{"help": "https://data.gov.au/data/api/3/action/help_show?name=datastore_search", "success": true, "result": {"include_total": true, "limit": 100, "records_format": "objects", "resource_id": "95e66dd4-aca8-4219-90f5-c400e9c39e94", "total_estimation_threshold": null, "records": [{"_id":1,"code":"A1","name":"Governance","description":"Directs, oversees, designs, implements or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage Cyber and Information Security at an enterprise level, supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements and ensuring compliance with those requirements.","link":"https://www.ciisec.org/Skills_Framework","category":"Information Security Governance and Management","subcategory":null,"level_1":"Can describe the principles of Information Security Governance. Can list the potential impacts that occur where poor Information Governance has been observed.","level_2":"Can explain the basic principles of Information Security Governance and how it applies within an organisation.","level_3":"Understands local (organisation or project) Information Security Governance processes. Undertakes Information Security Governance tasks under supervision. Recognises and addresses non-compliance and makes recommendations for change.","level_4":"Contributes to the development, revision or implementation of Information Security Governance processes.","level_5":"Leads the development, revision or implementation of Information Security Governance processes.","level_6":"Responsible for the development, revision and implementation of Information Security Governance processes across a range of clients or within a large corporate organisation."},{"_id":2,"code":"A2","name":"Policy and Standards","description":"Directs, develops or maintains organisational Cyber and Information Security policies, standards and processes using recognised standards (e.g. the ISO/ IEC 27000 family, the Security Policy Framework) where appropriate. Applies recognised Cyber and Information Security standards and policies within an organisation, programme, project or operation.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Can describe the main policies and standards relevant to the Information Security discipline and/or organisation.","level_2":"Can explain the principal concepts of the main Information Security policies and standards. This might include experience of applying knowledge of Information Security policies and standards in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Develops and maintains local or organisational policies under supervision; applies recognised standards (e.g. ISO/IEC 27001) under supervision.","level_4":"Incorporates recent advances in Information Security into existing policies and standards without supervision; manages teams working on policies and standards, mentoring as appropriate.","level_5":"Leads the development of policies and standards within an organisation or across a range of clients; interprets Information Security standards to support complex decisions or those which set new precedent.","level_6":"Co-ordinates Cyber and Information Security policy and standards development within a major organisation; contributes to the development of international or industry sector policies and standards."},{"_id":3,"code":"A3","name":"Information Security Strategy","description":"Directs, develops or maintains plans and processes to manage Cyber and Information Security risks appropriately and effectively, whilst complying with legal, statutory, contractual, and business requirements.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Can describe the purpose of Information Security strategies and how they can benefit the business.","level_2":"Can explain the basic principles of Information Security Strategy and how it applies within an organisation.","level_3":"Drafts or reviews components of Information Security strategy at programme or project level and/or contributes to organisational IS strategy.","level_4":"Leads teams implementing Information Security strategy at programme or project level.","level_5":"Works under direction, but with minimal supervision on the development of corporate Information Security strategy.","level_6":"Advises Directors and senior business managers on Information Security strategy. Leads the development of and authorises corporate Information Security strategy."},{"_id":4,"code":"A4","name":"Innovation and Business Improvement","description":"Recognises potential strategic application of Cyber and Information Security and initiates investigation and development of innovative methods of protecting information assets, to the benefit of the organisation and the interface between business and information security. Exploits opportunities for introducing more effective secure business and operational processes.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Can list the potential impacts of poor Cyber and Information Security and the business benefits of Information Security","level_2":"Can explain how good Cyber and Information Security strategies and processes can benefit the business, and provide examples.","level_3":"Applies Information Security to achieve business objectives with some supervision. With some supervision, provides Information Security advice on the design, implementation, configuration or operation of information systems to balance Information Security with business objectives.","level_4":"Conceives and delivers business improvement through the application of Information Security; persuades senior stakeholders to invest in Information Security.","level_5":"Applies deep knowledge of Information Security and business activities to identify risk or concern at Board level. Influences and convinces Directors and senior managers of the business benefits of improving and investing in Information Security.","level_6":"Applies deep knowledge of Information Security and business activities to identify significant risks within a major organisation. Influences and convinces Directors and senior managers of the business benefits of improving and investing in Information Security."},{"_id":5,"code":"A5","name":"Behavioural Change","description":"Identifies Cyber and Information Security awareness, training and culture management needs in line with security strategy, business needs and strategic direction, and gains management commitment and resources to support these needs. Manages the development or delivery of Cyber and Information Security awareness and training, behavioural analysis programmes and/or security culture management programmes, applying analysis of human factors as appropriate.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Recognises the role of Information Security awareness and training, and can list the benefits of behavioural analysis and security culture management in maintaining good Information Security.","level_2":"Can explain the concepts of Information Security awareness and security culture management and give examples of good practice.","level_3":"Materially contributes to improving Information Security awareness by developing and delivering training sessions or as a member of a team undertaking behavioural analysis or delivering a culture management programme.","level_4":"Designs, develops and presents Information Security training courses as part of a training and awareness programme. Identifies gaps in organisational Information Security awareness and proposes solutions. Undertakes behavioural analysis projects; develops cultural management programmes.","level_5":"Leads Information Security training and awareness programmes and/or behavioural management programmes.","level_6":"Drives cultural change by persuading senior management or Directors of the benefits of behavioural management. Oversees the development and delivery of such programmes."},{"_id":6,"code":"A6","name":"Legal & Regulatory Environment and Compliance","description":"Understands the legal and regulatory environment within which the business operates. Ensures that Information Security Governance arrangements are appropriate. Ensures that the organisation complies with legal and regulatory requirements.