网络安全项目知识和技能要点
世界技能大赛 网络 安全
1. Work organization and management 工作组织与管理(5%)
1.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- Health and safety legislation, obligations, regulations, and documentation
- 健康和安全立法,义务,法规和文件
- The situations when personal protective equipment (PPE) must be used, e.g. for ESD (electrostatic discharge)
- 必须使用个人防护装备(PPE)的情况,例如 用于ESD(静电放电)
- The importance of integrity and security when dealing with user equipment and information
- 处理用户设备和信息时的完整性和安全性的重要性
- The importance of safe disposal of waste for re-cycling
- 安全处理废物进行回收的重要性
- The techniques of planning, scheduling, and prioritizing
- 规划,调度和优先排序的技术
- The significance of accuracy, checking, and attention to detail in all working practices
- 在所有工作实践中准确性、检查和注重细节的重要性
- The importance of methodical working practices
- 有条不紊的工作实践的重要性
1.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Follow health and safety standards, rules, and regulations
- 遵守健康和安全标准、规则和法规
- Maintain a safe working environment
- 维持安全的工作环境
- Identify and use the appropriate Personal Protective Equipment for ESD
- 识别并使用适当的ESD个人防护设备
- Select, use, clean, maintain, and store tools and equipment safely and securely
- 安全可靠地选择、使用、清洁、维护和存放工具和设备
- Plan the work area to maximize efficiency and maintain the discipline of regular tidying
- 规划工作区域以最大限度地提高效率并保持定期整理的纪律
- Work efficiently and check progress and outcomes regularly
- 有效地工作并定期检查进度和结果
- Keep up-to-date with ‘license to practice’ requirements and maintain currency
- 随时了解“执业许可”要求
- Undertake thorough and efficient research methods to support knowledge growth
- 采用全面有效的研究方法来支持知识增长
- Proactively try new methods, systems, and embrace change
- 主动尝试新的方法、系统和欣然接收变化
2. Communication and interpersonal skills 沟通与人际交往技巧(10%)
2.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- The importance of listening as part of effective communication
- 倾听作为有效沟通的一部分的重要性
- The roles and requirements of colleagues and the most effective methods of communication
- 同事的角色和要求以及最有效的沟通方式
- The importance of building and maintaining productive working relationships with colleagues and managers
- 与同事和经理建立和维持富有成效的工作关系的重要性
- Techniques for effective team work
- 有效的团队合作的技巧
- Techniques for resolving misunderstandings and conflicting demands
- 解决误解和冲突要求的技巧
- The process for managing tension and anger to resolve difficult situations
- 管理紧张和愤怒以解决困难局面的过程
2.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Use strong listening and questioning skills to deepen understanding of complex situations
- 使用强大的听力和提问技巧来加深对复杂情况的理解
- Manage consistently effective verbal and written communications with colleagues
- 与同事一起管理持续有效的口头和书面沟通
- Recognize and adapt to the changing needs of colleagues
- 认识并适应同事不断变化的需求
- Proactively contribute to the development of a strong and effective team
- 积极为发展强大有效的团队做出贡献
- Share knowledge and expertise with colleagues and develop a supportive learning culture
- 与同事分享知识和专业知识,并发展支持性的学习文化
- Effectively manage tension/anger and give individuals confidence that their problems can be resolved
- 有效地管理紧张/愤怒,让个人相信他们的问题可以得到解决
3. Securely provision 安全地提供(15%)
3.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- The IT risk management standards, policies, requirements, and procedures.
- IT风险管理标准、政策、要求和程序
- Cyber defense and vulnerability assessment tools and their capabilities.
- 网络防御和漏洞评估工具及其功能
- Operating Systems.
- 各种操作系统
- Computer programming concepts, including computer languages, programming, testing, debugging, and file types.
- 计算机编程概念,包括计算机语言、编程、测试、调试和文件类型
- The cybersecurity and privacy principles and methods that apply to software development.
- 适用于软件开发的网络安全和隐私原则和方法
3.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non- repudiation) when designing and documenting overall program Test & Evaluation procedures.
