| Skill Name |
Description |
Network Intrusion
Detection & Reporting
Skill 01 |
Familiarity
with, and experience in the application of, IM37. Experience
of use of current commercial IDS tools and/or experience of
IA incident investigation. |
Biometrics
Skill 02 |
Application of IM24, knowledge
of comparative advantages and drawbacks of different biometric
techniques, experience of systems using biometrics for access
control, familiarity with user acceptability issues. |
Security of Operating
Systems
Skill 03 |
Knowledge and experience
of: OS administration, protection mechanisms within OS, applying
OS lockdown. Understanding of patching and configuration management.
Use your pen-picture to indicate the specific OS in which expertise
is claimed. |
IA for SCADA
Skill 04 |
Familiarity with guidance
on SCADA security. Experience in developing and applying security
operating procedures for SCADA. Experience in conducting vulnerability
assessment of SCADA systems. |
Web Security
Skill 05 |
Knowledge of the risks
arising from active content and suitable mitigation measures.
Deployment of web servers in a secure manner. |
Implementation of PKI
Skill 06 |
Familiarity with the HMG
PKI and its guidance documents. Experience in assisting an organisation
to deploy and operate a PKI. Experience in assisting organisations
to join their PKIs to others such as the HMG PKI and/or the
UK MOD PKI. |
Technical Security Architecture
for Information Systems
Skill 07 |
Familiarity with, and application
of, the principles for building a secure Information system.
Knowledge of CESG Manuals P, M, T, V and W. |
| Application of e-Government
Framework Skill 08 |
Familiarity with, and experience
in the application of, the e-Government Security Framework and
its constituent parts – Registration & Authentication,
Trust Services, Confidentiality, Business, Network Defence,
Assurance, Security Architecture. |
Compliance with UK IA-related
legislation
Skill 09 |
Knowledge of the implications
for IA of the following legislation and application of this
knowledge to the development of legally compliant system security
policies: Computer Misuse Act 1990, Data Protection Act 1998,
Interception of Communications Act 1985, Regulation of Investigatory
Powers Act 2000, Human Rights Act 1998, Freedom of Information
Act 2000, Police and Criminal Evidence Act 1984, Official Secrets
Act 1989. |
NATO IA Policy
Skill10 |
Knowledge of the NATO
Infosec Documentation Structure set out in Appendix 2 to Annex
to AC/322(SC/4)WP/34 and experience of applying an appropriate
sub-set of the directives, guidance documents and reference
architecture documents listed therein. |
Law Enforcement IA Practice
Skill 11 |
Experience in some
or all of the following (an outline of specific expertise
should be provided in your pen-picture):
Applying ACPO security policy
ADS for the CJX
Knowledge and understanding of applications such as PNC, Case
& Custody Systems and Intelligence Systems.
Knowledge and understanding of police processes and requirements
to share protectively marked material with other agencies
that use HMG IA standards.
Understanding of legal requirements in relation to risk management
and their appropriateness to police business. |
MOD IA Practice
Skill 12 |
Thorough knowledge of,
and experience of working in accordance with, The Defence Manual
of Security (JSP440).
Knowledge of the MOD Architectural Framework (MODAF) and its
IA aspects. |
