
Level 4 Award in Risk Assessment in Cyber Security – 3660-06
Issued by
City & Guilds
This qualification provides learners with the knowledge and understanding of the principles of cyber security threat intelligence and assessment, risk assessment, risk assessment methods, the components of a risk assessment and principles of risk management. These principles are essential components of an effective cyber security approach within an organisation.
Earning Criteria
-
This person can explain threat intelligence and threat modelling and how these are used to inform threat assessments and to exercise security controls within an organisation. They will understand the component parts of the threat intelligence life-cycle and be able explore how each are used – and how threat sources and threat modelling together can create an effective, robust and efficient life-cycle framework.
-
This person can explain threat intelligence and threat modelling and how these are used to inform threat assessments and to exercise security controls within an organisation. They can describe the threat intelligence life-cycle and describe and evaluate the sources of information about the current threat landscape, as well as threat sponsors and threat actors in initiating cyber-attacks, their capabilities, tactics, techniques and procedures (TTP) and their motivations
-
This person can describe the principles of risk assessment and common risk assessment methodologies and will be able to explain the concepts of the main methodologies: principles, standards, and methodologies.
-
This person can describe components of risk management and risk management within an organisation, including risk owner, levels of risk management control, human factors, culture, stakeholder engagement, trade-off between risk, cost and impact on the business, procedures to handle insufficiently mitigated risks and across people, processes, technology.