Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

604 - Word doc - The Tech Partnership

advertisement 
Contribute to identifying threats and attacks for security testing
TECHIS60431
Information, services and systems can be attacked in various ways. Understanding the technical and social
perspectives, how attacks work, the technologies and approaches used are key to being able to protect
against attacks
This standard sets out the skills needed to identify and characterise threats, vulnerabilities and attacks on
information and the systems that process, store and transmit information.
Performance Criteria
1. identify threats, vulnerabilities and attacks that can occur in information systems in line with
organisational standards
2. analyse, evaluate, characterise and classify threats in line with external frameworks, standards,
threat intelligence or advice
3. determine the different attack processes and methodologies used in line with organisational
standards
4. assess and validate information on current and potential threats to the business, analysing trends
and highlighting information security issues relevant to the organisation
5. test for public domain vulnerabilities and the potential for exploitation, where appropriate by
conducting exploits and reports potential issues and mitigation options.
6. report potential security issues and mitigation options in line with organisational standards
7. analyse activity information and initiate an appropriate response, escalating as necessary
8. monitor network and system activity to identify potential intrusion or other anomalous behaviour
9. accurately record and report on vulnerabilities and threats to information and systems
10. research and investigate common attack techniques and recommend how to defend against them
Knowledge and Understanding
1. the difference between threat, risk, attack and vulnerability
2. how threats materialise into attacks
3. where to find information about threats, vulnerabilities and attacks
4. what are the typical threats, attacks and exploits and the motivations behind them
5. how example attacks work including DDOS, phishing and buffer overflow
6. the range of techniques for determining attack methods including reconnaissance, scanning,
creation, test, attack/gain access, exfiltration & exiting/kill chain etc.
7. how users are targeted in an attack and why this must be considered in defending against such
attacks
8. what is meant by vulnerability and penetration testing
9. how penetration testing provides confidence of a system's security
10. the range of threats and vulnerabilities that need to be considered penetration testing design and
development activities
11. what the legal requirements for penetration testing are
12. how to apply a few conventional, accepted penetration testing techniques
13. why security testing cannot guarantee security
14. when and how to schedule information security testing
15. the range of penetration testing methods and tools that are available and how to apply them
16. the importance of conducting information security tests routinely on existing services within the
organisation
17. how to interpret the results from penetration testing
18. how to develop information security test plans and schedules
19. how to ensure that information security tests are carried out under controlled conditions
20.
accurately record and communicate the results of penetration
tests
21. how different attack vectors (routes of attack) infiltrate information
22. the range of network analysis and visualisation tools and how to use them
23. the role of analysing user behaviour and awareness
24. the typical targets of intended attacks
25. the impact of social engineering and the mind-sets of hackers
Carry out security testing activities
TECHIS60441
Information, services and systems can be attacked in various ways. Understanding the technical and social
perspectives, how attacks work, the technologies and approaches used are key to being able to protect
against attacks
This standard covers the competencies required to conduct security testing under supervision. In order to
contribute to the determination of the level of resilience of an information system to information security
threats and vulnerabilities.
Assisting applying testing methods, including penetration testing, assessing the robustness of an
information system, against a coordinated attack.
Performance Criteria
1. be responsible for penetration testing in own area of work
2. develop and maintain security testing standards and procedures in line with organisational
standards
3. tailor the scope of testing to meet business requirements
4. undertake information security tests, under controlled conditions, to assess vulnerabilities and
compliance against relevant internal and/or external standards
5. use a range of appropriate methods, tools and techniques to conduct penetration testing for the
systematic identification of vulnerabilities across multiple information systems
6. select and specify the most appropriate tools to be used during penetration testing
7. design and implement tests plans for networks and information systems in line with organisational
standards
8. develop test programmes to assess whether security is maintained throughout the software
lifecycle
9. lead and manage a penetration testing team, prioritising resource allocation and capability
management ensuring that appropriate ongoing training and development is in place
10. scan information systems and networks for public domain vulnerabilities and assesses the potential
for exploitation, where appropriate by conducting exploits
11. scan web applications and services for public domain vulnerabilities and assesses the potential for
exploitation, where appropriate by conducting exploits
12. scan Wi-Fi networks for public domain vulnerabilities and assesses the potential for exploitation,
where appropriate by conducting exploits
13. scan control systems and networks for public domain vulnerabilities and assesses the potential for
exploitation, where appropriate by conducting exploits
14. report potential issues and mitigation options for security scanning operations in line with
organisational standards
15. plan and execute social engineering attack exercises to assess security awareness and culture
16. scope and plan the information security test approach, prioritising testing activity to proactively
target the most significant threats and vulnerabilities
17. interpret information assurance requirements to produce information security test acceptance
criteria
