{ "courses": [ { "id": "DEMO_1", "type": "std", "name": "Risk management competence course", "lmsRsc": "", "area": { "id": "101000", "name": "Risk management competence" }, "mainArea": { "id": "100000", "name": "RISK MANAGEMENT" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "101001", "type": "Knowledge", "shortname": "Knowledge of risk tolerance and risk management strategy." }, { "id": "101002", "type": "Knowledge", "shortname": "Knowledge of risk management standards, processes and practices in supply chains." }, { "id": "101003", "type": "Knowledge", "shortname": "Knowledge of client and partner organizations, including their objectives, structure, resources and information needs." }, { "id": "101004", "type": "Knowledge", "shortname": "Knowledge of risk assessment." }, { "id": "101005", "type": "Knowledge", "shortname": "Knowledge of risk management and mitigation strategies." }, { "id": "101006", "type": "Knowledge", "shortname": "Knowledge of risk management methodologies." }, { "id": "101007", "type": "Knowledge", "shortname": "Knowledge of information technology risk management policies, requirements and procedures." }, { "id": "101008", "type": "Knowledge", "shortname": "Knowledge of supply chain security and its risk management policies, requirements and procedures." }, { "id": "101009", "type": "Knowledge", "shortname": "Knowledge of the context of organizations, including their objectives, structure, capabilities and information needs." }, { "id": "101010", "type": "Knowledge", "shortname": "Knowledge of information security concepts, technologies and methods used to guarantee information security." }, { "id": "101011", "type": "Knowledge", "shortname": "Knowledge of protection plans (e.g. risk management policies, supply chain security management policies, integrity maintenance techniques)." }, { "id": "101012", "type": "Knowledge", "shortname": "Knowledge of the principles and methods of structured analysis." }, { "id": "101013", "type": "Knowledge", "shortname": "Knowledge of risk management processes (e.g. risk assessment and mitigation methods)." }, { "id": "101014", "type": "Knowledge", "shortname": "Knowledge of the requirements of the risk management reference framework." }, { "id": "101015", "type": "Knowledge", "shortname": "Knowledge of the means of communication with people and entities, both internal and external, for risk management." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_2", "type": "std", "name": "Incident management skills course", "lmsRsc": "", "area": { "id": "201000", "name": "Incident management skills" }, "mainArea": { "id": "200000", "name": "INCIDENT AND PROBLEM MANAGEMENT" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "200001", "type": "Knowledge", "shortname": "Knowledge of incident categories and their responses." }, { "id": "200002", "type": "Knowledge", "shortname": "Knowledge of collateral damage and impact estimation." }, { "id": "200003", "type": "Knowledge", "shortname": "Knowledge of response and recovery exercises." }, { "id": "200004", "type": "Knowledge", "shortname": "Knowledge of incident response methodologies." }, { "id": "200005", "type": "Knowledge", "shortname": "Knowledge of action planning in crisis situations." }, { "id": "200006", "type": "Knowledge", "shortname": "Knowledge of processes and operations for managing incidents, problems and events." }, { "id": "200007", "type": "Knowledge", "shortname": "Knowledge of crisis management protocols, processes and techniques." }, { "id": "200008", "type": "Knowledge", "shortname": "Knowledge of root cause analysis techniques." }, { "id": "200009", "type": "Knowledge", "shortname": "Knowledge of estimated recovery and repair times." }, { "id": "200010", "type": "Knowledge", "shortname": "Knowledge of the procedures and tools for documenting and consulting incidents, problems and reported events." }, { "id": "200011", "type": "Knowledge", "shortname": "Knowledge of incident response programs, roles and responsibilities." }, { "id": "200012", "type": "Knowledge", "shortname": "Knowledge of the results of action lines and analysis exercises." }, { "id": "200013", "type": "Knowledge", "shortname": "Knowledge of the means of communication with people and entities, both internal and external, for incident management." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_3", "type": "std", "name": "Problem management skills course", "lmsRsc": "", "area": { "id": "202000", "name": "Problem management skills" }, "mainArea": { "id": "200000", "name": "INCIDENT AND PROBLEM MANAGEMENT" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "202001", "type": "Knowledge", "shortname": "Knowledge of the relationship and interaction between incident management and problem management." }, { "id": "202002", "type": "Knowledge", "shortname": "Knowledge of resources for identifying solutions to complex problems." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_4", "type": "std", "name": "System administration skills course", "lmsRsc": "", "area": { "id": "301000", "name": "System administration skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "301001", "type": "Knowledge", "shortname": "Knowledge of virtual machine technologies." }, { "id": "301002", "type": "Knowledge", "shortname": "Knowledge of operating system administration." }, { "id": "301003", "type": "Knowledge", "shortname": "Knowledge of applications that record errors, exceptions, failures and access to applications." }, { "id": "301004", "type": "Knowledge", "shortname": "Knowledge of computer architectures and networks." }, { "id": "301005", "type": "Knowledge", "shortname": "Knowledge of systemic aspects of resilience, reliability and performance." }, { "id": "301006", "type": "Knowledge", "shortname": "Knowledge of developing and applying a user credential management system." }, { "id": "301007", "type": "Knowledge", "shortname": "Knowledge of tools and techniques for strengthening systems, networks and operating systems." }, { "id": "301008", "type": "Knowledge", "shortname": "Knowledge of server diagnostic and fault identification tools." }, { "id": "301009", "type": "Knowledge", "shortname": "Knowledge of tools and methodologies for active defense and strengthening of the system." }, { "id": "301010", "type": "Knowledge", "shortname": "Knowledge of industry best practices in user support." }, { "id": "301011", "type": "Knowledge", "shortname": "Knowledge of fault tolerance methodologies." }, { "id": "301012", "type": "Knowledge", "shortname": "Knowledge of virtualization solutions and techniques, as well as their administration." }, { "id": "301013", "type": "Knowledge", "shortname": "Knowledge of configuration management techniques." }, { "id": "301014", "type": "Knowledge", "shortname": "Knowledge of systems management concepts." }, { "id": "301015", "type": "Knowledge", "shortname": "Knowledge of auditing and traceability procedures." }, { "id": "301016", "type": "Knowledge", "shortname": "Knowledge of systems operation and maintenance." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_5", "type": "std", "name": "Threat analysis skills course", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=14", "area": { "id": "302000", "name": "Threat analysis skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "302001", "type": "Knowledge", "shortname": "Knowledge of the different classes of attack (e.g. passive, active, internal attack, distributed attack)." }, { "id": "302002", "type": "Knowledge", "shortname": "Knowledge of the structure, approach and strategy of vulnerability exploitation tools (e.g. sniffers, keyloggers) and the underlying techniques (e.g. obtaining backdoor access, data collection/exfiltration, systems vulnerability analysis)." }, { "id": "302003", "type": "Knowledge", "shortname": "Knowledge of the target's specialized language (e.g. acronyms, jargon, technical terminology, code words)." }, { "id": "302004", "type": "Knowledge", "shortname": "Knowledge of the target language(s)." }, { "id": "302005", "type": "Knowledge", "shortname": "Knowledge of threats and target systems." }, { "id": "302006", "type": "Knowledge", "shortname": "Knowledge of threat intelligence disciplines." }, { "id": "302007", "type": "Knowledge", "shortname": "Knowledge of the phases of a cyberattack (e.g. reconnaissance, scanning, enumeration, gaining access, escalating access, maintaining access, network exploitation, concealing evidence)" }, { "id": "302008", "type": "Knowledge", "shortname": "Knowledge of target communication tools and techniques." }, { "id": "302009", "type": "Knowledge", "shortname": "Knowledge of industry standards, principles and analysis methods accepted by the organization." }, { "id": "302010", "type": "Knowledge", "shortname": "Knowledge of the relationship between operational objectives, threat intelligence production tasks and requirements." }, { "id": "302011", "type": "Knowledge", "shortname": "Knowledge of internal tactics for anticipating and simulating threats." }, { "id": "302012", "type": "Knowledge", "shortname": "Knowledge of dynamic targets (unstudied, unplanned) and deliberate targets (studied, planned)." }, { "id": "302013", "type": "Knowledge", "shortname": "Knowledge of targets, including related events, communication profiles, threat actors, history (language, culture) and/or context." }, { "id": "302014", "type": "Knowledge", "shortname": "Knowledge of binary code analysis." }, { "id": "302015", "type": "Knowledge", "shortname": "Knowledge of malware analysis and characterization." }, { "id": "302016", "type": "Knowledge", "shortname": "Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity." }, { "id": "302017", "type": "Knowledge", "shortname": "Knowledge of malware analysis concepts and methodologies." }, { "id": "302018", "type": "Knowledge", "shortname": "Knowledge of hardware and software reverse engineering concepts and techniques." }, { "id": "302019", "type": "Knowledge", "shortname": "Knowledge of countermeasures for identified security risks." }, { "id": "302020", "type": "Knowledge", "shortname": "Knowledge of the target development process (i.e. concepts, roles, responsibilities, products)." }, { "id": "302021", "type": "Knowledge", "shortname": "Knowledge of target search strategies and tools." }, { "id": "302022", "type": "Knowledge", "shortname": "Knowledge of malware analysis tools." }, { "id": "302023", "type": "Knowledge", "shortname": "Knowledge of analytical tools and techniques for languages, audio and/or graphic material." }, { "id": "302024", "type": "Knowledge", "shortname": "Knowledge of sources and tools for notices and commitment indications." }, { "id": "302025", "type": "Knowledge", "shortname": "Knowledge of frameworks, processes and systems related to threat intelligence." }, { "id": "302026", "type": "Knowledge", "shortname": "Knowledge of specific target identifiers and how they are used." }, { "id": "302027", "type": "Knowledge", "shortname": "Knowledge of internal threat investigations, reporting, investigation tools and regulations/laws." }, { "id": "302028", "type": "Knowledge", "shortname": "Knowledge of task assignment mechanisms." }, { "id": "302029", "type": "Knowledge", "shortname": "Knowledge of mechanisms for collecting information." }, { "id": "302030", "type": "Knowledge", "shortname": "Knowledge of threat information confidence levels." }, { "id": "302031", "type": "Knowledge", "shortname": "Knowledge of the targets' communication profiles and their elements (e.g., associations, activities, communication infrastructure)." }, { "id": "302032", "type": "Knowledge", "shortname": "Knowledge of principles and practices related to target development (e.g. detailed study of components, locations, associations, communication systems, infrastructures)." }, { "id": "302033", "type": "Knowledge", "shortname": "Knowledge of authorized threat information dissemination processes." }, { "id": "302034", "type": "Knowledge", "shortname": "Knowledge of task assignment processes for asset collection." }, { "id": "302035", "type": "Knowledge", "shortname": "Knowledge of translation processes and techniques." }, { "id": "302036", "type": "Knowledge", "shortname": "Knowledge of target threat intelligence gathering processes." }, { "id": "302037", "type": "Knowledge", "shortname": "Knowledge of cultural references, dialects, expressions, languages and abbreviations." }, { "id": "302038", "type": "Knowledge", "shortname": "Knowledge of human resource requirements related to threat information (e.g. logistics, communications, legal restrictions)." }, { "id": "302039", "type": "Knowledge", "shortname": "Knowledge of systems for assigning tasks in relation to threat information." }, { "id": "302040", "type": "Knowledge", "shortname": "Knowledge of covert communication techniques." }, { "id": "302041", "type": "Knowledge", "shortname": "Knowledge of evasion techniques and strategies." }, { "id": "302042", "type": "Knowledge", "shortname": "Knowledge of current and emerging attack vectors." }, { "id": "302043", "type": "Knowledge", "shortname": "Knowledge of the organization's threat environment." }, { "id": "302044", "type": "Knowledge", "shortname": "Knowledge of the targeting cycle." }, { "id": "302045", "type": "Knowledge", "shortname": "Knowledge of the feedback loop in data collection processes." }, { "id": "302046", "type": "Knowledge", "shortname": "Knowledge of the target list development process (i.e. candidates, restricted)." }, { "id": "302047", "type": "Knowledge", "shortname": "Knowledge of the data format established in the organization's threat information collection plan." }, { "id": "302048", "type": "Knowledge", "shortname": "Knowledge