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Can describe the major legislative and regulatory instruments relevant to Information Security (e.g. Data Protection Act, General Data Protection Regulation (GDPR), privacy, healthcare, ISO/IEC 27000 family) and legislation and regulation relevant to own work.","level_2":"Can explain the principal requirements of major legislation and regulations relevant to Information Security, and those legal and regulatory instruments relevant to own work.","level_3":"Understands legislation and regulation applicable to own work, i.e. within own or client organisations. Undertakes updates of Information Security policies and standards to comply with legislation and regulation under supervision.","level_4":"Recognises and reports non-compliances with applicable legislation and regulation. Updates Information Security policies and standards to comply with legislation and regulation with minimal supervision.","level_5":"Analyses changes in legislation or regulation and assesses impact on own or client organisation. Provides advice on the implications of legislation and regulation on the business, seeking legal advice where necessary.","level_6":"Identifies the need to change processes or working practices to comply with legislation and regulation and persuades senior management to support and resource the necessary changes."},{"_id":7,"code":"A7","name":"Third Party Management","description":"Identifies and advises on the technical, physical, personnel and procedural risks associated with third party relationships, including systems development and maintenance, contracts, end of service, outsourced service providers and business partners and sub contracting. Assesses the level of confidence that third party Cyber and Information Security capabilities/services operate as defined.","link":null,"category":"Information Security Governance and Management","subcategory":null,"level_1":"Recognises the need for organisations to manage the Information Security of third parties and can describe the impacts of failure to do so.","level_2":"Can explain the main security issues associated with third party relationships and how these can be managed effectively.","level_3":"Contributes to developing or maintaining compliance by third parties to the contracting authorities Information Security policies and standards, e.g. by specifying requirements or monitoring compliance, usually as a member of a team.","level_4":"Undertakes without close supervision the production of Information Security requirements for third parties and/or conducts compliance reviews.","level_5":"Advises senior management and/or contracting authorities on the Information Security requirements for third party management. Leads the production of Information Security requirements for third parties and/or compliance processes.","level_6":"Leads complex negotiations with third parties on behalf of the contracting authority, ensuring that the contracting authority’s Information Security requirements can and will be met."},{"_id":8,"code":"B1","name":"Threat Intelligence, Assessment and Threat Modelling","description":"Assesses and validates information from several sources on current and potential Cyber and Information Security threats to the business, analysing trends and highlighting Information Security issues relevant to the organisation, including Security Analytics for Big Data. Processes, collates and exploits data, taking into account its relevance and reliability to develop and maintain ‘situational awareness’. Predicts and prioritises threats to an organisation and their methods of attack. Analyses the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities. Predicts and prioritises threats to an organisation and their methods of attack. Uses human factor analysis in the assessment of threats. Uses threat intelligence to develop attack trees. Prepares and disseminates intelligence reports providing threat indicators and warnings.","link":null,"category":"Threat Assessment and Information Risk Management","subcategory":null,"level_1":"Can describe the principles of threat intelligence, modelling and assessment.","level_2":"Can explain the principles of threat intelligence, modelling and assessment. This might include experience of applying threat intelligence, modelling and assessment principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Undertakes/assesses routine threat intelligence/modelling tasks or threat assessments under supervision. Appropriate and relevant certifications include CREST Practitioner Threat Intelligence Analyst, SANS GIAC Cyber Threat Intelligence.","level_4":"Undertakes routine threat intelligence/modelling tasks or threat assessments without close supervision. Undertakes complex threat intelligence tasks or threat assessments under supervision. Appropriate and relevant certifications include CREST Registered Threat Intelligence Analyst.","level_5":"Undertakes complex threat intelligence/modelling tasks or threat assessments without supervision. Manages threat intelligence/assessment teams. Appropriate and relevant certifications include CREST Certified Threat Intelligence Manager.","level_6":"Leads corporate threat intelligence processes, reporting to the Board."},{"_id":9,"code":"B2","name":"Risk Assessment","description":"Identifies and assesses information assets; uses this information and relevant threat assessments, business impacts, business benefits and costs to conduct risk assessments and identify and assess potential vulnerabilities.","link":null,"category":"Threat Assessment and Information Risk Management","subcategory":null,"level_1":"Can describe the concepts and principles of risk assessment.","level_2":"Can explain the principles of risk assessment. This might include experience of applying risk assessment principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Undertakes basic risk assessments with some supervision.","level_4":"Undertakes complex risk assessments with supervision, either as an individual or a member of a team.","level_5":"Leads complex risk assessments, interfacing routinely with senior management.","level_6":"A recognised authority on risk assessment within a major organisation or across a range of clients or within an industry sector."},{"_id":10,"code":"B3","name":"Information Risk Management","description":"Develops Cyber and Information Security risk management strategies and controls, taking into account business needs and risk assessments, and balancing technical, physical, procedural and personnel controls.","link":null,"category":"Threat Assessment and Information Risk Management","subcategory":null,"level_1":"Can describe the concepts and principles of Information Security risk management.","level_2":"Can explain the principles of information risk management. This might include experience of applying risk management principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Develops basic information risk management plans with some supervision.","level_4":"Develops complex and innovative information risk management plans under supervision.","level_5":"Develops complex and innovative information risk management plans either as an individual or leading a team.","level_6":"A recognised authority on Cyber and Information risk management within a major organisation or across a range of clients."