Overview TECHIS60341. Carry out security architecture and operations activities



Similar documents
ESKISP Direct security architecture development

ESKISP Direct security testing

Overview TECHIS Carry out risk assessment and management activities

Overview TECHIS Manage information security business resilience activities

Overview TECHIS Carry out security testing activities

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKISP Conduct security testing, under supervision

ESKITP6026 IT Security Management Level 6 Role

ESKISP Assist security testing, under supervision

ESKISP Manage security testing

External Supplier Control Requirements

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP5022 Software Development Level 2 Role

ESKITP5023 Software Development Level 3 Role

Contribute to IT architecture work

CESG Certification of Cyber Security Training Courses

CFACC29 Develop and enhance performance management in a contact centre

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role

Introduction to Cyber Security / Information Security

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

ESKISP Conducts vulnerability assessment under supervision

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Enterprise Security Architecture

ESKITP Design and implement change management plans for IT enabled systems 1

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP Identify change management opportunities and options for IT enabled systems 1

Defining Program Types

Western Australian Auditor General s Report. Information Systems Audit Report

Goals. Understanding security testing

SFJCCAD2 Promote business continuity management

ESKITP Implement procedures and standards relating to metrics for IT service delivery

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management

ESKITP6036 IT Disaster Recovery Level 5 Role

Protecting Your Organisation from Targeted Cyber Intrusion

Risk Management. National Occupational Standards February 2014

CFAM&LAA2 Develop your knowledge, skills and competence

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

SFJFRSFF2 SQA Unit Code (FA6J 04) Take responsibility for effective performance in fire and rescue

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

PCI COMPLIANCE GUIDE For Merchants and Service Members

BM482E Introduction to Computer Security

ESKITP7026 IT/Technology Service Help Desk and Incident Management Level 6 Role

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role

ESKITP5022v2 Perform software development activities under direction

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Threat Intelligence. Benefits for the enterprise

Lot 1 Service Specification MANAGED SECURITY SERVICES

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

EA-ISP-012-Network Management Policy

Defining an EA Skillset EAPC Johannesburg March 2015

SFJ ZI02 Monitor and review the performance of technical support systems and equipment

Career proposition for software developers and web operations engineers

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

The Education Fellowship Finance Centralisation IT Security Strategy

Audit and Risk Management Committee. IT Security Update

Bellevue University Cybersecurity Programs & Courses

Release: 1. ICTNWK607 Design and implement wireless network security

Bio-inspired cyber security for your enterprise

Cisco Advanced Services for Network Security

Cyber-safety for Senior Australians. Inquiry Submission

A HELPING HAND TO PROTECT YOUR REPUTATION

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

INTRODUCTION. The Merlin Principles. The Elements of each Principle

ESKITP6032 IT Disaster Recovery Level 2 Role

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016

ESKITP5064 Software Development Process Improvement Level 4 Role

Module 1: e- Learning

Security Transcends Technology

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Securing the EVO Cyber Security Considerations

EDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

Inquiry into potential reforms of National Security Legislation. Cisco Systems Australia Pty Limited

Bachelor of Information Technology (Network Security)

Master of Science in Cyber Security and Management

Securing EtherNet/IP Using DPI Firewall Technology

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason

Malware isn t The only Threat on Your Endpoints

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Security Implications Associated with Mass Notification Systems

Cyber Essentials Scheme

The Cornwell Enterprise Architecture Maturity Dashboard

Aberdeen City Council IT Security (Network and perimeter)

Risk Management Policy

BSBEBUS520A Manage online payments systems

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

Digital Industries Apprenticeship: Occupational Brief. Cyber Security Technologist. April 2016

How an Endace Monitoring and Recording Fabric aids corporate compliance

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Center of Academic Excellence Cyber Operations Program 2013 Application

CFAS1.3 Use databases to support sales activities

Specific recommendations

ESKITP5065 Software Development Process Improvement Level 5 Role

Transcription:

Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical and process controls that can be implemented across an organisation to reduce information and systems risk, identify and mitigate vulnerability, and satisfy compliance obligations. This role involves determining appropriate types of security controls and access management and network security devices, and how they work. TECHIS60341 1

Performance criteria You must be able to: 1. interpret organisational security policies and threat/risk profiles 2. incorporate organisational security policies and threat/risk profiles into secure architectural solutions that mitigate the risks and conform to legislation in line with business needs. 3. present technical security architecture solutions for the three different types of architecture including: network security architecture, infrastructure security architecture, and application security architecture 4. select security products and technologies based upon their security characteristics 5. design robust and fault-tolerant security mechanisms and components appropriate to the identified risks 6. propose security architecture solutions as a view within broader IT architectures in line with organisational standards 7. develop and implement appropriate methodologies, templates, patterns and frameworks to support security architecture development 8. apply security architecture principles to networks, information systems, control systems, infrastructures and products in line with organisational requirements 9. devise standard solutions that address requirements delivering specific security functionality whether for a business solution or for a product 10. maintain awareness of the security advantages and vulnerabilities of common products and technologies 11. design robust and fault-tolerant security mechanisms and components appropriate to the perceived risks in line with organisational standards TECHIS60341 2

Knowledge and understanding You need to know and understand: 1. that security controls can be categorised and selected on the basis of that categorisation 2. where technical controls cannot be used, other controls can be selected 3. how technical controls (examples include cryptography, access management, firewalls, anti-virus software and intrusion prevention systems) work in detail/at an advanced level of understanding how the technical controls can be deployed in practice and associated strengths and weaknesses 4. the need for security architecture and its relevance to systems, service continuity and reliability 5. the application of techniques such as defence in depth to demonstrate how controls can be selected, deployed and tested to minimise risk and impact 6. how to differentiate between controls to protect systems availability and reliability; controls to protect information; and controls to manage human behaviour 7. the trade-offs for functionality, usability and security 8. the role of operations in monitoring, maintaining and evolving controls 9. what is meant by information security architecture 10. how implementing a security architecture can improve mitigate risk for information system design 11. where to find information on the existing information systems architectures used within the organisation 12. the relationship of information security architecture to IT and enterprise architectures 13. sources of recognised external security architectures and frameworks 14. the advantages and disadvantages of implementing a range of commonly used IT components and security products Has knowledge of a range of core security technologies; e.g. access control models, public and private encryption, authentication techniques, intrusion detection 15. the most appropriate information security product and protocols to use in meeting the organisation's security requirements 16. the range of processes, procedures, methods, tools and techniques applicable to secure architecture development activities and their deliverables 17. he role of architecture in information and network security 18. the fact that the organisation's network and information security architecture needs to align with wider systems architecture development 19. the importance of using security standards, architectures and frameworks TECHIS60341 3

20. 21. how to represent security architecture designs and models industry standard architectural frameworks commonly used e.g. TOGAF and Zachman TECHIS60341 4

Developed by e-skills Version Number 1 Date Approved January 2016 Indicative Review Date Validity Status Originating Organisation Original URN Relevant Occupations Suite Keywords April 2019 Current Original The Tech Partnership TECHIS60341 Information and Communication Technology; Information and Communication Technology Officer; Information and Communication Technology Professionals Information Security Information security, cyber security; security architecture, secure systems TECHIS60341 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information