Penetration Testers will have carried out other roles previously, e.g. Systems Administration or working in a Security or Network Operations Centre. Most Practitioner Penetration Tester candidates will need at least 6-12 months of penetration testing experience before applying, although some will gain the required skills in a longer or shorter period. This document outlines the basic knowledge, skills and experience you need. You are encouraged to follow the advice in each section when completing your written submission of evidence. Page 3

6 Penetration Testing Penetration testing is an independent assessment of the different elements that comprise an information system or product, with the goal of finding and documenting the vulnerabilities present. The resultant report is considered with threat reports and other information sources in order to derive a risk assessment that can be used to drive security improvements. The role of a penetration tester is to: Ensure that any testing activity is lawful, compliant with all relevant regulations and within the agreed scope Conduct technical security tests against the information system or product, with the aim of identifying vulnerabilities Communicate the results of the tests at a level tailored to the audience Provide technical consultancy and recommendations to customers as to how any reported vulnerabilities could be mitigated Practitioner Penetration Tester Role Headline Statement SFIA Responsibility Level 3 Applies knowledge and contributes to the successful delivery of penetration testing services Applying for CCP Scheme Certification No specific qualifications are mandated but you must have appropriate practical experience, either through employment as a penetration tester, or in another technical or information security role, such as a system administrator, security administrator or SOC/NOC analyst. You need to show that you have the skills, knowledge and experience listed in the following pages and you should check the website of the Certification Body (CB) you wish to use, for any additional requirements they may have. If you consider that there are gaps in your skills, knowledge and experience, agree a plan with your manager to address these e.g. through placements, projects, training, coaching - before you apply for CCP certification Page 4

7 Your written submission must show that you: meet the Role Headline Statement for the Penetration Tester role ( Applies knowledge and contributes to the successful delivery of penetration testing services see above) work under general supervision and on discrete tasks when performing penetration tests demonstrate an analytical and systematic approach to penetration testing, and are able to apply their own initiative and discretion understand and are able to apply appropriate tools and techniques during a penetration test, and works in accordance with relevant legislation and standards perform penetration tests in a variety of environments work as part of a larger team and assists senior colleagues in delivering successful penetration tests demonstrate effective communication skills with colleagues, and when providing input to written reports and presentations have regular working level-contact with customers actively develop your understanding of penetration testing, and understand how penetration testing is to be applied and delivered to a customer demonstrate the required skill levels from the Institute of Information Security Professionals (IISP) Skills Framework demonstrate all of the attributes of responsibility (autonomy, influence, complexity and business skills) from the Skills Framework for the Information Age (SFIA) 1 at level 3. Alternatively you can show evidence of least level 2 for the IISP J skills 1 SFIA Foundation at Page 5

8 Page 6

9 The key to good penetration testing is combining technical, business and people skills to provide information on security system vulnerabilities which is accessible to and understood by the people who need to take action on the advice you give. You need to understand the business objectives, strategy and risk appetite, as well as the system and applications you work on. You need people skills to ensure that you explain your findings and secure all the information you need, for example when considering security incidents. You also need to ensure that all your testing operates within the appropriate legal frameworks. In no priority order, you need: Skills: Negotiating Influencing Information-gathering Communication able to talk to non-techies and techies alike Vulnerability assessment and management Business writing (all the information needed for a decision, on 1 side of A4) Presentation Stakeholder management And familiarity with the following: Penetration testing methodologies Penetration testing standards and policies The CESG Certification for IA Professionals and Guidance to CESG Certification for IA Professionals documents Technical IA controls Page 7

10 Knowledge Your evidence should show that you: know that at least the following statutes apply to the penetration testing process: Computer Misuse Act 1990; Data Protection Act 1998; Human Rights Act 1998; Police and Justice Act 2006; Police and Criminal Evidence Act 1984; Regulation of Investigatory Powers Act 2000 and Understand: the ethical issues associated with penetration testing CHECK standards and methodology, local standards and regulations for information security risk assessment tools, techniques and methodologies vulnerability detection tools current research trends what risk appetite and risk tolerance are basic information systems engineering and development what good and bad security look like and how to test for vulnerabilities, including in the development lifecycle common causes of security vulnerabilities common sources of information to support penetration testing Page 8