- 在设计和记录整体计划测试和评估程序时,将网络安全和隐私原则应用于组织要求(与机密性、完整性、可用性、身份验证、不可抵赖性相关)
- Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls
- 对信息技术(IT)系统内部或继承的管理、操作和技术安全控制和控制增强进行独立的综合评估,以确定控制的整体有效性
- Develop, create and maintain new computer applications, software, or specialized utility programs
- 开发、创建和维护新的计算机应用程序、软件或专用实用程序
- Modify existing computer applications, software, or specialized utility programs
- 修改现有计算机应用程序、软件或专用实用程序
- Analyse the security of new or existing computer applications, software, or specialized utility programs to provide actionable results
- 分析新的或现有的计算机应用程序、软件或专用实用程序的安全性,以提供实用的结果
- Develop and maintain business, systems, and information processes to support enterprise mission needs
- 开发和维护业务、系统和信息流程,以支持企业任务需求
- Develop information technology (IT) rules and requirements that describe baseline and target architectures
- 开发描述基准和目标体系结构的信息技术(IT)规则和要求
- Ensure that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes
- 确保在企业架构的所有方面(包括参考模型、局部和解决方案架构以及支持这些任务和业务流程的最终系统)充分解决保护组织的任务和业务流程所必需的利益相关者安全要求
- Conduct software and systems engineering and software systems research to develop new capabilities, ensuring cybersecurity is fully integrated.
- 开展软件和系统工程以及软件系统研究以开发新功能,确保网络安全完全集成
- Conduct comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems
- 进行全面的技术研究,以评估网络空间系统中的潜在漏洞
- Consult with stakeholders to evaluate functional requirements and translate functional requirements into technical solutions
- 咨询利益相关者以评估功能需求并将功能需求转化为技术解决方案
- Plan, prepare, and execute tests of systems
- 计划、准备和执行系统测试
- Analyse, evaluate and report results against specifications and requirements
- 根据规范和要求分析、评估和报告结果
- Design, develop, test, and evaluate information system security throughout the systems development life cycle
- 在整个系统开发生命周期中设计、开发、测试和评估信息系统安全性
4. Operate and maintain & oversee and govern 操作和维护,监督和治理(15%)
4.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- Query languages such as SQL (structured query language) and Database Systems.
- 查询语言,如SQL(结构化查询语言)和数据库系统
- Data backup and recovery, administration and Data standardization policies.
- 数据备份和恢复,管理和数据标准化策略
- Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- 网络协议,如TCP / IP,动态主机配置(DHCP),域名系统(DNS)和目录服务
- Firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
- 防火墙概念和功能(例如,单点身份验证/审计/策略实施,针对恶意内容的消息扫描,针对PCI和PII合规性的数据匿名化,数据丢失保护扫描,加速加密操作,SSL安全性,REST / JSON处理)
- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- 网络安全架构概念,包括拓扑,协议,组件和原则(例如,深度防御的应用)
- Systems Administration, network, and operating system hardening techniques.
- 系统管理、网络和操作系统强化技术
- Organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
- 组织信息技术(IT)用户安全策略(例如,帐户创建,密码规则,访问控制)
- Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- 信息技术(IT)安全原则和方法(例如,防火墙,非军事区,加密)
- Authentication, authorization, and access control methods.
- 身份验证,授权和访问控制方法。
- Cybersecurity, vulnerability and privacy principles.
- 网络安全,漏洞和隐私原则
- Selective principles and processes for conducting training and education needs assessment.
- 进行培训和教育需求评估的选择性原则和程序
- Learning Management Systems and their use in managing learning.
- 学习管理系统及其在管理学习中的应用
- Cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.
- 网络竞赛作为一种通过在模拟的真实世界中提供实践经验来发展技能的方式
- Cyber laws and legal considerations and their effect on cyber planning
- 网络法律和法律考虑及其对网络规划的影响
4.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Develop and administer databases and/or data management systems that allow for the storage, query, protection, and utilization of data.
- 开发和管理允许存储、查询、保护和利用数据的数据库和/或数据管理系统
- Manage and administer processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
- 管理流程和工具,使组织能够识别,记录和访问智力资本和信息内容
- Address problems; install, configure, troubleshoot, and provide maintenance and training in response to customer requirements or inquiries
- 解决问题; 安装、配置、排除故障,并提供维护和培训,以响应客户的要求或查询
- Install, configure, test, operate, maintain, and manage networks and their firewalls, including hardware and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
- 安装,配置,测试,操作,维护和管理网络及其防火墙,包括允许共享和传输所有类型信息传输的硬件和软件,以支持信息和信息系统的安全性
- Install, configure, troubleshoot, and maintain server configurations (hardware and software) to ensure their confidentiality, integrity, and availability.
- 安装,配置,故障排除和维护服务器配置(硬件和软件)以确保其机密性,完整性和可用性
- Manage accounts, firewalls, and patches.
- 管理帐户、防火墙和补丁程序
- Control access, passwords, and account creation and administration.
- 控制访问、密码以及帐户创建和管理
- Review the organization's current computer systems and procedures in order to design information systems solutions to help the organization operate more securely, efficiently, and effectively.
- 检查组织当前的计算机系统和工作程序,以便设计信息系统解决方案,以帮助组织更安全、高效和有效地运行
- Bring business and information technology (IT) together by responding to the needs and limitations of both.