},{"_id":11,"code":"C1","name":"Enterprise Security Architecture","description":"Working with Enterprise Architects, takes customer security requirements and assists in the development of an Enterprise Information Security Architecture. Interprets relevant security policies and threat/ risk profiles into secure architectural solutions that mitigate the risks and conform to legislation and regulations, and relate to business needs. Applies common architectural frameworks (e.g. TOGAF, SABSA). Presents security architecture solutions as a view within broader IT architectures. Maintains awareness of the security advantages and vulnerabilities of common products and technologies. Designs robust and fault-tolerant security mechanisms and components appropriate to the perceived risks. Develops and implements appropriate methodologies, templates, patterns and frameworks.","link":null,"category":"Implementing Secure Systems","subcategory":null,"level_1":"Can describe the concept of an Enterprise Information Security Architecture and how it can be used to reduce information risk.","level_2":"Can explain the concept of an enterprise Information Security architecture, how it relates to business needs and how it can be used to reduce information risk. This might include experience of applying these concepts in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination. Appropriate and relevant certifications include BCS Practitioner Certificate in Information Assurance Architecture, ISC(2) Information Systems Security Architecture Professional.","level_3":"Applies Enterprise Information Security Architectural principles with some supervision. Recognises whether designs are compliant with key features in the organisation’s Enterprise Information Security architecture.","level_4":"Applies Enterprise Information Security Architectural principles with little supervision. Has a broad understanding of security vulnerabilities and the techniques for applying effective controls.","level_5":"Applies Enterprise Information Security Architectural principles in new and complex situations. Recommends appropriate tools and how to apply those tools to achieve the required Enterprise Information Security Architecture. Supervises less experienced practitioners.","level_6":"Leads on Enterprise Information Security Architecture at corporate level, reporting to the Board. Develops new Enterprise Information Security Architecture approaches to meet new business and technology requirements."},{"_id":12,"code":"C2","name":"Technical Security Architecture","description":"Contributes to the development of Computer, Network and Storage Security Architecture, incorporating hosting, infrastructure applications and cloud based solutions as covered by the role of Chief Security Architect. Interprets relevant security policies and threat/ risk profiles into secure architectural solutions that mitigate the risks, conform to legislation and regulations and relate to business needs. Presents security architecture solutions as a view within broader IT architectures. Applies security architecture principles to networks, IT systems, Control Systems (e.g. SCADA, ICS), infrastructures and products. Devises standard solutions that address requirements delivering specific security functionality whether for a business solution or for a product. Maintains awareness of the security advantages and vulnerabilities of common products and technologies. Designs robust and fault-tolerant security mechanisms and components appropriate to the perceived risks. Uses appropriate methodologies and frameworks.","link":null,"category":"Implementing Secure Systems","subcategory":null,"level_1":"Can describe the principles of a technical security architecture and how these can be used to reduce information risk.","level_2":"Can explain the principles of a computer system, network or storage security architecture and how these can be used to reduce information risk. This might include experience of applying these concepts in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination. Appropriate and relevant certifications include CREST Registered Technical Security Architect, BCS Practitioner Certificate in Information Assurance Architecture, ISC(2) Information Systems Security Architecture Professional.","level_3":"Applies architectural principles to security design with some supervision. Recognises whether designs are compliant with key features in the organisation’s Enterprise Information Security Architecture. Uses common design patterns used to reduce information risk.","level_4":"Applies security architectural principles with little supervision. Has a broad understanding of security vulnerabilities and the techniques for applying effective controls.","level_5":"Has a broad understanding of security vulnerabilities and the techniques for applying effective controls. Applies security architectural principles to new and complex networks, infrastructure and systems and is able to bring structure to disparate systems. Supervises less experienced practitioners.","level_6":"Is responsible for developing technical security architectures for application across a range of customers or within a large organisation. Develops new technical security architecture approaches to meet new business and technology requirements. Influences senior managers to adopt secure architectural principles to reduce information risk and to migrate legacy and existing systems into a security architectural framework. Leads internal workshops to develop security architecture."},{"_id":13,"code":"C3","name":"Secure Development","description":"Implements and updates secure systems, products and components using an appropriate methodology. Defines and/or implements secure development standards and practices including, where relevant, formal methods. Selects and/or implements appropriate test strategies. Defines and/or implements appropriate secure change and fault management processes. Verifies that a developed component, product or system meets its security criteria (requirements and/or policy, standards and procedures). Specifies and/or implements processes that maintain the required level of security of a component, product, or system through its lifecycle. Manages a system or component through a formal security assessment.","link":null,"category":"Implementing Secure Systems","subcategory":null,"level_1":"Recognises the benefits of addressing security during system development and can list some of the tools, products and practices that contribute to secure development.","level_2":"Can explain the benefits of addressing security during system development. Can describe some of the tools, products and practices that contribute to secure development.","level_3":"Contributes to the development of secure systems with some supervision. Proposes security requirements for new systems or changes to existing systems with some supervision.","level_4":"Contributes to the development of secure systems without close supervision. Proposes security requirements for new systems or changes to existing systems without close supervision.","level_5":"Applies secure development practices to complex security requirements without supervision. Leads secure development teams.","level_6":"Applies and improves secure development practices across multiple, projects systems and products. Develops new techniques and/or tools that significantly improve secure development capabilities. Leads secure development within an organisation."},{"_id":14,"code":"D1","name":"Internal and Statutory Audit","description":"Verifies that information systems and processes meet the security criteria (requirements or policy, standards and procedures). Assesses the business benefits of security controls.","link":null,"category":"Assurance - Audit, Compliance and Testing","subcategory":null,"level_1":"Can describe the requirements for, and basic principles involved in conducting security audits of information systems.","level_2":"Can explain the main principles and processes involved in conducting an audit. This might include experience of applying these principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Contributes to security audits under supervision.","level_4":"Conducts security audits under supervision as part of a team.","level_5":"Leads teams of auditors conducting internal or external audits. Produces and agrees plans for each audit. Agrees solutions and actions with management.","level_6":"Responsible for the delivery of security audits for a large organisation or across a range of customer organisations. Develops the corporate audit plan and approach and oversees delivery against the plan. Leads audits instigated by Directors, Ministers or regulatory bodies to identify root causes of security incidents of widespread interest."