Accessibility

Skillset framework

The skillset framework allows you to find the right expertise

EU CyberNet skillset framework is a tailor-made collection of all cyber-related skillsets and skills that can be used for finding the right expertise for one’s missions, projects and actions.

The framework consists of 38 skillsets and over 300 skills.

Applied Cryptography

Skillset: Applied Cryptography

Skills

Available skills:
Blockchain
A blockchain is a type of distributed ledger technology (DLT) that consists of growing list of records, called blocks, that are securely linked together using cryptography. (Wikipedia).
Encryption algorithm design and implementation
An encryption algorithm is designed to encode a message or information so that only authorized parties can access data, and data is unreadable by unintended parties. There are two types of Encryption Algorithm like the Symmetric-key algorithm, also known as a secret key algorithm, and the Asymmetric key algorithm also called a public key algorithm.
Encryption protocol analysis
Implementations of encryption in IT systems use various algorithms and protocols (e.g. symetric and asymetric, RSA, Diffie-Hellman, DES, TripleDES, AES, etc). To understand their vulnerabilities, it is important to understand its functioning by analysing it.
Public key cryptography
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys. It involves the use of a public key infrastructure (PKI); a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

Applied Cryptography describes the development, implementation, and use of cryptographic techniques.

Automated bot malware mitigation

Skillset: Automated bot malware mitigation

Skills

Available skills:
Botnet mitigation
Bot mitigation is the reduction of risk to infrastructure and services from malicious bot traffic that fuels common automated attacks, such as, DDoS campaigns and vulnerability probing. The mitigation activities may pursue malicious bot identification and blocking, command and control infrastructure identification, botnet sinkholing, infiltration and monitoring, and infrastructure takedown.
Malicious code analysis
Malicious code analysis is the process of understanding the behavior and purpose of a suspicious code, to aid the detection and mitigation of the potential threat.
Malware indicators of compromise
Indicators of compromise serve as forensic evidence of potential intrusions on a host system or network, to allow the detection of intrusion attempts or other malicious activities, analysis of particular malware's techniques and behaviors, and provide actionable threat intelligence.

Botnet is a network of hijacked network devices infected by the use of automated malware, which are under the control of an attacking party used to carry out various scams and cyberattacks. Mitigation of such networks focuses on malware analysis, command-and-control structure analysis, and coordinated mitigation activities.

Cloud Security & Compliance

Skillset: Cloud Security & Compliance

Skills

Available skills:
Cloud infrastructure assessment and compliance
A cloud infrastructure assessment tests and analyzes cloud infrastructure to ensure the organization is protected from various security risks and threats on the cloud.
Cloud services and providers
Cloud services refer to a wide range of services delivered on demand to customers over the internet. These services are designed to provide easy access to applications and resources, without the need for internal infrastructure or hardware. Some of the well-known cloud service providers include, such as, Amazon Web Services, Microsoft Azure, and Google Cloud.
Cloud-based web-application security
Web application security refers to a variety of processes, technologies, or methods, including development security practices, for protecting web servers, web applications, and web services from attack by Internet-based threats. Web application security is crucial to protecting data, customers, and organizations from data theft, interruptions in business continuity, or other harmful results of cybercrime.
Penetration testing of cloud infrastructure and services
Cloud penetration testing is an authorised simulated cyber-attack against a system that is hosted on a cloud provider with the main goal of finding the weaknesses and strengths of a system, so that its security posture can be accurately assessed.

Cloud security is a collection of procedures and technology used to control the security, compliance, and usage risks of cloud computing to address external and internal threats. This responsibility is shared between the cloud provider and the customer.

Computer security incident response

Skillset: Computer security incident response

Skills

Available skills:
Incident handling practices
Incident handling prcatices include the phases of the incident handling workflows. The major phases are dection and reporting, identification, classification and priorisation (triage), and incident handling acticvities as documenting (ticket), analysis, problem solving, reporting and mitigation.
Incident handling techniques
Incident handling is based on many workflows. In the different phases, they include technical and organisational skills. The techniques to handle an computer security incident must be planned and prepared ahead of the occurance but must be flexible to be able to react on every sitaution with the respective means.
Incident response frameworks
Incident response policies have been devolped and introduced since the 1980s. Methodolgies and frameworks can be used by organisations to implement their incident response processes. (e.g., CSIRT services framework, NIST NICE, MITRE, CERT/CC).
Information exchange and intelligence
In incident response, it is important to share and exchange information related to incidents, vulnerabilities, and attack vectors between trusted partners. Organisational and technical information exchange solutions and protocols include e.g. MISP, TLP, etc.
Security operation centre (SOC) design and operations
A SOC is a team primarly composed of security analysts organizsd to detect, analyze, respond to, report on, and prevent cyber security incidents. SOC are organised in different ways, according to their host organisation, constituency, and tasks. It can include e.g. monitoring, detection, incident handling, and prevention.

Computer security incident response is planned and organized approach to addressing and managing the aftermath of a security breach or cyberattack (IT incident, computer incident or security incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Critical Information Infrastructure Protection (CIIP)

Skillset: Critical Information Infrastructure Protection (CIIP)

