The publisher, authors and editors are confident that the advice and information contained in this book is believed to be true and accurate as of the date of publication. The information in this book is by no means complete or comprehensive due to the extensive information in this area.
Introduction
The NICE and OPM frameworks represent collective efforts at the US national level to predict and display labor demand and help meet that demand by helping educational institutes meet that demand.
General Issues with NICE Framework (Applied to August 2017 Version)
These are included in all 52 specialty areas (33 main specialty areas, with several subspecialty areas). As these are included in all 52 specialist areas, they should be included separately in an introductory course, which will be a prerequisite course for all other program courses.
Level of Details and Granularity of KSAs
Bibliography
Acquisition Management
K0126: Knowledge of Secure Acquisitions (e.g., Relevant Contracting Officer’s Technical Representative [COTR]
Duties, Secure Procurement, Supply Chain Risk Management)
The same initial information or any additional clarifications should be provided to all candidate contractors/suppliers. Details of the selection process should be classified and no contractors or vendors should be given any insider information.
K0148: Knowledge of Import/Export Control Regulations and Responsible Agencies for the Purposes of Reducing
Other important regulations related to the supply chain and foreign exports include: Trade Expansion Act of 1967:232, Foreign Investment and National Security Act of 2007 (“FINSA”), National Defense Authorization Act of 2011, and the “Wolf Provision ” Act of 2014. To maintain balance, a large and important country like the US cannot and should not remain isolated from the global economy and the benefits of the global ICT supply chain.
K0154: Knowledge of Supply Chain Risk Management Standards, Processes, and Practices
ISO/IEC 20243 is a process-based standard that focuses on reducing the risk of counterfeiting of commercial off-the-shelf products (COTS) and suppliers' supply chain requirements throughout the life cycle of their products. ISO/IEC 27036 covers general security requirements in supplier relationships for all tenders, security guidelines for ICT and supply chain security in the cloud.
K0163: Knowledge of Critical Information Technology (IT) Procurement Requirements
IT purchasing requirements can also be classified into: mandatory, functional, technical, and work or performance. To search for contractor bids, one of the following methods can be used: (1) quick quote, (2) competitive sealed bidding, (3) competitive negotiation, or (4) public or online auctions.
K0164: Knowledge of Functionality, Quality, and Security Requirements and How These Will Apply to Specific Items
The requirements of project applicants must distinguish between “must have” quality requirements and “desired to have” quality requirements. It is not a wise choice to place all requirements in one category, whether it concerns 'must have' or 'desired to have'.
K0169: Knowledge of Information Technology (IT) Supply Chain Security and Risk Management Policies, Requirements,
Security breaches are inevitable: Make your supply chain security policy as if security breaches will occur; be proactive rather than responsive. Control process issues: Direct or indirect service providers in the supply chain may leak sensitive information and expose some system vulnerabilities.
K0257: Knowledge of Information Technology (IT) Acquisition/Procurement Requirements
K0264: Knowledge of Program Protection Planning to Include Information Technology (IT) Supply Chain Security/Risk
Confidential Information: Confidential Information represents information that could result in a significant level of risk when unauthorized disclosure, alteration or destruction of that information occurs. In general, any information not classified as confidential or public information is considered private information.
K0266: Knowledge of How to Evaluate the Trustworthiness of the Supplier and/or Product
K0270: Knowledge of the Acquisition/Procurement Lifecycle Process
Similarly, the term security packages refers to the recent trend in security controls to provide a one-size-fits-all security package that can provide all categories of security controls or features. Security packages can be classified and compared based on the list of features they can provide versus price (Figure 2.8).
S0086: Skill in Evaluating the Trustworthiness of the Supplier and/or Product
A0009: Ability to Apply Supply Chain Risk Management Standards
AC-2, AC-3, AC-17 Use access control lists (derived from 3.1.1) to restrict access to applications and data based on role and/or identity. On-demand registry access ITSAapplies UI Enterprise Active Directory Policy (IT-02); User access requests checked against the AD database for authorization.
A0031: Ability to Conduct and Implement Market Research to Understand Government and Industry Capabilities
Within the framework of Porter's five forces model, describe from a market research and appropriate pricing perspective how each strength of these five forces can expand or limit the need to conduct market research when acquiring a product or service. Show some of the factors described in the guide on how to decide or judge proper product pricing.
