ESKISP6055.01 Manage security testing



Similar documents
IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

ESKISP Direct security testing

ESKISP Conduct security testing, under supervision

Overview TECHIS Carry out security testing activities

Overview TECHIS Carry out risk assessment and management activities

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

ESKITP5022 Software Development Level 2 Role

ESKITP5023 Software Development Level 3 Role

Overview TECHIS Manage information security business resilience activities

ESKITP Implement procedures and standards relating to metrics for IT service delivery

ESKITP5022v2 Perform software development activities under direction

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

Enterprise Security Architecture

ICAICT704A Direct ICT in a supply chain

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

ISO Information Security Management Services (Lot 4)

G-Cloud III Services Service Definition Accenture Cloud Security Services

National Cybersecurity Assessment and Technical Services

Penetration Testing Service. By Comsec Information Security Consulting

A Guide to the Cyber Essentials Scheme

How To Assess A Critical Service Provider

ISO27032 Guidelines for Cyber Security

Patch and Vulnerability Management Program

External Supplier Control Requirements

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

Penetration Testing Services. Demonstrate Real-World Risk

Continuous Penetration Testing

Information Security Organizations trends are becoming increasingly reliant upon information technology in

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

INFORMATION SECURITY TESTING

CYBER SECURITY TRAINING SAFE AND SECURE

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

Application Security Testing as a Foundation for Secure DevOps

JOB DESCRIPTION CONTRACTUAL POSITION

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

Guideline on Vulnerability and Patch Management

Cloud Infrastructure Security Management

National Occupational Standards. Compliance

ESKITP Manage IT service delivery performance metrics

ESKIPU1 Improving productivity using IT

IT Governance Charter

How to Justify Your Security Assessment Budget

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

Technology and Cyber Resilience Benchmarking Report December 2013

Building Security Into The Software Life Cycle

Measuring Software Security

Enterprise Security Tactical Plan

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Contact Centre. National Occupational Standards May 2011

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Protecting your business interests through intelligent IT security services, consultancy and training

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Metrics Suite for Enterprise-Level Attack Graph Analysis

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

Data Access Request Service

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

Course Descriptions November 2014

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Transcription:

Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting on comprehensive penetration testing approaches, as well as designing and implementing organisational policies, standards and processes. ESKISP6055.01 1

Performance criteria You must be able to: P1 be responsible for penetration testing in own area of work P2 P3 P4 P5 P6 P7 P8 P9 design, implement and maintain the standards processes, procedures, methods, tools and techniques to conduct information security assessments design, simulate, and execute controlled attacks on networks and systems as part of a comprehensive penetration testing approach apply existing and emerging methods to test and identify vulnerabilities to network and information systems select and specify the most appropriate tools to be used during penetration testing clearly and accurately define the scope of any penetration testing assignment aligned to the context of the test scenario lead and manage a penetration testing team, prioritising resource allocation and capability management ensuring that appropriate ongoing training and development is in place source, gather and collate information and data about the vulnerabilities identified as a result of penetration testing and the potential impact on the organisation s information systems and assets critically review the results of penetration testing, identifying priorities for action where appropriate P10 communicate the results of information security testing to a range of audiences justifying and evidencing any recommendations on security failures and non compliance P11 review and update information security testing processes and standards where appropriate to reflect the changing nature of security threats and risks P12 make decisions to implement improvements to the organisation s information systems and assets to reduce the risks associated with ESKISP6055.01 2

identified vulnerabilities, documenting such changes ESKISP6055.01 3

Knowledge and understanding You need to know and understand: K1 K2 K3 K4 K5 K6 K7 K8 K9 what information security testing can test for and the limitations how to use the range of tools and techniques that can be applied for information security testing the role and importance of proactive activities, such as penetration testing to identify vulnerabilities within the organisation s network and information systems infrastructure and assets how to translate the target systems into test plans and scripts the results and outcomes of information security testing activities in identifying security issues and iinforming and directing the importance in ensuring that information security testing is conducted proactively and routinely/regularly through the lifecycle and lifetime of network and information systems the range of scanning and testing activities that can be used to identify vulnerabilities in an organisation s network and information system the range of current, identified vulnerabilities that exist and need to be tested for the external standards, best practice frameworks and codes of conduct that an organisation s information systems infrastructure assets should comply with K10 how to: K10.1 ensure that processes and procedures are implemented and followed to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available K10.2 distribute warning material relating to information security vulnerabilities in a timely manner and suitable for the target ESKISP6055.01 4

audience K10.3 design, develop and implement metrics for monitoring the level of vulnerabilities through penetration testing K10.4 identify the potential business impacts if vulnerabilities are exploited K10.5 maintain lists of authorised or banned applications or devices for use on protective monitoring systems ESKISP6055.01 5

Developed by e-skills UK Version number 1 Date approved February 2013 Indicative review date Validity Status Originating organisation Original URN Relevant occupations Suite Key words December 2015 Current Original e-skills UK ESKISP6055.01 Information and Communication Technology; Information and Communication Technology Professionals; Information and Communication Technology Officer; IT Service Delivery Occupations; Software Development Information Security Cyber Security; Information Security ESKISP6055.01 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information