Assist in implementing vulnerability assessment processes
URN: TECDT61131
Business Sectors (Suites): IT and Telecoms Professional (procom)
Developed by: e-skills
Approved on:
30 Mar 2022
Overview
This standard is about assisting in implementing vulnerability assessment processes.
This involves helping to validate that infrastructure systems, applications, websites and software applications are correctly implemented and offering the required levels of protection.
This includes assisting in identifying, assessing and prioritising vulnerabilities identified in an organisations digital systems and procedures. The primary aim is to perform assessments to identify where these deviate from specified levels of resilience or where their version or patch levels do not meet agreed tolerances. They would also measure the effectiveness against known vulnerabilities and reporting findings.
This standard covers the competencies needed to assist in implementing vulnerability assessment processes. It is for those who need to assist in implementing vulnerability assessment processes as part of their duties.
Performance criteria
You must be able to:
1. Contribute to scoping vulnerability assessments to evaluate security risks in software systems
2. Assist in conducting vulnerability scans in line with organisational standards
3. Contribute to interpreting vulnerability scans to identify issues and follow these up with support teams
4. Assist in implementing automated tools to improve the efficiency of vulnerability scans
5. Use vulnerability scan analysis to prioritise patch updates in operating system and application software
6. Support vulnerability remediation activities in line with organisational processes
7. Produce vulnerability assessment reports in line with organisational requirements
Knowledge and Understanding
You need to know and understand:
1. That vulnerabilities in systems can compromise the confidentiality, integrity, or availability of information
2. That a vulnerability assessment is a systematic review of security weaknesses in an information system
3. How to run a vulnerability scan on a network to gather information about services and software that are running
4. The difference between a vulnerability assessment and a penetration test
5. That a vulnerability assessment seeks to test for known vulnerabilities and identify new vulnerabilities
6. That vulnerability assessment tools can be used to identify points of weakness in security infrastructure
7. What is meant by patch management
8. How to apply patch management to resolve known vulnerabilities
9. The industry standard tools used to conduct vulnerability assessments in networks, applications and web services and how to apply them
10. The key features and principles of on-premises and cloud network infrastructure
11. How to analyse, assess and mitigate vulnerabilities
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
Links To Other NOS
External Links
Version Number
1
Indicative Review Date
30 Mar 2025
Validity
Current
Status
Original
Originating Organisation
ODAG Consultants Ltd.
Original URN
TECDT61131
Relevant Occupations
Information and Communication Technology Professionals
SOC Code
2135
Keywords
cyber security, vulnerability