Cyber Security

The individual needs to know and understand:

• Health and safety legislation, obligations, regulations, and documentation
• The situations when personal protective equipment (PPE) must be used, e.g. for ESD (electrostatic discharge)
• The importance of integrity and security when dealing with user equipment and information
• The importance of safe disposal of waste for re-cycling
• The techniques of planning, scheduling, and prioritizing
• The significance of accuracy, checking, and attention to detail in all working practices
• The importance of methodical working practices

The individual shall be able to:

• Follow health and safety standards, rules, and regulations
• Maintain a safe working environment
• Identify and use the appropriate Personal Protective Equipment for ESD
• Select, use, clean, maintain, and store tools and equipment safely and securely
• Plan the work area to maximize efficiency and maintain the discipline of regular tidying
• Work efficiently and check progress and outcomes regularly
• Keep up-to-date with ‘license to practice’ requirements and maintain currency
• Undertake thorough and efficient research methods to support knowledge growth
• Update and maintain security policies as needs and the field evolves
• Plan to optimize device usage and sustainability for clients
• Proactively try new methods, systems, and embrace change
• Safely and sustainably dispose of electronic data storage devices

The individual needs to know and understand:

• The importance of listening as part of effective communication
• The roles and requirements of colleagues and the most effective methods of communication
• The importance of building and maintaining productive working relationships with colleagues and managers
• Techniques for effective teamwork
• Techniques for resolving misunderstandings and conflicting demands
• The process for managing tension and anger to resolve difficult situations
• Requirements for the complete documentation of steps taken in cyber security investigations and the resulting discoveries

The individual shall be able to:

• Use strong listening and questioning skills to deepen understanding of complex situations
• Ensure consistently effective verbal and written communications with colleagues
• Recognize and adapt to the changing needs of colleagues
• Proactively contribute to the development of strong and effective teams
• Share knowledge and expertise with colleagues and develop supportive learning cultures
• Manage tension/anger and give individuals confidence that their problems can be resolved
• Accurately document steps taken and findings in the course of investigations
• Ensure policies and procedures for security and operation on information systems are carefully followed

The individual needs to know and understand:

• IT risk management standards, policies, requirements, and procedures
• Cyber defence and vulnerability assessment tools and their capabilities
• Operating Systems
• Network systems
• Computer programming concepts, including computer languages, programming, testing, debugging, and file types
• The cyber security and privacy principles and methods that apply to software development

The individual shall be able to:

• Apply cyber security and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, nonrepudiation) when designing and documenting overall program Test & Evaluation procedures
• Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by information technology (IT) systems to determine the overall effectiveness of controls
• Develop and conduct assessments of systems to evaluate compliance with specifications and requirements
• Secure the interoperability of systems or elements of systems incorporating IT
• Analyse the security of new or existing computer applications, software, or specialized utility programs, to provide actionable results
• Develop and maintain business, systems, and information processes, to support enterprise mission needs
• Develop information technology (IT) rules and requirements that describe baseline and target architectures
• Ensure that stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes
• Conduct software and systems engineering and software systems research to develop new capabilities, ensuring cyber security is fully integrated.
• Conduct research (including penetration testing) to evaluate potential vulnerabilities in cyberspace systems
• Consult with stakeholders to evaluate functional requirements and translate functional requirements into technical solutions
• Plan, prepare, and execute tests of systems
• Analyse, evaluate and report results against specifications and requirements
• Design, develop, test, and evaluate information system security throughout the systems development life cycle

The individual needs to know and understand:

• Query languages such as SQL (structured query language) and Database Systems.
• Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
• Firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, SSL security and REST/JSON processing)
• Network security architecture concepts including topology, protocols, components, and principles
• Systems administration, network, and operating system hardening techniques
• Organizational information technology (IT) user security policies (e.g., account creation, password rules, and access control)
• Information technology (IT) security principles and methods
• Authentication, authorization, and access control methods
• Cyber security vulnerability and privacy principles

The individual shall be able to:

• Install, configure, test, operate, maintain, and manage network infrastructure 
• Manage software that permits the sharing and transmission of all data
• Install, configure, troubleshoot, and maintain server configurations (hardware and software) to ensure their confidentiality, integrity, and availability
• Manage accounts in relation to access control, passwords, account creation, and administration
• Analyse organizations' computer systems and update information systems solutions to help them operate more securely, efficiently, and effectively
• Develop methods to monitor and measure risk, compliance, and assurance efforts
• Conduct audits of information technology (IT) programs, infrastructure network to provide ongoing optimization, cyber security and problem-solving support

