Monitoring
Find out what the Monitoring role in government does and the skills you need to do the role at each level.
Role overview
The role of monitoring is to collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.
Role level
Typical role expectations
- Support implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs
- Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate
- Design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:
– detect malicious activity
– ensure continuous improvement through dashboard monitoring or retrospective assessment
Typical role expectations
- Manage the implementation of the monitoring roadmap
- Support the shaping of the monitoring strategy, ensuring requirements, policies and standards to govern all activities and outputs are met
- Manage the monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents, and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate
- Lead small monitoring teams in the design, development and enablement of automated monitoring processes, recommending and implementing the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:
– detect malicious activity
– ensure continuous improvement through dashboard monitoring or retrospective assessment
Typical role expectations
- Lead wider implementation of a monitoring strategy, ensuring roadmaps are achieved as expected, ensuring requirements, policies and standards to govern all activities and outputs are met
- Lead monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents
- Review high-priority or high-complexity analysis of security event data to manage security incident response, making key decisions on reporting or escalations for monitoring
- Lead large, cross-functional monitoring teams in the design, development and enablement of automated monitoring processes, advising on the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity, while communicating directly with leadership on the progress and status of monitoring
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Information risk assessment and risk management | Awareness | Awareness | Awareness |
| Forensics | Awareness | Awareness | Awareness |
| Secure operations management | Awareness | Working | Working |
| Cyber Security operations | Awareness | Working | Working |
| Threat intelligence and threat assessment | Working | Practitioner | Practitioner |
| Intrusion detection and analysis | Working | Practitioner | Expert |
| Protective security | Awareness | Awareness | Working |
| Threat Understanding | Working | Practitioner | Practitioner |
Core learning
Entry level
CompTIA IT Fundamentals
Management of Risk (M_o_R) Foundation
Certified Security Risk Manager
Associate level
CompTIA Security+
Certified ISO 27001 Practitioner
Management of Risk (M_o_R) Practitioner
Lead level
Certified in Risk and Information Systems Control (CRISC)
CREST Registered Intrusion Analyst (CRIA)
SEC501: Advanced Security Essentials – Enterprise Defender
Principal level
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics
Automating Administration with Windows PowerShell
Accreditation
UK Cyber Security Council: Standard of Professional Competence and Commitment