ESKISP6054.01 Conduct security testing, under supervision



Similar documents
Overview TECHIS Carry out security testing activities

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

ESKISP Direct security testing

ESKISP Manage security testing

Overview TECHIS Carry out risk assessment and management activities

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKITP Implement procedures and standards relating to metrics for IT service delivery

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

Overview TECHIS Manage information security business resilience activities

Committees Date: Subject: Public Report of: For Information Summary

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP5022 Software Development Level 2 Role

ESKITP5023 Software Development Level 3 Role

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

SFJCCAD2 Promote business continuity management

Application Guidance CCP Penetration Tester Role, Practitioner Level

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

National Occupational Standards. Compliance

CFABAI132 Inform and facilitate organisational decision-making

Developing Health and Independence. Pt 22-27, 19,621-22,958 (depending on experience)

Northern Ireland Social Care Council. Job Description

SFJFRSFF2 SQA Unit Code (FA6J 04) Take responsibility for effective performance in fire and rescue

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service.

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

AOD Support Services Classification Level: 7.1 Aboriginal Community Organisation Award. 004 Supervisor AOD Support Services

REPORT. Next steps in cyber security

JOB DESCRIPTION CONTRACTUAL POSITION

Policy. VBA Enterprise Risk Management. Governance Unit

Cyber Security - What Would a Breach Really Mean for your Business?

SFJ ZI02 Monitor and review the performance of technical support systems and equipment

ESKITP5022v2 Perform software development activities under direction

ISO Information Security Management Services (Lot 4)

Information Security Seminar 2013

Business Plan 2012/13

Addressing Cyber Risk Building robust cyber governance

National Approach to Information Assurance

Career proposition for software developers and web operations engineers

Job Description. Corporate Information Lead (Hub) Band 8a

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

How To Manage Risk On A Scada System

How To Assess A Critical Service Provider

INFORMATION SECURITY TESTING

Contact Centre. National Occupational Standards May 2011

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

National Cyber Security Policy -2013

Web and Social Media Marketing Officer - LSTF

FSPPP07 Support the ongoing client relationship

A Guide to the Cyber Essentials Scheme

Release: 1. ICTNWK607 Design and implement wireless network security

External Supplier Control Requirements

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

BUSINESS CONTINUITY MANAGEMENT POLICY

CBEST FAQ February 2015

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Corporate Information Security Management Policy

University of Liverpool

Transcription:

Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to information security threats and vulnerabilities. Assisting applying testing methods, including penetration testing, assessing the robustness of an information system, against a coordinated attack. ESKISP6054.01 1

Performance criteria You must be able to: P1 undertake information security tests, under controlled conditions, to assess vulnerabilities and compliance against relevant internal and/or external standards P2 P3 P4 P5 P6 P7 P8 P9 use a range of appropriate methods, tools and techniques to conduct penetration testing clearly and accurately scope and plan the information security test approach, prioritising testing activity to proactively target the most significant threats and vulnerabilities first interpret information assurance requirements to produce information security test acceptance criteria carefully plan a context driven test approach to systematically test a system in order to validate its information security status design and develop accurate and clear test scripts, plans and acceptance criteria to ensure that information assurance requirements can be tested against relevant internal and/or external standards critically review the results of penetration testing and accurately identify specific vulnerabilities within any specified information system prioritise outcomes and recommend specific and timely action to address vulnerabilities identified as a result of information security testing clearly report on and communicate the results of information security testing, recommending mitigation actions P10 ensure information security testing reports are high quality and relevant to the audience ESKISP6054.01 2

Knowledge and understanding You need to know and understand: K1 K2 K3 K4 K5 K6 K7 the specific threats that may be of particular importance to any particular information system how to organise a information security testing approach following standard procedures how to use the range of tools and techniques that can be applied for penetration testing relevant UK legislation and its impact on penetration testing: K4.1 computer misuse act 1990 K4.2 human rights act 1998 K4.3 data protection act 1998 K4.4 police and justice act 2006 the latest information and data on a wide range of information security vulnerabilities the importance of ensuring that information security testing is designed to ensure testing of all aspects of information systems across the core principles: K6.1 confidentiality K6.2 integrity K6.3 availability K6.4 authorisation K6.5 authentication K6.6 non repudiation the potential impact of the vulnerabilities identified on any information system and on the organisation ESKISP6054.01 3

K8 K9 what are the different types of information security testing that can be conducted and their purpose what are the benefits of penetration testing K10 the detailed steps involved in undertaking a full penetration testing assessment K11 the legal requirements relating to penetration testing K12 how to analyse detailed penetration testing results and assess vulnerabilities in order to provide advice on how to respond K13 the interests of relevant stakeholders for information security testing K14 how to: K14.1 ensure that the design of tests incorporates the range of threats that may present themselves to the organisation K14.2 scope, plan and manage the information security testing activities conducted on any particular information system or solution K14.3 identify and prioritise specific vulnerabilities for any information system or solution K14.4 communicate the business implications of the limitations of information security testing programmes K14.5 develop and implement test programmes to assess information effectiveness through the life of a system ESKISP6054.01 4

Developed by e-skills UK Version number 1 Date approved February 2013 Indicative review date Validity Status Originating organisation Original URN Relevant occupations Suite Key words December 2015 Current Original e-skills UK ESKISP6054.01 Information and Communication Technology; Information and Communication Technology Professionals; Information and Communication Technology Officer; IT Service Delivery Occupations; Software Development Information Security Cyber Security; Information Security ESKISP6054.01 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information