Accessibility

Skillset framework

The skillset framework allows you to find the right expertise

EU CyberNet skillset framework is a tailor-made collection of all cyber-related skillsets and skills that can be used for finding the right expertise for one’s missions, projects and actions.

The framework consists of 38 skillsets and over 300 skills.

Applied Cryptography

Skillset: Applied Cryptography

Skills

Available skills:
Blockchain
A blockchain is a type of distributed ledger technology (DLT) that consists of growing list of records, called blocks, that are securely linked together using cryptography. (Wikipedia).
Encryption algorithm design and implementation
An encryption algorithm is designed to encode a message or information so that only authorized parties can access data, and data is unreadable by unintended parties. There are two types of Encryption Algorithm like the Symmetric-key algorithm, also known as a secret key algorithm, and the Asymmetric key algorithm also called a public key algorithm.
Encryption protocol analysis
Implementations of encryption in IT systems use various algorithms and protocols (e.g. symetric and asymetric, RSA, Diffie-Hellman, DES, TripleDES, AES, etc). To understand their vulnerabilities, it is important to understand its functioning by analysing it.
Public key cryptography
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys. It involves the use of a public key infrastructure (PKI); a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

Applied Cryptography describes the development, implementation, and use of cryptographic techniques.

Automated bot malware mitigation

Skillset: Automated bot malware mitigation

Skills

Available skills:
Botnet mitigation
Bot mitigation is the reduction of risk to infrastructure and services from malicious bot traffic that fuels common automated attacks, such as, DDoS campaigns and vulnerability probing. The mitigation activities may pursue malicious bot identification and blocking, command and control infrastructure identification, botnet sinkholing, infiltration and monitoring, and infrastructure takedown.
Malicious code analysis
Malicious code analysis is the process of understanding the behavior and purpose of a suspicious code, to aid the detection and mitigation of the potential threat.
Malware indicators of compromise
Indicators of compromise serve as forensic evidence of potential intrusions on a host system or network, to allow the detection of intrusion attempts or other malicious activities, analysis of particular malware's techniques and behaviors, and provide actionable threat intelligence.

Botnet is a network of hijacked network devices infected by the use of automated malware, which are under the control of an attacking party used to carry out various scams and cyberattacks. Mitigation of such networks focuses on malware analysis, command-and-control structure analysis, and coordinated mitigation activities.

Cloud Security & Compliance

Skillset: Cloud Security & Compliance

Skills

Available skills:
Cloud infrastructure assessment and compliance
A cloud infrastructure assessment tests and analyzes cloud infrastructure to ensure the organization is protected from various security risks and threats on the cloud.
Cloud services and providers
Cloud services refer to a wide range of services delivered on demand to customers over the internet. These services are designed to provide easy access to applications and resources, without the need for internal infrastructure or hardware. Some of the well-known cloud service providers include, such as, Amazon Web Services, Microsoft Azure, and Google Cloud.
Cloud-based web-application security
Web application security refers to a variety of processes, technologies, or methods, including development security practices, for protecting web servers, web applications, and web services from attack by Internet-based threats. Web application security is crucial to protecting data, customers, and organizations from data theft, interruptions in business continuity, or other harmful results of cybercrime.
Penetration testing of cloud infrastructure and services
Cloud penetration testing is an authorised simulated cyber-attack against a system that is hosted on a cloud provider with the main goal of finding the weaknesses and strengths of a system, so that its security posture can be accurately assessed.

Cloud security is a collection of procedures and technology used to control the security, compliance, and usage risks of cloud computing to address external and internal threats. This responsibility is shared between the cloud provider and the customer.

Computer security incident response

Skillset: Computer security incident response

Skills

Available skills:
Incident handling practices
Incident handling prcatices include the phases of the incident handling workflows. The major phases are dection and reporting, identification, classification and priorisation (triage), and incident handling acticvities as documenting (ticket), analysis, problem solving, reporting and mitigation.
Incident handling techniques
Incident handling is based on many workflows. In the different phases, they include technical and organisational skills. The techniques to handle an computer security incident must be planned and prepared ahead of the occurance but must be flexible to be able to react on every sitaution with the respective means.
Incident response frameworks
Incident response policies have been devolped and introduced since the 1980s. Methodolgies and frameworks can be used by organisations to implement their incident response processes. (e.g., CSIRT services framework, NIST NICE, MITRE, CERT/CC).
Information exchange and intelligence
In incident response, it is important to share and exchange information related to incidents, vulnerabilities, and attack vectors between trusted partners. Organisational and technical information exchange solutions and protocols include e.g. MISP, TLP, etc.
Security operation centre (SOC) design and operations
A SOC is a team primarly composed of security analysts organizsd to detect, analyze, respond to, report on, and prevent cyber security incidents. SOC are organised in different ways, according to their host organisation, constituency, and tasks. It can include e.g. monitoring, detection, incident handling, and prevention.

Computer security incident response is planned and organized approach to addressing and managing the aftermath of a security breach or cyberattack (IT incident, computer incident or security incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Critical Information Infrastructure Protection (CIIP)

Skillset: Critical Information Infrastructure Protection (CIIP)

Skills

Available skills:
Business continuity
Capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident.
CI and CII sectors
Cyber vulnerabilitiy
Any weakness within a network and information system that can be exploited.
Cyber-physical systems (CPS)
Cyber Physical System (CPS) is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment.
Impact analysis
Assessment of consequences of decision, e.g. in the context of a cyber security incident on the reputation, business processes or security posture etc.
Physical vulnerability
Any weakness in hosting environment of network and information system, that can enable a physical attack on the system.
Risk assessment
Process to identify potential threats and impacts.