Skills

Available skills:
All-hazards approach
All-hazards approach is a concept used in NIS 2 Directive to refer to a set of minimum cybersecurity risk-management measures which aim to protect network and information systems and the physical environment of those systems from incidents.
Business continuity
Capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident.
CI and CII sectors
Critical Infrastructure (CI) and Critical Information Infrastructure (CII) sectors encompass essential systems and assets—such as energy, finance, healthcare, transportation, water, and telecommunications—whose disruption would severely impact national security, economic stability, public health, and safety.
CII identification and classification
Identifying and classifying critical information infrastructure is an essential step in effective CII risk management. In this step, governments/stakeholders conduct an open dialogue about criticality; that is determine which information infrastructure elements, critical functions, and key resources are needed to deliver essential government services, ensure orderly functioning of the economy, and provide public safety.
Cyber vulnerabilitiy
Any weakness within a network and information system that can be exploited.
Cyber-physical systems (CPS)
Cyber Physical System (CPS) is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment.
Energy sector
The energy sector, vital for the production, transmission, and distribution of electricity, oil, and natural gas, requires robust cybersecurity measures to protect against disruptions and attacks on critical infrastructure.
Finance sector
The finance sector, including banking, investments, and insurance, relies on advanced cybersecurity to secure financial transactions, protect sensitive information, and maintain economic stability.
Healthcare sector
The healthcare sector, consisting of medical services, hospitals, and pharmaceutical production, necessitates stringent cybersecurity to protect patient data, ensure the integrity of medical devices, and safeguard public health operations.
Impact analysis
Assessment of consequences of decision, e.g. in the context of a cyber security incident on the reputation, business processes or security posture etc.
Physical vulnerability
Any weakness in hosting environment of network and information system, that can enable a physical attack on the system.
Risk assessment
Process to identify potential threats and impacts.
Space sector
The space sector, encompassing satellite communications, space exploration, and earth monitoring, depends on strong cybersecurity to safeguard data integrity and prevent malicious activities that could compromise national security and essential services.
Telecom sector
The telecom sector, enabling telecommunication via internet, telephone, and broadcasting, demands robust cybersecurity to maintain connectivity, protect information exchange, and defend against cyber threats.
Transportation sector
The transportation sector, covering the movement of people and goods via roads, railways, airways, and waterways, requires comprehensive cybersecurity to prevent disruptions and ensure the safety and reliability of transportation networks.
Water sector
The water sector, responsible for sourcing, treating, and distributing potable water, as well as managing wastewater systems, relies on cybersecurity to protect water quality, ensure the continuity of services, and guard against infrastructure attacks.

Protection of the digital security of critical activities and dependent systems.

Cyber Awareness

Skillset: Cyber Awareness

Skills

Available skills:
Awareness and Training
Cyber awareness among population is the foundation of ensuring cyber security. Here also: Awareness raising and training activities related to cybercrime legal aspects and/or targeting legal professionals.
Communicating technology
To convey information and knowledge to users and managers on technology and its security aspects for better understanding.
Communication strategy
Straegy to set out the goals for communication and means of reaching these objectives.
Prevention
Proactive approach to mitigate risks.
Public relations
The practice of managing and disseminating information from an individual or an organization (such as a business, government agency, or a nonprofit organization) to the public in order to affect their public perception.
Target audience analysis
Target audience analysis involves describing your audience in terms of a variety of demographics, including age and gender, as well as income, education, and location, or psychographics like interests and opinions.

Development and implementation of awareness programms to enhance the level of conciousness on cyber threats and rules and regulations. Enable users to understand necessary security measures.

Cyber Crime – International

Skillset: Cyber Crime – International

Skills

Available skills:
1st Additional Protocol to the Budapest Convention
This Protocol entails an extension of the Cybercrime Convention’s scope, including its substantive, procedural and international cooperation provisions, so as to cover also offences of racist or xenophobic propaganda.
2nd Additional Protocol to the Budapest Convention
Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence.
Budapest Convention
Council of Europe Convention on Cybercrime (CETS 185). Budapest Convention was adopted in 2001 by the Council of Europe and is the only international agreement between states specifically focused on cyber crime.
Directive on combating fraud and counterfeiting of non-cash means of payment 2019/713
ePrivacy
The ePrivacy Regulation aims to simplify the rules regarding cookies and streamline cookie consent in a more 'user-friendly' way.
EU Directive on Attacks Against Information Systems 2013/40/EU
Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA.
EU e-evidence proposals
Police Directive 2016/680
UN 3rd committee on cybercrime

International/supranational legal instruments addressing various aspects of fight against cybecrime.

Cyber Crime – National

Skillset: Cyber Crime – National

Skills

Available skills:
Awareness and Training
Cyber awareness among population is the foundation of ensuring cyber security. Here also: Awareness raising and training activities related to cybercrime legal aspects and/or targeting legal professionals.
Cooperation channels
A collective term for the different systems of cooperation between (law enforcement) authorities in different countries.
Cooperation with private sector
Cooperation with non-state actors in prevention, investigation and mitigation of cybercrime.
Court expertise
Scientific and technical knowledge on issues of fact at the court's disposal.
Criminal law
National level substantive laws related to cybercrimes.
Criminal procedure
Laws concerning the processes of cybercrime investigations and/or investigations online.
Cybercrime prevention
A proactive approach to fight cybercrime ex ante.
Cybercrime reporting
Notification procedure to authorities about the fact that a cybercrime may have been committed.
Cybercrime units
Cybercrime Units (CCU) primary role is to provide technical assistance in the detection and investigations of crime wherein the computer is the target or the means used.
Electronic/digital evidence
Information in electronic/digital format with (potential) evidentiary value. Also electronically stored information (ESI) may be used interchangeably with the term electronic evidence. Also 'digital evidence' is used freqently.
International cooperation
The process of policy coordination between states to pursue a common goal or interest. Here also: Local implementation of and engagement in international cooperation regarding combat against cybercrime.
Judicial authority
Here: National courts and other judicial authorities exercising judicial powers or functions relating to cybercrimes.
Law enforcement
Here: Activities of various national public authorities to prevent, investigate and detect cyberimes.
Prosecution
Here: Activities of national public authorities to prosecute cyberimes.

National legal instruments and mechanisms addressing various aspects of fight against cybercrime.