A0039: Ability to Oversee the Development and Update of the Lifecycle Cost Estimate
Do your research to make a comparison between these four different methods, the strengths and weaknesses of each of these methods or techniques. Study the DoD Facilities Pricing Guide (DOD UNIT COST/AREA COST FACTORS AND FACILITIES GUIDELINES: https://www.wbdg.org/FFC/.
A0045: Ability to Evaluate/Ensure the Trustworthiness of the Supplier and/or Product
A0056: Ability to Ensure Security Practices Are Followed Throughout the Acquisition Process
Polydys and Wisseman paper 2009a, b) section 2.3 describes examples of security practices that should be taken into account at this stage. Evaluate all elements based on the acquisition project you selected in this chapter.
A0064: Ability to Interpret and Translate Customer Requirements into Operational Capabilities
Questionnaires/surveys can be developed to respond to some safety concerns related to the purchased product. Evaluate all the elements in Chapter 5 against the acquisition project you selected in this chapter.
Continuity Planning and Disaster Recovery
K0210: Knowledge of Data Backup and Restoration Concepts
For individual users and small businesses, external USB hard drives and flash drives may be preferable in many situations. In terms of reliability, such external drives have a fair share of failures that can lead to data loss or corruption.
RAID
Cloud service provider is also responsible for the correctness, availability and integrity of data and the need to have and acquire it when needed. For example, cloud service provider should always verify that data is hosted physically in the United States.
K0365: Knowledge of Basic Back-Up and Recovery
Procedures Including Different Types of Backups (e.g., Full, Incremental)
Transactions that completed while the data was lost or corrupted can be rolled forward based on information from the logs (eg DBMS, OS, web server logs). In one system failure, both forward and backward recoveries can be used; try forward recovery first and for those transactions where forward recovery is impossible, use backward recovery.
K0026: Knowledge of Disaster Recovery Continuity of Operations Plans
The plan should be realistic and periodic exercises are necessary to ensure the validity of the plan and also to strengthen the employees. To protect critical resources, the DRP should consider backing up data and critical system assets off-site (ie, in physical locations different from active or operational systems).
S0032: Skill in Developing, Testing, and Implementing Network Infrastructure Contingency and Recovery Plans
For DRP, BCP and COOP it is important to perform Business Process Analysis (BPA) and also Business Impact Analysis (BIA). 1, defined BIA as "the analysis of an information system's requirements, functions, and interdependencies." The BIA identifies the system-critical functions and resources and the impact such functions or resources, if they failed, would have on the business.
S0150: Skill in Implementing and Testing Network Infrastructure Contingency and Recovery Plans
You can find many references on the Internet for "disaster recovery (DR) self-assessment tool." Such tools can take various forms, such as surveys (to distribute to target employees) or just self-assessment checklists. You can find many references on the Internet for "business continuity (BC) self-assessment tool." Such tools can take various forms, such as surveys (to distribute to target employees) or just self-assessment checklists.
Cyber Defense Analysis and Support
K0098: Knowledge of the Cyber Defense Service Provider Reporting Structure and Processes Within One’s Own
CNDSP is not required for organizations that will only disclose information through the commercial Internet Service Provider (ISP). In CDN-SP, DoD issued the following directives: DoDD O-8530.1, Computer Network Defense (CND) and DoDI O-8530.2, Support to Computer Network Defense (CND), DoD O-8530.1-M, Department of Defense Computer Network Defense (CND) Service Provider Certification and Accreditation Process.
K0107: Knowledge of and Experience in Insider Threat Investigations, Reporting, Investigative Tools and Laws/
CJCSI 6510.01D and CJCSI 6510.01E provide detailed procedures for IA and CND that supplement guidance issued in the DoD 8500 series of guidelines and instructions in 2004 and 2007 respectively.
Regulations
On the other hand, from insiders with a deliberate attack, insiders can be part of an attack without knowing it. They can be tricked using various mechanisms (e.g. social engineering) into being both attackers and victims of the same attack.
