PD-WRL-001

Defensive Cybersecurity

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

Task statements

T0020: Develop content for cyber defense tools
T0164: Perform cyber defense trend analysis and reporting
T0292: Recommend computing environment vulnerability corrections
T0299: Identify network mapping and operating system (OS) fingerprinting activities
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1021: Review cyber defense service provider reporting structure
T1084: Identify anomalous network activity
T1085: Identify potential threats to network resources
T1112: Validate network alerts
T1119: Recommend vulnerability remediation strategies
T1176: Determine if cybersecurity-enabled products reduce identified risk to acceptable levels
T1177: Determine if security control technologies reduce identified risk to acceptable levels
T1241: Document cybersecurity incidents
T1242: Escalate incidents that may cause ongoing and immediate impact to the environment
T1254: Determine the effectiveness of an observed attack
T1266: Recommend risk mitigation strategies
T1278: Recommend system modifications
T1290: Communicate daily network event and activity reports
T1299: Determine causes of network alerts
T1347: Detect cybersecurity attacks and intrusions
T1348: Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
T1349: Communicate cybersecurity attacks and intrusions alerts
T1350: Perform continuous monitoring of system activity
T1351: Determine impact of malicious activity on systems and information
T1384: Establish intrusion set procedures
T1385: Identify network traffic anomalies
T1386: Analyze network traffic anomalies
T1387: Validate intrusion detection system alerts
T1388: Isolate malware
T1389: Remove malware
T1390: Identify network device applications and operating systems
T1391: Reconstruct malicious attacks
T1406: Construct cyber defense network tool signatures
T1428: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents
T1539: Analyze organizational cybersecurity posture trends
T1540: Develop organizational cybersecurity posture trend reports
T1541: Develop system security posture trend reports
T1548: Determine adequacy of access controls
T1582: Maintain currency of cyber defense threat conditions
T1583: Determine effectiveness of system implementation and testing processes
T1603: Recommend threat and vulnerability risk mitigation strategies
T1615: Advise stakeholders on vulnerability compliance
T1616: Resolve computer security incidents
T1618: Advise stakeholders on disaster recovery, contingency, and continuity of operations plans