of the process of producing threat information." }, { "id": "302049", "type": "Knowledge", "shortname": "Knowledge of the support that threat information provides to planning, execution and evaluation." }, { "id": "302050", "type": "Knowledge", "shortname": "Knowledge of attack targets, cyber threat agents and procedures used in attacks." }, { "id": "302051", "type": "Knowledge", "shortname": "Knowledge of key factors in the operational environment and threats." }, { "id": "302052", "type": "Knowledge", "shortname": "Knowledge of the risk factors that can impact data collection operations." }, { "id": "302053", "type": "Knowledge", "shortname": "Knowledge of the target's methods and procedures." }, { "id": "302054", "type": "Knowledge", "shortname": "Knowledge of attack methods and techniques." }, { "id": "302055", "type": "Knowledge", "shortname": "Knowledge of the confidence levels of threat information." }, { "id": "302056", "type": "Knowledge", "shortname": "Knowledge of the objectives of target models." }, { "id": "302057", "type": "Knowledge", "shortname": "Knowledge of the principles, policies and procedures for collecting threat information, including legal restrictions and legal authorities." }, { "id": "302058", "type": "Knowledge", "shortname": "Knowledge of target verification and validation procedures." }, { "id": "302059", "type": "Knowledge", "shortname": "Knowledge of the processes for preparing environmental threat information and similar processes." }, { "id": "302060", "type": "Knowledge", "shortname": "Knowledge of the products required for operational cybersecurity planning." }, { "id": "302061", "type": "Knowledge", "shortname": "Knowledge of the resources and limitations of threat information." }, { "id": "302062", "type": "Knowledge", "shortname": "Knowledge of the types of cyber attackers (e.g. script kiddies, insider threats, state-sponsored threats)" } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_6", "type": "std", "name": "Forensic Analysis Competence course", "lmsRsc": "", "area": { "id": "303000", "name": "Forensic Analysis Competence" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "303001", "type": "Knowledge", "shortname": "Knowledge of forensic laboratory configurations and support applications (e.g., VMWare, Wireshark)." }, { "id": "303002", "type": "Knowledge", "shortname": "Knowledge of the research implications of hardware, operating systems and network technologies." }, { "id": "303003", "type": "Knowledge", "shortname": "Knowledge of the implications of operating system architectures and operations for forensic analysis." }, { "id": "303004", "type": "Knowledge", "shortname": "Knowledge of forensic data processing concepts, processes and practices." }, { "id": "303005", "type": "Knowledge", "shortname": "Knowledge of tools and techniques for recomposing files using data fragments without metadata information (data carving)." }, { "id": "303006", "type": "Knowledge", "shortname": "Knowledge of ways to extract, analyze and use metadata." }, { "id": "303007", "type": "Knowledge", "shortname": "Knowledge of ways to collect, visualize and identify essential information about targets of interest through metadata (e.g., email, http)." }, { "id": "303008", "type": "Knowledge", "shortname": "Knowledge of forensic trace identification." }, { "id": "303009", "type": "Knowledge", "shortname": "Knowledge of ethical and legal limits in conducting forensic analysis." }, { "id": "303010", "type": "Knowledge", "shortname": "Knowledge of custody processes, seizure and preservation of digital evidence." }, { "id": "303011", "type": "Knowledge", "shortname": "Knowledge of anti-forensic tactics, techniques and procedures." }, { "id": "303012", "type": "Knowledge", "shortname": "Knowledge of forensic data processing techniques and practices." }, { "id": "303013", "type": "Knowledge", "shortname": "Knowledge of forensic techniques, procedures and processes applicable to crime scenes/crime equipment." }, { "id": "303014", "type": "Knowledge", "shortname": "Knowledge of the fundamentals of digital forensic analysis to extract usable information." }, { "id": "303015", "type": "Knowledge", "shortname": "Knowledge of file systems (e.g., log files, records, configuration files) that contain relevant information and their locations." }, { "id": "303016", "type": "Knowledge", "shortname": "Knowledge of the types of forensic data and how to recognize them." }, { "id": "303017", "type": "Knowledge", "shortname": "Knowledge of persistent data types and collection methods." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_7", "type": "std", "name": "Information systems architecture skills course", "lmsRsc": "", "area": { "id": "304000", "name": "Information systems architecture skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "304001", "type": "Knowledge", "shortname": "Knowledge of how data is transmitted on networks (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])." }, { "id": "304002", "type": "Knowledge", "shortname": "Knowledge of the infrastructure that contributes to the security, performance and reliability of information technologies." }, { "id": "304003", "type": "Knowledge", "shortname": "Knowledge of data communication terminology (e.g. network protocols, Ethernet, IP, encryption, removable devices)." }, { "id": "304004", "type": "Knowledge", "shortname": "Knowledge of the organization's existing equipment and networks (e.g., PBX, LANs, WANs, WIFI, SCADA)." }, { "id": "304005", "type": "Knowledge", "shortname": "Knowledge of the organization's LANs and WANs." }, { "id": "304006", "type": "Knowledge", "shortname": "Knowledge of network constructions and topologies." }, { "id": "304007", "type": "Knowledge", "shortname": "Knowledge of electronic devices (e.g. computer systems/components, access control devices, digital cameras, scanners, hard disks, modems, network components, printers, removable memory)." }, { "id": "304008", "type": "Knowledge", "shortname": "Knowledge of critical infrastructures with information technologies designed without security considerations." }, { "id": "304009", "type": "Knowledge", "shortname": "Knowledge of network mapping and methods for recreating network topologies." }, { "id": "304010", "type": "Knowledge", "shortname": "Knowledge of network segmentation methodologies and tools." }, { "id": "304011", "type": "Knowledge", "shortname": "Knowledge of Internet protocols and data packet routing." }, { "id": "304012", "type": "Knowledge", "shortname": "Knowledge of network protocols." }, { "id": "304013", "type": "Knowledge", "shortname": "Knowledge of the features and applications of network equipment including routers, switches, bridges, servers and transmission media." }, { "id": "304014", "type": "Knowledge", "shortname": "Knowledge of embedded systems." }, { "id": "304015", "type": "Knowledge", "shortname": "Knowledge of network topology." }, { "id": "304016", "type": "Knowledge", "shortname": "Knowledge of computer network addressing (IP addresses, TCP/UDP port numbering)." }, { "id": "304017", "type": "Knowledge", "shortname": "Knowledge of the OSI model and Internet network protocols." }, { "id": "304018", "type": "Knowledge", "shortname": "Knowledge of the network design process, including knowledge of security objectives, operational objectives and ways of achieving design compromises." }, { "id": "304019", "type": "Knowledge", "shortname": "Knowledge of the general components of Supervisory Control and Data Acquisition (SCADA) systems." }, { "id": "304020", "type": "Knowledge", "shortname": "Knowledge of computer network concepts and protocols and network security methodologies." }, { "id": "304021", "type": "Knowledge", "shortname": "Knowledge of network devices and their functions." }, { "id": "304022", "type": "Knowledge", "shortname": "Knowledge of physical and logical network devices and infrastructures to include hubs, switches, routers, firewalls." }, { "id": "304023", "type": "Knowledge", "shortname": "Knowledge of the fundamentals of computer networks (i.e. basic components of networks and computers, types of networks)." }, { "id": "304024", "type": "Knowledge", "shortname": "Knowledge of the fundamentals of networks and internet communication (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture, network infrastructure, routing, operating systems)." }, { "id": "304025", "type": "Knowledge", "shortname": "Knowledge of cloud models and how they can limit incident response." }, { "id": "304026", "type": "Knowledge", "shortname": "Knowledge of the principles and concepts of local area networks (LAN) and wide area networks (WAN), including bandwidth management." }, { "id": "304027", "type": "Knowledge", "shortname": "Knowledge of common network and routing protocols (e.g. TCP/IP), services (e.g. web, mail, DNS), as well as how they interact with each other to provide communication on the network." }, { "id": "304028", "type": "Knowledge", "shortname": "Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS, and directory services." }, { "id": "304029", "type": "Knowledge", "shortname": "Knowledge of the features, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and hardware." }, { "id": "304030", "type": "Knowledge", "shortname": "Knowledge of network services and protocol interactions that enable network communication." }, { "id": "304031", "type": "Knowledge", "shortname": "Knowledge of the various types of communication networks (e.g. LAN, WAN, MAN, WLAN, WWAN)." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_8", "type": "std", "name": "General knowledge of technologies course", "lmsRsc": "", "area": { "id": "305000", "name": "General knowledge of technologies" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "305001", "type": "Knowledge", "shortname": "Knowledge of the capabilities and functionalities associated with content creation technologies (e.g., wikis, social networks, content management systems, blogs)." }, { "id": "305002", "type": "Knowledge", "shortname": "Knowledge of the capabilities and functionalities associated with the various collaborative technologies." }, { "id": "305003", "type": "Knowledge", "shortname": "Knowledge of the physical components of the computer, including the functions of the various components and peripherals (e.g. CPUs, Network Interface Cards, hard disk)." }, { "id": "305004", "type": "Knowledge", "shortname": "Knowledge of basic computer operations." }, { "id": "305005", "type": "Knowledge", "shortname": "Knowledge of the underlying concepts of remote access technologies." }, { "id": "305006", "type": "Knowledge", "shortname": "Knowledge of electrical engineering applied to computer architecture (e.g. boards, processors, chips, physical components)." }, { "id": "305007", "type": "Knowledge", "shortname": "Knowledge of collaborative tools and environments." }, { "id": "305008", "type": "Knowledge", "shortname": "Knowledge of Natural Language Processing tools and techniques." }, { "id": "305009", "type": "Knowledge", "shortname": "Knowledge of ways to use the results of research centers, think tanks, academic research and industry products in your organization to improve its performance." }, { "id": "305010", "type": "Knowledge", "shortname": "Knowledge of security solution providers and how their products affect the exploitation and reduction of vulnerabilities." }, { "id": "305011", "type": "Knowledge", "shortname": "Knowledge of industry indicators useful for identifying trends in technologies." }, { "id": "305012", "type": "Knowledge", "shortname": "Knowledge of microprocessors." }, { "id": "305013", "type": "Knowledge", "shortname": "Knowledge of software products with cybersecurity mechanisms." }, { "id": "305014", "type": "Knowledge", "shortname": "Knowledge of current and emerging cyber technologies." }, { "id": "305015", "type": "Knowledge", "shortname": "Knowledge of current and emerging communication technologies." }, { "id": "305016", "type": "Knowledge", "shortname": "Knowledge of new and emerging information technologies, as well as cybersecurity technologies." }, { "id": "305017", "type": "Knowledge", "shortname": "Knowledge of emerging technologies with potential for cyberattacks." }, { "id": "305018", "type": "Knowledge", "shortname": "Knowledge of the start of the planning activity." }, { "id": "305019", "type": "Knowledge", "shortname": "Knowledge of the impacts associated with the recruitment estimates of internal and external partners." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_9", "type": "std", "name": "Cryptology Competence course", "lmsRsc": "", "area": { "id": "306000", "name": "Cryptology Competence" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "306001", "type": "Knowledge", "shortname": "Knowledge of the capabilities and limitations of cryptographic mechanisms in cyberspace operations." }, { "id": "306002", "type": "Knowledge", "shortname": "Knowledge of cipher algorithms and protection tools for wireless local area networks (WLANs)." }, { "id": "306003", "type": "Knowledge", "shortname": "Knowledge of cryptography concepts and cryptographic key management." }, { "id": "306004", "type": "Knowledge", "shortname": "Knowledge of symmetric key rotation concepts and techniques." }, { "id": "306005", "type": "Knowledge", "shortname": "Knowledge of cryptology." }, { "id": "306006", "type": "Knowledge", "shortname": "Knowledge of digital rights management." }, { "id": "306007", "type": "Knowledge", "shortname": "Knowledge of implementing key custody systems." }, { "id": "306008", "type": "Knowledge", "shortname": "Knowledge of cryptography methodologies, algorithms and tools." }, { "id": "306009", "type": "Knowledge", "shortname": "Knowledge of steganography methods." }, { "id": "306010", "type": "Knowledge", "shortname": "Knowledge of Virtual Private Networks (VPN) security." }, { "id": "306011", "type": "Knowledge", "shortname": "Knowledge of current and emerging cryptographic techniques, as well as cryptographic resources for database security." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_10", "type": "std", "name": "Software development skills. course", "lmsRsc": "", "area": { "id": "307000", "name": "Software development skills." }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "307001", "type": "Knowledge", "shortname": "Knowledge of the basic structure, basic architecture, and design of convergent applications." }, { "id": "307002", "type": "Knowledge", "shortname": "Knowledge of programming structure and logic." }, { "id": "307003", "type": "Knowledge", "shortname": "Knowledge of secure software development methodologies, tools and practices." }, { "id": "307004", "type": "Knowledge", "shortname": "Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, web service description languages)." }, { "id": "307005", "type": "Knowledge", "shortname": "Knowledge of how Internet applications work (SMTP e-mail, web-based e-mail, chat clients, VOIP)." }, { "id": "307006", "type": "Knowledge", "shortname": "Knowledge of programming concepts (e.g., levels, structures, interpreted languages, compiled languages)." }, { "id": "307007", "type": "Knowledge", "shortname": "Knowledge of programming concepts, including programming languages, programming, testing, debugging and file types." }, { "id": "307008", "type": "Knowledge", "shortname": "Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, HTML)." }, { "id": "307009", "type": "Knowledge", "shortname": "Knowledge of software engineering." }, { "id": "307010", "type": "Knowledge", "shortname": "Knowledge of eXtensible Markup Language (XML) schemas." }, { "id": "307011", "type": "Knowledge", "shortname": "Knowledge of complex data structures." }, { "id": "307012", "type": "Knowledge", "shortname": "Knowledge of debugging tools and procedures." }, { "id": "307013", "type": "Knowledge", "shortname": "Knowledge of software design tools, techniques and methods." }, { "id": "307014", "type": "Knowledge", "shortname": "Knowledge of compiled and interpreted languages." }, { "id": "307015", "type": "Knowledge", "shortname": "Knowledge of low-level programming languages (e.g. assembly)." }, { "id": "307016", "type": "Knowledge", "shortname": "Knowledge of middleware (e.g., enterprise service bus, message queuing)" }, { "id": "307017", "type": "Knowledge", "shortname": "Knowledge of software development models (e.g. waterfall model, spiral model)." }, { "id": "307018", "type": "Knowledge", "shortname": "Knowledge of the software quality assurance process." }, { "id": "307019", "type": "Knowledge", "shortname": "Knowledge of webmail collection, search/analysis techniques, tools, and cookies." }, { "id": "307020", "type": "Knowledge", "shortname": "Knowledge of scripting." }, { "id": "307021", "type": "Knowledge", "shortname": "Knowledge of secure programming techniques." }, { "id": "307022", "type": "Knowledge", "shortname": "Knowledge of collection/analysis techniques and tools for chat lists, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies." }, { "id": "307023", "type": "Knowledge", "shortname": "Knowledge of web filtering technologies." }, { "id": "307024", "type": "Knowledge", "shortname": "Knowledge of N-tier typologies (e.g., client server operating systems)." }, { "id": "307025", "type": "Knowledge", "shortname": "Knowledge of website types, administration, functions and content management systems (CMS)." }, { "id": "307026", "type": "Knowledge", "shortname": "Knowledge of software debugging principles." }, { "id": "307027", "type": "Knowledge", "shortname": "Knowledge of programming principles." }, { "id": "307028", "type": "Knowledge", "shortname": "Knowledge of cybersecurity and privacy principles and methods applicable to software development." }, { "id": "307029", "type": "Knowledge", "shortname": "Knowledge of using Hadoop, Java, Python, SQL, Hive, and Pig for data exploration." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_11", "type": "std", "name": "Information management skills course", "lmsRsc": "", "area": { "id": "308000", "name": "Information management skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "308001", "type": "Knowledge", "shortname": "Knowledge of the existing architecture for collection, processing, exploitation and dissemination." }, { "id": "308002", "type": "Knowledge", "shortname": "Knowledge of how information needs and collection requirements are transposed, tracked and prioritized throughout the organization." }, { "id": "308003", "type": "Knowledge", "shortname": "Knowledge of databases, portals and means of disseminating information." }, { "id": "308004", "type": "Knowledge", "shortname": "Knowledge of the capabilities and limitations of partner organizations (with shared responsibilities for collection, processing, use and dissemination)" }, { "id": "308005", "type": "Knowledge", "shortname": "Knowledge of the characteristics of physical and virtual data storage media." }, { "id": "308006", "type": "Knowledge", "shortname": "Knowledge of the tools and applications associated with data collection and management requirements." }, { "id": "308007", "type": "Knowledge", "shortname": "Knowledge of the sources, characteristics and uses of the organization's information assets." }, { "id": "308008", "type": "Knowledge", "shortname": "Knowledge of the organization's data, information and knowledge needs." }, { "id": "308009", "type": "Knowledge", "shortname": "Knowledge of data management and standardization policies." }, { "id": "308010", "type": "Knowledge", "shortname": "Knowledge of methods for integrating and summarizing information." }, { "id": "308011", "type": "Knowledge", "shortname": "Knowledge of standards and methodologies for classifying information based on sensitivity, criticality and other risk factors." }, { "id": "308012", "type": "Knowledge", "shortname": "Knowledge of information classification policies and procedures." }, { "id": "308013", "type": "Knowledge", "shortname": "Knowledge of threat information reporting principles, as well as policies, procedures and means of communication, including reporting formats, reporting criteria (requirements and priorities), dissemination practices and legal restrictions." }, { "id": "308014", "type": "Knowledge", "shortname": "Knowledge of communication and dissemination procedures." }, { "id": "308015", "type": "Knowledge", "shortname": "Knowledge of processes and tools for collecting data, information and knowledge, including their limitations." }, { "id": "308016", "type": "Knowledge", "shortname": "Knowledge of threat intelligence resources and repositories." }, { "id": "308017", "type": "Knowledge", "shortname": "Knowledge of all reporting sources, as well as disclosure procedures." }, { "id": "308018", "type": "Knowledge", "shortname": "Knowledge of data flows, from the point of origin and collection to repositories and tools." }, { "id": "308019", "type": "Knowledge", "shortname": "Knowledge of the organization's data collection objectives and requirements." }, { "id": "308020", "type": "Knowledge", "shortname": "Knowledge of the main methods, procedures and techniques for collecting, producing, reporting and sharing information." }, { "id": "308021", "type": "Knowledge", "shortname": "Knowledge of the principles and techniques of data mining and warehousing." }, { "id": "308022", "type": "Knowledge", "shortname": "Knowledge of the identification and reporting processes." }, { "id": "308023", "type": "Knowledge", "shortname": "Knowledge of the resources and functionalities associated with technologies for organizing and managing information (e.g. databases, content markers)" }, { "id": "308024", "type": "Knowledge", "shortname": "Knowledge of the organizational requirements for collecting information." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_12", "type": "std", "name": "Competence in identity management, authentication and access control course", "lmsRsc": "", "area": { "id": "309000", "name": "Competence in identity management, authentication and access control" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "309001", "type": "Knowledge", "shortname": "Knowledge of the policies, standards and procedures for the correct use of the organization's information technologies (e.g., account creation, password rules, access controls)." }, { "id": "309002", "type": "Knowledge", "shortname": "Knowledge of access controls based on access policies and adaptive access controls." }, { "id": "309003", "type": "Knowledge", "shortname": "Knowledge of network access, identification and access management mechanisms (e.g. public key infrastructure, Oauth, OpenID, SAML, SPML)." }, { "id": "309004", "type": "Knowledge", "shortname": "Knowledge of access control, authentication, authorization and traceability methods." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_13", "type": "std", "name": "Network management skills course", "lmsRsc": "", "area": { "id": "310000", "name": "Network management skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "310001", "type": "Knowledge", "shortname": "Knowledge of good hardware and software maintenance practices and procedures." }, { "id": "310002", "type": "Knowledge", "shortname": "Knowledge of the characteristics of communication networks (e.g. capacity, functionality, paths, critical nodes)." }, { "id": "310003", "type": "Knowledge", "shortname": "Knowledge of network analysis." }, { "id": "310004", "type": "Knowledge", "shortname": "Knowledge of network devices and their configurations." }, { "id": "310005", "type": "Knowledge", "shortname": "Knowledge of network tools (e.g., ping, traceroute, nslookup)." }, { "id": "310006", "type": "Knowledge", "shortname": "Knowledge of tools, methodologies and processes for analyzing data traffic on networks." }, { "id": "310007", "type": "Knowledge", "shortname": "Knowledge of network management principles, models, methods and tools (e.g., end-to-end system performance monitoring)." }, { "id": "310008", "type": "Knowledge", "shortname": "Knowledge of network traffic information collection systems." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_14", "type": "std", "name": "Database systems management skills course", "lmsRsc": "", "area": { "id": "311000", "name": "Database systems management skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "311001", "type": "Knowledge", "shortname": "Knowledge of programming interfaces for database access applications." }, { "id": "311002", "type": "Knowledge", "shortname": "Knowledge of query, creation and update languages." }, { "id": "311003", "type": "Knowledge", "shortname": "Knowledge of database management systems." }, { "id": "311004", "type": "Knowledge", "shortname": "Knowledge of the different types of databases, as well as their advantages and disadvantages." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_15", "type": "std", "name": "Network and systems security skills course", "lmsRsc": "", "area": { "id": "312000", "name": "Network and systems security skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "312001", "type": "Knowledge", "shortname": "Knowledge of demilitarized zones." }, { "id": "312002", "type": "Knowledge", "shortname": "Knowledge of security event correlation tools." }, { "id": "312003", "type": "Knowledge", "shortname": "Knowledge of tools, methods and techniques for designing security systems." }, { "id": "312004", "type": "Knowledge", "shortname": "Knowledge of security management." }, { "id": "312005", "type": "Knowledge", "shortname": "Knowledge of secure network implementations (e.g., host-based IDS, IPS, access control lists), including their functions and location on the network." }, { "id": "312006", "type": "Knowledge", "shortname": "Knowledge of network security (e.g. encryption, firewalls, authentication, honey pots, perimeter protection)." }, { "id": "312007", "type": "Knowledge", "shortname": "Knowledge of network security architecture concepts including topology, protocols, components and principles (e.g., defense-in-depth)." }, { "id": "312008", "type": "Knowledge", "shortname": "Knowledge of the foundations, concepts, principles, limitations and effects of cybersecurity." }, { "id": "312009", "type": "Knowledge", "shortname": "Knowledge of access control mechanisms on devices and networks (e.g. access control list)." }, { "id": "312010", "type": "Knowledge", "shortname": "Knowledge of cybersecurity and privacy principles." }, { "id": "312011", "type": "Knowledge", "shortname": "Knowledge of the principles of defense in depth and secure network architecture." }, { "id": "312012", "type": "Knowledge", "shortname": "Knowledge of the principles of security systems engineering." }, { "id": "312013", "type": "Knowledge", "shortname": "Knowledge of the principles and methods of information technology security (e.g. firewalls, demilitarized zones, encryption)." }, { "id": "312014", "type": "Knowledge", "shortname": "Knowledge of security principles and methods in information technologies (e.g. modularization, separation into layers, abstraction, minimization)." }, { "id": "312015", "type": "Knowledge", "shortname": "Basic knowledge of network security (e.g. encryption, firewalls, authentication, honey pots, perimeter protection)." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_16", "type": "std", "name": "Network defense skills course", "lmsRsc": "", "area": { "id": "313000", "name": "Network defense skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "313001", "type": "Knowledge", "shortname": "Knowledge of the reporting structure and processes of service providers within the organization." }, { "id": "313002", "type": "Knowledge", "shortname": "Knowledge of cyber terminology." }, { "id": "313003", "type": "Knowledge", "shortname": "Knowledge of intrusion detection and prevention tools and applications (IDS and IPS)." }, { "id": "313004", "type": "Knowledge", "shortname": "Knowledge of policies, procedures and regulations related to cyber-defense and information security." }, { "id": "313005", "type": "Knowledge", "shortname": "Knowledge of opponents' tactics, techniques and procedures." }, { "id": "313006", "type": "Knowledge", "shortname": "Knowledge of computer-based intrusion sets." }, { "id": "313007", "type": "Knowledge", "shortname": "Knowledge of application firewall concepts and functions (e.g., single point of authentication/audit/policy enforcement, tracking of malicious content in messages, data anonymization in compliance with PCI and PII, tracking of data loss protection, cryptographic operations, SSL security, REST/JSON processing)." }, { "id": "313008", "type": "Knowledge", "shortname": "Knowledge of exploiting vulnerabilities in organizations." }, { "id": "313009", "type": "Knowledge", "shortname": "Knowledge of intrusion detection methods and techniques for devices and networks." }, { "id": "313010", "type": "Knowledge", "shortname": "Knowledge of security options in software and hardware, and how they affect the network and how they affect the exploitation of vulnerabilities." }, { "id": "313011", "type": "Knowledge", "shortname": "Knowledge of the principles, resources, limitations and effects of activities in cyberspace (i.e. cyber-defense, intelligence gathering, attack in cyberspace)." }, { "id": "313012", "type": "Knowledge", "shortname": "Knowledge of products that guarantee security on devices and how they influence the exploitation and reduction of vulnerabilities." }, { "id": "313013", "type": "Knowledge", "shortname": "Knowledge of proofs of concept, databases, tools and applications necessary for preparing environments and surveillance products." }, { "id": "313014", "type": "Knowledge", "shortname": "Knowledge of intrusion detection systems and signature development methods." }, { "id": "313015", "type": "Knowledge", "shortname": "Knowledge of denial and fraud techniques." }, { "id": "313016", "type": "Knowledge", "shortname": "Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption)." }, { "id": "313017", "type": "Knowledge", "shortname": "Knowledge of the intrusion suite." }, { "id": "313018", "type": "Knowledge", "shortname": "Knowledge of the impact of virus, malware and attack signature implementations." }, { "id": "313019", "type": "Knowledge", "shortname": "Knowledge of cybersecurity resources (e.g., defense, attack, exploitation)." }, { "id": "313020", "type": "Knowledge", "shortname": "Knowledge of common attack vectors at the network layer." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_17", "type": "std", "name": "Systems testing and evaluation skills course", "lmsRsc": "", "area": { "id": "314000", "name": "Systems testing and evaluation skills" }, "mainArea": { "id": "300000", "name": "TECHNIQUES" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "314001", "type": "Knowledge", "shortname": "Knowledge of system diagnostic tools and vulnerability identification techniques." }, { "id": "314002", "type": "Knowledge", "shortname": "Knowledge of methods for testing and evaluating applications, as well as techniques for identifying vulnerabilities." }, { "id": "314003", "type": "Knowledge", "shortname": "Knowledge of server testing and evaluation methods, as well as vulnerability identification techniques." }, { "id": "314004", "type": "Knowledge", "shortname": "Knowledge of the requirements for assessing and validating the security of the organization and its information system." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_18", "type": "std", "name": "Requirements analysis skills course", "lmsRsc": "", "area": { "id": "401000", "name": "Requirements analysis skills" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "401001", "type": "Knowledge", "shortname": "Knowledge of the client's information needs." }, { "id": "401002", "type": "Knowledge", "shortname": "Knowledge of how to analyze requirements and capabilities." }, { "id": "401003", "type": "Knowledge", "shortname": "Knowledge of the organization's processes and operations." }, { "id": "401004", "type": "Knowledge", "shortname": "Knowledge of threat information development requirements and information request processes." }, { "id": "401005", "type": "Knowledge", "shortname": "Knowledge of critical information requirements and how they are used for planning." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_19", "type": "std", "name": "Audit competence course", "lmsRsc": "", "area": { "id": "402000", "name": "Audit competence" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "402001", "type": "Knowledge", "shortname": "Knowledge of cyber threats and vulnerabilities." }, { "id": "402002", "type": "Knowledge", "shortname": "Knowledge of the phases of an attack, as well as their relationship with threats and vulnerabilities." }, { "id": "402003", "type": "Knowledge", "shortname": "Knowledge of vulnerability assessment tools and defense mechanisms, as well as their capabilities and limitations." }, { "id": "402004", "type": "Knowledge", "shortname": "Knowledge of the common ways of infecting computers and networks and the methods of infection." }, { "id": "402005", "type": "Knowledge", "shortname": "Knowledge of the security implications of software configurations." }, { "id": "402006", "type": "Knowledge", "shortname": "Knowledge of potential vulnerabilities in technologies used in industry." }, { "id": "402007", "type": "Knowledge", "shortname": "Knowledge of threats and vulnerabilities in systems and applications (e.g. buffer overflow, cross-site scripting, Query Language injection, malicious code)." }, { "id": "402008", "type": "Knowledge", "shortname": "Knowledge of attacks based on file types to cause anomalous behavior on devices." }, { "id": "402009", "type": "Knowledge", "shortname": "Knowledge of network communication analysis tools to identify vulnerabilities." }, { "id": "402010", "type": "Knowledge", "shortname": "Knowledge of analysis tools for identifying vulnerabilities." }, { "id": "402011", "type": "Knowledge", "shortname": "Knowledge of capacity and performance measurement tools." }, { "id": "402012", "type": "Knowledge", "shortname": "Knowledge of network packet analysis tools and techniques." }, { "id": "402013", "type": "Knowledge", "shortname": "Knowledge of sources for disseminating information on vulnerabilities (e.g. alerts, recommendations, errata, bulletins)." }, { "id": "402014", "type": "Knowledge", "shortname": "Knowledge of system performance and availability indicators or measures." }, { "id": "402015", "type": "Knowledge", "shortname": "Knowledge of ethical and legal limits when conducting audits." }, { "id": "402016", "type": "Knowledge", "shortname": "Knowledge of hacking methodologies." }, { "id": "402017", "type": "Knowledge", "shortname": "Knowledge of hacking methods." }, { "id": "402018", "type": "Knowledge", "shortname": "Knowledge of methods and techniques for detecting exploitation activities." }, { "id": "402019", "type": "Knowledge", "shortname": "Knowledge of emerging security risks and vulnerabilities." }, { "id": "402020", "type": "Knowledge", "shortname": "Knowledge of application vulnerabilities." }, { "id": "402021", "type": "Knowledge", "shortname": "Knowledge of the concepts and factors of criticality and sensitivity for the business." }, { "id": "402022", "type": "Knowledge", "shortname": "Knowledge of the principles and techniques of ethical hacking." }, { "id": "402023", "type": "Knowledge", "shortname": "Knowledge of the principles, tools and techniques of penetration testing." }, { "id": "402024", "type": "Knowledge", "shortname": "Knowledge of application security risks (e.g. OWASP - Open Web Application Security Project Top 10 list)." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_20", "type": "std", "name": "Competence in legal compliance, ethics and social acceptance course", "lmsRsc": "", "area": { "id": "403000", "name": "Competence in legal compliance, ethics and social acceptance" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "403001", "type": "Knowledge", "shortname": "Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure)." }, { "id": "403002", "type": "Knowledge", "shortname": "Knowledge of cyber laws and legal considerations, as well as their implications for cyber planning." }, { "id": "403003", "type": "Knowledge", "shortname": "Knowledge of cyber laws and their effects on cyber planning." }, { "id": "403004", "type": "Knowledge", "shortname": "Knowledge of laws and statutes, government guidelines, executive branch guidelines, and/or administrative/criminal guidelines and procedures." }, { "id": "403005", "type": "Knowledge", "shortname": "Knowledge of laws, policies, procedures and governance relating to cybersecurity for critical infrastructures." }, { "id": "403006", "type": "Knowledge", "shortname": "Knowledge of the relevant laws, regulations and policies." }, { "id": "403007", "type": "Knowledge", "shortname": "Knowledge of disclosure policies and import/export control regulations related to cybersecurity." }, { "id": "403008", "type": "Knowledge", "shortname": "Knowledge of the legal rules of evidence and court procedures." }, { "id": "403009", "type": "Knowledge", "shortname": "Knowledge of legal considerations in segmentation." }, { "id": "403010", "type": "Knowledge", "shortname": "Knowledge of statutes, laws, regulations and policies applicable to the management and exploitation of cyberspace." }, { "id": "403011", "type": "Knowledge", "shortname": "Knowledge of legal governance relating to admissibility (e.g. rules of evidence)." }, { "id": "403012", "type": "Knowledge", "shortname": "Knowledge of electronic and digital evidence law." }, { "id": "403013", "type": "Knowledge", "shortname": "Knowledge of relevant laws, legal authorities, restrictions and regulations relating to cyber defense activities." }, { "id": "403014", "type": "Knowledge", "shortname": "Knowledge of laws, regulations, policies and ethics related to cybersecurity and privacy." }, { "id": "403015", "type": "Knowledge", "shortname": "Knowledge of legal proceedings, including the presentation of facts and evidence." }, { "id": "403016", "type": "Knowledge", "shortname": "Knowledge of import/export regulations related to cryptography and other security technologies." }, { "id": "403017", "type": "Knowledge", "shortname": "Knowledge of the processes of collecting, packaging, transporting and storing electronic evidence while maintaining the chain of custody." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_21", "type": "std", "name": "Organizational Knowledge Competence course", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=11", "area": { "id": "404000", "name": "Organizational Knowledge Competence" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "404001", "type": "Knowledge", "shortname": "Knowledge of the structure and intent of the organization's specific plans, guidelines and authorizations." }, { "id": "404002", "type": "Knowledge", "shortname": "Knowledge of the organizational structure in relation to cyber operations, including roles, responsibilities and relationships between intra-organizational elements." }, { "id": "404003", "type": "Knowledge", "shortname": "Knowledge of the national cybersecurity framework, functions, associated tasks, knowledge, skills and tasks." }, { "id": "404004", "type": "Knowledge", "shortname": "Knowledge of the organization's hierarchy and decision-making processes in the context of cybersecurity." }, { "id": "404005", "type": "Knowledge", "shortname": "Knowledge of the corporate mission, vision and objectives." }, { "id": "404006", "type": "Knowledge", "shortname": "Knowledge of your organization's structure, existing functions and responsibilities." }, { "id": "404007", "type": "Knowledge", "shortname": "Knowledge of government authorities for targeting." }, { "id": "404008", "type": "Knowledge", "shortname": "Knowledge of organizational structures and associated intelligence resources." }, { "id": "404009", "type": "Knowledge", "shortname": "Knowledge of the organization's decision-making support tools and methods." }, { "id": "404010", "type": "Knowledge", "shortname": "Knowledge of the functions and capabilities of internal teams that simulate threats for the benefit of the organization." }, { "id": "404011", "type": "Knowledge", "shortname": "Knowledge of the policies, tools, capacities and procedures of partner organizations." }, { "id": "404012", "type": "Knowledge", "shortname": "Knowledge of the organization's human resources policies, processes and procedures." }, { "id": "404013", "type": "Knowledge", "shortname": "Knowledge of the organization's priorities, legal authorities and processes for submitting requirements." }, { "id": "404014", "type": "Knowledge", "shortname": "Knowledge of cybersecurity issues, objectives, and operations as well as the regulations and policies governing cybersecurity operations" }, { "id": "404015", "type": "Knowledge", "shortname": "Knowledge of organizational and partner authorities, responsibilities and contributions to achieving objectives." }, { "id": "404016", "type": "Knowledge", "shortname": "Knowledge of organizational planning concepts." }, { "id": "404017", "type": "Knowledge", "shortname": "Knowledge of industry safety standards." }, { "id": "404018", "type": "Knowledge", "shortname": "Knowledge of external organizations and academic institutions focused on cybersecurity (e.g., cyber training/curriculum, research and development)." }, { "id": "404019", "type": "Knowledge", "shortname": "Knowledge of operational, planning and targeting cycles." }, { "id": "404020", "type": "Knowledge", "shortname": "Knowledge of organizational evaluation and validation criteria." }, { "id": "404021", "type": "Knowledge", "shortname": "Knowledge of the objectives of the different levels of the organization." }, { "id": "404022", "type": "Knowledge", "shortname": "Knowledge of the organization's objectives, leadership priorities and decision risks." }, { "id": "404023", "type": "Knowledge", "shortname": "Knowledge of the organizers of the organization's operations, how and where they can be contacted, and what their expectations are." }, { "id": "404024", "type": "Knowledge", "shortname": "Knowledge of the organization's recruitment plans and processes." }, { "id": "404025", "type": "Knowledge", "shortname": "Knowledge of the plans/guidelines that describe the organizational objectives." }, { "id": "404026", "type": "Knowledge", "shortname": "Knowledge of the organization's key business processes." }, { "id": "404027", "type": "Knowledge", "shortname": "Knowledge of the planning systems approved by the organization." }, { "id": "404028", "type": "Knowledge", "shortname": "Knowledge of planning policies and concepts regarding partnership relations with internal and external organizations." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_22", "type": "std", "name": "Information system assurance competence. course", "lmsRsc": "", "area": { "id": "405000", "name": "Information system assurance competence." }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "405001", "type": "Knowledge", "shortname": "Knowledge of the organization's information security architecture." }, { "id": "405002", "type": "Knowledge", "shortname": "Knowledge of security models." }, { "id": "405003", "type": "Knowledge", "shortname": "Knowledge of relevant procedures, software, equipment and technological applications." }, { "id": "405004", "type": "Knowledge", "shortname": "Knowledge of processes and tools for remote access." }, { "id": "405005", "type": "Knowledge", "shortname": "Knowledge of multi-level and multi-domain security systems." }, { "id": "405006", "type": "Knowledge", "shortname": "Knowledge of the security assessment and authorization process." }, { "id": "405007", "type": "Knowledge", "shortname": "Knowledge of the concepts and practices of version management and control, as well as software patch management and control." }, { "id": "405008", "type": "Knowledge", "shortname": "Knowledge of current industry methods for assessing, implementing and disseminating assessment, monitoring and detection results related to information security." }, { "id": "405009", "type": "Knowledge", "shortname": "Knowledge of tools and procedures that follow best practice standards and benchmarks." }, { "id": "405010", "type": "Knowledge", "shortname": "Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)" }, { "id": "405011", "type": "Knowledge", "shortname": "Knowledge of cybersecurity and privacy principles used to manage risks relating to the use, processing, storage and transmission of data." }, { "id": "405012", "type": "Knowledge", "shortname": "Knowledge of the principles underlying confidentiality, integrity and availability." }, { "id": "405013", "type": "Knowledge", "shortname": "Knowledge of confidentiality, integrity and availability requirements." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_23", "type": "std", "name": "Asset management skills course", "lmsRsc": "", "area": { "id": "406000", "name": "Asset management skills" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "406001", "type": "Knowledge", "shortname": "Knowledge of asset classification methodologies and techniques." }, { "id": "406002", "type": "Knowledge", "shortname": "Knowledge of the organization's assets, including their criticality, sensitivity, as well as their requirements and limitations." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_24", "type": "std", "name": "Knowledge management competence course", "lmsRsc": "", "area": { "id": "407000", "name": "Knowledge management competence" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "407001", "type": "Knowledge", "shortname": "Knowledge of organizational teaching/training policies." }, { "id": "407002", "type": "Knowledge", "shortname": "Knowledge of organizational training policies, procedures and processes." }, { "id": "407003", "type": "Knowledge", "shortname": "Knowledge of task assignment, collection, processing, exploitation and dissemination." }, { "id": "407004", "type": "Knowledge", "shortname": "Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., PC, cloud)." }, { "id": "407005", "type": "Knowledge", "shortname": "Knowledge of cyber competitions as a way of developing skills, providing field experience in real-world simulations." }, { "id": "407006", "type": "Knowledge", "shortname": "Knowledge of learning styles (e.g. visual, auditory, kinesthetic)." }, { "id": "407007", "type": "Knowledge", "shortname": "Knowledge of research strategies and knowledge management." }, { "id": "407008", "type": "Knowledge", "shortname": "Knowledge of priority information, how it is obtained, where it is published, how to access it." }, { "id": "407009", "type": "Knowledge", "shortname": "Knowledge of ways of learning (e.g. learning based on repetition and memorization, observation)." }, { "id": "407010", "type": "Knowledge", "shortname": "Knowledge of testing and evaluation processes for trainees." }, { "id": "407011", "type": "Knowledge", "shortname": "Knowledge of learning management systems." }, { "id": "407012", "type": "Knowledge", "shortname": "Knowledge of taxonomy and semantic ontology theory." }, { "id": "407013", "type": "Knowledge", "shortname": "Knowledge of learning assessment techniques (rubrics, assessment plans, tests, quizzes)." }, { "id": "407014", "type": "Knowledge", "shortname": "Knowledge of cloud-based technologies and knowledge management concepts related to security, governance, procurement and administration." }, { "id": "407015", "type": "Knowledge", "shortname": "Knowledge of training and e-learning services based on information technologies." }, { "id": "407016", "type": "Knowledge", "shortname": "Knowledge of the organizational teaching/coaching system." }, { "id": "407017", "type": "Knowledge", "shortname": "Knowledge of the cognitive domains and the tools and methods applicable to learning in each domain." }, { "id": "407018", "type": "Knowledge", "shortname": "Knowledge of learning levels (i.e. Bloom's Taxonomy for learning)." }, { "id": "407019", "type": "Knowledge", "shortname": "Knowledge of the principles and methods of training and education for curriculum design, teaching and instruction of individuals or groups, and measurement of the effects of training and education." }, { "id": "407020", "type": "Knowledge", "shortname": "Knowledge of the principles and processes of assessing training and teaching needs." }, { "id": "407021", "type": "Knowledge", "shortname": "Knowledge of information prioritization requirements based on the levels defined by the organization." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_25", "type": "std", "name": "Partnership management, contracting and procurement competence course", "lmsRsc": "", "area": { "id": "408000", "name": "Partnership management, contracting and procurement competence" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "408001", "type": "Knowledge", "shortname": "Knowledge of good risk management practices in supply chains." }, { "id": "408002", "type": "Knowledge", "shortname": "Knowledge of procedures for assessing the credibility of suppliers and solutions." }, { "id": "408003", "type": "Knowledge", "shortname": "Knowledge of information technology acquisition requirements." }, { "id": "408004", "type": "Knowledge", "shortname": "Knowledge of the procurement process life cycle." }, { "id": "408005", "type": "Knowledge", "shortname": "Knowledge of audit rights and information requests." }, { "id": "408006", "type": "Knowledge", "shortname": "Knowledge of import/export control regulations and the organizations responsible for supply chain risk reduction." }, { "id": "408007", "type": "Knowledge", "shortname": "Knowledge of functionality, quality and safety requirements, and how these apply in supply chains." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_26", "type": "std", "name": "Human resources management skills course", "lmsRsc": "", "area": { "id": "409000", "name": "Human resources management skills" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "409001", "type": "Knowledge", "shortname": "Knowledge of human resources management in outsourcing." }, { "id": "409002", "type": "Knowledge", "shortname": "Knowledge of employee entry and exit procedures, with regard to access management, use of resources and confidentiality agreements." }, { "id": "409003", "type": "Knowledge", "shortname": "Knowledge of the processes of managing, assigning and allocating human resources." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_27", "type": "std", "name": "Policy competence of the organization course", "lmsRsc": "", "area": { "id": "410000", "name": "Policy competence of the organization" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "410001", "type": "Knowledge", "shortname": "Knowledge of good practices for drawing up and maintaining security policies." }, { "id": "410002", "type": "Knowledge", "shortname": "Knowledge of the organization's security policies." }, { "id": "410003", "type": "Knowledge", "shortname": "Knowledge of current, emerging and long-term issues related to the strategies, policies and organization of cybersecurity operations." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_28", "type": "std", "name": "Data protection and privacy course", "lmsRsc": "", "area": { "id": "411000", "name": "Data protection and privacy" }, "mainArea": { "id": "400000", "name": "ORGANIZATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "411001", "type": "Knowledge", "shortname": "Knowledge of laws, regulations and good practices relating to data protection and privacy." }, { "id": "411002", "type": "Knowledge", "shortname": "Knowledge of payment card industry (PCI) security standards." }, { "id": "411003", "type": "Knowledge", "shortname": "Knowledge of security standards for personal health data." }, { "id": "411004", "type": "Knowledge", "shortname": "Knowledge of the standards and good practices of security and privacy of personally identifiable data." }, { "id": "411005", "type": "Knowledge", "shortname": "Knowledge of the standards and good practices of security and privacy of sensitive data." }, { "id": "411006", "type": "Knowledge", "shortname": "Knowledge of privacy impact assessment methods (e.g. DPIA - Data Protection Impact Assessment)." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_29", "type": "std", "name": "Communication skills course", "lmsRsc": "", "area": { "id": "501000", "name": "Communication skills" }, "mainArea": { "id": "500000", "name": "RELATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "501001", "type": "Knowledge", "shortname": "Knowledge of how to articulate, discuss ideas and persuade others in order to reach consensus." }, { "id": "501002", "type": "Knowledge", "shortname": "Knowledge of how to communicate information to answer general questionnaires and to obtain specific information." }, { "id": "501003", "type": "Knowledge", "shortname": "Knowledge of ways to negotiate in order to address issues/problems to reach mutual consensus." }, { "id": "501004", "type": "Knowledge", "shortname": "Knowledge of transcription development processes and techniques (e.g. verbatim, fundamental, summaries)." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_30", "type": "std", "name": "Conflict management skills course", "lmsRsc": "", "area": { "id": "502000", "name": "Conflict management skills" }, "mainArea": { "id": "500000", "name": "RELATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "502001", "type": "Knowledge", "shortname": "Knowledge of conflict resolution processes and procedures." }, { "id": "502002", "type": "Knowledge", "shortname": "Knowledge of conflict resolution reports that include interactions with external organizations." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_31", "type": "std", "name": "Diversity management competence course", "lmsRsc": "", "area": { "id": "503000", "name": "Diversity management competence" }, "mainArea": { "id": "500000", "name": "RELATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "503001", "type": "Knowledge", "shortname": "Knowledge of ways to demonstrate sensitivity to the inter- and intra-cultural characteristics, values, beliefs and behaviors of other ethnic or cultural groups." }, { "id": "503002", "type": "Knowledge", "shortname": "Knowledge of how to manage conflicts resulting from inter- and intra-cultural or ethnic differences and how to work effectively in a multicultural environment." }, { "id": "503003", "type": "Knowledge", "shortname": "Knowledge of techniques for building relationships with people with behavioral differences from other ethnicities, cultures, or even intracultural backgrounds, in cross-cultural cooperative projects." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_32", "type": "std", "name": "Interpersonal Relationship Skills course", "lmsRsc": "", "area": { "id": "504000", "name": "Interpersonal Relationship Skills" }, "mainArea": { "id": "500000", "name": "RELATIONAL" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "504001", "type": "Knowledge", "shortname": "Knowledge of ways to apply collaborative skills and strategies." }, { "id": "504002", "type": "Knowledge", "shortname": "Knowledge of ways to work collaboratively in order to capitalize on the analytical and technical skills available internally and externally to the organization." }, { "id": "504003", "type": "Knowledge", "shortname": "Knowledge of how to work in a dynamic environment." }, { "id": "504004", "type": "Knowledge", "shortname": "Knowledge of teamwork in virtual environments." }, { "id": "504005", "type": "Knowledge", "shortname": "Knowledge of methods of collaboration with other people." }, { "id": "504006", "type": "Knowledge", "shortname": "Knowledge of collaboration methods to meet monitoring requirements and produce relevant information." }, { "id": "504007", "type": "Knowledge", "shortname": "Knowledge of communication methods with clients (e.g. what information can/should be shared, appropriate vocabulary, verbal/non-verbal communication, most effective means of communication)" }, { "id": "504008", "type": "Knowledge", "shortname": "Knowledge of working methods as a team member, group coordinator and task force coordinator." }, { "id": "504009", "type": "Knowledge", "shortname": "Knowledge of methods, tools for communicating with management members of the organization, including executive members (e.g. verbal and non-verbal language, use of appropriate vocabulary)" } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_33", "type": "std", "name": "Leadership skills course", "lmsRsc": "", "area": { "id": "601000", "name": "Leadership skills" }, "mainArea": { "id": "600000", "name": "LEADERSHIP, STRATEGY AND DECISION-MAKING" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "601001", "type": "Knowledge", "shortname": "Knowledge of how to lead at an organizational level." }, { "id": "601002", "type": "Knowledge", "shortname": "Knowledge of how to lead a team by example." }, { "id": "601003", "type": "Knowledge", "shortname": "Knowledge of ways to demonstrate professionalism by example to colleagues." }, { "id": "601004", "type": "Knowledge", "shortname": "Knowledge of ways to encourage and guide others to adopt a point of view, to change or to act." }, { "id": "601005", "type": "Knowledge", "shortname": "Knowledge of ways to foster an open, cooperative and collaborative learning culture within the organization." }, { "id": "601006", "type": "Knowledge", "shortname": "Knowledge of ways to inspire, motivate and guide others to adopt a point of view, change or take action." }, { "id": "601007", "type": "Knowledge", "shortname": "Knowledge of ways to provide an environment that facilitates teamwork, relationship development and people's personal and professional development." }, { "id": "601008", "type": "Knowledge", "shortname": "Knowledge of ways to support others through their own initiatives." }, { "id": "601009", "type": "Knowledge", "shortname": "Knowledge of ways to motivate others through a positive and energetic approach." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_34", "type": "std", "name": "Creative thinking skills course", "lmsRsc": "", "area": { "id": "602000", "name": "Creative thinking skills" }, "mainArea": { "id": "600000", "name": "LEADERSHIP, STRATEGY AND DECISION-MAKING" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "602001", "type": "Knowledge", "shortname": "Knowledge of ways to create original and innovative ideas or applications that reveal new possibilities and reshape objectives." }, { "id": "602002", "type": "Knowledge", "shortname": "Knowledge of ways of linking ideas or information from different areas or applications to address immediate problems." }, { "id": "602003", "type": "Knowledge", "shortname": "Knowledge of ways of linking or combining ideas and knowledge from different areas to generate new ideas in specific contexts." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_35", "type": "std", "name": "Critical thinking skills course", "lmsRsc": "", "area": { "id": "603000", "name": "Critical thinking skills" }, "mainArea": { "id": "600000", "name": "LEADERSHIP, STRATEGY AND DECISION-MAKING" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "603001", "type": "Knowledge", "shortname": "Conceptual knowledge of the criteria for discerning procedures for escalating/decelerating decisions involving leadership." }, { "id": "603002", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "603003", "type": "Knowledge", "shortname": "Knowledge of ways to conceptualize ideas through knowledge and information from multiple domains." }, { "id": "603004", "type": "Knowledge", "shortname": "Knowledge of critical thinking methods for analyzing trends and patterns in the organization." }, { "id": "603005", "type": "Knowledge", "shortname": "Knowledge of critical thinking methods." }, { "id": "603006", "type": "Knowledge", "shortname": "Knowledge of ambiguity resolution methods for analyzing ambiguous and/or incomplete policies." }, { "id": "603007", "type": "Knowledge", "shortname": "Knowledge of methods to meet the needs of clients in the development of research." }, { "id": "603008", "type": "Knowledge", "shortname": "Knowledge of cognitive biases and methods to mitigate them." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "DEMO_36", "type": "std", "name": "Decision-making skills course", "lmsRsc": "", "area": { "id": "604000", "name": "Decision-making skills" }, "mainArea": { "id": "600000", "name": "LEADERSHIP, STRATEGY AND DECISION-MAKING" }, "category": { "id": "0", "name": "DEMO" }, "competencies": [ { "id": "604001", "type": "Knowledge", "shortname": "Knowledge of how to make decisions in complex environments to achieve objectives, using a structured process and multiple sources of information." }, { "id": "604002", "type": "Knowledge", "shortname": "Knowledge of how to make decisions in a volatile and ambiguous environment, using a structured process and limited information resources, in order to achieve objectives." }, { "id": "604003", "type": "Knowledge", "shortname": "Knowledge of how to make simple or routine decisions to achieve objectives, using available information and guidance." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "ATHENA-VR-02-DETECTION", "type": "vr", "name": "Scenario 2", "lmsRsc": "", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.1", "name": "Requirements analysis" }, "competencies": [ { "id": "1.1.1.K", "type": "Knowledge", "shortname": "Cybersecurity related requirements and capabilities." }, { "id": "1.1.1.O.S", "type": "Skill", "shortname": "Ability to participate in operational and cybersecurity requirements analysis. Imple" }, { "id": "1.1.3.K", "type": "Knowledge", "shortname": "How information needs and collection requirements are transposed, tracked and prioritized throughout the organization." }, { "id": "1.1.3.O.S", "type": "Skill", "shortname": "Ability to operationalise information flows according to organizational priorities" }, { "id": "1.3.3.K", "type": "Knowledge", "shortname": "Authorities, responsibilities, capacities and procedures of stakeholders." }, { "id": "1.3.3.O.S", "type": "Skill", "shortname": "Ability to coordinate with internal and external stakeholders according to defined responsibilities." }, { "id": "1.3.5.K", "type": "Knowledge", "shortname": "Organization's key business processes and operations." }, { "id": "1.3.5.O.S", "type": "Skill", "shortname": "Ability to understand operational workflows and identify their dependencies and risks." }, { "id": "1.3.6.K", "type": "Knowledge", "shortname": "Organization's data, information and knowledge needs." }, { "id": "1.3.6.O.S", "type": "Skill", "shortname": "Ability to identify and support data needs required for effective operations and decision-making." }, { "id": "1.3.7.K", "type": "Knowledge", "shortname": "Internal and external cross-functional coordination." }, { "id": "1.3.7.O.S", "type": "Skill", "shortname": "Ability to support coordinated responses and information sharing across functional teams." }, { "id": "1.4.1.K", "type": "Knowledge", "shortname": "Organization's information security architecture." }, { "id": "1.4.1.O.S", "type": "Skill", "shortname": "Ability to understand security architecture requirements in OT environments." }, { "id": "1.4.2.K", "type": "Knowledge", "shortname": "Processes and tools for remote access." }, { "id": "1.4.2.O.S", "type": "Skill", "shortname": "Ability to operate secure remote access solutions." }, { "id": "1.4.3.K", "type": "Knowledge", "shortname": "Security assessment and authorization process." }, { "id": "1.4.3.O.S", "type": "Skill", "shortname": "Ability to support security assessments for meeting authorization criteria." }, { "id": "1.5.1.K", "type": "Knowledge", "shortname": "Organization's assets, including their criticality, sensitivity, as well as their requirements and limitations." }, { "id": "1.5.1.O.S", "type": "Skill", "shortname": "Ability to identify critical assets and apply appropriate (adapted and timely) protection measures." }, { "id": "2.1.3.K", "type": "Knowledge", "shortname": "Comunication in crisis situations (policies, procedures, roles and responsabilities)" }, { "id": "2.1.3.O.S", "type": "Skill", "shortname": "Ability to generate, consolidate, and convey accurate, timely and actionable information during crises (common operational picture)" }, { "id": "2.3.1.K", "type": "Knowledge", "shortname": "Conceptual knowledge of the criteria for discerning procedures for escalating/decelerating decisions involving leadership." }, { "id": "2.3.1.O.S", "type": "Skill", "shortname": "Ability to assess decision impact and escalate appropriately." }, { "id": "2.3.2.K", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "2.3.2.O.S", "type": "Skill", "shortname": "Ability to evaluate risks and anticipate operational consequences." }, { "id": "2.4.1.K", "type": "Knowledge", "shortname": "How to make decisions in complex environments to achieve objectives, using a structured process and multiple sources of information." }, { "id": "2.4.1.O.S", "type": "Skill", "shortname": "Ability to participate in informed decision-making." }, { "id": "2.4.2.K", "type": "Knowledge", "shortname": "How to make decisions in a volatile and ambiguous environment, using a structured process and limited information resources, in order to achieve objectives." }, { "id": "2.4.2.O.S", "type": "Skill", "shortname": "Ability to act decisively under uncertainty using available data." }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "4.1.1.O.S", "type": "Skill", "shortname": "Ability to perform OT risk assessments and implement mitigation actions aligned with operational constraints." }, { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "4.1.3.K", "type": "Knowledge", "shortname": "Stakeholders organizations, including their objectives, structure, resources and information needs." }, { "id": "4.1.3.O.S", "type": "Skill", "shortname": "Ability to identify stakeholder needs and translate them into actionable OT risk and resilience requirements." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.1.1.O.S", "type": "Skill", "shortname": "Ability to identify anomalies and apply monitoring techniques to detect early signs of incidents." }, { "id": "5.1.3.K", "type": "Knowledge", "shortname": "Incident response programs, response methodologies roles and responsibilities." }, { "id": "5.1.3.O.S", "type": "Skill", "shortname": "Ability to implement structured response procedures and coordinate according to defined roles and responsibilities." }, { "id": "5.2.1.K", "type": "Knowledge", "shortname": "Incident reporting requirements, procedures and means of communication, including reporting formats, reporting criteria (requirements and priorities), dissemination practices and legal restrictions (NIS2). Procedures and tools for documenting and consulting incidents, problems and reported events." }, { "id": "5.2.1.O.S", "type": "Skill", "shortname": "Ability to document and communicate incidents clearly and accurately following regulatory and internal reporting requirements." }, { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.3.O.S", "type": "Skill", "shortname": "Ability to analyze evolving risks and identify vulnerabilities relevant to OT environments." }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.5.O.S", "type": "Skill", "shortname": "Ability to recognize common attack Tactics, Techniques and Procedures and relate them to potential operational impacts" }, { "id": "6.1.6.