11 Skills When presenting your skills evidence, use the STAR format: Situation, Task, Action, Result Use a narrative form, e.g.... I produced...my decision was... Explain what accreditation decision you made and how the measures you required were proportionate and effective You must meet the required levels at all 4 core skills - (A2 Policy and Standards, D2 Security Testing, E3 Vulnerability Assessment, I3 Applied Research) You must meet 75% of the remaining skills A single piece of work may be used for several skills, but a variety of examples gives better evidence of being able to work in more than one situation The following table provides suggestions for starting points in evidence. SKILL A2 Policy & Standards, Level 1 - Core Skill Understands the need for policy and standards to achieve Information Security (IS) Technical Skills EVIDENCE OF SKILL Give examples of: - your experience of IS policies and standards. How does penetration testing fit within your company s information security policy? Page 9

12 SKILL A6 Legal & Regulatory Environment, Level 1 Is aware of major pieces of legislation relevant to Information Security and of regulatory bodies relevant to the sector in which they work A7 Third Party Management 2 Level 1 Is aware of the need for organisations to manage the information security of third parties B1 Risk Assessment, Level 1 Demonstrates awareness of the causes of information risk and their implication B2 Risk Management, Level 1 Demonstrates awareness of techniques to manage information risk EVIDENCE OF SKILL Give examples from different work environments of how you: - ensured that your work didn t contravene relevant statue/regulations and how you explained this to your customer(s). For example, the Computer Misuse Act prohibits breaking into a system but the contract you were employed on might require or permit this. Give examples of how you: - advised a customer s supplier about the vulnerabilities in their information systems. Give examples of how you: - Identified vulnerabilities and risks in a number of different systems. Give examples of how: - IT systems risk and vulnerabilities are managed and advice you have given to mitigate these. 2 Skill only required if information systems or services are provided by a third party Page 10

13 SKILL C1 Security Architecture, Level 1 Is aware of the concept of architecture to reduce information risk C2 Secure Development, Level 1 Is aware of the benefits of addressing security during system development D1 IA Methodologies Level 1 Is aware of the existence of methodologies, processes and standards for providing Information Assurance D2 Security Testing, Level 1 - Core Skill Is aware of the role of testing to support IA E1 Secure Operations Management, Level 1 EVIDENCE OF SKILL Describe how you have advised on modifications to IA architecture to mitigate potential information risk. What was the outcome? Explain how security and secure development of products and systems are improved by penetration testing. How is appropriate and proportionate penetration testing carried out in your organisation? Give examples over a range of environments of: different ways in which you have tested the security of systems. Which frameworks did you use? Explain what level of security was achieved and what system vulnerabilities remained. What was the outcome of your work? Give examples of tests you have carried out to detect vulnerabilities how did you do this? What changes to corporate security processes or systems could you recommend to mitigate vulnerabilities? Is aware of the need for secure management of information systems Page 11

14 SKILL E2 Secure Ops & Service Delivery, Level 1 Is aware of the need for information systems and services to be operated securely E3 Vulnerability Assessment, Level 2 - Core Skill Obtains and acts on vulnerability information in accordance with Security Operating Procedures F1 Incident Management, Level 1 Is aware of the benefits of managing security incidents F2 Investigation, Level 1 Is aware of basic principles of investigations F3 Forensics, Level 1 EVIDENCE OF SKILL Give examples of how you have influenced a customer to mitigate security risks. Give examples from different work environments of occasions when you identified vulnerabilities in a system or application. What tools and methodologies did you use and how did you make colleagues and/or customers aware of the vulnerabilities? What did you do to mitigate the vulnerabilities and what was the outcome? Provide examples of how security incidents are managed in the organisation(s) you work in. How does this improve cyber security? Give examples of how information is collected in order to investigate a security incident. What sources can be used and why? What information can be recovered through the use of forensic tools? Is aware of the capability of forensics to support investigations Page 12

