Unit 1: Adversary Simulations
UNIT CODE | CYBPEC001 |
UNIT TITLE | Plan and execute cyber adversary simulations |
APPLICATION |
This unit describes skills and knowledge required to build an adversary simulation unit and design and execute an adversary simulation across an organisation, in any industry setting to improve the effectiveness of security defences. It applies to individuals, employed or contractors who are working in positions of authority and are approved to implement change within a department or across the organisation. They have responsibility for directly supervising others. No occupational licensing, certification or specific legislative requirements apply to this unit at the time of publication. |
ELEMENTS | PERFORMANCE CRITERIA |
Elements describe the essential outcomes of the unit | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Build an adversary simulation unit |
1.1 Establish adversary simulation goals and human, technological, equipment and time resource requirements to execute adversary simulations 1.2 Create a business case for adversary simulations proposing funding and resource requirements 1.3 Consult with senior management or client and obtain approval to proceed with the business case 1.4 Develop adversary simulation policies, procedures, methodologies, report templates and supporting documents 1.5 Propose and obtain approval from senior management or the client for an annual schedule of adversary simulation activities 1.6 Establish recordkeeping process for capturing lessons learnt from adversary simulations 1.7 Obtain required resources to implement adversary simulations |
2. Design an adversary simulation |
2.1 Identify relevant team members and stakeholders and allocate roles and responsibilities 2.2 Establish adversary simulation objectives, technical capabilities and attack scenarios 2.3 Create a plan detailing client communication strategies, guard rails and items out of scope 2.4 Assess and establish risks and determine strategies for risk mitigation 2.5 Review plan in consultation with team members, senior management and stakeholders, review feedback and implement recommendation 2.6 Present plan to senior management or client and seek approval |
3. Execute an adversary simulation |
3.1 Conduct business and network reconnaissance to collect information on target to identify potential weaknesses 3.2 Use social engineering to compromise computers and obtain sensitive information 3.3 Obtain initial foothold on the target’s network 3.4 Perform host and internal network reconnaissance 3.5 Build malware to compromise work stations and servers 3.6 Obtain persistence on the network for future access and prevent removal from the network 3.7 Escalate privileges to achieve objectives to obtain credentials, obtain access to files, ex-filtrate data from the network and simulate and simulate destructive attacks 3.8 Provide leadership to team members to achieve simulation objectives 3.9 Identify and resolve issues and technical challenges |
4. Report on an adversary simulation |
4.1 Maintain accurate and structured records through all stages of adversary simulations 4.2 Report choices and decisions made during the adversary simulation 4.3 Report findings and recommendations relevant to executive team members and Information Technology (IT) personnel 4.4 Make separate presentations to executive team members and IT personnel providing relevant information |
FOUNDATION SKILLS Foundation skills essential to performance are explicit in the performance criteria of this unit of competency |
|
UNIT MAPPING INFORMATION | No equivalent Unit |
TITLE | Assessment Requirements for CYBPEC001 Plan and execute cyber adversary simulations |
PERFORMANCE EVIDENCE |
Evidence of the ability to complete tasks outlined in elements and performance criteria of this unit in the context of the job role, and:
|
KNOWLEDGE EVIDENCE |
The learner must be able to demonstrate essential knowledge required to effectively do the task outlined in elements and performance criteria of this unit, manage the task and manage contingencies in the context of the work role. This includes knowledge of:
|
ASSESSMENT CONDITIONS |
Assessment may be in the form of:
Both practical skills and knowledge must be assessed. Assessor requirements No specialist vocational competency requirements for Assessors apply to this unit. |