Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business



Similar documents
Critical Controls for Cyber Security.

OCR LEVEL 3 CAMBRIDGE TECHNICAL

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

ICANWK406A Install, configure and test network security

External Supplier Control Requirements

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cybersecurity Health Check At A Glance

Unit title: Cyber Security Fundamentals (SCQF level 4)

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

The Protection Mission a constant endeavor

Networked Systems Security

Data Access Request Service

Client Security Risk Assessment Questionnaire

Small businesses: What you need to know about cyber security

Attachment A. Identification of Risks/Cybersecurity Governance

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Information Shield Solution Matrix for CIP Security Standards

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

ISO 27002:2013 Version Change Summary

ICAB5238B Build a highly secure firewall

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

A practical guide to IT security

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

CESG Certification of Cyber Security Training Courses

F G F O A A N N U A L C O N F E R E N C E

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

How To Protect Your School From A Breach Of Security

developing your potential Cyber Security Training

EA-ISP-012-Network Management Policy

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

IT Networking and Security

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Network Administration

New PCI Standards Enhance Security of Cardholder Data

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

ABB s approach concerning IS Security for Automation Systems

Distance Assessment Policy

OCIE CYBERSECURITY INITIATIVE

Managing internet security

Information System Audit Guide

SANS Top 20 Critical Controls for Effective Cyber Defense

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Small businesses: What you need to know about cyber security

Securing the Service Desk in the Cloud

Security Controls What Works. Southside Virginia Community College: Security Awareness

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

INFORMATION TECHNOLOGY ENGINEER V

EDI Level 3 Assessing Qualifications. EDI Level 4 Internal Quality Assurance Qualifications. EDI Level 4 External Quality Assurance Qualifications

INFORMATION SYSTEMS. Revised: August 2013

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Looking at the SANS 20 Critical Security Controls

INFORMATION TECHNOLOGY SECURITY STANDARDS

Service Children s Education

ULH-IM&T-ISP06. Information Governance Board

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Jumpstarting Your Security Awareness Program

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Hands on, field experiences with BYOD. BYOD Seminar

Procedure Title: TennDent HIPAA Security Awareness and Training

Chapter 1 The Principles of Auditing 1

CompTIA Security+ (Exam SY0-410)

Designing a security policy to protect your automation solution

Network Security Administrator

Supplier Security Assessment Questionnaire

Cyber Essentials Scheme

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

NERC CIP Compliance with Security Professional Services

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Code of Practice for Cyber Security in the Built Environment

G-Cloud Definition of Services Security Penetration Testing

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Small Business IT Risk Assessment

ICA60211 Advanced Diploma of Network Security

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt. Monitoring & Audit

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Newcastle University Information Security Procedures Version 3

1B1 SECURITY RESPONSIBILITY

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Transcription:

Qualification Specification Level 4 Certificate in Cyber Security and Intrusion For Business ProQual 2015

Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates 4 Assessment 5 Internal quality assurance 5 Adjustments to assessment 5 Results enquiries and appeals 6 Certification 6 Learning Outcomes and Assessment Criteria 7 2

Introduction This qualification builds on the fundamental principles of cyber security and is a natural progression for individuals working in an IT role, helping them to qualify as cyber security professionals. The qualification also provides a clear route of progression for individuals seeking to move from IT support roles, into better paid and more testing cyber security positions. The awarding organisation for this qualification is ProQual Awarding Body and the regulatory body is the Office of Qualifications and Examinations Regulation (Ofqual). The specification for these qualifications has been approved by the Welsh Government for use by centres in Wales. Entry Requirements There are no formal entry requirements for this qualification. Centres should carry out an initial assessment of candidate skills and knowledge to identify any gaps and help plan the assessment. Qualification Profile Qualification title Ofqual qualification number 601/8167/9 Level 4 Total Qualification Time Assessment ProQual Level 4 Certificate in Cyber Security and Intrusion for Business 70 hours Qualification start date 1/12/15 Qualification end date Pass or fail Internally assessed and verified by centre staff External quality assurance by ProQual verifiers Qualification Structure Candidates must complete the 3 Mandatory units. T/507/9458 Cyber Security for Business Networks A/507/9459 Managing Cyber Security in Business M/507/9460 Cyber Intrusion for Business 3