Cyber Crisis Management

Skillset: Cyber Crisis Management

Skills

Available skills:
Civil-military cooperation
Civil-Military Co-operation is the means by which a military commander connects with civilian agencies active in a theatre of operations. It can also refer to a wider concept of cooperation between military and civilian bodies.
Comprehensive approach
The Comprehensive Approach is about developing mechanisms and cultures of understanding, sharing and collaboration, both vertically between nations and international organisations, and horizontally between nations and between organisations. It can also refer to a holistic approach to e.g. writing a domestic cyber security strategy and engaging all stakeholders from different levels.
Cyber defence capabilities and doctrines
Cyber Defense consists of solutions that actively resist attack. Capabilities refer to the ability to resist attacks and doctrines reflext how military forces contribute to campaigns, major operations, battles, and engagements.
Cyber security management
Cybersecurity management is an area of information technology that organizations and businesses use to protect and secure sensitive information from cybercriminals or any unwanted guests.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
Cybersecurity Reserve
The concept of Cybersecurity Reserves involves creating volunteer workforces to assist with cybersecurity risk management and incident response. These reserves, often composed of experts in relevant areas, support government agencies and organisations in addressing cyber threats. The concept of Cybersecurity Reserve aims to mitigate the shortage of skilled cybersecurity professionals and strengthen overall cyber defences.
National legislation
Law that applies within a state.
Prevention
Proactive approach to mitigate risks.
Public relations
The practice of managing and disseminating information from an individual or an organization (such as a business, government agency, or a nonprofit organization) to the public in order to affect their public perception.
Reporting
Strategic communications and public relations
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.

Set of procedures designed for handling a cyber crises, preferrably formally outlined by domestic frameworks.

Cyber Diplomacy

Skillset: Cyber Diplomacy

Skills

Available skills:
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of law (framework)
The Council of Europe's framework focuses on ensuring AI systems comply with internationally recognised standards for human rights, democracy, and the rule of law. However, both the EU and the Council of Europe are considering excluding AI systems intended for military use, national defence, and national security from their final regulatory frameworks.
Council of Europe (CoE)
The Council of Europe is the continent's leading human rights organisation. It includes 47 member states, 27 of which are members of the European Union.
Cyber confidence-building measures
Confidence-building measures (CBMs) are planned procedures to prevent hostilities, to avert escalation, to reduce military tension, and to build mutual trust between countries.
Cyber Diplomacy Toolbox
The use of diplomatic tools and initiatives to achieve a state's national interest in cyberspace. Referring to the EU initiative with the same name. Draft Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities ("Cyber Diplomacy Toolbox") of 6 June 2017.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
Cyber-stability framework
For discussing cybersecurity in the context of international peace and security.
European Union (EU)
The European Union (EU) is a political and economic union of 27 member states that are located primarily in Europe.
Organization for Security and Co-operation in Europe (OSCE)
The Organization for Security and Co-operation in Europe (OSCE) is the world's largest security-oriented intergovernmental organization.
United Nations (UN)
The United Nations (UN) is an intergovernmental organization aiming to maintain international peace and security, develop friendly relations among nations, achieve international cooperation, and be a centre for harmonizing the actions of nations.
United Nations Group of Governmental Experts (UN GGE)
United Nations Group of Governmental Experts (UN GGE) on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security is a format for a set number (15-25) of UN Member States, aimed at resulting in a consensus report.
United Nations Open-Ended Working Group (OEWG)
United Nations Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security is an open format for all UN Member States, aimed at resulting in a consensus report.

The use of diplomatic tools and initiatives to achieve a state’s national interest in cyberspace.

Cyber Policy

Skillset: Cyber Policy

Skills

Available skills:
5G Toolbox
The EU policy response outlining EU's common approach to adopting 5G technologies.
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Cyber Competence Centre Network
Consists of the European Cybersecurity Competence Centre (ECCC), National Coordination Centres and the Cybersecurity Competence Community. The goal of the network is to help the EU retain and develop cybersecurity technological and industrial capacities.
Cyber diplomacy
The use of diplomatic tools and initiatives to achieve a state's national interest in cyberspace.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
EU cyber-related strategies
The system of strategic documents of the EU addressing cyber-related issues.
Information sharing
Best practices, tools and methods for effective dissemination of information to the desired audience.
Joint Cyber Unit
The Joint Cyber Unit is a new platform that aims to strengthen cooperation among EU Institutions, Agencies, Bodies and the authorities in the Member States, proposed under COMMISSION RECOMMENDATION of 23.6.2021 on building a Joint Cyber Unit.
National Cyber Security Strategy
A national cybersecurity strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. It is a high-level top-down approach to cybersecurity that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. (ENISA).
Vulnerability sharing policy
National or EU policies and practices relating to vulnerability disclosure.

Set of policies to achieve national or EU interests in cyberspace, intertwined with legal and strategic aspects. Skills may overlap to some extent with the EU legal domains and Cyber Diplomacy skillsets.

Cyber Threat Intelligence

Skillset: Cyber Threat Intelligence

Skills

Available skills:
Cyber operations
The employment of cyber capabilities to acieve objectives in or through cyberspace (Tallinn Manual definition).
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Data analysis
Process of inspecting, cleansing, transforming, and modelling data with the goal of discovering useful information, informing conclusions, and supporting decision-making.
Data correlation
Statistical measure that expresses the extent to which two variables are linearly related.
Data mining
Process of extracting and discovering patterns in large data sets involving methods at the intersection of machine learning, statistics, and database systems.
Information sharing
Best practices, tools and methods for effective dissemination of information to the desired audience.
Open source intelligence
Prevention
Proactive approach to mitigate risks.
Strategic reporting
Strategic reporting refers to a complex process of collecting the data about an organization's performance and the analysis of this data. Addressing progress, outcomes and performance with respect to specific goals.
Technical data collection
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.
Threat hunting and adversary tracking
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network.

Understanding the cyber threats facing an organization or nation.