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for collecting threat information, including legal restrictions and legal authorities." }, { "id": "6.1.6.O.S", "type": "Skill", "shortname": "Ability to follow structured collection processes and maintain information integrity." }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.1.7.O.S", "type": "Skill", "shortname": "Ability to recognise cyber threat actor relevance to the organization." }, { "id": "6.2.2.K", "type": "Knowledge", "shortname": "Basic information on IT infrastructure (including network devices) that contribute to the security, performance and reliability of information technologies." }, { "id": "6.2.2.O.S", "type": "Skill", "shortname": "Ability to transfer this knowledge in the OT security context" }, { "id": "6.3.1.K", "type": "Knowledge", "shortname": "Information classification policies, guidelines, best practices and procedures." }, { "id": "6.3.1.O.S", "type": "Skill", "shortname": "Ability to apply classification rules to protect sensitive OT and corporate information." }, { "id": "6.3.2.K", "type": "Knowledge", "shortname": "Methods, procedures and techniques for collecting, producing, reporting and sharing information." }, { "id": "6.3.2.O.S", "type": "Skill", "shortname": "Ability to manage information flows and apply consistent reporting and documentation practices." }, { "id": "6.3.3.K", "type": "Knowledge", "shortname": "Characteristics of physical and virtual data storage media." }, { "id": "6.3.3.O.S", "type": "Skill", "shortname": "Ability to use appropriate storage solutions while considering security and operational constraints." }, { "id": "6.4.3.K", "type": "Knowledge", "shortname": "Hardware and software maintenance practices and procedures." }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." }, { "id": "6.5.1.O.S", "type": "Skill", "shortname": "Ability to apply core security principles to safeguard system confidentiality, integrity and availability." }, { "id": "6.5.2.K", "type": "Knowledge", "shortname": "Basic information regarding network security (e.g. encryption, firewalls, authentication, honey pots, perimeter protection)." }, { "id": "6.5.2.O.S", "type": "Skill", "shortname": "Ability to identify security risks" }, { "id": "6.5.4.K", "type": "Knowledge", "shortname": "Basics on intrusion detection methods and techniques for devices and networks." } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA-VR-01-PREVENTION", "ATHENA_W4", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.3.4.O.S", "1.3.5.K", "1.3.5.O.S", "1.4.1.K", "1.4.1.O.S", "1.4.2.O.S", "1.4.3.O.S", "1.5.1.O.S", "2.3.2.O.S", "4.1.1.O.S", "4.1.3.O.S", "5.1.1.O.S", "6.1.3.O.S", "6.1.4.K", "6.1.4.O.S", "6.1.5.O.S", "6.1.6.O.S", "6.1.7.O.S", "6.2.2.O.S", "6.2.4.O.S", "6.3.1.O.S", "6.3.2.O.S", "6.3.3.O.S", "6.4.1.O.S", "6.5.1.O.S", "6.5.2.O.S", "6.1.2.K", "1.1.1.K", "1.2.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_W1", "type": "std", "name": "Webinar 1: Introduction to Human Factors & Cybersecurity in the Waterway Sector", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=15", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.1", "name": "Requirements analysis" }, "competencies": [ { "id": "1.1.1.K", "type": "Knowledge", "shortname": "Cybersecurity related requirements and capabilities." }, { "id": "1.2.1.K", "type": "Knowledge", "shortname": "National and international laws, regulatory framework and obligations, policies and procedures, including those regarding critical infrastructures, cyberdefense, cybersecurity and privacy." }, { "id": "1.3.5.K", "type": "Knowledge", "shortname": "Organization's key business processes and operations." }, { "id": "1.4.1.K", "type": "Knowledge", "shortname": "Organization's information security architecture." }, { "id": "1.6.1.K", "type": "Knowledge", "shortname": "Organizational teaching and training policies and procedures." }, { "id": "2.1.2.K", "type": "Knowledge", "shortname": "How to communicate information to answer general questionnaires and to obtain specific information." }, { "id": "2.1.3.K", "type": "Knowledge", "shortname": "Comunication in crisis situations (policies, procedures, roles and responsabilities)" }, { "id": "2.2.3.K", "type": "Knowledge", "shortname": "Communication between OT and IT in crisis situations" }, { "id": "2.3.2.K", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "2.4.1.K", "type": "Knowledge", "shortname": "How to make decisions in complex environments to achieve objectives, using a structured process and multiple sources of information." }, { "id": "2.4.2.K", "type": "Knowledge", "shortname": "How to make decisions in a volatile and ambiguous environment, using a structured process and limited information resources, in order to achieve objectives." }, { "id": "3.1.1.K", "type": "Knowledge", "shortname": "Basic knowledge of NIS2 requirements" }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "4.1.3.K", "type": "Knowledge", "shortname": "Stakeholders organizations, including their objectives, structure, resources and information needs." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.1.2.K", "type": "Knowledge", "shortname": "Incident mitigation and recovery" }, { "id": "5.1.3.K", "type": "Knowledge", "shortname": "Incident response programs, response methodologies roles and responsibilities." }, { "id": "5.1.4.K", "type": "Knowledge", "shortname": "Action planning in crisis situations." }, { "id": "6.1.2.K", "type": "Knowledge", "shortname": "Human resource requirements related to threat information (e.g. insider threats)." }, { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.4.K", "type": "Knowledge", "shortname": "Risk factors (including HR) that can impact data security" }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.2.4.K", "type": "Knowledge", "shortname": "Basic information on IT (e.g. computer systems/components, access control devices, digital cameras, scanners, hard disks, modems, network components, printers, removable memory)." }, { "id": "6.2.6.K", "type": "Knowledge", "shortname": "Underlying concepts of remote access technologies." }, { "id": "6.3.1.K", "type": "Knowledge", "shortname": "Information classification policies, guidelines, best practices and procedures." }, { "id": "6.3.2.K", "type": "Knowledge", "shortname": "Methods, procedures and techniques for collecting, producing, reporting and sharing information." }, { "id": "6.4.1.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for the correct use of the organization's information technologies (e.g., account creation, password rules, access controls) and physical acess." }, { "id": "6.4.3.K", "type": "Knowledge", "shortname": "Hardware and software maintenance practices and procedures." }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." } ], "prerequisites": { "courses": [ "ATHENA_EL" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K" ] } }, { "id": "ATHENA_W2", "type": "std", "name": "Webinar 2: Supply Chain Cybersecurity in the Water Sector", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=16", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.1", "name": "Requirements analysis" }, "competencies": [ { "id": "1.1.1.K", "type": "Knowledge", "shortname": "Cybersecurity related requirements and capabilities." }, { "id": "1.2.1.K", "type": "Knowledge", "shortname": "National and international laws, regulatory framework and obligations, policies and procedures, including those regarding critical infrastructures, cyberdefense, cybersecurity and privacy." }, { "id": "1.3.2.K", "type": "Knowledge", "shortname": "Organization's decision-making support tools and methods." }, { "id": "1.3.3.K", "type": "Knowledge", "shortname": "Authorities, responsibilities, capacities and procedures of stakeholders." }, { "id": "1.3.5.K", "type": "Knowledge", "shortname": "Organization's key business processes and operations." }, { "id": "1.3.6.K", "type": "Knowledge", "shortname": "Organization's data, information and knowledge needs." }, { "id": "1.4.1.K", "type": "Knowledge", "shortname": "Organization's information security architecture." }, { "id": "1.6.1.K", "type": "Knowledge", "shortname": "Organizational teaching and training policies and procedures." }, { "id": "1.7.1.K", "type": "Knowledge", "shortname": "Supply chain risk management." }, { "id": "1.7.2.K", "type": "Knowledge", "shortname": "Procedures for supply chain oversight, assessing the credibility of suppliers and solutions." }, { "id": "2.1.2.K", "type": "Knowledge", "shortname": "How to communicate information to answer general questionnaires and to obtain specific information." }, { "id": "2.1.3.K", "type": "Knowledge", "shortname": "Comunication in crisis situations (policies, procedures, roles and responsabilities)" }, { "id": "2.2.3.K", "type": "Knowledge", "shortname": "Communication between OT and IT in crisis situations" }, { "id": "2.4.1.K", "type": "Knowledge", "shortname": "How to make decisions in complex environments to achieve objectives, using a structured process and multiple sources of information." }, { "id": "2.4.2.K", "type": "Knowledge", "shortname": "How to make decisions in a volatile and ambiguous environment, using a structured process and limited information resources, in order to achieve objectives." }, { "id": "3.1.1.K", "type": "Knowledge", "shortname": "Basic knowledge of NIS2 requirements" }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "4.1.3.K", "type": "Knowledge", "shortname": "Stakeholders organizations, including their objectives, structure, resources and information needs." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.1.2.K", "type": "Knowledge", "shortname": "Incident mitigation and recovery" }, { "id": "5.1.3.K", "type": "Knowledge", "shortname": "Incident response programs, response methodologies roles and responsibilities." }, { "id": "5.1.4.K", "type": "Knowledge", "shortname": "Action planning in crisis situations." }, { "id": "5.2.1.K", "type": "Knowledge", "shortname": "Incident reporting requirements, procedures and means of communication, including reporting formats, reporting criteria (requirements and priorities), dissemination practices and legal restrictions (NIS2). Procedures and tools for documenting and consulting incidents, problems and reported events." }, { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.4.K", "type": "Knowledge", "shortname": "Risk factors (including HR) that can impact data security" }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.2.6.K", "type": "Knowledge", "shortname": "Underlying concepts of remote access technologies." }, { "id": "6.4.1.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for the correct use of the organization's information technologies (e.g., account creation, password rules, access controls) and physical acess." }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.1.2.K", "6.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_W3", "type": "std", "name": "Webinar 3: Incident Reporting and Lessons Learned", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=17", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.1", "name": "Requirements analysis" }, "competencies": [ { "id": "1.1.1.K", "type": "Knowledge", "shortname": "Cybersecurity related requirements and capabilities." }, { "id": "1.2.1.K", "type": "Knowledge", "shortname": "National and international laws, regulatory framework and obligations, policies and procedures, including those regarding critical infrastructures, cyberdefense, cybersecurity and privacy." }, { "id": "1.3.1.K", "type": "Knowledge", "shortname": "Organizational structure in relation to cyber resilience governance and cyber operations, including roles, responsibilities and relationships between intra-organizational elements." }, { "id": "1.3.2.K", "type": "Knowledge", "shortname": "Organization's decision-making support tools and methods." }, { "id": "1.3.3.K", "type": "Knowledge", "shortname": "Authorities, responsibilities, capacities and procedures of stakeholders." }, { "id": "1.3.5.K", "type": "Knowledge", "shortname": "Organization's key business processes and operations." }, { "id": "1.3.6.K", "type": "Knowledge", "shortname": "Organization's data, information and knowledge needs." }, { "id": "1.4.1.K", "type": "Knowledge", "shortname": "Organization's information security architecture." }, { "id": "1.6.1.K", "type": "Knowledge", "shortname": "Organizational teaching and training policies and procedures." }, { "id": "1.7.1.K", "type": "Knowledge", "shortname": "Supply chain risk management." }, { "id": "2.1.2.K", "type": "Knowledge", "shortname": "How to communicate information to answer general questionnaires and to obtain specific information." }, { "id": "2.1.3.K", "type": "Knowledge", "shortname": "Comunication in crisis situations (policies, procedures, roles and responsabilities)" }, { "id": "2.2.3.K", "type": "Knowledge", "shortname": "Communication between OT and IT in crisis situations" }, { "id": "2.3.2.K", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "2.4.1.K", "type": "Knowledge", "shortname": "How to make decisions in complex environments to achieve objectives, using a structured process and multiple sources of information." }, { "id": "2.4.2.K", "type": "Knowledge", "shortname": "How to make decisions in a volatile and ambiguous environment, using a structured process and limited information resources, in order to achieve objectives." }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.1.2.K", "type": "Knowledge", "shortname": "Incident mitigation and recovery" }, { "id": "5.1.3.K", "type": "Knowledge", "shortname": "Incident response programs, response methodologies roles and responsibilities." }, { "id": "5.1.4.K", "type": "Knowledge", "shortname": "Action planning in crisis situations." }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_3+4", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.1.2.K", "1.1.2.L.S", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.1.2.K", "6.