Unit 4: Threat Intelligence
|UNIT TITLE||Plan and implement a threat intelligence programme|
This unit develops the skills and knowledge required to build a cyber security team capable of identifying, tracking and infiltrating cyber-criminal organisations for the purpose of designing and implementing tailored security measures that defend nations, governments and private sector organisations.
It applies to individuals, employed or contractors who are working in positions of authority and are approved to implement change within a department or across the organisation. They have responsibility for directly supervising others.
No occupational licensing, certification or specific legislative requirements apply to this unit at the time of publication.
|Elements describe the essential outcomes of the unit||Performance criteria describe the performance needed to demonstrate achievement of the element.|
|1. Build a threat intelligence programme||
1.1 Determine threat intelligence goals and requirements in consultation with senior management or the client
1.2 Establish required human, technological, equipment and time resource requirements to achieve goals
1.3 Establish data sources from which to collect threat data and data collection techniques to be implemented
1.4 Establish team requirements and roles and responsibilities of team members
1.5 Define the methodologies to employ to process threat data into threat intelligence
1.6 Develop the policies, procedures and supporting documents for use during threat intelligence activities
|2. Undertake intelligence collection activities||
2.1 Establish, source and collect threat data to identify and track threat actors
2.2 Undertake intelligence collection activities whilst remaining undetected and untraceable
2.3 Analyse and process threat data collected and create threat intelligence
2.4 Establish intelligence-driven security recommendations
2.5 Provide leadership to team members to achieve programme goals
2.5 Communicate threat intelligence with relevant stakeholders
2.6 Capture stakeholder feedback on the usefulness and effectiveness of the intelligence provided
2.7 Assess effectiveness of intelligence activities and refine according to lessons learnt
2.8 Identify and resolve issues and technical challenges
|3. Report on programme outcomes||
3.1 Report findings and recommendations relevant to executive team members and Information Technology (IT) personnel
3.2 Make separate presentations to executive team members and IT personnel providing relevant information
Foundation skills essential to performance are explicit in the performance criteria of this unit of competency
|UNIT MAPPING INFORMATION||No equivalent Unit|
|TITLE||Assessment Requirements for CYBPIT004 Plan and implement a threat intelligence programme|
Evidence of the ability to complete tasks outlined in elements and performance criteria of this unit in the context of the job role, and:
The learner must be able to demonstrate essential knowledge required to effectively do the task outlined in elements and performance criteria of this unit, manage the task and manage contingencies in the context of the work role.
This includes knowledge of:
Assessment may be in the form of:
Both practical skills and knowledge must be assessed. Skills must be demonstrated in a real or simulated work environment. Simulated assessment environments must simulate the real-life working environment with access to all the relevant equipment and resources of that working environment.
No specialist vocational competency requirements for Assessors apply to this unit.