},{"_id":15,"code":"D2","name":"Compliance Monitoring and Controls Testing","description":"Defines and implements processes to verify on-going conformance to security and/or legal and regulatory requirements. Carries out security compliance checks in accordance with an appropriate methodology. This Skill group covers compliance checks and tests against technical, physical, procedural and personnel controls.","link":null,"category":"Assurance - Audit, Compliance and Testing","subcategory":null,"level_1":"Can describe the benefits of compliance monitoring and list the common compliance monitoring standards, e.g. ISO/IEC 27001, PCI DSS, IAMM.","level_2":"Can explain the main principles and processes involved in conducting a compliance monitoring exercise. This might include experience of applying these principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises and/or passing a test or examination.","level_3":"Assists with compliance monitoring and/or controls testing exercises under supervision.","level_4":"Is an experienced member of a team conducting compliance monitoring and/ or controls testing.","level_5":"Leads teams conducting compliance monitoring and/or controls testing, reporting findings to middle management; escalates issues as appropriate.","level_6":"Is a recognised authority on compliance monitoring and controls testing with overall responsibility for compliance monitoring within a large organisation or across a range of customers. Reports significant non-compliance issues to senior management."},{"_id":16,"code":"D3","name":"Security Evaluation and Functionality Testing","description":"Contributes to the security evaluation or testing of software. Evaluates security software by analysing the design documentation and code to identify potential vulnerabilities and testing to ascertain whether these are exploitable. Tests the security functionality of systems or applications for correctness in line with security policies, standards and procedures and advises on corrective measures. Applies recognised evaluation/testing methodologies, tools and techniques, developing new ones where appropriate. Assesses the robustness of a system, product or technology. Applies commonly accepted governance practices and standards when testing in an operational environment.","link":null,"category":"Assurance - Audit, Compliance and Testing","subcategory":null,"level_1":"Can describe the principal concepts of security evaluation and functional testing to support Information Security. Recognises that security testing cannot guarantee security.","level_2":"Can explain the principal concepts of security evaluation or functional testing and how these are applied in practice. This might include experience of applying these concepts in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Develops test schedules and/or implements them under supervision. Develops product or system test plans under supervision. Drafts security requirements under supervision.","level_4":"Designs effective test programmes for systems, products applications or processes and is trusted to implement them.","level_5":"Leads Security Evaluation or Functionality Testing teams.","level_6":"Acts as an expert adviser to customers on security testing policy within a large organisation or across several clients."},{"_id":17,"code":"D4","name":"Penetration Testing and conducting Simulated Attack Exercises","description":"Contributes to the scoping and conduct of vulnerability assessments and tests for public domain vulnerabilities and assessment of the potential for exploitation, where appropriate by conducting exploits. Reports potential issues and mitigation options. Contributes to the review and interpretation of reports. Co-ordinates and manages Remediation Action Plan (RAP) responses. This skill group covers, but is not limited to, penetration testing against networks and infrastructures, web applications, mobile devices and control systems. This Skill Group also covers contributing to the conduct of testing and simulated attack exercises based on scenarios derived from threat intelligence. potential threat agents and their capabilities. Predicts and prioritises threats to an organisation and their methods of attack. Uses human factor analysis in the assessment of threats. Uses threat intelligence to develop attack trees. Prepares and disseminates intelligence reports providing threat indicators and warnings.","link":null,"category":"Assurance - Audit, Compliance and Testing","subcategory":null,"level_1":"Can describe the principles of penetration testing and list the common types of penetration test – e.g. infrastructure, web applications, etc. Recognises the difference between a vulnerability assessment and a penetration test. Can describe the differences between red team, blue team and purple team simulated attack exercises.","level_2":"Can explain the principles of penetration testing, the main components of an infrastructure penetration test and the high level processes involved. This might include recognised training in infrastructure penetration testing involving practical exercises in using these skills. Can explain the principles of simulated attack exercises based on scenarios derived from threat intelligence and the high level processes involved. Appropriate and relevant certifications include Certified Ethical Hacker (CEH) or equivalent.","level_3":"Uses commercial tools to conduct vulnerability assessments and basic penetration testing under supervision. Assists with scoping tests or attack exercises and interpreting results. Appropriate and relevant certifications include CREST Practitioner Security Analyst, EC-Council Certified Security Analyst (ECSA) or equivalents.","level_4":"Uses commercial and bespoke tools to conduct basic penetration testing without supervision and complex infrastructure penetration testing under supervision. Undertakes attack exercises under direction as part of a team. Scopes relatively simple tests and interprets results with little supervision. Appropriate and relevant certifications include CHECK Team Member, CREST Registered Penetration Tester or equivalents.","level_5":"Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.","level_6":"Responsible for the effective delivery of complex and challenging penetration testing services to a range of customers. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents. Responsible for the design and delivery of attack exercises based on threat intelligence to a range of customers. Appropriate and relevant certifications include CREST Certified Simulated Attack Specialist (CC SAS), CREST Certified Simulated Attack Manager (CC SAM)."},{"_id":18,"code":"E1","name":"Secure Operations Management","description":"Establishes processes for maintaining the security of information throughout its existence including establishing and maintaining Security Operating Procedures in accordance with security policies, standards and procedures. Coordinates penetration and other testing on information processes. Assesses and responds to new technical, physical, personnel or procedural vulnerabilities. Engages with the Change Management process to ensure that vulnerabilities are mediated. Manages the implementation of Information Security programmes, and co-ordinates security activities across the organisation.","link":null,"category":"Operational Security Management","subcategory":null,"level_1":"Recognises the need for secure management of information systems and can list some of the types of incident which could occur is this is not done.","level_2":"Understands and can explain the main processes for managing the security of information systems. This might include experience of applying these concepts in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises and/or passing a test or examination.","level_3":"Develops or operates security management procedures and processes with some supervision. Monitors the application of Security Operating Procedures with some supervision.","level_4":"Develops or operates security management procedures and processes without close supervision. Monitors the application of Security Operating Procedures without close supervision.","level_5":"Manages Security Management teams. Identifies and implements new management controls to reflect changes in factors such as threat levels and legislation.","level_6":"Responsible to the Board for secure operations and service delivery for a major organisation."