K0157: Knowledge of Cyber Defense Policies, Procedures, and Regulations
An organization's cyber defense is based on the process of managing and assessing cyber risks. For example, Radvanovsky and Brodsky 2016 proposed an active cyber defense cycle based on four tasks (Fig. threat intelligence consumption, (2) asset identification and network security monitoring, (3) incident response, and (4) threat and manipulation of the environment.
K0190: Knowledge of Encryption Methodologies
In relation to cyber defense regulations, there has been much public debate about the security countermeasures that companies can legally take to protect their computing assets, networks and data. On the other hand, defensive cyber measures can raise a variety of issues (eg, privacy concerns and data collection or surveillance), and private sector professionals may want to consult with their attorneys before implementing certain types of defensive cyber measures.
S0063: Skill in Collecting Data from a Variety of Cyber Defense Resources
The government must enforce laws that prosecute and prevent cyberattacks even if they target businesses in other countries. Hacking back: Offensive actions such as hacking back may be an option in some cyber action situations.
S0096: Skill in Reading and Interpreting Signatures (e.g., Snort)
Task 2: The link (2017 in Snort Signatures, written by Martin Lee and Vanja Svajcer, http://blog.talosintelligence.com in-snort-signatures.html) shows the top five Snort Signatures reported in 2017. Task 5: https:/ /packettotal.com can be used to automatically analyze traffic files for possible abnormal behavior.
S0124: Skill in Troubleshooting and Diagnosing Cyber Defense Infrastructure Anomalies and Work
Through Resolution
Try to find tools that can be used for IDS/IPS testing (either automated or semi-automated). Select a working or running IDS/IPS of your choice and evaluate its rules for potential anomalies (either statically or based on real-time traffic).
Cyber Intelligence
K0409: Knowledge of Cyber Intelligence/Information Collection Capabilities and Repositories
Results from previous cycles can be used to improve further analysis and planning in future cycles. They can be related to a single incident or crime or to a large-scale national or international malware, hacking, etc.
K0525: Knowledge of Required Intelligence Planning Products Associated with Cyber Operational Planning
K0550: Knowledge of Target, Including Related Current Events, Communication Profile, Actors, and History
K0553: Knowledge of Tasking Processes for Organic and Subordinate Collection Assets
K0554: Knowledge of Tasking, Collection, Processing, Exploitation, and Dissemination
K0562: Knowledge of capabilities and limitations of new and emerging capabilities, accesses, and/or collections.
K0562: Knowledge of the Capabilities and Limitations of New and Emerging Collection Capabilities, Accesses, and/or
Processes
K0568: Knowledge of the Definition of Collection Management and Collection Management Authority
K0404: Knowledge of Current Collection Requirements
K0571: Knowledge of the Feedback Cycle in Collection Processes
K0578: Knowledge of the Intelligence Requirements Development and Request for Information Processes
K0580: Knowledge of the Organization’s Established Format for Collection Plan
At a minimum, the collection should include PIRs, intelligence indicators, specific information requirements (SIRs), specific orders and requests (SORs), and available collection agencies or assets. The collection plan may be used only informally by the intelligence staff or may be formal based on a structured template (eg, Fig. 5.3) that can be communicated between different departments.
K0595: Knowledge of the Relationships of Operational Objectives, Intelligence Requirements, and Intelligence
Examples of other collection template formats include: Standard Collection Format and Distributed Battlefield Collection Plan Format (FM34-2 and FM34-7, Globalsecurity). Intelligence Preparation of the Battlefield (IPB): Threat and environment analysis in a specific geographic area.
Cyber Intelligence: K0596 Knowledge of the Request for Information Process
Request for information or request for intelligence (RFI) relates to receiving instructions or guidance about the intelligence cycle or process. For example, the RFI may include a request approval for some deviations from the original requirements that cannot be met for some reason.
K0602: Knowledge of the Various Collection Disciplines and Capabilities
The RFI may also include requests for directions on how to proceed when there are conflicting input requirements. Cites excerpts from specific references necessary to clarify unclear parts to facilitate answering questions or inquiries in the RFI.
K0458: Knowledge of Intelligence Disciplines
Cyber Intelligence Analysis
K0110: Knowledge of Common Adversary Tactics, Techniques, and Procedures in Assigned Area
MITER (https://attack.mitre.org/wiki/Main_Page) is an example model, framework, or suite of threat models to represent TTPs that can be used against information. The framework describes a large matrix of attacks on those different operating systems (Fig. 6.4: https://attack.mitre.org).
