Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
*Certification Declaration
Certification Declaration
Each certification is mapped to the NICE Framework, which organizes cybersecurity into seven high-level Categories, each comprised of several specialty areas, work roles, knowledge, skills, abilities, and tasks. These seven high-level Categories are aligned directly to the CCE® Program’s certification Concentration Areas. Candidates often prepare for an exam by using a variety of resources that familiarize them with the authoritative sources and the exam’s concentration area.
NICE Framework Category
CCE® Concentration Area:
Protect and Defend (PR)
NICE Specialty Area:
Vulnerability Assessment and Management (VAM)
NICE Work Role ID:
PR-VAM-001
OPM Code | DCWF Code:
541
Continuous Monitoring and Security Operations (CO266)
Counterintelligence for IT and Cybersecurity Professionals (AN209)
Counterintelligence for IT and Cybersecurity Professionals - SP (AN209-SP)
Information Systems Continuous Monitoring for Philips (CO131-PHI)
Information Systems Continuous Monitoring (CO212)
Insider Threat Awareness - WBT (AN002-WBT)
Vulnerability Assessment Analyst (PR202-RBT)
Vulnerability Assessment and Analysis (AN202)
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
ID & Description
- K0001 - Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 - Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 - Knowledge of cybersecurity and privacy principles.
- K0005 - Knowledge of cyber threats and vulnerabilities.
- K0006 - Knowledge of specific operational impacts of cybersecurity lapses.
- K0009 - Knowledge of application vulnerabilities.
- K0019 - Knowledge of cryptography and cryptographic key management concepts
- K0021 - Knowledge of data backup and recovery.
- K0033 - Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- K0044 - Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- K0056 - Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- K0061 - Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- K0068 - Knowledge of programming language structures and logic.
- K0070 - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0089 - Knowledge of systems diagnostic tools and fault identification techniques.
- K0106 - Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
- K0139 - Knowledge of interpreted and compiled computer languages.
- K0161 - Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
- K0162 - Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
- K0167 - Knowledge of system administration, network, and operating system hardening techniques.
- K0177 - Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0179 - Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- K0203 - Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
- K0206 - Knowledge of ethical hacking principles and techniques.
- K0210 - Knowledge of data backup and restoration concepts.
- K0224 - Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
- K0265 - Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
- K0287 - Knowledge of an organization’s information classification program and procedures for information compromise.
- K0301 - Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- K0308 - Knowledge of cryptology.
- K0332 - Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- K0342 - Knowledge of penetration testing principles, tools, and techniques.
- K0344 - Knowledge of an organization’s threat environment.
- K0624 - Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
ID & Description
- S0001 - Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
- S0009 - WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
- S0025 - Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
- S0044 - Skill in mimicking threat behaviors.
- S0051 - Skill in the use of penetration testing tools and techniques.
- S0052 - Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
- S0081 - Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
- S0120 - Skill in reviewing logs to identify evidence of past intrusions.
- S0137 - Skill in conducting application vulnerability assessments.
- S0171 - Skill in performing impact/risk assessments.
- S0364 - Skill to develop insights about the context of an organization’s threat environment
- S0367 - Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
ID & Description
- A0001 - Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
- A0044 - Ability to apply programming language structures (e.g., source code review) and logic.
- A0120 - Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
- A0123 - Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
ID & Description
- T0010 - Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- T0028 - Conduct and/or support authorized penetration testing on enterprise network assets.
- T0138 - Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
- T0142 - Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
- T0188 - Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
- T0252 - Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
- T0549 - Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
- T0550 - Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
- Knowledge
-
ID & Description
- K0001 - Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 - Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 - Knowledge of cybersecurity and privacy principles.
- K0005 - Knowledge of cyber threats and vulnerabilities.
- K0006 - Knowledge of specific operational impacts of cybersecurity lapses.
- K0009 - Knowledge of application vulnerabilities.
- K0019 - Knowledge of cryptography and cryptographic key management concepts
- K0021 - Knowledge of data backup and recovery.
- K0033 - Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
- K0044 - Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- K0056 - Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- K0061 - Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- K0068 - Knowledge of programming language structures and logic.
- K0070 - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0089 - Knowledge of systems diagnostic tools and fault identification techniques.
- K0106 - Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
- K0139 - Knowledge of interpreted and compiled computer languages.
- K0161 - Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
- K0162 - Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
- K0167 - Knowledge of system administration, network, and operating system hardening techniques.
- K0177 - Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0179 - Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- K0203 - Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
- K0206 - Knowledge of ethical hacking principles and techniques.
- K0210 - Knowledge of data backup and restoration concepts.
- K0224 - Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
- K0265 - Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
- K0287 - Knowledge of an organization’s information classification program and procedures for information compromise.
- K0301 - Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
- K0308 - Knowledge of cryptology.
- K0332 - Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- K0342 - Knowledge of penetration testing principles, tools, and techniques.
- K0344 - Knowledge of an organization’s threat environment.
- K0624 - Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
- Skills
-
ID & Description
- S0001 - Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
- S0009 - WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
- S0025 - Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
- S0044 - Skill in mimicking threat behaviors.
- S0051 - Skill in the use of penetration testing tools and techniques.
- S0052 - Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
- S0081 - Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
- S0120 - Skill in reviewing logs to identify evidence of past intrusions.
- S0137 - Skill in conducting application vulnerability assessments.
- S0171 - Skill in performing impact/risk assessments.
- S0364 - Skill to develop insights about the context of an organization’s threat environment
- S0367 - Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Abilities
-
ID & Description
- A0001 - Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
- A0044 - Ability to apply programming language structures (e.g., source code review) and logic.
- A0120 - Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
- A0123 - Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Tasks
-
ID & Description
- T0010 - Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- T0028 - Conduct and/or support authorized penetration testing on enterprise network assets.
- T0138 - Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
- T0142 - Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
- T0188 - Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
- T0252 - Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
- T0549 - Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
- T0550 - Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).