15 SKILL G1 Audit and Review, Level 2 Audits compliance with security criteria in accordance with an appropriate methodology H1 Business Continuity Planning and H2 Business Continuity Management, Level 1 Understands how Business Continuity Planning & Management contributes to information security I3 Applied Research, Level 1 Core Skill Understands the fundamental concepts of applied research but does not yet have the knowledge needed to apply this skill in an operational context EVIDENCE OF SKILL Give examples of auditing a system to test for vulnerabilities. How did this improve the scope of the vulnerability testing? How did you communicate the results to information risk owners and what was the outcome of this? Describe how you incorporated business continuity management into your vulnerability testing and your advice on vulnerability mitigations. Give examples from different work environments of: - how you have used your research as part of penetration testing. How did that research support the overall security assessment process? - areas you have found where further research is needed. How could that research be used to enhance levels of security? - research you have used when considering how vulnerability testing tools or techniques could be improved Page 13

16 SKILL J1 - Teamwork and Leadership - Level 2 Is encouraging and supportive and provides a lead within the local area. Task-based team working J2 - Delivering Level 2 Responsibility for an element of delivery against one or more business objectives, balancing priorities to achieve this J3 Managing Customer Relationships Level 2 Negotiates with customers to improve the service to them and to manage their expectations J4 - Corporate Behaviour Level 2 Understands the aims of own and related areas across an organisation J5 Change and Innovation Level 2 Generates creative ideas and demonstrates sensitivity in implementing local change PEOPLE SKILLS J skills (instead of SFIA level 3 see p4) EVIDENCE OF SKILL Give examples of: - sharing information and knowledge with others to promote team objectives. Give examples of : - tasks which you delivered to deadlines. Describe ways in which you have worked with customers to agree solutions. Give examples of proposals you have made to mitigate security vulnerabilities. What changes have you introduced what did you do, what techniques did you use and why? How did you consider the impact on other people and processes? Page 14

17 SKILL J6 - Analysis and Decision Making Level 2 Makes effective decisions in consultation with others and/or solves complex problems in immediate area J7 Communication and Knowledge Sharing Level 2 Encourages and contributes to discussion. Is proactive in sharing information in own work area EVIDENCE OF SKILL Give examples of: - recommendations and solutions you have suggested. What was the outcome in these cases? Give examples of how you have adapted your communication to suit different media, including face to face, over the phone, s, presentations and meetings: eg: - contributing to reports - stand up briefings What outcomes have you achieved? Page 15

18 Experience Agree a plan with your manager to ensure that you cover the necessary ground, as suggested below. Your evidence should show that you have: Assisted in, or carried out penetration testing under supervision or in a team, in a variety of environments and ensured that the testing was consistent with risk appetite and tolerance, as well as conforming to all legal requirements and regulations Or Have experience in a technical/information security role (such as a System Administrator) or SOC/NOC analyst You must show that you Do penetration testing and that your testing follows a systematic and appropriately analytic process Have some experience of using penetration testing tools and techniques Effectively communicate the outcomes and implications of penetration tests to colleagues and/or customers and ensure that they understand them Can recognise when a decision must be escalated because of implications beyond your level of responsibility or experience Are developing your understanding of penetration testing and associated research Page 16

19 The Certification Process next steps This Application Guidance contains material designed to help individuals applying for Practitioner Penetration Tester. processes for the different CBs follow below. The certification 1. If you are considering applying for the Senior or Principal level, you will need to show wider experience of more complex systems and satisfy the requirement for higher skill levels and the appropriate technical qualifications(s). Supervisory experience to show evidence of coaching and developing other Penetration Testers would also be helpful for the Senior level and consultancy experience would be appropriate for the Principal level. 2. If you are applying for the Lead level, you will need to show that you influence and direct the penetration testing function at an organisational or inter-organisational level and satisfy the requirement for higher skill levels. For example, you directly and regularly brief or advise a Directors Board in this regard. Page 17

20 There are 3 CBs: the APM Group ( ), BCS, the Chartered Institute for IT ( ) and the IISP, RHUL and CREST Consortium ( ). Certification is for 3 years and requires evidence of continuing professional development throughout the period of certification. Page 18

21 The CCP Scheme Certification Learning Cycle Page 19

22 References [a] [b] CESG Certification for IA Specialists Standard CESG Guidance to Certification for IA Specialists Page 20 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ on x30306 or

23 Glossary CHECK NOC SOC IT Health Check Service Network Operations Centre Security Operations Centre

24 IA CESG A2i Hubble Road Cheltenham Gloucestershire GL51 0EX Tel: +44 (0) Fax: +44 (0) Crown Copyright Communications on CESG telecommunications systems may be monitored or recorded to secure the effective operation of the system and for other lawful purposes. This information is exempt under the Freedom of Information Act 2000 and may be exempt under other UK Information legislation. Refer any FOIA queries to GCHQ on x30306 or