Cyber and Information Risk Management

Skillset: Cyber and Information Risk Management

Skills

Available skills:
Asset vulnerabilities
A vulnerability is a weakness in an asset or group of assets. An asset's weakness could allow it to be exploited and harmed by one or more threats. (ISO 27001 definitions).
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
Cyber threat intelligence
Knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace.
Cybersecurity roles and responsibilities
Job responsibilities refer to the duties and tasks of their particular roles. This is sometimes referred to as the job description. Roles, however, refer to a person's position on a team. In Cybersecurity, the ere are technical, organisational, managerial, administrative, and governance roles.
Governance and risk management processes
Policies, procedures, and processes to manage and monitor the organization's regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. Governance and risk management processes address cybersecurity risks (NIST Cybersecurity Framework).
Infosec risk management
Legal and regulatory requirements
Organisational cybersecurity policy
Organisations should have their specific cybersecurity policy as basis for security measures.
Organisational risk tolerance
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Cyber-Physical Systems and Industrial Control Systems

Skillset: Cyber-Physical Systems and Industrial Control Systems

Skills

Available skills:
Critical infrastructure protection
Critical information infrastructure protection is a set of activities aimed at ensuring the functionality, continuity and integrity of country's essential information and communication systems to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident.
Cyber-physical systems (CPS)
Cyber Physical System (CPS) is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment.
Operational technology design and operation
Operational technology is the use of hardware and software to monitor and control physical processes, devices, and infrastructure across a large range of asset-intensive sectors and industries, performing a wide variety of automation tasks.

Cyber-Physical system is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment. Industrial Automation and Control Systems refers to the collection of personnel, instrumentation, hardware, and software that can affect or influence the safe, secure, and reliable operation and automation of an industrial process.

Cybersecurity economics

Skillset: Cybersecurity economics

Skills

Available skills:
Business impact analysis
Business impact analysis is a tool to help plan for the inevitability of consequences and their cost. (projectmanager.com).
Cyber insurance
A risk management technique where selected cyber risks are transferred to the insurance provider in exchange for a fee. Cyber insurance should be used in concert with other risk management techniques.
Security economics
Use of theories, approaches, methods and tools of economic disciplines emphasizing the impact of security threats at the macroeconomic and microeconomic level. (cyber)security relevant studies in economics, tackling problems like cyber insurance and business impact analysis.

Cybersecurity-relevant studies in economics.

Cybersecurity education & training

Skillset: Cybersecurity education & training

Skills

Available skills:
Curriculum development
The process of creating and systematically improving courses or study programmes. Identification of the "mission" of a training, and the knowledge and skills that the training expects successful students to acquire. Definition of training objectives and preparation of training content.
Skill & knowledge assessment
Competences in assessing the level of skill or knowledge of the training audience, for example via standardised testing, technical challenges, etc. For the development of cybersecurity training, it is important to assess the training objectives according to knowledge, skills, and abilities (KSA) needed for a Cyber security role or function.
Teaching methods
Ways to enable learning of the desired skill or knowledge, usually under the direction of a teacher or instructor.
Training material development
Competences in creating or updating study aids, challenges, tests (etc.) that facilitate learning.

Cybersecurity-relevant education and training programs and solutions.

Cybersecurity exercises

Skillset: Cybersecurity exercises

Skills

Available skills:
Cyber crisis management
Set of procedures designed for handling a cyber crises, preferrably formally outlined by domestic frameworks. Readiness, response and recovery from cyber incident.
Cyber decision-making
Decision-making procedures in cyber security situations. Knowledge of policies, proccesses and procedures is important.
Cyber element in exercises
Exercises are used to train skills, evaluate processes and procedures, and certify teams on the maturity in their task. Even in non-technical exercises nowadays, cyber elements need to be trained, as all processes and procdures in complex environments are dependent on IT and cyber processes.
Cyber hygiene
Cyber hygiene, or cybersecurity hygiene, is a set of practices organizations and individuals perform regularly to maintain the health and security of users, devices, networks and data.
Cyber range
A cyber range is a controlled, interactive technology environment where IT architectures and systems run in virtual and scalable environment. In a cyber range all possible scenarios and attacks on IT infrastructure, networks, software platforms and applications can be simulated.
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
Exercise planning
Process to design, draft and prepare an exercise.
Exercise types
Cyber exercises are conducted in various types: e. g. Table-top exercise, Capture-the flag, Red-blue-team exercise, simulation, etc.
Public-private partnership
Arrangement between private and public entities.
Scenario development
The process of creating and maintaining the storyline, background events, personas (etc.) that make up the exercise scenario. Scenario development for Cybersecurity exercises should support the training objectives and processes to be trained. The scenarios should allow measurable results.
Tactics, technics, procedures (TTP)
Whole-of-Government approach
Joint activities performed by diverse ministries, public administrations and public agencies in order to provide a common solution to particular problems or issues.

Cybersecurity exercises for training, experimentation, skill & readiness assessment.

Cybersecurity management

Skillset: Cybersecurity management

Skills

Available skills:
Business continuity
Capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident.
Cost modelling
A tool used to understand the value derived from proposed activity, acquisition or investment.
Decision-making exercises
A form of training modeling and testing preparedness of an organisation' preparedness for various cyber incidents.
Impact analysis
Assessment of consequences of decision, e.g. in the context of a cyber security incident on the reputation, business processes or security posture etc.
Reporting
Strategic communications and public relations

Managerial-level cybersecurity issues are concerned by the leadership of organization. Executive cybersecurity issues are those which may interfere with the organizational goals, strategic planning development and overall decision making in the organization.

Data Protection

Skillset: Data Protection

Skills

Available skills:
Data retention of telecommunications data
Retention of traffic and location data for the purpose of preventing, investigating, detecting or prosecuting crimes and safeguarding natinal security.
Directive on privacy and electronic communications
ePrivacy Directive 2002/58/EC
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.
General Data Protection Regulation (GDPR)
General Data Protection Regulation 2016/679.
Police Directive 2016/680

Set of processes to regulate the processing of data and to prevent misuse of data.