},{"_id":19,"code":"E2","name":"Secure Operations and Service Delivery","description":"Securely configures and maintains information, control and communications equipments in accordance with relevant security policies, standards and guidelines. This includes the configuration of Information Security devices (e.g. firewalls) and protective monitoring tools (e.g. SIEM). Implements security policy (e.g. patching policies) and Security Operating Procedures in respect of system and/or network management. Undertakes routine technical vulnerability assessments. Maintains security records and documentation in accordance with Security Operating Procedures. Administers logical and physical user access rights. Monitors processes for violations of relevant security policies (e.g. acceptable use, security, etc.).","link":null,"category":"Operational Security Management","subcategory":null,"level_1":"Recognises the need for information systems and services to be operated securely and can list some of the main policies and practices involved in achieving this.","level_2":"Can explain the main principles of secure configuration of security components and devices, including firewalls and protective monitoring tools (e.g. SIEM). This might include experience of applying these principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Applies routine security procedures such as patching, managing access rights, malware protection or vulnerability testing under direction/supervision.","level_4":"Develops Security Operating Procedures for use across multiple information systems or maintains compliance with them.","level_5":"Leads teams managing secure operations and service delivery within an organisation. Identifies the need for, and implements new Security Operating Procedures and practices to meet changing requirements.","level_6":"Is responsible to the Board for secure operations and service delivery for a major organisation."},{"_id":20,"code":"F1","name":"Intrusion Detection and Analysis","description":"Monitors network and system activity to identify potential intrusion or other anomalous behaviour. Analyses the information and initiates an appropriate response, escalating as necessary. Uses security analytics, including the outputs from intelligence analysis, predictive research and root cause analysis in order to search for and detect potential breaches or identify recognised indicators and warnings. Monitors, collates and filters external vulnerability reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes. Ensures that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available. Produces warning material in a manner that is both timely and intelligible to the target audience(s).","link":null,"category":"Incident Management, Investigation and Digital Forensics","subcategory":null,"level_1":"Recognises the need for intrusion detection and analysis to maintain Information Security and can describe the difference between intrusion prevention and intrusion detection.","level_2":"Can explain the basic principles involved in monitoring network and system activity for anomalous behaviour and how the results can be used. This might include experience of applying these principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises, and/or passing a test or examination.","level_3":"Operates as a member of an intrusion and analysis team under supervision. Appropriate and relevant certifications include CREST Practitioner Intrusion Analyst.","level_4":"Operates as a member of an intrusion and analysis team without close supervision. Appropriate and relevant certifications include CREST Registered Intrusion Analyst.","level_5":"Manages intrusion and analysis teams. Responsible for taking decisions on appropriate response, escalating as necessary. Liaises with relevant threat intelligence units. Appropriate and relevant certifications include CREST Certified Network Intrusion Analyst, CREST Certified Host Intrusion Analyst, CREST Certified Malware Reverse Engineer.","level_6":"Leads on intrusion and analysis within an organisation. Advises and influences the Board on intrusion and detection issues."},{"_id":21,"code":"F2","name":"Incident Management, Incident Investigation and Response","description":"Engages with the overall organisation Incident Management process to ensure that Information Security incidents are handled appropriately. Defines and implements processes and procedures for detecting and investigating Information Security incidents. Establishes and maintains a Computer Security Emergency Response Team or similar to deal with Information Security incidents. Working within the legal constraints imposed by the jurisdictions in which an organisation operates, carries out an investigation into a security incident using all relevant sources of information. Assesses the need for Forensic activity, and coordinates the activities of specialist Forensic personnel within the overall response activities, engaging with the relevant organisational processes to ensure that Forensic services are deployed appropriately. Provides a full Information Security investigation capability where third parties, managed service providers, etc. are involved. Co-ordinates the response to an Information Security incident.","link":null,"category":"Incident Management, Investigation and Digital Forensics","subcategory":null,"level_1":"Recognises the benefits of managing Information Security incidents and can describe the basic principles of incident management, investigation and response.","level_2":"Can explain the basic principles of incident management, investigation and response. Can describe how incident management can operate effectively, benefiting the organisation. Understands the need to preserve evidence to support any investigation and can explain the basic principles involved.","level_3":"Contributes to Information Security incident management policy and/or incident management and investigation procedures under some supervision. Contributes to Information Security incident management and/or investigation processes. Undertakes Information Security investigation tasks under supervision.","level_4":"Contributes to Information Security incident policy and/or incident management and investigation procedures without supervision. Contributes to Information Security incident management and or investigation processes. Undertakes some Information Security investigation tasks without supervision. May take some responsibility for managing and investigating Information Security incidents.","level_5":"Takes full responsibility for managing and investigating Information Security incidents. Ensures that the Information Security incident management processes are aligned with generic incident management and business continuity processes. Advises on corporate response to an incident. Appropriate and relevant certifications include CREST Certified Incident Manager.","level_6":"Is experienced in handling major Information Security incidents, recognised in this authority across the organisation and represents them for media comment. Is responsible for deciding on and organising the appropriate corporate response to an Information Security incident."