- 通过响应两者的需求和限制,将业务和信息技术(IT)结合在一起
- Conduct training of personnel within own areas of expertise.
- 在自己的专业领域内对人员进行培训
- Develop, plan, coordinate, deliver and/or evaluate training courses, methods, and techniques within own areas of expertise.
- 在自己的专业领域内开发、计划、协调、交付和/或评估培训课程、方法和技术
- Assist in the oversight of the cybersecurity program of an information system or network, including managing information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.
- 协助监督信息系统或网络的网络安全计划,包括管理组织内的信息安全影响,特定计划或其他责任领域,包括战略,人员,基础设施,要求,政策执行,应急计划,安全意识和其他资源
- Assist in the development of policies and plans and/or advocate changes in policy that support organizational cyberspace initiatives or required changes/enhancements.
- 协助制定政策和计划和/或倡导支持组织网络空间计划或所需变更/改进的政策变更
- Supervise, manage, and/or lead work and workers performing cyber and cyber- related and/or cyber operations work.
- 监督,管理和/或领导执行网络和网络相关和/或网络操作工作的工作和工作人员
5. Protect and defend 保护与防卫(15%)
5.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- File system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
- 文件系统实现(例如,新技术文件系统[NTFS],文件分配表[FAT],文件扩展名[EXT])
- System files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
- 系统文件(例如,日志文件,注册表文件,配置文件)包含相关信息以及在何处查找这些系统文件
- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- 网络安全架构概念,包括拓扑,协议,组件和原则(例如,深度防御的应用)
- Industry-standard and organizationally accepted analysis principles, methods and tools to identify vulnerabilities.
- 行业标准和组织上接受的分析原则,方法和工具,以识别漏洞
- Threat investigations, reporting, investigative tools and laws/regulations.
- 威胁调查,报告,调查工具和法律/法规
- Incident categories, response and handling methodologies.
- 事件类别,响应和处理方法
- Cyber defence and vulnerability assessment tools and their capabilities.
- 网络防御和漏洞评估工具及其功能
- Countermeasure design for identified security risks.
- 确定安全风险的对策设计
- Authentication, authorization and access approaches (e.g. role-based access control, mandatory access control and discretionary access control).
- 身份验证,授权和访问方法(例如基于角色的访问控制,强制访问控制和自主访问控制)
5.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
- 使用从各种来源收集的防御措施和信息来识别、分析和报告网络中发生或可能发生的事件,以保护信息、信息系统和网络免受威胁
- Test, implement, deploy, maintain, review, and administer the infrastructure hardware and software that are required to effectively manage the computer network defence service provider network and resources.
- 测试,实施,部署,维护,审查和管理用于有效管理计算机网络防御服务提供商网络和资源所需的基础架构硬件和软件
- Monitor network to actively remediate unauthorized activities.
- 监控网络以主动修复未经授权的活动
- Respond to crises or urgent situations within own areas of expertise to mitigate immediate and potential threats.
- 应对自身专业领域内的危机或紧急情况,以缓解眼前和潜在的威胁
- Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security.
- 根据需要使用缓解、准备、响应和恢复方法,以最大限度地提高生命、财产保全和信息安全
- Investigate and analyze all relevant response activities.
- 调查和分析所有相关的响应活动
- Conduct assessments of threats and vulnerabilities
- 对威胁和漏洞进行评估
- Determine deviations from acceptable configurations, enterprise or local policy
- 确定与可接受的配置、企业或本地策略的偏差
- Assess the level of risk and develop and/or recommend appropriate mitigation countermeasures in operational and non-operational situations.
- 评估风险等级,并在运营和非运营情况下制定和/或推荐适当的缓解措施
6. Analyze 分析(10%)
6.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- Cyber threat actors, their equities and their methods.
- 网络威胁行为者,他们的公正性和方法
- Methods and techniques used to detect various exploitation activities.
- 用于检测各种不当利用活动的方法和技术
- Cyber intelligence/information collection capabilities and repositories.
- 网络情报/信息收集功能和存储库
- Cyber threats and vulnerabilities.
- 网络威胁和漏洞
- Basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- 网络安全基础知识(例如:加密,防火墙,身份验证,蜜罐,周边保护)
- Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- 漏洞信息传播来源(例如:警报,咨询,勘误和公告)
- Which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
- 哪些系统文件(例如,日志文件,注册表文件,配置文件)包含相关信息以及在何处查找这些系统文件
- Structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
- 开发工具(例如:嗅探器,键盘记录器)和技术(例如:获取后门访问,收集/泄露数据,对网络中的其他系统进行漏洞分析)的结构,方法和策略
- Internal tactics to anticipate and/or emulate threat capabilities and actions.