Digital Forensics

Skillset: Digital Forensics

Skills

Available skills:
Chain of custody
A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.
Digital artefact acquisition and analysis
Forensic digital analysis is the in-depth analysis and examination of electronically stored data and artefacts, with the purpose of identifying information that may support or contest matters in an investigation or court proceeding.
Digital evidence acquisition procedures
Data acquisition in digital forensics encompasses all the procedures involved in gathering digital evidence including cloning and copying evidence from any electronic source.
Internet service investigation
Internet service investigation is the process of identifying, accessing, collecting and surveiling the use of internet-based and cloud services in the context of digital forensic investigation.

Digital forensics is the application of computer science and investigative procedures involving the acquisition and examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.

Digital Identity & Trust Services

Skillset: Digital Identity & Trust Services

Skills

Available skills:
Authentication technologies and services
Advanced authentication mechanisms like multi factor authentication, single-sign-on, or zero trust authentication support the secure use of IT-systems, networks and applications.
Biometrics and digital identity
A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity". The selection of a particular biometric for use in a specific application involves a weighting of several factors, e.g. for use in biometric authentication.
Digital identity service certification and compliance audit
A compliance audit is a series of checks performed externally to make sure that the digital identity services and certificates are meeting the regulatory standards.
electronic IDentification, Authentication and trust Services (eIDAS)
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

Electronic identification and trust services can be used by citizens, businesses and public administrations, to access online services or manage electronic transactions.

EU legal domains

Skillset: EU legal domains

Skills

Available skills:
AI Act
The AI Act is a proposed European regulation on artificial intelligence (AI), marking the first comprehensive AI regulation by a major global authority. The Act categorises AI applications into three risk levels. First, applications that pose an unacceptable risk, like government-run social scoring similar to China's system, are banned. Second, high-risk applications, such as CV-scanning tools that rank job applicants, must comply with specific legal requirements. Lastly, applications not explicitly banned or classified as high-risk are mostly left unregulated.
Cyber Resilience Act
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020, the Cyber Resilience Act, complements European cybersecurity rules and strengthens the security of the whole supply chain with harmonised rules for placing connected hardware and software on the market, and duty of care for the whole life cycle of products.
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
Cyber Security Act
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).
Cyber Solidarity Act
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, the Cyber Solidarity Act, aims to enhance incident response and recovery across the EU. It supports existing EU cyber legislation while expanding principles like information sharing between public and private sectors, situational awareness, Incident response and recovery, crisis management frameworks, and cybersecurity operational cooperation.
Digital Operational Resilience Act (DORA)
Regulation (EU) 2022/2554 is a sector-specific EU legal act aimed at achieving high common level of digital operational resilience of financial institutions (Financial Information Service Providers).
Digital Services Act (DSA)
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC COM/2020/825 final. The Digital Services Act and Digital Markets Act aim to create a safer digital space where the fundamental rights of users are protected and to establish a level playing field for businesses.
Directive on Attacks against Information Systems
Electronic Communications Code (ECC)
Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast). This directive established a harmonised framework for the regulation of electronic communications networks, electronic communications services, associated facilities and associated services, and certain aspects of terminal equipment.
electronic IDentification, Authentication and trust Services (eIDAS)
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Electronic/digital evidence
Information in electronic/digital format with (potential) evidentiary value. Also electronically stored information (ESI) may be used interchangeably with the term electronic evidence. Also 'digital evidence' is used freqently.
ePrivacy
The ePrivacy Regulation aims to simplify the rules regarding cookies and streamline cookie consent in a more 'user-friendly' way.
EU cyber defence
Legal aspects related to activities falling within the scope of the Cyber Defence Policy Framework of the EU.
EU cybersecurity crisis management
Including, but not limited to: COMMISSION RECOMMENDATION (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises; COUNCIL IMPLEMENTING DECISION (EU) 2018/1993 of 11 December 2018 on the EU Integrated Political Crisis Response Arrangements; COMMISSION RECOMMENDATION of 23.6.2021 on building a Joint Cyber Unit.
General Data Protection Regulation (GDPR)
General Data Protection Regulation 2016/679.
Human rights in cyberspace
Here: legal protection of human rights relevant in the context of cyberspace, including the right to privacy, freedom of thought and conscience, freedom of expression, and guarantee of due process.
Legal frameworks for information sharing
Legal tools for the sharing of information between national authorities (e.g. national CSIRT/CERT) and also law enforcement authorities.
NIS Directive
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Network and Information Security Directive provides legal measures to boost the overall level of cybersecurity in the EU.
NIS2 Directive
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive). Appropriate and proportionate technical, operational and organisational measures to be taken by essential and important entities to manage the risks posed to the security of network and information systems, and to prevent or minimise the impact of incidents on recipients of their services and on other services.
Payment Services Directive (PSD2)
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

Different EU legal domains, including regulations and directives related to cyber security.

Exploit and Malware Analysis

Skillset: Exploit and Malware Analysis

Skills

Available skills:
Exploit mitigation techniques
Memory exploit mitigation is a set of mitigation techniques at various levels, such as, computer firmware, operating system, compiler, and run-time envrionment to mitigate risk of memory corruption attempts.
Exploit reverse engineering and analysis
Malware reverse engineering is a process of studying the functions and information flow of a malicious code to understand the functionality, behavior, potential impact, and crate tools for mitigation.
Exploitation techniques
Memory exploitation is a set of techniques allowing the identification of vulnerabilities or security flaws and circumvention of memory exploitation protection safe-guards to permit an arbitrary code delivery, injection and execution.

Memory corruption exploit development is a process, which identifies and produces a code to take advantage of a software vulnerability or security flaw allowing an unsanctioned targeted or automated activity execution against a vulnerable system through the use of exploit code or malware. Malware analysis is the process of analyzing the behavior and purpose of the exploit code to aid in the detection and mitigation of the potential threat.