The individual needs to know and understand:

• File system implementations 
• System files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth)
• Industry-standard and organizationally accepted analysis principles, methods, and tools to identify vulnerabilities
• Threat investigations, reporting, investigative tools, and laws/regulations
• Incident categories, response, and handling methodologies
• Cyber defence and vulnerability assessment tools and their capabilities
• Countermeasure design for identified security risks
• Authentication, authorization, and access approaches (e.g. role-based access control, mandatory access control and discretionary access control)

The individual shall be able to:

• Use defensive measures and information collected from a variety of sources to identify, analyse, and report events that occur or might occur within the network to protect information, information systems, and networks from threats
• Test, implement, deploy, maintain, review, and administer the infrastructure hardware and software that are required to effectively manage the computer network and resources
• Monitor network to actively remediate unauthorized activities
• Respond to crises or urgent situations within own areas of expertise to mitigate immediate and potential threats
• Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security
• Investigate and analyse all relevant response activities
• Conduct assessments of threats and vulnerabilities
• Determine deviations from acceptable configurations, enterprise, or local policy
• Assess the level of risk and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations
• Follow documented enterprise procedures for incident preparedness and response

The individual needs to know and understand:

• Cyber threat actors and their methods
• Methods and techniques used to detect various exploitation activities
• Cyber intelligence/information collection capabilities and repositories
• Cyber threats and vulnerabilities
• Basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection)
• Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)
• Which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files
• Structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network)
• Internal tactics to anticipate and/or emulate threat capabilities and actions
• Internal and external partner cyber operations capabilities and tools
• Target development (i.e., concepts, roles, responsibilities, products, etc.)
• System Artefacts and forensic use cases
• Emerging exploitation or threats as they apply to installed systems and software
• Importance of preparedness for recovery in cases of natural disaster

The individual shall be able to:

• Identify and assess the capabilities and activities of cyber security criminals or foreign intelligence entities
• Produce findings to help initialize or support law enforcement and counterintelligence investigations or activities
• Analyse collected information to identify vulnerabilities and potential for exploitation
• Analyse threat information from multiple sources, disciplines, and agencies across the Intelligence Community
• Synthesize and place intelligence information in context, draw insights about the possible implications
• Apply current knowledge of one or more regions, countries, non-state entities, and/or technologies
• Apply language, cultural, and technical expertise to support information collection, analysis, and other cyber security activities
• Identify, preserve, and use system artefacts for analysis
• Execute successful data and systems recovery in case of loss

The individual needs to know and understand:

• Collection strategies, techniques, and tools
• Cyber intelligence/information collection capabilities and repositories
• Information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise
• Required intelligence planning products associated with cyber
  operational planning
• Cyber operational planning programs, strategies, and resources.
• Cyber operations strategies, resources and tools
• Cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defence), principles, capabilities, limitations, and effects

The individual shall be able to:

• Execute collection using appropriate strategies and within the priorities established through the collection management process
• Perform in-depth joint targeting and cybersecurity planning processes.
• Gather information and develop detailed Operational Plans and Orders supporting requirements
• Assist strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations
• Support activities to gather evidence on criminal or foreign intelligence entities to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities

The individual needs to know and understand:

• Threat investigations, reporting, investigative tools and laws/regulations
• Malware analysis concepts and methodologies
• Processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody
• Types and collection of persistent data
• Concepts and practices of processing digital forensic data
• Types of digital forensics data and how to recognize them
• Forensic implications of operating system structure and operations
• Specific operational impacts of cyber security lapses

The individual shall be able to:

• Trace important information through logs and other information sources to ascertain the chain of events making up the incident
• Identify the processes by which an attack may have taken place to be able to evaluate the incident and the way infrastructure may be impacted
• Deduce steps taken in an incident to identify any weaknesses existing in the systems
• Give careful attention to detail to be able to spot and identify anomalies and patterns in data sets
• Learn new techniques, tools and technologies as the field evolves
• Collect, process, preserve, analyse, and present computer-related evidence in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations 

NCC Group

Colin Gillingham, Associate Director