K0115: Knowledge of Emerging Computer-Based Technology That Has Potential for Exploitation by Adversaries
K0312: Knowledge of Intelligence Principles, Policies, and Procedures Including Legal Authorities and Restrictions
The Act establishes a mechanism for cybersecurity information sharing between the private sector and federal government entities. It also provides liability protection for private entities that share cybersecurity information in certain situations.
FISMA
Recognize some of the cyber security intelligence challenges that have borderless, interconnected and global nature of today's cyber environment. This law focuses on information sharing (including classified information) and coordination between federal intelligence entities and private sector experts or cybersecurity service providers.
K0315: Knowledge of the Principal Methods, Procedures, and Techniques of Gathering Information and Producing,
There are several efforts at the national or organizational level to integrate and coordinate cybersecurity intelligence and information sharing. INTERPOL Cyber Fusion Centre, The Global Complex for Innovation (https:// .. www.interpol.int/About-INTERPOL/The-INTERPOL-Global-Complex-for- Innovation).
K0352: Knowledge of All Forms of Intelligence Support Needs, Topics, and Focus Areas
K0354: Knowledge of All Relevant Reporting and Dissemination Procedures
K0355: Knowledge of All-Source Reporting and Dissemination Procedures
Serialized intelligence reports focus on one aspect (eg, time reports: daily, weekly, monthly, etc.) or by topic, geographic location, etc. Both serialized and special reports are often referred to as FINTEL, i.e., processed or completed intelligence reports.
K0358: Knowledge of Analytical Standards and the Purpose of Intelligence Confidence Levels
The NSA FISA report (see also USSID Reporting and Dissemination Group SP0018) is limited to an examination of the procedures and practices used to protect the obtained US personal information disseminated in serial intelligence reports. An open question in security intelligence analysis relates to the best formula of "how to properly collect and disseminate intelligence and how often."
K0359: Knowledge of Approved Intelligence Dissemination Processes
Timeliness: Deliver the right actionable intelligence to the right intended audience at the right time to take the right actions. Perhaps one of the main reasons why this question is complex and open is related to the fact that each intelligence requirement can have a unique content in terms of: goal, input variable, information sources, time, etc.
K0386: Knowledge of Collection Management Tools
The most appropriate form and format for disseminating intelligence depends primarily on the needs of the recipient, the urgency of the intelligence, and the possible means of conveying the information (e.g. verbal, electronic, messages, texts).
K0391: Knowledge of Collection Systems, Capabilities, and Processes
ECHELON
WebTAS Enterprise (WE) is a suite of tools that support the integration, visualization, analysis and production of actionable intelligence across multiple data sources, user communities and missions (https://www.issinc.com/webtas-enterprise) ). WebTAS STAKE's are developed for Combined Air and Space Operations (CAOC) ISRD acquisition management as well as other users with ISR support needs.
K0387: Knowledge of Collection Planning Process and Collection Plan
Collection plans must be adaptable; collection requirements can go through multiple updates to ensure collection efforts are synchronized with current operations while also supporting future operations planning.
K0389: Knowledge of Collection Sources
Including Conventional and Non-conventional Sources
504 separate sources of Internet data collection (DNI) and telephone metadata (DNR) were targeted targets in the NSA's PRISM collection program.
K0390: Knowledge of Collection Strategies Cross-Intelligence Collection Strategies
Strategic intelligence is “Intelligence required for the formulation of strategies, policies, and military plans and operations at the national and theater levels” (CIA.gov). Part of strategic intelligence is providing the ability to anticipate future events and plan for them (eg, disrupting adversaries or hackers attacking plans).
K0394: Knowledge of Common Reporting Databases and Tools
From business perspectives, strategic intelligence gathering should help organizations in future decision-making processes, policies and ultimately organizational success, where it should help deliver the right information to the right people at the right time.
K0401: Knowledge of Criteria for Evaluating Collection Products
For known or known intelligence collection tools, the assessment should take into account the historical data of those products. For security intelligence collection products, accuracy and timeliness are key factors in evaluating those products.