General IT Systems Security

Skillset: General IT Systems Security

Skills

Available skills:
Active cyber defense (ACD)
Active Cyber Defence (ACD) seeks to reduce the harm from commodity cyber attacks by providing tools and services that protect from a range of attacks.
Penetration testing and cyber red teaming
System design and administration security
Is a multi-tiered risk-management-based approach towards information system design and secure administration from the perspecives of management device trust, administrative interface protection, administrative role management, and auditing of administrative activities.

IT systems security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

IT Security Assessment

Skillset: IT Security Assessment

Skills

Available skills:
Network assessment
A network assessment is a type of audit that involves using a process or script to scan a network to uncover any risks or anomalies.
Processes and procedures
Security analysis
Security analysis is the process to find, define, and rate the threats and vulnerabilities in an IT system or network.
Security audit
A security audit is the high-level description of the many ways organizations can test and assess their overall security posture, including cybersecurity.
Security review
Regular review of security measures and controls in an IT system or network.
Vulnerability assessment
process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

The goal of a IT security assessment, is to ensure that necessary security controls are integrated into the design and implementation of an IT project. A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.

Incident Management

Skillset: Incident Management

Skills

Available skills:
Incident analysis
Incident management services
Services that are vital in helping constituents during an attack or incident. (FIRST CSIRT Services Framework 2.1.0).
Incident response coordination
Incident response on site
Incident Response Organisation
Organisational structure or setup of an CSIRT, including processes e.g IR lifecycle (detect - triage - analyze - respond).
Incident response support
SIM3

Process to handle life cycle of an incident: detect and identify; triage and analyze; resolve, including prevent reoccurrence.

Information Operations

Skillset: Information Operations

Skills

Available skills:
Information campaign
Integrated operations
Integrated operations ((IO) refers to the integration of people, disciplines, organizations, work processes and information and communication technology to make smarter decisions.).
Misinformation, Disinformation and Malinformation
Respectively: unintentional dissemination of inaccurate or misleading information; deliberate creation and spread of false or misleading content; or sharing factual information out of context to harm or deceive. These can include false news, or it can involve more subtle methods such as false flag operations, feeding inaccurate quotes or stories to innocent intermediaries, or knowingly amplifying biased or misleading information. Those terms, more common in US, are often used in parallel in Europe with notions such as Propaganda or Foreign Information Manipulation and Interference (FIMI).
Synthetic identities theft/fraud
Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity. The real information used in this fraud is usually stolen.

Information operations includes the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent. It may be part of hybrid warfare.

Information Security Standards

Skillset: Information Security Standards

Skills

Available skills:
Certification
Certification is the formal attestation or confirmation of certain characteristics of an object, person, or organization.
CIIP Governance
Experience of governing Critical Information Infrastructure Protection (CIIP) from public authority perspective.
CIS controls
Formerly the SANS Critical Security Controls (SANS Top 20).
COBIT 5
Framework to help organisations meet business cahllenges in regulatory compliance, risk management and aligning IT strategy with organisational goals.
Developing standards
Experience regarding drafting standards or in standardization.
Implementing standards
Experience regarding implementing standards.
Information Technology Infrastructure Library (ITIL)
Information Technology Infrastructure Library ITIL) is set of detailed practices for IT service management and IT asset management.
ISO 27000 series
Information security standards published Jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO 31000:2018
Guidelines on managing risk faced by organizations.
IT-Grundschutz
German baseline protection system.
Mandatory information security standards
Information security standards which compliance has been made mandatory by e. g. national law, international law.
NIST 800 series
Supervision over implementation of standards
Experience regarding supervision over implementation of standards.
Voluntary information security standards
Volnutary guidelines set out to establish a common language and improve security of information technology.

Published specification that establishes a common language. Goal of a information security standard is to improve the security of information technology.

International Cooperation Frameworks

Skillset: International Cooperation Frameworks

Skills

Available skills:
African Network Information Centre (AFRINIC)
The African Network Information Centre (AFRINIC) is the regional internet registry for Africa.
American Registry for Internet Numbers (ARIN)
American Registry for Internet Numbers (ARIN) is the regional Internet registry for Canada, United States and many Caribbean and North Atlantic islands.
Asia Pacific Network Information Centre (APNIC)
The Asia Pacific Network Information Centre (APNIC) is the regional Internet registry for Asia-Pacific.
Budapest Convention 24/7 POCs
24/7 Network under Art 35 of the Budapest Convention.
CSIRTs Network
The CSIRTs Network is a network where members can cooperate, exchange information and build trust. Members are able to improve the handling of cross-border incidents and discuss how to respond in a coordinated manner to specific incidents. The CSIRTs Network is composed of CSIRTs appointed by EU Member States and CERT-EU.
Cyber Competence Centre Network
Consists of the European Cybersecurity Competence Centre (ECCC), National Coordination Centres and the Cybersecurity Competence Community. The goal of the network is to help the EU retain and develop cybersecurity technological and industrial capacities.
EU-CyCLONe
The European cyber crisis liaison organisation network (EU-CyCLONe), is a cooperation network for Member States national authorities in charge of cyber crisis management. The aim is to collaborate and develop timely information sharing and situational awareness based on tools and support provided by the EU Agency for Cybersecurity, which serves as the CyCLONe Secretariat.
European Union Agency for Criminal Justice Cooperation (Eurojust)
EU agency for judicial cooperation in criminal matters.
European Union Agency for Law Enforcement Cooperation (EUROPOL)
European Union Agency for Law Enforcement Cooperation (EUROPOL) is law enforcement agency of EU; deals with serious international organised crime, including cybercrime and terrorism.
Forum of Incident Response and Security Teams (FIRST)
The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams.
Internet Corporation for Assigned Names and Numbers (ICANN)
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-based not-for-profit public-benefit corporation whose role is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and to ensure the stable and secure operation of these systems.
Latin American and Caribbean Internet Addresses Registry (LACNIC)
Latin America and Caribbean Network Information Centre (LACNIC) is the regional Internet registry for Larin America and the Caribbean.
Mutual Legal Assistance
Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the regional Internet registry for Europe, Middle East and parts of Central Asia.
The International Criminal Police Organization (INTERPOL)
International Criminal Police Organization (INTERPOL) is inter-governmental organization for law enforcement collaboration, including information sharing and investigative support.