},{"_id":22,"code":"F3","name":"Forensics","description":"Secures the scene and captures evidence in accordance with legal guidelines and in the most effective manner to minimise disruption to the business and maintaining evidential weight, using specialist equipments as appropriate. Analyses the evidence to identify breaches of policy, regulation or law, including the presence of malware. Presents evidence as appropriate, acting as an expert witness if necessary.","link":null,"category":"Incident Management, Investigation and Digital Forensics","subcategory":null,"level_1":"Can describe the basic principles of digital forensics and recognises the capability of forensics to support investigations.","level_2":"Can explain the basic principles of digital forensics, including the principles and processes surrounding securing and analysing evidence. This might include experience of applying these principles in a training or academic environment, for example through participation in syndicate exercises, undertaking practical exercises and/or passing a test or examination.","level_3":"Contributes to forensic activities with some supervision.","level_4":"Undertakes basic forensic tasks (e.g. first responder) without supervision. Has some experience of more complex tasks (e.g. using specialist tools to recover, preserve and analyse data) under supervision.","level_5":"Manages teams conducting investigations using forensic techniques and tools. Experienced in using multiple forensic tools and techniques.","level_6":"Responsible for forensic operations within a large organisation or across multiple customers. Leads challenging forensic operations. Has in depth understanding of the relevant laws."},{"_id":23,"code":"G1","name":"Data Protection","description":"Directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to manage the protection of personal data at an enterprise level, supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements, and ensuring compliance with those requirements.","link":null,"category":"Data Protection, Privacy and Identity Management","subcategory":null,"level_1":"Can describe the principal legal and regulatory instruments relating to the protection of personal data. Can list the principal criteria within those instruments. Can list the penalties relating to non-compliance.","level_2":"Can explain how the principal legal and regulatory instruments relating to the protection of personal data apply within an organisation. Can describe the corporate impact and recovery activity required in the case of non-compliance.","level_3":"Understands local (organisation or project) policies and processes relating to the protection of personal data. Undertakes personal data protection tasks under supervision. Recognises and addresses non-compliance and makes recommendations for change.","level_4":"Contributes to the development, revision, implementation or monitoring of personal data protection policies and processes within an organisation. Undertakes routine personal data protection tasks with minimal supervision.","level_5":"Leads the development, revision, implementation or monitoring of personal data protection policies and processes across a range of clients or within an organisation. Undertakes complex personal data protection tasks with minimal supervision.","level_6":"Responsible for the development, revision, implementation and monitoring personal data protection policies and processes across a range of clients or within a large corporate organisation."},{"_id":24,"code":"G2","name":"Privacy","description":"Directs, oversees, designs, implements, contributes to, or operates within the set of multi-disciplinary structures, policies, procedures, processes and controls to ensure that privacy and human rights legislation and regulations are adhered to. Within a corporate organisation, this applies to employees, contractors, customers and any individual for whom personal information is held.","link":null,"category":"Data Protection, Privacy and Identity Management","subcategory":null,"level_1":"Can describe the principal legal and regulatory instruments relating to personal privacy and human rights. Can list the principal criteria within those instruments. Can list the penalties relating to non-compliance.","level_2":"Can explain how the principal legal and regulatory instruments relating to personal privacy and human rights apply within an organisation. Can describe the corporate impact and recovery activity required in the case of non-compliance.","level_3":"Understands local (organisation or project) policies and processes relating to the protection of personal data. Undertakes tasks relating to personal privacy and human rights under supervision. Recognises and addresses non-compliance and makes recommendations for change.","level_4":"Contributes to the development, revision, implementation or monitoring of personal privacy policies and processes within an organisation. Undertakes routine tasks relating to personal privacy with minimal supervision.","level_5":"Leads the development, revision, implementation or monitoring of personal privacy policies and processes across a range of clients or within an organisation. Undertakes complex tasks relating to personal privacy with minimal supervision.","level_6":"Responsible for the development, revision, implementation and monitoring personal privacy policies and processes across a range of clients or within a large corporate organisation."},{"_id":25,"code":"G3","name":"Identity and Access Management (IAM/IdM)","description":"Directs, oversees, designs, implements, contributes to, or operates within identity and access management policies, procedures, processes and controls to ensure that access by individuals to IT and information resources is controlled effectively, operating within legal and regulatory constraints and meeting business requirements.","link":null,"category":"Data Protection, Privacy and Identity Management","subcategory":null,"level_1":"Can describe the basic principles of identity and access management, and relevant legal and regulatory instruments.","level_2":"Can explain how the principles of identity and access management apply within and organisation, referencing the relevant legal and regulatory instruments.","level_3":"Understands local (organisation or project) identity and access management policies and processes and the operation of any IAM systems used. Undertakes tasks relating to identity and access management under supervision. Recognises and addresses non-compliance and makes recommendations for change.","level_4":"Contributes to the development, revision, implementation or monitoring of identity and access management policies and processes within an organisation. Undertakes routine tasks relating to identity and access management with minimal supervision, including routine management of IAM systems.","level_5":"Leads the development, revision, implementation or monitoring of identity and access management policies and processes across a range of clients or within an organisation. Undertakes complex tasks relating to identity and access management with minimal supervision, including the implementation and configuration of IAM systems.","level_6":"Responsible for the development, revision, implementation and monitoring identity and access management policies and processes across a range of clients or within a large corporate organisation."},{"_id":26,"code":"H1","name":"Business Continuity and Disaster Recovery Planning","description":"Contributes to defining the need for, and the development of Business Continuity Management (BCM) and Disaster Recovery (DR) Plans, Processes or Functions.","link":null,"category":"Business Resilience","subcategory":null,"level_1":"Recognises the importance of Business Continuity and Disaster Recovery Planning to Information Security, and can list some of the potential consequences if these aspects are not properly considered.","level_2":"Can explain and give examples of how Business Continuity and Disaster Recovery Planning contributes to Information Security.","level_3":"Assists with the design, development and implementation of Business Continuity, Crisis Management and/or Disaster Recovery Plans under supervision.","level_4":"Assists with the design, development and implementation of Business Continuity, Crisis Management and/or Disaster Recovery Plans with minimal supervision.","level_5":"Leads teams designing, developing and implementing Business Continuity, Crisis Management and/or Disaster Recovery Plans.","level_6":"Has overall responsibility for Business Continuity and Disaster Recovery Planning within a large organisation, reporting to the Board. A Subject Matter Expert who advises on BCP & DRP at Board level across a range of organisations."