K0441: Knowledge of How Collection Requirements and Information Needs Are Translated, Tracked,
Intelligence needs to be transformed into "actionable knowledge". Simply put, actionable knowledge is knowledge that is action-oriented or that can be used to: directly or indirectly aid decision-making. It is important to distinguish between "active knowledge" and those simple low-level security rules, access control lists, etc.
K0456: Knowledge of Intelligence Capabilities and Limitations
A simple action by a firewall or an IDS/IPS to block suspicious traffic can be considered "actionable knowledge." On the other hand, new security or policy requirements to enforce certain regulations/restrictions on passwords can also be considered as "actionable knowledge" obtained based on certain security incidents, activities, collected data, information, etc. In other words, while some systems are capable of providing "low-level" categories of actionable insights for specific or categories of abnormal or malicious attacks, no system can realistically claim to provide more complex types of actionable insights. for a large spectrum of potential threats.
K0457: Knowledge of Intelligence Confidence Levels
Intelligence is correlated from more than one source – Intelligence is correlated from more than one system/tool. The level of security clearance can indicate either: (1) the level of access to sensitive information or (2) the level of investigation being conducted on the person requesting or in possession of the clearance.
K0460: Knowledge of Intelligence Preparation of the Environment and Similar Processes
Define the environment: This step includes gathering basic information needed to outline the exact location of the mission or area of interest. Describe Environmental Influences: For the area of interest from the first step, provide the following descriptive information.
K0461: Knowledge of Intelligence Production Processes
Take into account all the details that could influence a potential operation in the area: weather, vegetation, roads, facilities, population, languages, social, ethnic, religious and political factors. Assess threats and dangers: Add intelligence and threat data from multiple intelligence disciplines for the area of interest.
K0462: Knowledge of Intelligence Reporting Principles, Policies, Procedures, and Vehicles, Including Report Formats,
Develop Analytical Conclusions: Integrate all information to develop analytical conclusions such as adversary actions; COA.
Dissemination Practices, and Legal Authorities and Restrictions
Intelligence Summaries: Incidents, visits, certain events may cause special intelligence summary reports to be created. Nevertheless, cases may exist where information obtained from public or open sources is valuable/new from the perspectives of intelligence agencies.
K0463: Knowledge of Intelligence Requirements Tasking Systems
The National Human Intelligence Collection Directives (NHCD) were developed by the NHRTC, with a major focus on human intelligence collection, requirements, policies and programs. This request system is designed to be active, subject to frequent changes, and driven by the community.
K0464 Knowledge of Intelligence Support to Planning, Execution, and Assessment
One difference in terms of intelligence support for the planning and execution phases is that in the execution phases the time for intelligence support is typically shorter and more sensitive (e.g., in hours, rather than days, weeks). In addition, the amount of information and purpose are more focused (e.g. more intelligence requirements and more details).
K0484: Knowledge of Midpoint Collection (Process, Objectives, Organization, Targets, etc.)
K0492: Knowledge of Non-traditional Collection Methodologies
K0514: Knowledge of Organizational Structures and Associated Intelligence Capabilities
K0544: Knowledge of Target Intelligence Gathering and Operational Preparation Techniques and Lifecycles
The term "OPE" itself was developed from the term "Operational Preparation of the Battlespace" (OPB). Orientation activities such as: situational awareness, surveys and assessments, and knowledge of the fastest routes.
K0577: Knowledge of the Intelligence Frameworks, Processes, and Related Systems
Hybrid analysis https://www.hybrid-analysis.com PE dump https://github.com/zed-0xff/pedump Yararules https://analysis.yararules.com/. White Paper: "Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC" (2013) www.openioc.org.
Cyber Operational Planning
K0028 Knowledge of Organization’s Evaluation and Validation Requirements
Consistency also relates to writing security requirements at the same level of abstraction and detail. In the later stages of designing and implementing security controls, we can test low-level security controls, policies, and rules as outputs or implemented products based on early security requirements.
K0234: Knowledge of Full Spectrum Cyber Capabilities
We can classify the overall validation process based on when we validate the requirements or based on which reference. For example, early in the process we initiate a process for eliciting security requirements based on business goals, information systems, environment, regulatory compliance, etc.