Cross-border arrangements and agreements by states and other entities to adjust their behaviour to the actual preferences in pursuit of cybersecurity.

International Law Applicable in Cyberspace

Skillset: International Law Applicable in Cyberspace

Skills

Available skills:
Armed conflict
An armed conflict arises whenever there is fighting between States or protracted armed violence between government authorities and organized armed groups or just between organized armed groups.
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Cyber conflict
Cyber conflict is the use of cyber attacks, causing comparable harm to actual warfare and/or disrupting vital computer systems.
Cyber espionage
Cyber espionage is the malicious theft of data, information or intellectual property from computer systems for political, military or economic purposes.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber operations
The employment of cyber capabilities to acieve objectives in or through cyberspace (Tallinn Manual definition).
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
International humanitarian law
International Humanitarian Law (IHL) is a set of rules that seek to limit the effects of armed conflict.
State positions
Surveillance technologies
Surveillance technology refers to products or services used to monitor behaviour, activities or information for purposes such as information gathering, influencing, managing, or directing individuals or groups. These technologies can be lawfully and legitimately used with appropriate safeguards; however, they can also be misused by governments. Responsible use of surveillance technologies aims to enhance safety and security while respecting the rule of law and preventing harmful consequences.
Tallinn Manual
An academic effort in compiling an overview of the the current status of the interpretation of international law in cyberspace.
United Nations Group of Governmental Experts (UN GGE)
United Nations Group of Governmental Experts (UN GGE) on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security is a format for a set number (15-25) of UN Member States, aimed at resulting in a consensus report.
United Nations Open-Ended Working Group (OEWG)
United Nations Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security is an open format for all UN Member States, aimed at resulting in a consensus report.

International law governing cyber operations.

International Organisations in Cyber

Skillset: International Organisations in Cyber

Skills

Available skills:
African Union (AU)
The African Union (AU) is a continental union consisting of 55 member states located on the continent of Africa.
Association of Southeast Asian Nations (ASEAN)
The Association of Southeast Asian Nations (ASEAN) is a regional grouping that promotes economic, political, and security cooperation among its ten members: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.
Council of Europe (CoE)
The Council of Europe is the continent's leading human rights organisation. It includes 47 member states, 27 of which are members of the European Union.
European Union (EU)
The European Union (EU) is a political and economic union of 27 member states that are located primarily in Europe.
Forum of Incident Response and Security Teams (FIRST)
The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams.
International Telecommunications Union (ITU)
The International Telecommunication Union is a specialized agency of the United Nations responsible for many matters related to information and communication technologies.
North Atlantic Treaty Organisation (NATO)
The North Atlantic Treaty Organization (NATO) also called the North Atlantic Alliance, is an intergovernmental military alliance between 28 European countries, 2 North American countries, and 1 Asian country.
Organization for Security and Co-operation in Europe (OSCE)
The Organization for Security and Co-operation in Europe (OSCE) is the world's largest security-oriented intergovernmental organization.
Organization of American States (OAS)
Today, the OAS brings together all 35 independent states of the Americas and constitutes the main political, juridical, and social governmental forum in the Hemisphere.
United Nations (UN)
The United Nations (UN) is an intergovernmental organization aiming to maintain international peace and security, develop friendly relations among nations, achieve international cooperation, and be a centre for harmonizing the actions of nations.

International organisations which focus on issues related on cyber security.

Internet Governance

Skillset: Internet Governance

Skills

Available skills:
Domain Name System (DNS)
The Domain Name System (DNS) is the Internet's system for mapping alphabetic names to numeric Internet Protocol (IP) addresses like a phone book maps a person's name to a phone number.
Internet Corporation for Assigned Names and Numbers (ICANN)
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-based not-for-profit public-benefit corporation whose role is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and to ensure the stable and secure operation of these systems.
Internet Governance Forum (IGF)
The Internet Governance Forum (IGF) is a multistakeholder governance group for policy dialogue on issues of Internet governance.
Net neutrality
Network neutrality, most commonly called net neutrality, is the principle that Internet service providers (ISPs) must treat all Internet communications equally, and not discriminate or charge differently based on user, content, website, platform, application, type of equipment, source address, destination address, or method of communication.

A multistakeholder process which refers to the rules, policies, standards and practices that coordinate and shape global cyberspace.

Internet of Things

Skillset: Internet of Things

Skills

Available skills:
Embedded sensor technology
A sensor is a device that produces an output signal for the purpose of sensing of a physical phenomenon. IoT devices use embedded sensors (e.g. camera, thermometer, gyrometer, motion sensor, etc.) to collect data and transmit them to the processing unit.).
IoT data connectivity
IoT devices are regularly connected via wireless communication, e.g. Bluetooth, WiFi, mobile networks. For security reasons, these connections must be secured.
IoT enabled technologies
IoT utilizes existing and emerging technology for sensing, networking, and robotics. IoT devices are implemented in a wide range of equipment from CCTV to unmanned vehicles.
IoT security and certification
IoT security is a subsect of cybersecurity that focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — or the network of connected devices that gather, store and share data via the internet. IoT devices should be secured and tested on official regulations or industry standards.

The Internet of things (IoT) describes physical objects (or groups of such objects) that are embedded with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks.

Law enforcement

Skillset: Law enforcement

Skills

Available skills:
Cybercrime
Cyber crime refers to a set of offenses which include technology as a means to fulfil illegal intent.
Digital Forensics
A branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime.
Investigation
A careful examination or search in order to discover facts or gain information.
Investigative techniques
In cybercrime investigations must be tamperproof. This includes seamless documentation and proof of the chain of custody. Investigative techniques should follow these principles.

Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term encompasses police, courts, and corrections. Here specific to cyber related crime.

Monitoring and threat detection

Skillset: Monitoring and threat detection

Skills

Available skills:
Intrusion detection and prevention
Intrusion detection is a process of parsing and monitoring collected data from network and network nodes for suspicious activity and producing alerts or taking automated preveniton measures, when such activity is discovered.
Monitoring data and threat visualization
Visual representation of data and information in a structured and systematic manner allowing easier interpretation and analysis.
System log and event collection and analysis
System log analysis is a scientific process of collecting, parsing, reviewing, and interpreting time-sequenced event messages generated by network nodes to gain insight into system state and identify possible anomalies.
Threat hunting and adversary tracking
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network.

Security monitoring is a collection of processes and technologies, which involves collecting and analysing information produced by network nodes and their interaction to detect anomalies or suspicious behavior, triggering alerts, and taking applicable action on alerts.

Secure system architecture and software development

Skillset: Secure system architecture and software development

Skills

Available skills:
Generative AI (Gen AI)
Generative AI (Gen AI) marks the next phase in the advancement of artificial intelligence. This subset of AI specialises in producing novel and original content. Unlike conventional AI systems that function based on pre-existing data and established rules, Generative AI creates new data and concepts, ranging from digital art to innovative text compositions.
Secure development and operations (DevOps)
DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from the Agile methodology.
Secure system implementation life-cycle
The system development life cycle is the overall process of developing, implementing, and retiring information systems through a multistep process from initiation, analysis, design, implementation, and maintenance to disposal. The secure implementation of a software or system is part of the overall SDLC.
Security requirement definition and risk analysis
When devolping software, beside functional requirements, also security requirements must be defined from the beginning. This should include e.g. access control mechanisms, authentication, information flow, integrity, availability, confidentiality, etc. The requirements should base on a risk assessment.
Software development paradigms
Secure software devolpment follows various methodologies. Independent from the methodology, security should be included from the beginning of the development process.

Security architecture is defined as the architectural design that includes all the threats and potential risks which can be present in the environment or that particular scenario. A software development life cycle (SDLC) is a formal or informal methodology for designing, creating, and maintaining software (which includes code built into hardware).

Security testing

Skillset: Security testing

Skills

Available skills:
Red-teaming and adversary emulation
Adversary emulation is a form of cybersecurity assessment, which implements the behaviour of threat actor groups based on real-world threat intelligence and tactics, techniques, and procedures.
Security testing approaches
Security testing is a collection of testing methods and approaches aimed at attempting to identify all possible vulnerabilities, threats, and risks towards organization assets to prevent malicious attacks.
Security testing standards and frameworks
Security testing standards are aimed at defining a set of common approaches and best practices in a structured and methodological manner.
Software testing approaches
Software testing is the process of evaluating and verifying that a software product or application does what it is supposed to do. The benefits of testing include preventing bugs, reducing development costs and improving performance.

Security testing is a methodological process for gaining security assurance, which tests and validates the extent of effective implementation to which a system, device, software, or process resists active attempts to compromise its security.

Technology Governance

Skillset: Technology Governance

Skills

Available skills:
5G
Fifth generation technology standard for broadband cellular networks.
Artificial Intelligence (AI)
Artificial intelligence (AI) refers to systems that display intelligent behaviour by analysing their environment and taking actions – with some degree of autonomy – to achieve specific goals.
Blockchain
A blockchain is a type of distributed ledger technology (DLT) that consists of growing list of records, called blocks, that are securely linked together using cryptography. (Wikipedia).
Cloud services and providers
Cloud services refer to a wide range of services delivered on demand to customers over the internet. These services are designed to provide easy access to applications and resources, without the need for internal infrastructure or hardware. Some of the well-known cloud service providers include, such as, Amazon Web Services, Microsoft Azure, and Google Cloud.
Digital government
Provision of government services online.
Digital transformation
Societal-level policies and processes concerning adoption of digital technology.
Edge computing
Distributed computing model where the computation and data storage happens close to data source.
Generative AI (Gen AI)
Generative AI (Gen AI) marks the next phase in the advancement of artificial intelligence. This subset of AI specialises in producing novel and original content. Unlike conventional AI systems that function based on pre-existing data and established rules, Generative AI creates new data and concepts, ranging from digital art to innovative text compositions.
High-performance computing (HPC)
High performance computing (HPC) is the practice of aggregating computing resources to gain performance greater than that of a single workstation, server, or computer.
Internet of Things (IoT)
The Internet of Things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks.
Machine Learning (ML)
A branch of artificial intelligence; the study of computer algorithms that can adapt (improve, learn) based on interactions with the environment or new data.
Manipulated content (deep fakes)
Manipulated content (deep fakes) refers to media—such as videos, images, or audio—altered or generated using artificial intelligence to convincingly replicate real people or events, often with the intention to deceive or mislead.
Maritime cybersecurity
Cybersecurity in the maritime domain (for example, ship systems, maritime navigation and communication systems, port systems, etc.).
Quantum computing
Type of computation that harnesses the collective properties of quantum states (Wikipedia).
Research and development (R&D)
Research and development (R&D) includes activities that companies undertake to innovate and introduce new products and services.
Space cybersecurity
Cybersecurity in the space domain (ground stations, transmission systems, satellites, etc.).
Strategic risk management
Management of risks that may threaten the overall health and ability of organizations to achieve its goals.
Supply chain security
Cybersecurity throughout the supply chain, including (key) personnel, manufacturing process, software dependencies, etc.
Technological sovereignty
Capability to define and carry out autonomous policy regarding use of technologies.
Technology ethics
Study of the ethical problems associated with technology.

Technology governance can be defined as the process of exercising political, economic and administrative authority in the development, diffusion and operation of technology in societies.