Centre Requirements Centres must be approved to offer this qualification. If your centre is not approved please complete and submit form ProQual Additional Qualification Approval Application. Staff Staff delivering this qualification must be appropriately qualified and occupationally competent. Assessors/Internal Quality Assurance For each competence-based unit centres must be able to provide at least one assessor and one internal verifier who are suitably qualified for the specific occupational area. Assessors and internal verifiers for competence-based units or qualifications will normally need to hold appropriate assessor or verifier qualifications, such as: ProQual Level 3 Certificate in Teaching, Training and Assessing Award in Assessing Competence in the Work Environment Award in Assessing Vocationally Related Achievement Certificate in Assessing Vocational Achievement Award in the Internal Quality Assurance of Assessment Processes and Practices Certificate in Leading the Internal Quality Assurance of Assessment Processes and Practices Support for Candidates Materials produced by centres to support candidates should: enable them to track their achievements as they progress through the learning outcomes and assessment criteria; provide information on where ProQual s policies and procedures can be viewed; provide a means of enabling Internal and External Quality Assurance staff to authenticate evidence 4

Assessment Candidates must demonstrate the level of knowledge and competence described in the unit. Assessment is the process of measuring a candidate s knowledge and understanding against the standards set in the qualification. Assessment guidance is included to assure consistency. Each candidate is required to produce evidence which demonstrates their achievement of all of the learning outcomes and assessment criteria for each unit. Evidence can include: - assignments/projects/reports - worksheets - portfolio of evidence - record of oral and/or written questioning - candidate test papers Learning outcomes set out what a candidate is expected to know, understand or be able to do. Assessment criteria specify the standard a candidate must meet to show the learning outcome has been achieved. Learning outcomes and assessment criteria for this qualification can be found from page 7 onwards. Internal Quality Assurance An internal quality assurance verifier confirms that assessment decisions made in centres are made by competent and qualified assessors, that they are the result of sound and fair assessment practice and that they are recorded accurately and appropriately. Adjustments to Assessment Adjustments to standard assessment arrangements are made on the individual needs of candidates. ProQual s Reasonable Adjustments Policy and Special Consideration Policy sets out the steps to follow when implementing reasonable adjustments and special considerations and the service that ProQual provides for some of these arrangements. Centres should contact ProQual for further information or queries about the contents of the policy. 5

Results Enquiries and Appeals All enquiries relating to assessment or other decisions should be dealt with by centres, with reference to ProQual s Enquiries and Appeals Procedures. Certification Candidates who demonstrate achievement of the qualification will be awarded a certificate giving the full qualification title - ProQual Claiming certificates Centres may claim certificates for candidates who have been registered with ProQual and who have successfully achieved the required number of credits for a qualification. All certificates will be issued to the centre for successful candidates. Replacement certificates If a replacement certificate is required a request must be made to ProQual in writing. Replacement certificates are labelled as such and are only provided when the claim has been authenticated. Refer to the Fee Schedule for details of charges for replacement certificates. 6

Learning Outcomes and Assessment Criteria T/507/9458 Cyber Security for Business Networks Learning Outcomes the learner will: 1. Understand how to securely configure ICT systems 1.1 1.2 1.3 2. Be able to securely configure ICT systems 2.1 3. Understand how to test and monitor network security 4. Be able to test and monitor organisational network security 5. Understand the importance of compliance with organisational Malware Protection Policy 6. Be able to demonstrate compliance with organisational Malware Protection Policy 2.2 2.3 3.1 3.2 3.3 3.4 3.5 4.1 4.2 4.3 4.4 4.5 5.1 5.2 5.3 6.1 6.2 Assessment Criteria the learner can: Explain the importance of securely configuring all ICT systems Explain the application of security patches Explain the purpose of a systems inventory Demonstrate the secure configuration of an ICT system Demonstrate the application of security patches Define a security baseline for all ICT devices Explain the purpose of penetration testing Explain the processes involved in penetration testing Evaluate software that can be used for penetration testing Explain the purpose of a network perimeter Explain why security controls must be monitored and tested Demonstrate penetration testing Identify network security issues through penetration testing Manage the network perimeter including wireless access Demonstrate the use of software setup related to malware and other monitoring products Analyse the monitoring and testing of security controls Explain the risks associated with a range of malware Evaluate a range of malware defences Explain the purpose of malware scanning Establish adequate malware defences Demonstrate malware scanning and secure backup of ICT systems 7

