Threat Analysis and Defence
Identifying, analysing, and understanding potential cyber threats and vulnerabilities, and designing, implementing, and managing defensive measures to mitigate risks.
Proficiency Level
Level 1 (Follow)
- Follows established procedures for reporting suspicious emails, websites, or unusual system behaviour observed.
- Understands basic types of common cyber threats (e.g., malware, phishing) based on training.
- Adheres to security policies designed as basic defensive measures.
Level 2 (Assist)
- Assists security analysts in gathering information about specific known threats or vulnerabilities from predefined sources (e.g., security advisories, vulnerability databases).
- Helps monitor security tool dashboards (e.g., antivirus console, basic logs) for alerts related to known threats under guidance.
- Supports the application of predefined patches or basic configuration changes as part of vulnerability remediation.
Level 3 (Apply)
- Analyses specific threat intelligence reports or vulnerability scan results to understand potential threats relevant to the organisation's environment.
- Assesses the potential impact and likelihood of specific threats or vulnerabilities within their area of responsibility.
- Implements standard defensive measures or configurations (e.g., applying security patches, configuring firewall rules based on requests, tuning basic security tool settings).
Level 4 (Ensure)
- Conducts in-depth analysis of complex threats, attack vectors, and organisational vulnerabilities using various techniques (e.g., threat modelling, detailed vulnerability analysis).
- Designs, implements, and manages effective defensive strategies and security controls (technical and procedural) to mitigate identified risks.
- Leads incident response activities related to specific analysed threats, coordinating defensive actions.
- Continuously evaluates and improves the effectiveness of existing defences against evolving threats.
Level 5 (Strategise)
- Develops the organisation's overall strategy for proactive threat analysis, vulnerability management, and cyber defence.
- Establishes threat modelling frameworks and integrates threat analysis into the system development lifecycle and risk management processes.
- Directs strategic defence initiatives (e.g., implementing advanced security architectures, developing custom detection capabilities) based on analysis of the threat landscape and organisational risk posture.