- 预测和/或模拟威胁能力和行动的内部策略
- Internal and external partner cyber operations capabilities and tools.
- 内部和外部合作伙伴的网络运营能力和工具
- Target development (i.e., concepts, roles, responsibilities, products, etc.)
- 目标开发(即概念,角色,职责,产品等)
- System Artefacts and forensic use cases
- 系统定制和取证用例
6.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Identify and assess the capabilities and activities of cybersecurity criminals or foreign intelligence entities
- 确定并评估网络安全罪犯或外国情报实体的能力和活动
- Produce findings to help initialize or support law enforcement and counterintelligence investigations or activities.
- 制作调查结果以帮助启动或支持执法和反间谍调查或活动
- Analyze collected information to identify vulnerabilities and potential for exploitation.
- 分析收集的信息以识别漏洞和潜在的利用
- Analyze threat information from multiple sources, disciplines, and agencies across the Intelligence Community.
- 分析来自整个情报界的多个来源、学科和机构的威胁信息
- Synthesize and place intelligence information in context; draw insights about the possible implications.
- 在上下文中综合和放置情报信息; 深入了解可能的影响
- Apply current knowledge of one or more regions, countries, non-state entities, and/or technologies.
- 应用一个或多个地区、国家、非国家实体和/或技术的当前知识
- Apply language, cultural, and technical expertise to support information collection, analysis, and other cybersecurity activities.
- 应用语言、文化和技术专业知识来支持信息收集、分析和其他网络安全活动
- Identify, preserve, and use system artefacts for analysis
- 识别,保存和使用定制系统进行分析
7. Collect and operate 收集和操作(15%)
7.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- Collection strategies, techniques, and tools.
- 收集策略,技术和工具
- Cyber intelligence/information collection capabilities and repositories.
- 网络情报/信息收集能力和存储库
- Information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- 在扩展的企业中翻译、跟踪和优先化信息需求和收集要求
- Required intelligence planning products associated with cyber operational planning.
- 与网络运营计划相关的所需智能规划产品
- Cyber operational planning programs, strategies, and resources.
- 网络运营规划计划、战略和资源
- Cyber operations strategies, resources and tools.
- 网络运营战略、资源和工具
- Cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects.
- 网络运营概念、术语/词典(即环境准备、网络攻击、网络防御)、原则、能力、限制和影响
7.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Execute collection using appropriate strategies and within the priorities established through the collection management process.
- 使用适当的策略并在通过集合管理过程建立的优先级内执行集合
- Perform in-depth joint targeting and cybersecurity planning processes.
- 执行深入的联合定位和网络安全规划流程
- Gather information and develop detailed Operational Plans and Orders supporting requirements.
- 收集信息并制定详细的运营计划和订单支持要求
- Assist strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.
- 协助整个行动的战略和运营级规划,以实现综合信息和网络空间运营
- Support activities to gather evidence on criminal or foreign intelligence entities to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
- 支持活动,收集有关犯罪或外国情报实体的证据,以减轻可能或实时威胁,防止间谍或内部威胁,外国破坏,国际恐怖主义活动或支持其他情报活动
8. Investigate 调查(15%)
8.1 To know and understand 知识
The individual needs to know and understand:
每个人都需要知道并理解:
- Threat investigations, reporting, investigative tools and laws/regulations.
- 威胁调查、报告、调查工具和法律/法规
- Malware analysis concepts and methodologies.
- 恶意软件分析概念和方法
- Processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
- 收集,包装,运输和存储电子证据的过程,同时保持监管链
- The judicial process, including the presentation of facts and evidence.
- 司法程序,包括陈述事实和证据
- Types and collection of persistent data.
- 持久数据的类型和集合
- Concepts and practices of processing digital forensic data.
- 处理数字取证数据的概念和实践
- Types of digital forensics data and how to recognize them.
- 数字取证数据的类型以及如何识别它们
- Forensic implications of operating system structure and operations.
- 操作系统结构和操作的取证含义
- Specific operational impacts of cybersecurity lapses.
- 网络安全失效的具体运营影响
8.2 To be able to 技能
The individual shall be able to:
每个人应该能够:
- Support senior personnel’s work with a range of investigative tools and processes to include, but not limited to, interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection.
- 通过一系列调查工具和流程支持高级人员的工作,包括但不限于访谈和审讯技术,监视,反监视和监视检测
- Collect, process, preserve, analyze, and present computer-related evidence in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations.
- 收集,处理,保存,分析和提供与计算机相关的证据,以支持网络漏洞缓解和/或犯罪,欺诈,反间谍或执法调查
