•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Vulnerability Analysis

The intent of the Vulnerability Analysis Knowledge Unit is to provide students with a thorough understanding of system vulnerabilities, to include what they are, how they can be found/identified, the different types of vulnerabilities, how to determine the root cause of a vulnerability, and how to mitigate their effect on an operational system.

Topics

  1. Definition of “vulnerability”
  2. Root causes of vulnerabilities
  3. Vulnerability mapping.
  4. System modeling techniques
  5. Propose and analyze countermeasures to mitigate vulnerabilities.
  6. Analyze the expected and actual effectiveness of proposed countermeasures
  7. Vulnerability characteristics and classification.
  8. Mitigation strategies
  9. Analyze the expected and actual effectiveness of proposed countermeasures.

Outcomes

  1. Apply tools and techniques for identifying vulnerabilities.
  2. Create and apply a vulnerability map of a system.
  3. Apply techniques to trace a vulnerability to its root cause.
  4. Propose and analyze countermeasures to mitigate vulnerabilities.
  5. Explain the circumstances under which a vulnerability must be disclosed.
  6. Apply tools and techniques for identifying vulnerabilities
  7. Tools and techniques for identifying vulnerabilities
  8. Propose and analyze countermeasures to mitigate vulnerabilities

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0005 Knowledge of cyber threats and vulnerabilities.
K0339 Knowledge of how to use network analysis tools to identify vulnerabilities.
K0009 Knowledge of application vulnerabilities.
K0343 Knowledge of root cause analysis techniques.
K0297 Knowledge of countermeasure design for identified security risks.
ID DESCRIPTION
S0167 Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
S0175 Skill in performing root cause analysis.
S0012 Skill in conducting knowledge mapping (e.g., map of knowledge repositories).
S0103 Skill in assessing the predictive power and subsequent generalizability of a model.
S0160 Skill in the use of design modeling (e.g., unified modeling language).
S0022 Skill in designing countermeasures to identified security risks.
ID DESCRIPTION
A0001 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
A0020 Ability to provide effective feedback to students for improving learning.
ID DESCRIPTION