ESKISP6056.01 Direct security testing



Similar documents
ESKISP Conduct security testing, under supervision

ESKISP Manage security testing

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Overview TECHIS Carry out security testing activities

Overview TECHIS Carry out risk assessment and management activities

ESKITP Implement procedures and standards relating to metrics for IT service delivery

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

Overview TECHIS Manage information security business resilience activities

ESKITP Manage IT service delivery performance metrics

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

ESKITP5022 Software Development Level 2 Role

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP5023 Software Development Level 3 Role

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

SFJCCAD2 Promote business continuity management

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process

SFHAD4 Develop and disseminate information and advice about substance use, health and social well-being

ESKITP5022v2 Perform software development activities under direction

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

A Guide to the Cyber Essentials Scheme

Position Description. Technical Lead, Computer Network Defence. GCSB mission and values. Our mission. Our values UNCLASSIFIED

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service.

ESKIPU1 Improving productivity using IT

Risk Management Policy

Risk Management. National Occupational Standards February 2014

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

National Approach to Information Assurance

NSW Government ICT Benefits Realisation and Project Management Guidance

SFS SYS 13 (SQA Unit Code - H4GR 04) Maintain the performance of electronic security systems

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

Contact Centre. National Occupational Standards May 2011

FSPBA8 SQA Unit Code H5FA 04 Process the transfer of foreign currency

OE PROJECT CHARTER TEMPLATE

National Occupational Standards. Compliance

White Paper. PPP Governance

Government Communication Professional Competency Framework

Position Description

CFASAA231 - Sqa Unit Code H4RT 04 Use IT to support your role

Job description HR Advisor

Application Guidance CCP Penetration Tester Role, Practitioner Level

The OIE Regional Communications Workshop. a Strategy for Animal Health Communication. As of 10 November 2009

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

1. Background and business case

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

National Cybersecurity Assessment and Technical Services

SFJ ZI02 Monitor and review the performance of technical support systems and equipment

SFS SYS 7 (SQA Unit Code - H4GL 04) Audit electronic security systems

Release: 1. ICTNWK607 Design and implement wireless network security

Policy. VBA Enterprise Risk Management. Governance Unit

ASTFFL1 - SQA Unit Code H54C 04 Respond to requests for fire damage limitation work

Department of Health & Human Services

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Aberdeen City Council IT Security (Network and perimeter)

INFORMATION SECURITY POLICY

NSPCC JOB DESCRIPTION. Database Training and Support Manager. (Grade 5 - Senior Business Support Officer)

Risk Management Policy

HKCAS Supplementary Criteria No. 8

ASTFFL6 - SQA Unit Code H54H 04 Prepare for flood damage emergencies

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Transcription:

Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being fully accountable for successful security testing activities and deliverables. This includes developing and implementing methodologies for assessing the level of assurance of information systems and the correct implementation of mitigation measures. ESKISP6056.01 Direct security testing 1

Performance criteria You must be able to: P1 be fully accountable for all penetration and information security testing activities, results and recommendations for mitigation P2 P3 P4 P5 P6 P7 P8 P9 design, develop, implement and maintain the policy and standards to provide a detailed information security testing framework for use within the organisation review, improve and update penetration testing methods and tools to continue to provide effective testing services ensure penetration testing activities and reports are clearly documented design, develop, implement and maintain resourcing and training strategy and plans to retain and develop appropriate penetration and information security testing expertise within the organisation continually monitor information security threat trends and keep aware of the latest information providing informed guidance to penetration testing activities monitor the quality and effectiveness of penetration testing activities, critically reviewing the approach and process and making recommendations for improvement where appropriate provide timely and objective advice and guidance to others on all aspects of information security testing activities including penetration testing best practice and the application of lessons learned maintain an authoritative position on proactive information security testing to identify and disseminate new threats to contribute to the body of knowledge P10 develop communication processes for internal and external parties (e.g. customers) relating to penetration testing activities and results P11 authorise the issue of formal reports to management on the effectiveness and efficiency of security testing, in appropriate ESKISP6056.01 2

language for the audience P12 provide thought leadership on the discipline of information security testing, contributing to internal best practice and to externally recognised publications, white papers etc P13 take timely and decisive action in the event of information security testing activities and their deliverables not complying with relevant legislation, regulations, and internal and external standards ESKISP6056.01 3

Knowledge and understanding You need to know and understand: K1 K2 K3 K4 K5 K6 K7 K8 K9 who are the executive sponsors and stakeholders of information security testing activities within the organisation the need to advise and guide others on all aspects of information security testing activities how to manage the implications and consequences: K3.1 of failure to identify and mitigate/control risks that arise K3.2 of information security testing activities failing to meet the expectations of the business sources of best practice in information security testing activities the importance of analysing the results gained from monitoring the alignment of information security testing activities and their deliverables with all relevant legislation, regulation, internal and external standards, in line with organisational strategy, policies and standards the scope of information assurance governance within the organisation the importance of establishing effective capabilities for the assurance of information assets with the organisation the need to have effective and coordinated governance of a range of activities, including risk management, information security, vulnerability assessments, security education and awareness training the need to ensure that timely and effective independent review of information security testing activities takes place K10 how to objectively analyse the findings from independent review of information security testing activities and report recommendations to sponsors and stakeholders ESKISP6056.01 4

K11 how to design and develop strategy, policies plans and standards to ensure the alignment with all relevant legislation, regulations and external standards K12 the importance of using lessons learned in order to inform future information security testing ESKISP6056.01 5

Direct security testing Developed by e-skills UK Version number 1 Date approved February 2013 Indicative review date Validity Status Originating organisation Original URN Relevant occupations Suite Key words December 2015 Current Original e-skills UK ESKISP6056.01 Information and Communication Technology; Information and Communication Technology Professionals; Information and Communication Technology Officer; IT Service Delivery Occupations; Software Development Information Security Cyber Security; Information Security ESKISP6056.01 Direct security testing 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information