| 22 |
* Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
| 37 |
Knowledge of disaster recovery continuity of operations plans. |
Knowledge |
| 50 |
Knowledge of how network services and protocols interact to provide network communications. |
Knowledge |
| 60 |
Knowledge of incident categories, incident responses, and timelines for responses. |
Knowledge |
| 61 |
Knowledge of incident response and handling methodologies. |
Knowledge |
| 66 |
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies. |
Knowledge |
| 81A |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
| 105 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
| 108 |
* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
| 150 |
Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
| 153 |
Skill of identifying, capturing, containing, and reporting malware. |
Skill |
| 217 |
Skill in preserving evidence integrity according to standard operating procedures or national standards. |
Skill |
| 470 |
Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. |
Task |
| 716A |
Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise. |
Task |
| 741A |
Coordinate incident response functions. |
Task |
| 745 |
Perform cyber defense trend analysis and reporting. |
Task |
| 755 |
Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. |
Task |
| 823 |
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. |
Task |
| 882 |
Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. |
Task |
| 893 |
Skill in securing network communications. |
Skill |
| 895 |
Skill in recognizing and categorizing types of vulnerabilities and associated attacks. |
Skill |
| 896 |
Skill in protecting a network against malware. |
Skill |
| 897 |
Skill in performing damage assessments. |
Skill |
| 923A |
Skill in using security event correlation tools. |
Skill |
| 984 |
Knowledge of cyber defense policies, procedures, and regulations. |
Knowledge |
| 991 |
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). |
Knowledge |
| 1029A |
Knowledge of malware analysis concepts and methodologies. |
Knowledge |
| 1030 |
Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. |
Task |
| 1033 |
Knowledge of basic system administration, network, and operating system hardening techniques. |
Knowledge |
| 1069 |
Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks). |
Knowledge |
| 1072 |
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
| 1157 |
* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
| 1158 |
* Knowledge of cybersecurity principles. |
Knowledge |
| 1159 |
* Knowledge of cyber threats and vulnerabilities. |
Knowledge |
| 3431 |
Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
Knowledge |
| 5670 |
Write and publish after action reviews. |
Task |
| 6210 |
Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
| 6900 |
* Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
| 6935 |
* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
| 6938 |
* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
