Security architecture

Awareness

Demonstrates knowledge of internal and external sources of published security architecture guidance, including secure design principles and patterns

Demonstrates broad-ranging Technical Security knowledge necessary to understand system architectures, including common server roles, cryptography, key management, security technologies, virtual private networks (VPNs), load balancers, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)

Working

Understands and can explain threat intelligence and threat assessment principles and concepts

Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources

Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors

Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals

Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system

Practitioner

Has an advanced understanding of threat intelligence and threat assessment principles and concepts, and leads threat intelligence and assessment activities

Identifies sources of threat information and utilises a variety of techniques, without supervision, to acquire, validate and analyse threat information, enterprise attack vectors, and critical organisational functions from multiple sources. Synthesises and places intelligence in context

Applies expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications, prioritising remediation of identified vulnerabilities for multiple systems

Disseminates enriched threat intelligence

Applies threat intelligence to model threats and protects organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), providing context for undertaking investigations and responding to events

Directs others in undertaking threat intelligence activities

Expert

Demonstrates a highly advanced understanding of threat principles and concepts. Identifies sources of threat information and selections and, where required, develops techniques to acquire, validate and analyse threat information from multiple sources

Synthesises and places complex intelligence in context, understanding relevance in the context of organisational strategy

Applies and directs others in application of expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications

Is responsible for disseminating enriched threat intelligence

Directs and is responsible for the application of threat intelligence to model threats, including sophisticated and complex threats, to protect organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), and providing context for undertaking investigations and responding to events

Leads and oversees the threat intelligence function and activities for an organisation

Is responsible for strategy, policy, procedures, guidelines and selection of relevant tools and techniques within the organisation

Advises and influences senior management when required, and influences developments in the field at a national level