Knowledge statements

K0018: Knowledge of encryption algorithms
K0068: Knowledge of programming language structures and logic
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0685: Knowledge of access control principles and practices
K0686: Knowledge of authentication and authorization tools and techniques
K0689: Knowledge of network infrastructure principles and practices
K0691: Knowledge of cyber defense tools and techniques
K0692: Knowledge of vulnerability assessment tools and techniques
K0694: Knowledge of computer algorithm capabilities and applications
K0698: Knowledge of cryptographic key management principles and practices
K0707: Knowledge of database systems and software
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0718: Knowledge of network communications principles and practices
K0723: Knowledge of vulnerability data sources
K0724: Knowledge of incident response principles and practices
K0725: Knowledge of incident response tools and techniques
K0726: Knowledge of incident handling tools and techniques
K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
K0729: Knowledge of non-repudiation principles and practices
K0730: Knowledge of cyber safety principles and practices
K0731: Knowledge of systems security engineering (SSE) principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0736: Knowledge of information technology (IT) security principles and practices
K0742: Knowledge of identity and access management (IAM) principles and practices
K0743: Knowledge of new and emerging technologies
K0744: Knowledge of operating system (OS) systems and software
K0746: Knowledge of policy-based access controls
K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
K0749: Knowledge of process engineering principles and practices
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0756: Knowledge of security management principles and practices
K0757: Knowledge of system design tools and techniques
K0758: Knowledge of server administration principles and practices
K0759: Knowledge of client and server architecture
K0765: Knowledge of software engineering principles and practices
K0766: Knowledge of data asset management principles and practices
K0770: Knowledge of system administration principles and practices
K0772: Knowledge of systems testing and evaluation tools and techniques
K0773: Knowledge of telecommunications principles and practices
K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
K0779: Knowledge of systems engineering processes
K0781: Knowledge of virtual private network (VPN) systems and software
K0783: Knowledge of network attack characteristics
K0784: Knowledge of insider threat laws and regulations
K0785: Knowledge of insider threat tools and techniques
K0788: Knowledge of adversarial tactics principles and practices
K0789: Knowledge of adversarial tactics tools and techniques
K0790: Knowledge of adversarial tactics policies and procedures
K0791: Knowledge of defense-in-depth principles and practices
K0792: Knowledge of network configurations
K0793: Knowledge of file extensions
K0805: Knowledge of command-line tools and techniques
K0812: Knowledge of digital communication systems and software
K0813: Knowledge of interpreted and compiled programming language characteristics
K0815: Knowledge of intelligence collection management processes
K0816: Knowledge of front-end intelligence collection systems and software
K0829: Knowledge of account creation policies and procedures
K0830: Knowledge of password policies and procedures
K0831: Knowledge of network attack vectors
K0832: Knowledge of cyberattack characteristics
K0833: Knowledge of cyberattack actor characteristics
K0837: Knowledge of hardening tools and techniques
K0840: Knowledge of hardware reverse engineering tools and techniques
K0842: Knowledge of software reverse engineering tools and techniques
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0848: Knowledge of network systems management principles and practices
K0849: Knowledge of network systems management tools and techniques
K0851: Knowledge of reverse engineering principles and practices
K0859: Knowledge of encryption tools and techniques
K0860: Knowledge of malware signature principles and practices
K0861: Knowledge of network port capabilities and applications
K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
K0871: Knowledge of enterprise architecture (EA) principles and practices
K0877: Knowledge of application firewall principles and practices
K0878: Knowledge of network firewall principles and practices
K0879: Knowledge of industry cybersecurity models and frameworks
K0880: Knowledge of access control models and frameworks
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0892: Knowledge of cyber defense laws and regulations
K0915: Knowledge of network architecture principles and practices
K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
K0924: Knowledge of network analysis tools and techniques
K0928: Knowledge of systems engineering principles and practices
K0937: Knowledge of countermeasure design principles and practices
K0938: Knowledge of network mapping principles and practices
K0939: Knowledge of packet-level analysis tools and techniques
K0940: Knowledge of subnet tools and techniques
K0942: Knowledge of cryptology principles and practices
K0947: Knowledge of computer engineering principles and practices
K0948: Knowledge of embedded systems and software
K0950: Knowledge of Intrusion Detection System (IDS) tools and techniques
K0951: Knowledge of Intrusion Prevention System (IPS) tools and techniques
K0955: Knowledge of penetration testing principles and practices
K0956: Knowledge of penetration testing tools and techniques
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0969: Knowledge of cyber-attack tools and techniques
K0983: Knowledge of computer networking principles and practices
K1014: Knowledge of network security principles and practices
K1079: Knowledge of web application security risks
K1089: Knowledge of protocol analyzer tools and techniques
K1108: Knowledge of traceroute tools and techniques
K1131: Knowledge of cyber defense monitoring tools
K1132: Knowledge of cyber defense system analysis tools
K1144: Knowledge of data correlation tools and techniques
K1168: Knowledge of intrusion set tools and techniques
K1176: Knowledge of network topologies
K1181: Knowledge of organizational cybersecurity incident response plans
K1193: Knowledge of packet analysis tools and techniques

Skill statements

S0156: Skill in performing packet-level analysis
S0483: Skill in identifying software communications vulnerabilities
S0490: Skill in recreating network topologies
S0509: Skill in evaluating security products
S0543: Skill in scanning for vulnerabilities
S0544: Skill in recognizing vulnerabilities
S0566: Skill in developing signatures
S0567: Skill in deploying signatures
S0572: Skill in detecting host- and network-based intrusions
S0574: Skill in developing security system controls
S0578: Skill in evaluating security designs
S0593: Skill in handling incidents
S0600: Skill in collecting relevant data from a variety of sources
S0614: Skill in categorizing types of vulnerabilities
S0627: Skill in reading signatures
S0651: Skill in performing malware analysis
S0667: Skill in assessing security controls
S0688: Skill in performing network data analysis
S0712: Skill in evaluating data source quality
S0722: Skill in interpreting traceroute results
S0755: Skill in reconstructing a network
S0809: Skill in utilizing cyber defense service provider information
S0838: Skill in identifying anomalous activities
S0839: Skill in identifying exploited system weaknesses
S0840: Skill in identifying misuse activities
S0846: Skill in monitoring system activity
S0854: Skill in performing data analysis
S0857: Skill in performing dynamic analysis
S0859: Skill in performing event correlation
S0863: Skill in performing incident analysis
S0866: Skill in performing log file analysis
S0867: Skill in performing malicious activity analysis
S0869: Skill in performing metadata analysis
S0872: Skill in performing network data flow analysis
S0873: Skill in performing network traffic analysis
S0874: Skill in performing network traffic analysis
S0875: Skill in performing network traffic packet analysis
S0885: Skill in performing system activity analysis
S0892: Skill in performing trend analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)