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

February 2015 Issue No: 5.2. CESG Certification for IA Professionals February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or

More information

January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals

January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals January 2015 Issue No: 2.1 Guidance to Issue No: 2.1 January 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or copied without specific permission

More information

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing April 2014 Page 1 of 8 Thales Pricing Schedule

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

CESG Certified Professional

CESG Certified Professional CESG Certified Professional Verify your skills and competence in information assurance Now open to cyber security professionals working in UK industry CONTENTS 1. Introduction 2. IA in Context: Why Professionalism

More information

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Practitioner Certificate in Information Assurance Architecture (PCiIAA) Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,

More information

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

CREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved

CREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved CREST EXAMINATIONS This document and any information therein are the property of CREST and without infringement neither the whole nor any extract may be disclosed, loaned, copied or used for manufacturing,

More information

Good Practice Guide Security Incident Management

Good Practice Guide Security Incident Management October 2015 Issue No: 1.2 Good Practice Guide Security Incident Management Customers can continue to use this guidance. The content remains current, although may contain references to legacy SPF policy

More information

PA Consulting Group SFIA Rate_Card G-Cloud IV - Business Intelligence and Advanced Analytics. Business Intelligence and Advanced Analytics

PA Consulting Group SFIA Rate_Card G-Cloud IV - Business Intelligence and Advanced Analytics. Business Intelligence and Advanced Analytics PA Consulting Group SFIA Rate_Card G-Cloud IV - Business Intelligence and Advanced Analytics Business Intelligence and Advanced Analytics 1. Follow N/A 2. Assist 650-850 3. Apply 850 950 4. Enable 950-1,150

More information

Risk Management. National Occupational Standards February 2014

Risk Management. National Occupational Standards February 2014 Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS Issue 1.1 Crown Copyright 2015 All Rights Reserved 1 of 9 Document History Version Date Description 0.1 November 2012 Initial Draft Version

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have

More information

ICT and Information Security Resources

ICT and Information Security Resources Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44

More information

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved. CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

{Add company name} {Add geographical location} {Add/edit as required} Enterprise Architect. {Add local information}

{Add company name} {Add geographical location} {Add/edit as required} Enterprise Architect. {Add local information} Job Description Business Analyst Organisation: Location: Reports to: Supervises: Working conditions: Last updated: {Add company name} {Add geographical location} {Add/edit as required} Enterprise Architect

More information

ICT (INFORMATION AND COMMUNICATION TECHNOLOGY) HELP DESK SUPPORT OFFICER

ICT (INFORMATION AND COMMUNICATION TECHNOLOGY) HELP DESK SUPPORT OFFICER ICT (INFORMATION AND COMMUNICATION TECHNOLOGY) HELP DESK SUPPORT OFFICER The ICT Help Desk Support Officer is the first point of contact for all ICT Support and utilises their knowledge, training and skills

More information

ISO 27001 Information Security Management Services (Lot 4)

ISO 27001 Information Security Management Services (Lot 4) ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...

More information

Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security

Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Certified Master s in Cyber Security Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Call for Applications Closing Date: 27 February 2015, 16:00 Briefing Meeting:

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015, 13:00 The information

More information

DEPARTMENT OF THE PREMIER AND CABINET

DEPARTMENT OF THE PREMIER AND CABINET DEPARTMENT OF THE PREMIER AND CABINET POSITION DESCRIPTION: TEAM LEADER, ICT SERVICE DESK (ASO5) ORGANISATIONAL CONTEXT Organisational Role As a leader in the public sector, we have a clear role to support

More information

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..

More information

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?

