Assist in implementing vulnerability assessment processes

URN: TECDT61131
Business Sectors (Suites): IT and Telecoms Professional (procom)
Developed by: e-skills
Approved on: 30 Mar 2022

Overview

This standard is about assisting in implementing vulnerability assessment processes.

This involves helping to validate that infrastructure systems, applications, websites and software applications are correctly implemented and offering the required levels of protection.

This includes assisting in identifying, assessing and prioritising vulnerabilities identified in an organisations digital systems and procedures. The primary aim is to perform assessments to identify where these deviate from specified levels of resilience or where their version or patch levels do not meet agreed tolerances. They would also measure the effectiveness against known vulnerabilities and reporting findings.

This standard covers the competencies needed to assist in implementing vulnerability assessment processes. It is for those who need to assist in implementing vulnerability assessment processes as part of their duties.


Performance criteria

You must be able to:

1. Contribute to scoping vulnerability assessments to evaluate security risks in software systems 2. Assist in conducting vulnerability scans in line with organisational standards 3. Contribute to interpreting vulnerability scans to identify issues and follow these up with support teams 4. Assist in implementing automated tools to improve the efficiency of vulnerability scans 5. Use vulnerability scan analysis to prioritise patch updates in operating system and application software  6. Support vulnerability remediation activities in line with organisational processes 7. Produce vulnerability assessment reports in line with organisational requirements

Knowledge and Understanding

You need to know and understand:

1. That vulnerabilities in systems can compromise the confidentiality, integrity, or availability of information 2. That a vulnerability assessment is a systematic review of security weaknesses in an information system 3. How to run a vulnerability scan on a network to gather information about services and software that are running 4. The difference between a vulnerability assessment and a penetration test 5. That a vulnerability assessment seeks to test for known vulnerabilities and identify new vulnerabilities 6. That vulnerability assessment tools can be used to identify points of weakness in security infrastructure 7. What is meant by patch management 8. How to apply patch management to resolve known vulnerabilities   9. The industry standard tools used to conduct vulnerability assessments in networks, applications and web services and how to apply them 10. The key features and principles of on-premises and cloud network infrastructure 11. How to analyse, assess and mitigate vulnerabilities

Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary


Links To Other NOS


External Links


Version Number

1

Indicative Review Date

30 Mar 2025

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECDT61131

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2135

Keywords

cyber security, vulnerability