},{"_id":27,"code":"H2","name":"Business Continuity and Disaster Recovery Management","description":"Contributes to the implementation, operation and maintenance of Business Continuity and Disaster Recovery Processes or Functions.","link":null,"category":"Business Resilience","subcategory":null,"level_1":"Recognises the importance of Business Continuity & Disaster Recovery management to Information Security and can list some of the potential consequences if these aspects are not properly considered.","level_2":"Can explain and give examples of how Business Continuity and Disaster Recovery management contributes to Information Security.","level_3":"Assists with the implementation and execution of Business Continuity, Crisis Management and/or Disaster Recovery Plans under supervision. Assists with exercises to test business continuity and disaster recovery plans under supervision.","level_4":"Assists with the implementation and execution of Business Continuity, Crisis Management and/or Disaster Recovery Plans with minimal supervision. Assists with exercises to test business continuity and disaster recovery plans with minimal supervision.","level_5":"Leads teams implementing and executing Business Continuity, Crisis Management and/or Disaster Recovery Plans. Establishes and manages an emergency Operations Centre. Leads exercises to test Business Continuity and Disaster Recovery plans and reports outcomes to senior management. Implement changes to address lessons learned.","level_6":"Has overall responsibility for Business Continuity and Disaster Recovery operations within a large organisation, reporting to the Board."},{"_id":28,"code":"H3","name":"Cyber Resilience","description":"Contributes to the development and implementation processes to anticipate, recognise and defend against changing Cyber and Information risk environments which threaten business stability, and the development and implementation of plans to introduce an holistic culture of Information Security across an organisation aimed at identifying and reacting promptly and effectively to incidents.","link":null,"category":"Business Resilience","subcategory":null,"level_1":"Can describe the principles and benefits of cyber resilience.","level_2":"Can explain and give examples of how Cyber Resilience contributes to Information Security.","level_3":"Operates as a member of a cyber resilience team, or assists with cyber resilience activities, working under supervision.","level_4":"Operates as a member of a cyber resilience team, or assists with cyber resilience activities, working with minimal supervision.","level_5":"Leads cyber resilience teams or undertakes complex cyber resilience work without supervision.","level_6":"Responsible for cyber resilience within a major organisation."},{"_id":29,"code":"I1","name":"Research","description":"Conducts original investigation in order to gain knowledge and understanding relating to Information Security. Defines research goals and generates original and worthwhile ideas in Information Security. Writes or presents papers, either internally or externally, on the results of research. Contributes to the development of the employing organisation’s Information Security research policy and participates in or supervises the work of Information Security research functions. Develops new or improved models or theories of Information Security. Develops new cryptographic algorithms. In the Information Security field, uses existing knowledge in experimental development to produce new or substantially improved devices, products and processes or substantially improve understanding of behavioural response to security controls.","link":null,"category":"Information Security Research","subcategory":null,"level_1":"Recognises the different types of Information Security research within own sector.","level_2":"Can describe and give examples on how research has improved information security.","level_3":"Has contributed to Information Security research activities.","level_4":"Has been actively involved in Information Security research activities with minimal supervision, including developing and reviewing new ideas, obtaining background information and conducting tests.","level_5":"Has led teams responsible for delivering against Information Security research strategies and/or programmes. Supervises and/or mentors research work of less experienced researchers.","level_6":"Has been responsible for developing or managing Information Security research strategies and/or programmes, defining research goals and generating original and worthwhile ideas in a specialised field within Information Security. Presents papers at conferences, writes journal papers of publication quality and/or presents reports of an equivalent technical standard to research clients. In cryptography, has developed new cryptographic algorithms."},{"_id":30,"code":"I2","name":"Applied Research","description":"Vulnerability Research and Discovery, leading to the development of exploits, reverse engineering and researching mitigation bypasses. Cryptographic research leading to the assessment of existing algorithms. In the Information Security field, uses existing knowledge in experimental development to produce new or substantially improved devices, products and processes.","link":null,"category":"Information Security Research","subcategory":null,"level_1":"Recognises the value of applied research in Information Security.","level_2":"Understands the principles of applied research in Information Security and might have undertaken some directed practical examples in a training environment.","level_3":"Has conducted some basic applied research under supervision, e.g. leading to the development of simple exploits or an assessment of an existing cryptographic algorithm.","level_4":"Has conducted some basic applied research without supervision, e.g. leading to the development of simple exploits or a simple assessment of an existing cryptographic algorithm.","level_5":"Has led teams conducting applied research. For example, has conducted applied research leading to the development of complex exploits or an in-depth assessment of an existing cryptographic algorithm.","level_6":"Undertakes advanced research into vulnerabilities or cryptography. For example, has produced complex exploits, undertaken effective reverse engineering and/or effectively researched mitigation bypasses"},{"_id":31,"code":"J1","name":"Management, Leadership and Influence","description":"Works effectively in teams, either as a member or leader. Encourages and supports others to meet objectives and to develop as Information Security professionals. Is a leader on Information Security issues, either locally or across an organisation. Provides technical leadership in a professional field, either within an organisation or across an industry sector.","link":null,"category":"Management, Leadership, Business and Communications","subcategory":null,"level_1":"Works cooperatively and professionally with others.","level_2":"Has received recognised training in management and/or leadership.","level_3":"Is an effective team member. Encourages and supports colleagues to achieve team objectives.","level_4":"Leads small groups/teams with delegated authority for a limited range of tasks. Provides support and feedback to encourage and develop colleagues.","level_5":"Creates and leads formal, informal or virtual teams and/or creates collaborative links with related teams. Addresses and resolves conflict within teams. Provides support and feedback to encourage and develop colleagues. Advises and influences middle managers, e.g. Accreditors, Project Managers. Develops others through coaching, mentoring and advising colleagues.","level_6":"Provides leadership for professional field within the organisation. Recognised as a professional authority within a large organisation or across a range of clients. Routinely advises and influences senior management within an organisation, usually at Board level."