More information

Developer. 5 Technology. 1 x 2 year fixed term with the possibility of extension or permanency 4 x Permanent. Fixed term and permanent

Developer. 5 Technology. 1 x 2 year fixed term with the possibility of extension or permanency 4 x Permanent. Fixed term and permanent Campaign number Closing date Q10331, Q10332 and Q10334 On-going recruitment Job Description and Person Specification This job description lists the general tasks, functions and responsibilities of the

More information

Closing date 8 July 2015

Closing date 8 July 2015 Campaign number Q-10296 Closing date 8 July 2015 Job Description and Person Specification This job description lists the general tasks, functions and responsibilities of the role below, including the specifications

More information

Advanced Diploma of Integrated Risk Management FNS60811 Description

Advanced Diploma of Integrated Risk Management FNS60811 Description Advanced Diploma of Integrated Risk Management FNS60811 Description This qualification provides cross-industry competencies for experienced risk managers and covers risk management activities undertaken

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 27 February 2015, 16:00 Briefing Meeting: 14 January 2015, 13:00 Portions

More information

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing Faculty of Engineering and Informatics Programme Specification Programme title: MSc Cyber Security Academic Year: 2015/16 Degree Awarding Body: Partner(s), delivery organisation or support provider (if

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015, 13:00 The information

More information

January 2016 Issue No: 2.0. Application Guidance CCP Penetration Tester Role, Practitioner Level

January 2016 Issue No: 2.0. Application Guidance CCP Penetration Tester Role, Practitioner Level January 2016 Issue No: 2.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Tester Role, Practitioner Level Issue No: 2.0 January 2016 The copyright of this document is reserved and

More information

JOB DESCRIPTION. Contract Management and Business Intelligence

JOB DESCRIPTION. Contract Management and Business Intelligence JOB DESCRIPTION DIRECTORATE: DEPARTMENT: JOB TITLE: Contract Management and Business Intelligence Business Intelligence Business Insight Manager BAND: 7 BASE: REPORTS TO: Various Business Intelligence

More information

CBEST FAQ February 2015

CBEST FAQ February 2015 CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Job Description. BRANCH Integrated Services GRADE JM2

Job Description. BRANCH Integrated Services GRADE JM2 DIRECTORATE People and Communities JOB TITLE Consultant Social Work Practitioner Job Description BRANCH Integrated Services GRADE JM2 SECTION Community Family Service Main Purpose of the Job To operate

More information

Release 2. FNS51312 Diploma of Life Insurance

Release 2. FNS51312 Diploma of Life Insurance Release 2 FNS51312 Diploma of Life Insurance FNS51312 Diploma of Life Insurance Modification History Release Release 2 Release 1 Comments This version released with FNS10 Financial Services Training Package

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

How To Manage A Life Insurance Company

How To Manage A Life Insurance Company Release: 1 FNS51312 Diploma of Life Insurance FNS51312 Diploma of Life Insurance Modification History Version Release 1 Comments This Qualification first released with FNS10 Financial Services Training

More information

Specialist Certificate in Business Relationship Management Syllabus. Version 1.2

Specialist Certificate in Business Relationship Management Syllabus. Version 1.2 Specialist Certificate in Business Relationship Management Syllabus Version 1.2 August 2010 Specialist Certificate in Business Relationship Management Syllabus Contents Rationale...2 Aims and Objectives...2

More information

How To Help Your Business Succeed

How To Help Your Business Succeed G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service

More information

POSITION DESCRIPTION

POSITION DESCRIPTION POSITION DESCRIPTION Position Title Business Unit : Relationship Manager : Corporate Client Services Reports to (Position) : General Manager Corporate Client Services Physical Location : Auckland Date

More information

MSc Cyber Security UKPASS P052286. Course 1 Year Full-Time, 2-3 Years Part-Time

MSc Cyber Security UKPASS P052286. Course 1 Year Full-Time, 2-3 Years Part-Time MSc Cyber Security International Students Can Apply UKPASS P052286 Code: Course 1 Year Full-Time, 2-3 Years Part-Time Length: Start Dates: September 2015, January 2016, September 2016, January 2017 Department:Department

More information

TAE40110 Certificate IV in Training and Assessment

TAE40110 Certificate IV in Training and Assessment TAE40110 Certificate IV in Training and Assessment Course information and vocational outcomes This is a nationally accredited qualification that reflects the roles of individuals delivering training and

More information

JOB DESCRIPTION Facilities Manager Soft Services. RESPONSIBLE FOR: Team Leaders and Contract Support staff

JOB DESCRIPTION Facilities Manager Soft Services. RESPONSIBLE FOR: Team Leaders and Contract Support staff JOB DESCRIPTION Facilities Manager Soft Services DIRECTORATE: Merlin Works DEPARTMENT: Facilities Management SALARY: 44,880 RESPONSIBLE TO: Head of Facilities Management RESPONSIBLE FOR: Team Leaders and