CNA/D/E/O
K0316: Knowledge of Business or Military Operation Plans, Concept Operation Plans, Orders, Policies, and Standing
Additionally, those URLs and IP addresses may be sold from time to time to different users or owners. As an alternative to dictionary-based malicious URL detection, rule-based detection methods can be used to study attack patterns.
K0400: Knowledge of Crisis Action Planning for Cyber Operations
For a network with many users or Internet connections, requiring each traffic request to be tested against the malicious list first can be a serious overhead problem. Although the previous method can be more accurate in the areas of known malicious URLs, detection methods based on common characteristics of attacks can work more effectively in unknown areas.
K0413: Knowledge of Cyber Operation Objectives, Policies, and Legalities
Another issue that can complicate the legal issues surrounding cyber operations is that members of a cyber operation can be (1) government or government employees (eg from departments related to cyber intelligence), (2) they can also be individuals , sponsored by the state. or (3) may be individuals or groups of individuals working alone. From a legal perspective, the ability to track the impact of an offensive cyber operation is very complex, as it typically involves many users and assets in different domains.
K0415: Knowledge of Cyber Operations Terminology/Lexicon
For example, the website https://www.cfr.org/interactive/cyber-operations reports cyber operations incidents and classifies them by: type, cyber operations, state sponsor, victim, victim category and government response of victims (Fig. 7.4). Industrial or technological espionage is also popular in cyber operations where states or companies conduct cyber operations to obtain certain knowledge or technologies.
K0436: Knowledge of Fundamental Cyber Operations Concepts, Terminology/Lexicon (i.e., Environment
This is one of the “buzz” words in cyber operations and intelligence that is largely used by companies for marketing purposes. An important limitation in cyber operations addressed in the manual is related to the protection of civilians and the need to take all possible measures to protect people from the consequences of cyber operations.
K0416: Knowledge of Cyber Operations
Systems and Assets: Cyber operations students must learn about the various systems and assets they must protect. Cyber operations can also be divided into three categories: Access operations, disruption operations and attack operations, Fig.
K0424: Knowledge of Denial and Deception Techniques
K0442: Knowledge of How Converged Technologies Impact Cyber Operations (e.g., Digital, Telephony, Wireless)
These services are gradually converging to the same services that desktop or laptop computers can offer. In cyber offensive operations, accounts in OSNs can be targets for disclosure and theft of private information.
K0465: Knowledge of Internal and External Partner Cyber Operations Capabilities and Tools
K0494: Knowledge of Objectives, Situation, Operational Environment, and the Status and Disposition of Internal
Most current cyber operations strategies require the integration of electronic warfare (EW) strategies. In 2009, the US established the Cyber Command (CYBERCOM) with the NSA to help protect US systems from cyber attacks.
K0495: Knowledge of Ongoing and Future Operations
Another example of Russia's heavy use of cyber operations in its recent warfare is the cyber operations conducted in the conflict in Georgia in 2008. The cyber operations in Estonia in 2007 were believed to be related to Russian hackers or local supporters of Russia in Estonia.
K0496: Knowledge of Operational Asset Constraints
The direct result of the cyber attacks was the creation of the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Tallinn, Estonia. The hackers (called themselves: Guardians of Peace (GOP)) demanded the cancellation of the release of the movie "The Interview." As such, it is believed that North Korea sponsored the attack.
K0497: Knowledge of Operational Effectiveness Assessment
The existence of the correct organizational structure, roles and responsibilities which support the implementation of the cyber operation.
K0498: Knowledge of Operational Planning Processes
Selection of commander careers (COAs) to achieve strategic objectives.
K0499: Knowledge of Operations Security
OPSEC can be assessed through a thorough evaluation of the effectiveness of an organization's implementation of OPSEC methods, resources and tools. OPSEC security measures are applied to both organizational information systems and the environments in which those systems operate.
K0503: Knowledge of Organization Formats of Resource and Asset Readiness Reporting, Its Operational Relevance
K0519: Knowledge of Planning Timelines Adaptive, Crisis Action, and Time-Sensitive Planning
A target is time sensitive when it requires an immediate response because it poses a real danger. A mission is time-sensitive when there is an operationally small period of time in which the goal of the mission must be achieved.