18. carefully plan a context driven test approach to systematically test a system in order to validate its
information security status
19. design and develop accurate and clear test scripts, plans and acceptance criteria to ensure that
information assurance requirements can be tested against relevant internal and/or external
standards
20. critically review the results of penetration testing and accurately identify specific vulnerabilities
within any specified information system
21. prioritise outcomes and recommend specific and timely action to address vulnerabilities identified
as a result of information security testing
22. clearly report on and communicate the results of information security testing, recommending
mitigation actions
23. ensure information security testing reports are high quality and relevant to the audience
24. communicate the results of information security testing to a range of audiences justifying and
evidencing any recommendations on security failures and non-compliance
Knowledge and Understanding
1. the specific threats that may be of particular importance to any particular information system
2. how to organise an information security testing approach following standard procedures
3. how to use the range of tools and techniques that can be applied for penetration testing
4. relevant UK legislation and its impact on penetration testing (including computer misuse act 1990;
human rights act 1998 data protection act 1998 police and justice act 2006
5. the latest information and data on a wide range of information security vulnerabilities
6. the importance of ensuring that information security testing is designed to ensure testing of all
aspects of information systems across the core principles: ( including confidentiality integrity
availability authorisation authentication non repudiation )
7. the potential impact of the vulnerabilities identified on any information system and on the
organisation
8. where to find the latest information on vulnerabilities or exploits and can design tests to identify
them
Manage security testing activities
TECHIS60451
Information, services and systems can be attacked in various ways. Understanding the technical and social
perspectives, how attacks work, the technologies and approaches used are key to being able to protect
against attacks
This standard covers the competencies concerning with managing security testing activities in order to
contribute to the determination of the level of resilience of an information system to information security
threats and vulnerabilities. This includes managing resources activities and deliverables. This includes
planning, conducting and reporting on comprehensive penetration testing approaches, as well as
designing and implementing organisational policies, standards and processes.
Performance Criteria
1. lead security testing activities related to the implementation and use of tools for testing and
reporting in line with organisational standards
2. design, implement and maintain the standards processes, procedures, methods, tools and
techniques to conduct information security assessments
3. design, simulate, and execute controlled attacks on networks and systems as part of a
comprehensive penetration testing approach in line with organisational standards
4. apply existing and emerging methods to test and identify vulnerabilities to network and
information systems
5. select and specify the most appropriate tools to be used during penetration testing
6. clearly define the scope of penetration testing assignments in alignment with test scenarios
7. lead and manage a penetration testing team, prioritising resource allocation and capability
management ensuring that appropriate ongoing training and development is in place
8. source, gather and collate information and data about the vulnerabilities identified as a result of
penetration testing and the potential impact on the organisation's information systems and assets
9. critically review the results of penetration testing, identifying priorities for action where
appropriate
10. communicate the results of information security testing to a range of audiences justifying and
evidencing any recommendations on security failures and non-compliance
11. review and update information security testing processes and standards where appropriate to
reflect the changing nature of security threats and risks
12. prioritise and implement improvements to the organisation's information systems and assets to
reduce the risks associated with identified vulnerabilities, documenting such changes
Knowledge and Understanding
1. what information security testing can test for and the limitations
2. how to use the range of tools and techniques that can be applied for information security testing
3. the role and importance of proactive activities, such as penetration testing to identify
vulnerabilities within the organisation's network and information systems infrastructure and assets
4. how to translate the target systems into test plans and scripts
5. the results and outcomes of information security testing activities in identifying security issues and
informing and directing
6. the importance in ensuring that information security testing is conducted proactively and
routinely/regularly through the lifecycle and lifetime of network and information systems
7. the range of scanning and testing activities that can be used to identify vulnerabilities in an
organisation's network and information system
8. the range of current, identified vulnerabilities that exist and need to be tested for
9. the external standards, best practice frameworks and codes of conduct that an organisation's
information systems infrastructure assets should comply with
10. how to ensure that processes and procedures are implemented and followed to restrict the
knowledge of new vulnerabilities until appropriate remediation or mitigation is available
11. how to design, develop and implement metrics for monitoring the level of vulnerabilities through
penetration testing
12. how to identify the potential business impacts if vulnerabilities are exploited
13. how to maintain lists of authorised or banned applications or devices for use on protective
monitoring systems
Related documents
Lecture 3
Lecture 3
10 General Security Rules
10 General Security Rules
Penetration Testing
Penetration Testing
Separate Domains of IT Infrastructure
Separate Domains of IT Infrastructure
Chapter 1 Security Problems in Computing
Chapter 1 Security Problems in Computing
AIC
AIC
SecurityInSE - Department of Computer Science
SecurityInSE - Department of Computer Science
Download
advertisement