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Data Analysis Officer - Service Development Team

Data Analysis Officer - Service Development Team Job Title: Data Analysis Officer - Service Development Team Job Grade: Band 4-5 Directorate: Job Reference Number: Adults, Health and Community Wellbeing P01012 The Role Work closely with the Service Development

More information

NCC Group Managed Security Services Pricing

NCC Group Managed Security Services Pricing NCC Group Managed Security Services Pricing G-Cloud Version 1.0 Contact Name: Shakeel Hassan Email: gcloud@nccgroup.com Telephone: +44 (0)7792 149 697 NCC Group Manchester Technology Centre Oxford Road

More information

Growth Through Excellence

Growth Through Excellence Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security

Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security Certified Masters in Cyber Security Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security Call for Applications Closing Date: 20 June 2014, 16:00 Briefing Meeting: 14

More information

Cyber Security Evolved

Cyber Security Evolved Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

More information

Certification of Integrated Master s Degrees in Computer Science and Cyber Security

Certification of Integrated Master s Degrees in Computer Science and Cyber Security Certified Master s in Cyber Security Certification of Integrated Master s Degrees in Computer Science and Cyber Security Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Achieve. Performance objectives

Achieve. Performance objectives Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.

More information

Qualification details

Qualification details Outcome Statement Qualification details Title New Zealand Certificate in Organisational Risk and Compliance (Level 4) Version 1 Qualification type Certificate Level 4 Credits 60 NZSCED 080317 Quality Management

More information

Cyber Essentials Scheme. Summary

Cyber Essentials Scheme. Summary Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme

More information

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx Sub-section Content 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx 2 Job Purpose - To support the implementation of an Enterprise Risk Management

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

Programme Specification and Curriculum Map for MSc Electronic Security and Digital Forensics

Programme Specification and Curriculum Map for MSc Electronic Security and Digital Forensics Programme Specification and Curriculum Map for MSc Electronic Security and Digital Forensics 1. Programme title Electronic Security and Digital Forensics 2. Awarding institution Middlesex University 3.

More information

CBEST Implementation Guide

CBEST Implementation Guide CBEST Implementation Guide Introduction Existing penetration testing services conducted within the financial services sector are well understood and utilised. Whilst these services have provided a good

More information

MANAGER, HUMAN RESOURCES CONSULTING JOB & PERSON SPECIFICATION NOVEMBER 2010

MANAGER, HUMAN RESOURCES CONSULTING JOB & PERSON SPECIFICATION NOVEMBER 2010 MANAGER, HUMAN RESOURCES CONSULTING JOB & PERSON SPECIFICATION NOVEMBER 2010 POSITION TITLE Position Title: Manager HR Consulting Position Number: 3520 Faculty/Division: Division of Services and Resources

More information

ACS Certification Guidelines

ACS Certification Guidelines ACS Certification Guidelines Australian Computer Society Professional Standards Board 2013 Australian Computer Society ACS Certification Guidelines 2 November 2012 Page 1 TABLE OF CONTENTS ACS Certification

More information

Wirral Council: Job Role Descriptor HR USE ONLY

Wirral Council: Job Role Descriptor HR USE ONLY Wirral Council: Job Role Descriptor Job Role: Service: Reports to: No. of Subordinates: Job Role Ref: Job Family: Grade: Practice & Governance Manager Legal & Member Services Head of Legal & Member Services

More information

Qualification details

Qualification details Qualification details Title New Zealand Diploma in Organisational Risk and Compliance (Level 6) Version 1 Qualification type Diploma Level 6 Credits 120 NZSCED 080317 Quality Management DAS classification

More information

JOB DESCRIPTION AND PERSON SPECIFICATION

JOB DESCRIPTION AND PERSON SPECIFICATION JOB DESCRIPTION AND PERSON SPECIFICATION Job Title: Division: Job Grade: Assistant Legal Officers (Three Posts) Rule of Law Division Y (Young Professionals Programme) Reports to: Location: Director, Rule

More information

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service.