K0572: Knowledge of the Functions and Capabilities of Internal Teams that Emulate Threat Activities to Benefit
Time-sensitive planning: Events may occur that are considered significant to national security and require a national response. As with CAP, incident planning is also time-sensitive and directs or coordinates the response to impending or ongoing incidents and events.
K0585: Knowledge of the Organizational Structure as It Pertains to Full Spectrum Cyber Operations,
Hack the Air Force,” the US military invited hackers through a contest to hack some of their websites. This is the third in a series of similar competitions: “Hack the Pentagon” and “Hack the Army competitions” (Greene 2017).
Including the Functions, Responsibilities,
In a project to crowd source vulnerability discovery, the US IRS awarded Synack (https://www.synack.com/government/) a two million dollar contract to provide penetration testing through ethical hackers or researchers who have no knowledge of IRS systems. Open Bug Bounty is another popular website or platform for non-profit white hat hackers: https://www.openbugbounty.org/.
For example, civilians tend to have the least percentage in the teams overall, while costing the least in terms of salary, etc. Each of the services has had different approaches to organizing and has different views on how to build the cyber structure.
K0588: Knowledge of the Priority Information Requirements from Subordinate, Lateral, and Higher Levels
K0589: Knowledge of the Process Used to Assess the Performance and Impact of Operations
K0593: Knowledge of the Range of Cyber Operations and Their Underlying Intelligence Support Needs, Topics,
Intelligence Preparation of the Cyber Environment (IPCE) is proposed in (Lemay et al. 2014) in comparison to Intelligence Preparation of the Battlefield to focus on how intelligence can support cyber operations. The operational environment: This environment is generally divided into two main categories: inside the organization's network and outside it.
K0594: Knowledge of the Relationships Between End States, Objectives, Effects, Lines of Operation, etc
Planning and direction to include identification of target vulnerabilities to enable ongoing planning and direction of cyber intelligence activities.
K0613: Knowledge of Who the Organization’s Operational Planners Are, How and Where They Can be Contacted,
For example, while technical-level planners need to know detailed technical data about target systems, operational planners care more about the sum of adversary impacts and their functions (Barber et al. 2015).
S0030: Skill in Developing Operations-Based Testing Scenarios
There are several websites (eg https://www.cybercompex.org/, hackerone.com, http://www.nationalccdc.org/, www.hackthebox.eu) that broadcast frequent national cyber operations competitions.
S0055: Skill in Using Knowledge Management Technologies
Python: One of the most popular programming/scripting languages for cybersecurity and data analysis. Some popular Python libraries for learning in this range: Scikit learn and TensorFlow.
S0061: Skill in Writing Test Plans
Several open source IDEs can be used to write and execute Python code such as PyCharm and Anaconda. Knime (knime.com), written in Java, Knime is a free and open source data analyst reporting and integration platform.
S0082: Skill in Evaluating Test Plans for Applicability and Completeness
Detailed operational test plans should be evaluated to determine whether the conditions imposed by the crew test invalidate the utility of the data collected (T&E Guide 1993). Completeness refers to verifying that test plans cover all security aspects of the systems and assets being tested and that no aspects are incomplete or missing.
S0104: Skill in Conducting Test Readiness Reviews
In: Proceedings of the 14th International Conference on Information Fusion (FUSION), pp 1–8 Joint Pub (1999) Joint task force planning guidance and procedures. Lemay A, Knight S, Fernandez J (2014) Intelligence preparation of the cyber environment, finding the high ground in cyberspace.
Cyber Policy and Strategy Management
K0065: Knowledge of Policy-Based and Risk-Adaptive Access Controls
Adaptive access controls refer to access control architectures that have the ability to support policies that can change. An adaptive access control system should be able to revoke that privilege once in a given context if the administrator has violated a particular system policy.
K0191: Knowledge of Signature Implementation Impact
For example, the same user on the same resource may be granted in one context and denied in another based on the different risk assessments in the two cases. In one example of an adaptive access control, Critical Aware Access Control (CAAC) is introduced as an adaptive access control mechanism for emergency management in smart environments based on RBAC (Venkata Subramanian et al. 2014).
K0248: Knowledge of Strategic Theory and Practice
K0288: Knowledge of Industry Standard Security Models