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_3+4", "type": "vr", "name": "Scenario 3+4", "lmsRsc": "", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.1", "name": "Requirements analysis" }, "competencies": [ { "id": "1.1.2.K", "type": "Knowledge", "shortname": "Critical information requirements and how they are used for planning." }, { "id": "1.1.2.L.S", "type": "Skill", "shortname": "Ability to define and prioritize critical information needs to support planning and decision-making." } ], "prerequisites": { "courses": [ "ATHENA_EL" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K" ] } }, { "id": "ATHENA_EL", "type": "std", "name": "E-Learning: Cybersecurity", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=11", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.3", "name": "Organizational knowledge" }, "competencies": [ { "id": "1.3.4.K", "type": "Knowledge", "shortname": "Organization's human resources policies and procedures (employee entry and exit procedures, with regard to access management, use of resources and confidentiality agreements)" }, { "id": "1.4.2.K", "type": "Knowledge", "shortname": "Processes and tools for remote access." }, { "id": "1.4.3.K", "type": "Knowledge", "shortname": "Security assessment and authorization process." }, { "id": "1.5.1.K", "type": "Knowledge", "shortname": "Organization's assets, including their criticality, sensitivity, as well as their requirements and limitations." }, { "id": "2.1.2.K", "type": "Knowledge", "shortname": "How to communicate information to answer general questionnaires and to obtain specific information." }, { "id": "2.3.1.K", "type": "Knowledge", "shortname": "Conceptual knowledge of the criteria for discerning procedures for escalating/decelerating decisions involving leadership." }, { "id": "2.3.2.K", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "4.1.3.K", "type": "Knowledge", "shortname": "Stakeholders organizations, including their objectives, structure, resources and information needs." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.2.1.K", "type": "Knowledge", "shortname": "Incident reporting requirements, procedures and means of communication, including reporting formats, reporting criteria (requirements and priorities), dissemination practices and legal restrictions (NIS2). Procedures and tools for documenting and consulting incidents, problems and reported events." }, { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.6.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for collecting threat information, including legal restrictions and legal authorities." }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.2.2.K", "type": "Knowledge", "shortname": "Basic information on IT infrastructure (including network devices) that contribute to the security, performance and reliability of information technologies." }, { "id": "6.2.4.K", "type": "Knowledge", "shortname": "Basic information on IT (e.g. computer systems/components, access control devices, digital cameras, scanners, hard disks, modems, network components, printers, removable memory)." }, { "id": "6.3.1.K", "type": "Knowledge", "shortname": "Information classification policies, guidelines, best practices and procedures." }, { "id": "6.3.2.K", "type": "Knowledge", "shortname": "Methods, procedures and techniques for collecting, producing, reporting and sharing information." }, { "id": "6.3.3.K", "type": "Knowledge", "shortname": "Characteristics of physical and virtual data storage media." }, { "id": "6.4.1.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for the correct use of the organization's information technologies (e.g., account creation, password rules, access controls) and physical acess." }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." }, { "id": "6.5.2.K", "type": "Knowledge", "shortname": "Basic information regarding network security (e.g. encryption, firewalls, authentication, honey pots, perimeter protection)." }, { "id": "6.5.4.K", "type": "Knowledge", "shortname": "Basics on intrusion detection methods and techniques for devices and networks." } ], "prerequisites": { "courses": [], "competencies": [] } }, { "id": "ATHENA-VR-01-PREVENTION", "type": "vr", "name": "Scenario 1", "lmsRsc": "", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "1", "name": "ORGANIZATIONAL" }, "area": { "id": "1.3", "name": "Organizational knowledge" }, "competencies": [ { "id": "1.3.4.K", "type": "Knowledge", "shortname": "Organization's human resources policies and procedures (employee entry and exit procedures, with regard to access management, use of resources and confidentiality agreements)" }, { "id": "1.3.4.O.S", "type": "Skill", "shortname": "Ability to apply HR security procedures related to onboarding, offboarding and access management." }, { "id": "1.3.5.K", "type": "Knowledge", "shortname": "Organization's key business processes and operations." }, { "id": "1.3.5.O.S", "type": "Skill", "shortname": "Ability to understand operational workflows and identify their dependencies and risks." }, { "id": "1.4.1.K", "type": "Knowledge", "shortname": "Organization's information security architecture." }, { "id": "1.4.1.O.S", "type": "Skill", "shortname": "Ability to understand security architecture requirements in OT environments." }, { "id": "1.4.2.K", "type": "Knowledge", "shortname": "Processes and tools for remote access." }, { "id": "1.4.2.O.S", "type": "Skill", "shortname": "Ability to operate secure remote access solutions." }, { "id": "1.4.3.K", "type": "Knowledge", "shortname": "Security assessment and authorization process." }, { "id": "1.4.3.O.S", "type": "Skill", "shortname": "Ability to support security assessments for meeting authorization criteria." }, { "id": "1.5.1.K", "type": "Knowledge", "shortname": "Organization's assets, including their criticality, sensitivity, as well as their requirements and limitations." }, { "id": "1.5.1.O.S", "type": "Skill", "shortname": "Ability to identify critical assets and apply appropriate (adapted and timely) protection measures." }, { "id": "2.3.2.K", "type": "Knowledge", "shortname": "Knowledge of methods for analyzing objectives and forecasting impacts." }, { "id": "2.3.2.O.S", "type": "Skill", "shortname": "Ability to evaluate risks and anticipate operational consequences." }, { "id": "4.1.1.K", "type": "Knowledge", "shortname": "Risk management strategy and methodologies, risk assessment, risk tolerance and mitigation strategies." }, { "id": "4.1.1.O.S", "type": "Skill", "shortname": "Ability to perform OT risk assessments and implement mitigation actions aligned with operational constraints." }, { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "4.1.3.K", "type": "Knowledge", "shortname": "Stakeholders organizations, including their objectives, structure, resources and information needs." }, { "id": "4.1.3.O.S", "type": "Skill", "shortname": "Ability to identify stakeholder needs and translate them into actionable OT risk and resilience requirements." }, { "id": "5.1.1.K", "type": "Knowledge", "shortname": "Incident prevention and detection" }, { "id": "5.1.1.O.S", "type": "Skill", "shortname": "Ability to identify anomalies and apply monitoring techniques to detect early signs of incidents." }, { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.3.O.S", "type": "Skill", "shortname": "Ability to analyze evolving risks and identify vulnerabilities relevant to OT environments." }, { "id": "6.1.4.K", "type": "Knowledge", "shortname": "Risk factors (including HR) that can impact data security" }, { "id": "6.1.4.O.S", "type": "Skill", "shortname": "Ability to assess environmental and operational constraints affecting data security" }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.5.O.S", "type": "Skill", "shortname": "Ability to recognize common attack Tactics, Techniques and Procedures and relate them to potential operational impacts" }, { "id": "6.1.6.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for collecting threat information, including legal restrictions and legal authorities." }, { "id": "6.1.6.O.S", "type": "Skill", "shortname": "Ability to follow structured collection processes and maintain information integrity." }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" }, { "id": "6.1.7.O.S", "type": "Skill", "shortname": "Ability to recognise cyber threat actor relevance to the organization." }, { "id": "6.2.2.K", "type": "Knowledge", "shortname": "Basic information on IT infrastructure (including network devices) that contribute to the security, performance and reliability of information technologies." }, { "id": "6.2.2.O.S", "type": "Skill", "shortname": "Ability to transfer this knowledge in the OT security context" }, { "id": "6.2.4.K", "type": "Knowledge", "shortname": "Basic information on IT (e.g. computer systems/components, access control devices, digital cameras, scanners, hard disks, modems, network components, printers, removable memory)." }, { "id": "6.2.4.O.S", "type": "Skill", "shortname": "Ability to operate and troubleshoot common electronic devices used in OT environments." }, { "id": "6.3.1.K", "type": "Knowledge", "shortname": "Information classification policies, guidelines, best practices and procedures." }, { "id": "6.3.1.O.S", "type": "Skill", "shortname": "Ability to apply classification rules to protect sensitive OT and corporate information." }, { "id": "6.3.2.K", "type": "Knowledge", "shortname": "Methods, procedures and techniques for collecting, producing, reporting and sharing information." }, { "id": "6.3.2.O.S", "type": "Skill", "shortname": "Ability to manage information flows and apply consistent reporting and documentation practices." }, { "id": "6.3.3.K", "type": "Knowledge", "shortname": "Characteristics of physical and virtual data storage media." }, { "id": "6.3.3.O.S", "type": "Skill", "shortname": "Ability to use appropriate storage solutions while considering security and operational constraints." }, { "id": "6.4.1.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for the correct use of the organization's information technologies (e.g., account creation, password rules, access controls) and physical acess." }, { "id": "6.4.1.O.S", "type": "Skill", "shortname": "Ability to follow and enforce access control and IT usage." }, { "id": "6.5.1.K", "type": "Knowledge", "shortname": "Basic information regarding terminology, foundations, concepts, principles, limitations and effects of cybersecurity, privacy principles and organizational requirements (relevant to confidentiality, integrity and availability)." }, { "id": "6.5.1.O.S", "type": "Skill", "shortname": "Ability to apply core security principles to safeguard system confidentiality, integrity and availability." }, { "id": "6.5.2.K", "type": "Knowledge", "shortname": "Basic information regarding network security (e.g. encryption, firewalls, authentication, honey pots, perimeter protection)." }, { "id": "6.5.2.O.S", "type": "Skill", "shortname": "Ability to identify security risks" }, { "id": "6.5.4.K", "type": "Knowledge", "shortname": "Basics on intrusion detection methods and techniques for devices and networks." } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_W4", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "6.1.2.K", "6.1.4.K", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_W6", "type": "std", "name": "Webinar 6: Leadership Buy-In", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=20", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "3", "name": "STANDARDS" }, "area": { "id": "3.1", "name": "International Standards" }, "competencies": [ { "id": "3.1.1.K", "type": "Knowledge", "shortname": "Basic knowledge of NIS2 requirements" } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.1.2.K", "6.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_W4", "type": "std", "name": "Webinar 4: Insider Threats", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=18", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "4", "name": "RISK MANAGEMENT" }, "area": { "id": "4.1", "name": "Risk Management" }, "competencies": [ { "id": "4.1.2.K", "type": "Knowledge", "shortname": "Concepts, technologies and methods used to guarantee information security" }, { "id": "6.1.2.K", "type": "Knowledge", "shortname": "Human resource requirements related to threat information (e.g. insider threats)." }, { "id": "6.1.4.K", "type": "Knowledge", "shortname": "Risk factors (including HR) that can impact data security" }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" }, { "id": "6.1.6.K", "type": "Knowledge", "shortname": "Policies, guidelines, best practices and procedures for collecting threat information, including legal restrictions and legal authorities." }, { "id": "6.1.7.K", "type": "Knowledge", "shortname": "Cyber threat actors" } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.1.2.K", "6.1.4.K", "6.2.6.K", "6.4.3.K" ] } }, { "id": "ATHENA_W5", "type": "std", "name": "Webinar 5: Social Engineering", "lmsRsc": "https://moodle-v2-athena-develop.aida-cluster-6fb15c141b13202f00901f551abdf43d-0000.eu-de.containers.appdomain.cloud/course/view.php?id=19", "category": { "id": "1", "name": "ATHENA" }, "mainArea": { "id": "6", "name": "TECHNIQUES" }, "area": { "id": "6.1", "name": "Threats Analysis" }, "competencies": [ { "id": "6.1.3.K", "type": "Knowledge", "shortname": "Emerging security risks, organization's threat environment and exploiting vulnerabilities." }, { "id": "6.1.5.K", "type": "Knowledge", "shortname": "Attack Tactics,  Techniques and Procedures" } ], "prerequisites": { "courses": [ "ATHENA_EL", "ATHENA_W1" ], "competencies": [ "1.3.4.K", "1.4.2.K", "1.4.3.K", "1.5.1.K", "2.1.2.K", "2.3.1.K", "2.3.2.K", "4.1.1.K", "4.1.2.K", "4.1.3.K", "5.1.1.K", "5.2.1.K", "6.1.3.K", "6.1.5.K", "6.1.6.K", "6.1.7.K", "6.2.2.K", "6.2.4.K", "6.3.1.K", "6.3.2.K", "6.3.3.K", "6.4.1.K", "6.5.1.K", "6.5.2.K", "6.5.4.K", "1.1.1.K", "1.2.1.K", "1.3.5.K", "1.4.1.K", "1.6.1.K", "2.1.3.K", "2.2.3.K", "2.4.1.K", "2.4.2.K", "3.1.1.K", "5.1.2.K", "5.1.3.K", "5.1.4.K", "6.1.2.K", "6.1.4.K", "6.2.6.K", "6.4.3.K" ] } } ] }