},{"_id":32,"code":"J2","name":"Business Skills","description":"Understands local or corporate business aims and uses this knowledge to maximise the costeffectiveness of Information Security. Contributes to the development of cost-effective corporate Information Security strategy; takes action to achieve greater corporate efficiency in line with strategic aims. Takes reasoned decisions on Information Security based on business aims and influences.","link":null,"category":"Management, Leadership, Business and Communications","subcategory":null,"level_1":"Understands local objectives and organisational aims and how own job supports them.","level_2":"Understands and supports organisational aims and any regulations and laws that govern own organisation. Works in a cost effective manner.","level_3":"Understands aims and issues facing own work areas and organisation. Works effectively to meet with organisational policies, procedures, security and legal constraints.","level_4":"Ensures that colleagues understand how their work contributes to security of the department and organisation.","level_5":"Takes actions to achieve greater corporate efficiency. Interprets and reinforces the importance of strategic aims to colleagues. Uses strategic aims to prioritise and drive plans to maximum benefit to the organisation. Influences business decisions.","level_6":"Develops policy, strategy, projects and programmes for the organisation that support strategic plans. Understands how changing external influences and political climates may impact on future strategies. Has a wide network of internal and external senior contacts and draws on their knowledge and influence to support organisational aims. Takes business decisions."},{"_id":33,"code":"J3","name":"Communication and Knowledge Sharing","description":"Communicates information clearly and in a manner relevant to the target audience. Influences senior management. Shares knowledge on Information Security. Negotiates effectively on Information Security issues.","link":null,"category":"Management, Leadership, Business and Communications","subcategory":null,"level_1":"Understands and interprets instructions effectively. Communicates effectively with colleagues.","level_2":"Has clear written and verbal communication skills. Shares information and knowledge with others.","level_3":"Is sensitive and constructive when challenging other’s ideas or decisions.","level_4":"Proactively shares good practice and expertise with colleagues. Contributes effectively to debates and complex discussion demonstrating well-reasoned arguments and conclusions. Adapts communication style to suit audience, developing effective mechanisms to disseminate information to colleagues.","level_5":"Is a persuasive communicator using logic to win support and change views. Sets a lead in sharing knowledge across the organisation and uses a variety of effective strategies to capture and share information. Addresses and discusses key concerns and ensures key stakeholders are kept informed.","level_6":"Is persuasive and diplomatic in external negotiation, influencing major programmes, projects or policy outside of the organisation. Uses and develops knowledge sharing strategies to share experience across organisations. Presents effectively and influentially to a range of audiences."},{"_id":34,"code":"K1","name":"Contributions to the Community","description":"Undertakes activity to broaden awareness and knowledge of Information Security issues, including the risks from social media use, in the wider community – e.g. moderating sessions at schools, community centres, etc.","link":null,"category":"Contributions to the Information Security Profession and Professional Development","subcategory":null,"level_1":"Recognises the need to educate the community on Information Security issues.","level_2":"N/A","level_3":"Has contributed to Information Security training sessions within the local community.","level_4":"Has developed and presented Information Security training sessions within the local community.","level_5":"Has developed and led a programme of Information Security education.","level_6":"Has developed and led a programme of Information Security education and training outside the local area, e.g. regionally or nationally."},{"_id":35,"code":"K2","name":"Contributions to the IS Profession","description":"Undertakes voluntary roles within industry forums or professional bodies. Presents sessions on Information Security, either within the organisation or at conferences.","link":null,"category":"Contributions to the Information Security Profession and Professional Development","subcategory":null,"level_1":"Recognises the value of Information Security professional bodies and industry forums.","level_2":"Can describe the main Information Security professional bodies and industry forums.","level_3":"Is aware of Information Security professional bodies and industry forums and meetings and occasionally attends to listen and learn.","level_4":"Supports Information Security professional bodies and industry forums, contributes to the agenda and takes an active part in the meetings. Can demonstrate experience of mentoring and/or providing support to others.","level_5":"Gives significant amounts of own time to Information Security professional bodies and industry forums to improve either body of knowledge or general awareness of the area. As a volunteer, chairs committees, conducts assessments or interviews, or organises or runs special interest groups.","level_6":"Has significantly influenced changes and improvements within the Information Security community. Has established influential relationships with Government and/or industry stakeholders. Has changed the way that people perceive Information Security. Is regularly sought for comment or to speak publicly on a variety of Information Security topics. Has published articles or papers relating to specific areas of the industry. Has developed methodologies or products that have advanced the knowledge or management of Information Security."},{"_id":36,"code":"K3","name":"Professional Development","description":"Takes appropriate and timely action to develop and maintain personal Information Security knowledge and expertise.","link":null,"category":"Contributions to the Information Security Profession and Professional Development","subcategory":null,"level_1":"Recognises the value of Continued Professional Development (CPD) to the Information Security profession.Can list some of the industry training, certification and accreditation bodies.","level_2":"Has professional or academic accreditations to support areas of expertise.","level_3":"Has taken steps within the past year to develop or maintain professional knowledge.","level_4":"Is a member of the IISP or another professional body. Regularly takes steps to improve and update own skills sets. Keeps up to date with relevant technologies. Maintains level of knowledge for professional certifications, accreditations and/or qualifications gained.","level_5":"Encourages professional development within the organisation or industry. Develops or mentors others to assist them in their professional development. Runs workshops or lectures on professional development.","level_6":"Influences industry training, certification or accreditations organisations within the industry sector. Is sought to speak, comment or produce papers on professional development."}], "fields": [{"id": "_id", "type": "int"}, {"id": "code", "type": "text"}, {"id": "name", "type": "text"}, {"id": "description", "type": "text"}, {"id": "link", "type": "text"}, {"id": "category", "type": "text"}, {"id": "subcategory", "type": "text"}, {"id": "level_1", "type": "text"}, {"id": "level_2", "type": "text"}, {"id": "level_3", "type": "text"}, {"id": "level_4", "type": "text"}, {"id": "level_5", "type": "text"}, {"id": "level_6", "type": "text"}], "_links": {"start": "/api/action/datastore_search?resource_id=95e66dd4-aca8-4219-90f5-c400e9c39e94", "next": "/api/action/datastore_search?resource_id=95e66dd4-aca8-4219-90f5-c400e9c39e94&offset=100"}, "total": 36, "total_was_estimated": false}}