Cyber Security Operations

Skill Definition

Cyber Security operations are the secure configuration and maintenance of information, controls and communications equipment in accordance with relevant security policies, standards and guidelines. This includes the configuration of information security devices (e.g. firewalls) and protective monitoring tools (e.g. Security Information and Event Management (SIEM)). Principles include implementing security policy (e.g. patching policies) and security operating procedures in respect of system and/or network management, maintaining security records and documentation in accordance with security operating procedures, and monitoring processes for violations of relevant security policies (e.g. acceptable use, security).

Awareness

Recognises the need for information systems and services to be operated and monitored securely and can list some of the main policies and practices involved in achieving this

Explains the main principles of secure configuration of role specific security components and devices, including firewalls and protective monitoring tools (e.g. SIEM)

Working

Demonstrates experience applying the principles of secure configuration of role-specific security components and devices in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination

Supports the overall aims of a Cyber Security operations-related team, e.g. a monitoring team

Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware, protection or vulnerability testing under direction/supervision

Develops and tests rules for detecting violations of security operating procedures under supervision

Practitioner

Develops security operating procedures for use across multiple information systems or maintains compliance with them

Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware protection or vulnerability testing with autonomy

Develops and tests rules for detecting violations of security operating procedures with autonomy

Leads small teams managing Cyber Security operations within an organisation

Expert

Leads teams managing Cyber Security operations within an organisation

Identifies the need for, and implements, new security operating procedures and practices to meet changing requirements

Is a subject matter expert in developing and operationalising techniques for Cyber Security operations, e.g. detecting anomalous activity, automating orchestration and configuration of IT