Perform vulnerability assessments
URN: TECDT61141
Business Sectors (Suites): IT and Telecoms Professional (procom)
Developed by: e-skills
Approved on:
2022
Overview
This standard is about performing vulnerability assessments.
This involves scanning networks, software applications and systems to detect and identify vulnerabilities and take measures to correct or manage these to strengthen security resilience.
This includes running vulnerability scans to test if the system is susceptible to any known vulnerabilities, assigning severity levels to prioritise vulnerabilities detected, recommending remediation or mitigation as required and reporting findings.
This standard covers the competencies needed to perform vulnerability assessments. It is for those who need to perform vulnerability assessments as part of their duties.
Performance criteria
You must be able to:
- Plan regular network and host-based vulnerability scans to identify vulnerabilities in networks, servers and hosts
- Perform routine analysis of system log files and reports from firewalls and other boundary protection devices to identify anomalies and new vulnerabilities
- Review and optimise scan templates to ensure complete coverage of the information systems environment
- Conduct vulnerability assessments for networks, applications and operating systems
- Develop, implement and maintain automated vulnerability scanning tools improve efficiency and effectiveness of vulnerability analysis
- Triage identified vulnerabilities to prioritise remediation activities
- Create a vulnerability mitigation plan to manage identified vulnerabilities
Implement updated patches in line with the patch management plan
Manage identified vulnerabilities throughout their life cycle until they are mitigated
- Prepare and communicate vulnerability assessment status reports and metrics in line with organisational procedures
Knowledge and Understanding
You need to know and understand:
- The main principles of vulnerability assessment
- The need to agree the scope of vulnerability assessments prior to commencement
- The steps involved in performing vulnerability assessments
- The industry standard techniques used to locate and identify vulnerabilities
How to triage identified vulnerabilities to manage remediation priorities
That a vulnerability assessment consists of scanning networks, operating systems and applications to identify and assess potential vulnerabilities
- The specified organisational vulnerability assessment tools and how to apply them
- How to automate vulnerability scanning to increase efficiency
- How to develop mitigation strategies for network, operating systems and application vulnerabilities
- That all major software releases should undergo a vulnerability assessment
- How to investigate persistent vulnerabilities
That vulnerability assessment informs patch management activities
How to investigate common configuration weaknesses and deployment flaws
- How to prepare vulnerability reports and communicate outcomes of vulnerability assessments to stakeholder groups
- How to manage and track vulnerabilities and mitigations throughout their lifecycle to closure
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
Links To Other NOS
External Links
Version Number
1
Indicative Review Date
2025
Validity
Current
Status
Original
Originating Organisation
ODAG Consultants Ltd.
Original URN
TECDT61141
Relevant Occupations
Information and Communication Technology Professionals
SOC Code
2135
Keywords
cyber security, vulnerability