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service. JOB PROFILE Job Title: Principal Commissioning Officer Consultant 3 Department: Corporate Resources Ref: DCC/14/0344 Section: Transformation Service Job Family: Transformation Job grade: 12 Purpose of

More information

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Version 1.1 Crown Copyright 2016 All Rights Reserved 44335885 Page 1 of 6 About this document This document describes the features,

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

More information

ASSESSMENT BRIEF FOR POSITION OF BUSINESS PSYCHOLOGIST

ASSESSMENT BRIEF FOR POSITION OF BUSINESS PSYCHOLOGIST ASSESSMENT BRIEF FOR POSITION OF BUSINESS PSYCHOLOGIST We are pleased to invite you to apply for the position of Business Psychologist at Impact Consulting Psychologists Ltd. We have a strong commitment

More information

JOB DESCRIPTION REF: 50001776

JOB DESCRIPTION REF: 50001776 JOB DESCRIPTION REF: 50001776 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

BSB40812 Certificate IV in Frontline Management

BSB40812 Certificate IV in Frontline Management BSB40812 Certificate IV in Frontline Management Course information and vocational outcomes This nationally accredited qualification reflects the role of individuals who take the first line of management

More information

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE 12040940 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Data Sanitisation - Flash Based Storage

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Group Manager Line management of a local team of 5-7 fte staff

Group Manager Line management of a local team of 5-7 fte staff Practice Manager Children s Social Care Role Profile: Practice Manager Grade: Grade 12 Accountable to: Accountable for: Role Context & Purpose Group Manager Line management of a local team of 5-7 fte staff

More information

Certification of Master s Degrees in Computer Science for Cyber Security

Certification of Master s Degrees in Computer Science for Cyber Security Certified Master s in Cyber Security Certification of Master s Degrees in Computer Science for Cyber Security Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015,

More information

BSBCUS501C Manage quality customer service

BSBCUS501C Manage quality customer service BSBCUS501C Manage quality customer service Release: 1 BSBCUS501C Manage quality customer service Modification History Release Release 1 Comments New release of this Qualification released with version

More information

Level 3 Certificate in Community Justice (7499-01)

Level 3 Certificate in Community Justice (7499-01) Level 3 Certificate in Community Justice (7499-01) Qualification handbook QCA Number 500/1868/1 www.cityandguilds.com February 2008 Version 1.0 About City & Guilds City & Guilds is the UK s leading provider

More information

HR Operations Partner. Purpose of the Role

HR Operations Partner. Purpose of the Role Role: Responsible To: Responsible For: Location: HR Operations Partner HR & OD Manager HR staff Liverpool Purpose of the Role To provide an effective and efficient service to the People Services Team and

More information

Chief Information Officer

Chief Information Officer Security manager Job description Job title Security manager Location Wellington Group Organisation Development Business unit / team IT Solutions Grade and salary range Pay Group 1, Pay Band 6 Reports to

More information

24,006 - with possible progression to 25,771 per annum (pro rata for part time) Grade 5

24,006 - with possible progression to 25,771 per annum (pro rata for part time) Grade 5 Job Title Revenues Officer 3 (Job No. 000726) Service Area Financial Services Salary 24,006 - with possible progression to 25,771 per annum (pro rata for part time) Grade 5 Contract Permanent Hours 37

More information

SFJCCAD2 Promote business continuity management

SFJCCAD2 Promote business continuity management Overview This unit is about providing advice and assistance on business continuity management, including general advice for the business and voluntary sectors, and specific advice and assistance to individual

More information

Diploma of Business Administration BSB50415

Diploma of Business Administration BSB50415 Diploma of Business Administration BSB50415 Unit Descriptions & Evidence Required to Demonstrate Competency 8 Units 8 Elective Units Agenda Course Description... 3 Job roles... 3 Pathways Information...

More information

Protecting Malaysia in the Connected world

Protecting Malaysia in the Connected world Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE

More information

UK Government IA Recent Changes and Update

UK Government IA Recent Changes and Update UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in

More information

Criteria for the Accreditation of. DBA Programmes

Criteria for the Accreditation of. DBA Programmes Criteria for the Accreditation of DBA Programmes 1 1 INTRODUCTION 1.1 This document sets out the criteria for DBA programme accreditation. While setting the standards that accredited provision is expected

More information

JOB DESCRIPTION REF: 50039237

JOB DESCRIPTION REF: 50039237 JOB DESCRIPTION REF: 50039237 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may

More information