Cyber Intrusion Analyst

What you'll learn

On this course, you will learn to:

• integrate and correlate information from various sources and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a network security breach
• accurately, impartially and concisely record and report the appropriate information, including the ability to write reports
• recognise and identify all the main normal features of log files generated by typical network appliances, including servers and virtual servers, firewalls, routers
• recognise and identify all the main features of a normally operating network layer, including data structures and protocol behaviour, as presented by network analysis and visualisation tools
• undertake root cause analysis of events and make recommendations to reduce false positives and false negatives
• undertake own research to find information on threat and vulnerability (including using the internet)
• manage local response to non-major incidents in accordance with a defined procedure
• operate according to service level agreements or employer defined performance targets
• understand IT network features and functions, including virtual networking, principles and common practice in network security and the OSI and TCP/IP models, and the function and features of the main network appliances
• understand and utilise at least three Operating System (OS) security functions and associated features
• understand and apply the foundations of information and cyber security including: explaining the importance of cyber security and basic concepts including harm, identity, confidentiality, integrity, availability, threat, risk and hazard, trust and assurance and the ‘insider threat’ as well as explaining how the concepts relate to each other and the significance of risk to a business
• understand and propose appropriate responses to current and new attack techniques, hazards and vulnerabilities relevant to the network and business environment
• understands lifecycle and service management practices to Information Technology Infrastructure Library (ITIL) foundation level
• understands and can advise others on cyber incident response processes, incident management processes and evidence collection/preservation requirements to support incident investigation
• understands the main features and applicability of law, regulations and standards (including Data Protection Act/Directive, Computer Misuse Act, ISO 27001) relevant to cyber network defence and follows these appropriately
• understands, can adhere to and can advise on the ethical responsibilities of a cyber-security professional.