A/507/9459 Managing Cyber Security in Business Learning Objectives the learner will: 1. Understand the requirement to determine the risks to an organisations information 2. Understand the use of account management processes 3. Be able to demonstrate the use of account management processes 4. Understand the implementation of user security policies within organisations 5. Be able to develop user security policies within organisations 6. Understand how to manage cyber incident response and disaster recovery 7. Be able to manage cyber incident response and disaster recovery 8. Understand how to monitor organisational ICT systems and networks 1.1 1.2 2.1 2.2 2.3 3.1 3.2 3.3 3.4 4.1 4.2 4.3 4.4 5.1 5.2 6.1 6.2 6.3 Assessment Criteria the learner can: Evaluate the need for an effective governance structure relating to cyber risk Explain a range of information risks Explain the potential approaches to account management processes Explain control procedures relating to activity and audit logs Explain the importance of monitoring user activities Demonstrate the use of account management processes Develop reports related to user privileges and accounts Demonstrate control procedure evidence related to activity and audit logs Monitor user activity, providing evidence and reports Explain the importance of organisational level user security policies Identify examples of acceptable and secure use policies Explain why staff training is essential for effective cyber security policies Identify current back door cyber threats Develop organisational level user security policies Determine the acceptable and secure use of organisational ICT systems Explain potential disaster recovery activities Explain the requirement for incident management plans Describe the reporting process for criminal incidents 7.1 Demonstrate an effective response to incidents and disaster recovery activities 8.1 8.2 8.3 Explain the purpose of an ICT monitoring strategy Summarise the content of ICT security logs Explain how to secure ICT systems further to the indication of an attack 8

Learning Objectives the learner will: 9. Be able to monitor organisational ICT systems and networks 10. Be able to manage organisational Access to Removable Media Policy 11. Understand how to manage organisational Secure Use of ICT Policy for Home and Mobile Working 12. Be able to manage organisational Secure Use of ICT Policy for Home and Mobile Working 9.1 9.2 9.3 9.4 9.5 10.1 10.2 11.1 11.2 11.3 Assessment Criteria the learner can: Determine an ICT Monitoring Strategy Develop an ICT Monitoring Policy Demonstrate the monitoring of ICT systems and networks Analyse security logs Secure all ICT systems further to the indication of an attack Explain the necessity for an Access to Removable Media Policy Develop an Access to Removable Media Policy Evaluate current government legislation and frameworks relevant to the control of digital data Identify the types of staff training events suitable for Home and Mobile Working policies. Explain how to apply a secure baseline build to all their organisation s ICT devices 12.1 Develop a Secure Use of ICT Policy for Home and Mobile Working for all employees 9

M/507/9460 Cyber Intrusion for Business Learning Outcomes the learner will: 1. Understand how to establish a security perimeter in a Wifi zone 2. Know how to establish a security perimeter within a Wifi zone 3. Understand the regulatory frameworks associated with cyber intrusion 4. Be able to analyse activities within Wifi zones 1.1 1.2 1.3 1.4 1.5 1.6 2.1 2.2 2.3 2.4 2.5 3.1 3.2 3.3 3.4 Assessment Criteria the learner can: Explain the use of hardware and software related to security in Wifi zones Identify current back door threats Explain the importance of mobile device policies for Wifi zones Explain how hardware and software can be utilised in relation to securing a Wifi perimeter Explain what rogue access points are Identify applications that are of high risk to a network area Develop and demonstrate a mobile policy for Wifi zones Demonstrate the use of appropriate hardware and software in relation to securing a Wifi perimeter Provide an analysis of a Wifi zone Develop a policy on the detection of rogue access points and applications that are of risk to a network area Develop a policy to counter back door threats to networks Identify regulatory frameworks associated with Wifi monitoring Explain the legislation relating to hacking or breaking into user networks Evaluate the problems that can be encountered when monitoring Wifi zones Explain the risk associated with managing Wifi zones within an International context 4.1 Analyse potential problems that could be encountered when monitoring Wifi zones 10

Learning Objectives the learner will: 5. Know how to utilise technology to secure networks from hacking 6. Be able to utilise technology to secure networks from hacking 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 6.1 6.2 6.3 6.4 6.5 Assessment Criteria the learner can: Explain the use of VPN functionality and application tunnelling to promote security Critically evaluate at least three commercial products that are available to secure LAN and other mobile networks Explain encryption methods such as TLS/SSL Explain the features of account lock out Explain host isolation in relation to Wifi networks Explain network separation in relation to Wifi networks Explain what a man in the middle attack is and how it affects network users Explain how to establish secure passwords Use VPN functionality and application tunnelling to promote security Secure a LAN using commercially available products Demonstrate the use of encryption methods such as TSL/SSL Demonstrate account lock out and show how to enable and secure this setting Establish secure passwords for network users Assessment There must be valid, authentic and sufficient for all the assessment criteria. However, one piece of evidence may be used to meet the requirements of more than one learning outcome or assessment criterion. 11

ProQual Awarding Body ProQual House Annie Med Lane South Cave HU15 2HG UK Tel: +44(0)1430 423822 www.proqualab.com enquiries@proqualab.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information