Middle School Curriculum

Senior official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation (CNSSI 4009).

Related Job Titles:

• Certifying Official
• Compliance Manager
• Designated Accrediting Authority
• Information Assurance (IA) Officer

Tasks:

• Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2).
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Establish acceptable limits for the software application, network, or system.
• Manage Accreditation Packages (e.g., ISO/IEC 15026-2).

Individual who manages the Communications Security (COMSEC) resources of an organization (CNSSI 4009) or key custodian for a Crypto Key Management System (CKMS).

Related Job Titles:

• Keying Material Manager
• Network Services and Data Communications Specialist
• Security Specialist (Crypto)
• Telecommunications Specialist

Tasks:

• Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements and on risk levels and security posture.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.

Examines data from multiple disparate sources with the goal of providing security and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.

Related Job Titles:

• Computer Network Defense (CND) Analyst
• Cybersecurity / Information Security Analyst
• Enterprise Network Defense (END) Analyst
• Incident Analyst
• Network Defense Technician
• Network Security Analyst / Specialist / Engineer
• Security Operator
• Sensor Analyst

Tasks:

• Analyze and define data requirements and specifications.
• Develop data standards, policies, and procedures.
• Analyze data sources to provide actionable recommendations.
• Assess the validity of source data and subsequent findings.
• Collect metrics and trending data.
• Provide actionable recommendations to critical stakeholders based on data analysis and findings.
• Analyze and plan for anticipated changes in data capacity requirements.
• Manage the compilation, cataloging, caching, distribution, and retrieval of data.
• Provide a managed flow of relevant information (via web-based portals or other means) based on mission requirements.
• Provide recommendations on new database technologies and architectures.
• Conduct hypothesis testing using statistical processes.
• Confer with systems analysts, engineers, programmers, and others to design application.
• Develop and facilitate data-gathering methods.
• Develop strategic insights from large data sets.
• Develop and implement data mining and data warehousing programs.
• Utilize different programming languages to write code, open files, read files, and write output to different files.

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Related Job Titles:

• Computer Forensic Analyst
• Computer Network Defense (CND) Forensic Analyst
• Cyber Forensic Analyst
• Digital Forensic Examiner
• Forensic Analyst (Cryptologic)
• Forensic Technician
• Host Forensic Examiner
• Network Forensic Examiner

Tasks:

• Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion.
• Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
• Provide technical summary of findings in accordance with established reporting procedures.
• Examine recovered data for information of relevance to the issue at hand.
• Perform file system forensic analysis.
• Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CDs, PDAs, mobile phones, GPS, and all tape formats.
• Decrypt seized data using technical means.
• Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
• Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Related Job Titles:

• Computer Network Defense Incident Responder
• Computer Security Incident Response Team Engineer
• Disaster Recovery Specialist
• Incident Handler
• Incident Responder
• Incident Response Analyst
• Incident Response Coordinator
• Incident Response Engineer

Tasks:

• Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
• Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinate incident response functions.

Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.

Related Job Titles:

• Continuous Diagnostics and Mitigation Specialist
• Continuous Monitoring Specialist
• Cyber Defense Engineer / Administrator
• Cyber Tool Engineer / Administrator
• Disaster Recovery / Emergency Management Specialist
• Intrusion Detection System Administrator / Technician
• Network Security Specialist / Engineer
• Systems Security Administrator / Engineer
• Trusted Internet Connection (TIC) Gateway Engineer

Tasks:

• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Build, install, configure, and test dedicated cyber defense hardware.
• Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
• Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).
• Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
• Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise, and document and maintain records for them.

Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.

Related Job Titles:

• Information Assurance (IA) Developer
• Information Assurance Engineer
• Information Systems Security Engineer
• Security / Systems Engineer
• Telecommunications Engineer

Tasks:

• Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
• Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
• Assess the effectiveness of cybersecurity measures utilized by system(s).
• Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
• Build, test, and modify product prototypes using working models or theoretical models.
• Design hardware, operating systems, and software applications to adequately address cybersecurity requirements.

Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

Related Job Titles:

• Application Security Analyst / Engineer
• Application Security Tester
• Information Assurance (IA) Software Developer
• Information Assurance (IA) Software Engineer
• Secure Software Engineer
• Security Engineer
• Security Requirements Analyst
• Software Assurance Analyst
• Software Quality / Quality Assurance Engineer

Tasks:

• Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Consult with engineering staff to evaluate interface between hardware and software.
• Identify basic common coding flaws at a high level.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities.

Ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.

Related Job Titles:

• Cybersecurity Architect
• Information Assurance (IA) Architect
• Information Security Architect
• Security Solutions Architect

Tasks:

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET).
• Document and address organization’s information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
• Employ secure configuration management processes.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.

Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).

Related Job Titles:

• Assessor
• Certifying Agent/Authority
• Controls Validator
• IT Auditor
• Information Assurance (IA) Auditor
• Information Assurance (IA) Compliance Analyst
• System Certifier

Tasks:

• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).

Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Related Job Titles:

• Cybersecurity Analyst
• Information Assurance Operational Engineer
• Information Assurance Specialist
• Information Security Analyst / Administrator
• Information Systems Security Analyst / Specialist
• Network Security Vulnerability Technician (NSVT)
• Security Analyst
• Systems Analyst
• Systems Compliance Analyst
• Systems Security Specialist

Tasks:

• Apply security policies to meet security objectives of the system.
• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
• Analyze and report organizational security posture trends.

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Related Job Titles:

• Blue Team Technician
• Computer Network Defense (CND) Auditor
• Ethical Hacker
• Information Security Engineer
• Network Security Engineer
• Penetration Tester
• Red Team Technician
• Reverse Engineer
• Risk Assessment Engineer
• Risk Assessor
• Risk/Vulnerability Specialist / Manager
• System / Application Security Tester

Tasks:

• Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).