Security architecture
Awareness
- Demonstrates knowledge of internal and external sources of published security architecture guidance, including secure design principles and patterns
- Demonstrates broad-ranging Technical Security knowledge necessary to understand system architectures, including common server roles, cryptography, key management, security technologies, virtual private networks (VPNs), load balancers, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)
Working
- Understands and can explain threat intelligence and threat assessment principles and concepts
- Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources
- Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors
- Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals
- Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system
Practitioner
- Has an advanced understanding of threat intelligence and threat assessment principles and concepts, and leads threat intelligence and assessment activities
- Identifies sources of threat information and utilises a variety of techniques, without supervision, to acquire, validate and analyse threat information, enterprise attack vectors, and critical organisational functions from multiple sources. Synthesises and places intelligence in context
- Applies expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications, prioritising remediation of identified vulnerabilities for multiple systems
- Disseminates enriched threat intelligence
- Applies threat intelligence to model threats and protects organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), providing context for undertaking investigations and responding to events
- Directs others in undertaking threat intelligence activities
Expert
- Demonstrates a highly advanced understanding of threat principles and concepts. Identifies sources of threat information and selections and, where required, develops techniques to acquire, validate and analyse threat information from multiple sources
- Synthesises and places complex intelligence in context, understanding relevance in the context of organisational strategy
- Applies and directs others in application of expertise and insight to enrich threat information, including understanding the behaviour, capabilities and activities of threat actors and assessing possible implications
- Is responsible for disseminating enriched threat intelligence
- Directs and is responsible for the application of threat intelligence to model threats, including sophisticated and complex threats, to protect organisational assets and goals, including informing the selection of security controls, developing indicators of compromise, detecting illicit behaviour (including evidence of fraud and crime), and providing context for undertaking investigations and responding to events
- Leads and oversees the threat intelligence function and activities for an organisation
- Is responsible for strategy, policy, procedures, guidelines and selection of relevant tools and techniques within the organisation
- Advises and influences senior management when required, and influences developments in the field at a national level