Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Cyber Security Operations

Cyber Security Operations

Skill Definition

Cyber Security operations are the secure configuration and maintenance of information, controls and communications equipment in accordance with relevant security policies, standards and guidelines. This includes the configuration of information security devices (e.g. firewalls) and protective monitoring tools (e.g. Security Information and Event Management (SIEM)). Principles include implementing security policy (e.g. patching policies) and security operating procedures in respect of system and/or network management, maintaining security records and documentation in accordance with security operating procedures, and monitoring processes for violations of relevant security policies (e.g. acceptable use, security).

Awareness

  • Recognises the need for information systems and services to be operated and monitored securely and can list some of the main policies and practices involved in achieving this
  • Explains the main principles of secure configuration of role specific security components and devices, including firewalls and protective monitoring tools (e.g. SIEM)

Working

  • Demonstrates experience applying the principles of secure configuration of role-specific security components and devices in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination
  • Supports the overall aims of a Cyber Security operations-related team, e.g. a monitoring team
  • Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware, protection or vulnerability testing under direction/supervision
  • Develops and tests rules for detecting violations of security operating procedures under supervision

Practitioner

  • Develops security operating procedures for use across multiple information systems or maintains compliance with them
  • Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware protection or vulnerability testing with autonomy
  • Develops and tests rules for detecting violations of security operating procedures with autonomy
  • Leads small teams managing Cyber Security operations within an organisation

Expert

  • Leads teams managing Cyber Security operations within an organisation
  • Identifies the need for, and implements, new security operating procedures and practices to meet changing requirements
  • Is a subject matter expert in developing and operationalising techniques for Cyber Security operations, e.g. detecting anomalous activity, automating orchestration and configuration of IT

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now