Protection of the digital security of critical activities and dependent systems.

Cyber Awareness

Skillset: Cyber Awareness

Skills

Available skills:
Awareness and Training
Cyber awareness among population is the foundation of ensuring cyber security. Here also: Awareness raising and training activities related to cybercrime legal aspects and/or targeting legal professionals.
Communicating technology
To convey information and knowledge to users and managers on technology and its security aspects for better understanding.
Communication strategy
Straegy to set out the goals for communication and means of reaching these objectives.
Prevention
Proactive approach to mitigate risks.
Public relations
The practice of managing and disseminating information from an individual or an organization (such as a business, government agency, or a nonprofit organization) to the public in order to affect their public perception.
Target audience analysis
Target audience analysis involves describing your audience in terms of a variety of demographics, including age and gender, as well as income, education, and location, or psychographics like interests and opinions.

Development and implementation of awareness programms to enhance the level of conciousness on cyber threats and rules and regulations. Enable users to understand necessary security measures.

Cyber Crime – International

Skillset: Cyber Crime – International

Skills

Available skills:
2nd Additional Protocol to the Budapest Convention
Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence.
Budapest Convention
Council of Europe Convention on Cybercrime (CETS 185). Budapest Convention was adopted in 2001 by the Council of Europe and is the only international agreement between states specifically focused on cyber crime.
Directive on combating fraud and counterfeiting of non-cash means of payment 2019/713
ePrivacy
The ePrivacy Regulation aims to simplify the rules regarding cookies and streamline cookie consent in a more 'user-friendly' way.
EU Directive on Attacks Against Information Systems 2013/40/EU
Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA.
EU e-evidence proposals
Police Directive 2016/680
UN 3rd committee on cybercrime

International/supranational legal instruments addressing various aspects of fight against cybecrime.

Cyber Crime – National

Skillset: Cyber Crime – National

Skills

Available skills:
Awareness and Training
Cyber awareness among population is the foundation of ensuring cyber security. Here also: Awareness raising and training activities related to cybercrime legal aspects and/or targeting legal professionals.
Cooperation channels
A collective term for the different systems of cooperation between (law enforcement) authorities in different countries.
Cooperation with private sector
Cooperation with non-state actors in prevention, investigation and mitigation of cybercrime.
Court expertise
Scientific and technical knowledge on issues of fact at the court's disposal.
Criminal law
National level substantive laws related to cybercrimes.
Criminal procedure
Laws concerning the processes of cybercrime investigations and/or investigations online.
Cybercrime prevention
A proactive approach to fight cybercrime ex ante.
Cybercrime reporting
Notification procedure to authorities about the fact that a cybercrime may have been committed.
Cybercrime units
Cybercrime Units (CCU) primary role is to provide technical assistance in the detection and investigations of crime wherein the computer is the target or the means used.
Electronic/digital evidence
Information in electronic/digital format with (potential) evidentiary value. Also electronically stored information (ESI) may be used interchangeably with the term electronic evidence. Also 'digital evidence' is used freqently.
International cooperation
The process of policy coordination between states to pursue a common goal or interest. Here also: Local implementation of and engagement in international cooperation regarding combat against cybercrime.
Judicial authority
Here: National courts and other judicial authorities exercising judicial powers or functions relating to cybercrimes.
Law enforcement
Here: Activities of various national public authorities to prevent, investigate and detect cyberimes.
Prosecution
Here: Activities of national public authorities to prosecute cyberimes.

National legal instruments and mechanisms addressing various aspects of fight against cybercrime.

Cyber Crisis Management

Skillset: Cyber Crisis Management

Skills

Available skills:
Civil-military cooperation
Civil-Military Co-operation is the means by which a military commander connects with civilian agencies active in a theatre of operations. It can also refer to a wider concept of cooperation between military and civilian bodies.
Comprehensive approach
The Comprehensive Approach is about developing mechanisms and cultures of understanding, sharing and collaboration, both vertically between nations and international organisations, and horizontally between nations and between organisations. It can also refer to a holistic approach to e.g. writing a domestic cyber security strategy and engaging all stakeholders from different levels.
Cyber defence capabilities and doctrines
Cyber Defense consists of solutions that actively resist attack. Capabilities refer to the ability to resist attacks and doctrines reflext how military forces contribute to campaigns, major operations, battles, and engagements.
Cyber security management
Cybersecurity management is an area of information technology that organizations and businesses use to protect and secure sensitive information from cybercriminals or any unwanted guests.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
National legislation
Law that applies within a state.
Prevention
Proactive approach to mitigate risks.
Public relations
The practice of managing and disseminating information from an individual or an organization (such as a business, government agency, or a nonprofit organization) to the public in order to affect their public perception.
Reporting
Strategic communications and public relations
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.

Set of procedures designed for handling a cyber crises, preferrably formally outlined by domestic frameworks.

Cyber Diplomacy

Skillset: Cyber Diplomacy

Skills

Available skills:
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Council of Europe (CoE)
The Council of Europe is the continent's leading human rights organisation. It includes 47 member states, 27 of which are members of the European Union.
Cyber confidence-building measures
Confidence-building measures (CBMs) are planned procedures to prevent hostilities, to avert escalation, to reduce military tension, and to build mutual trust between countries.
Cyber Diplomacy Toolbox
The use of diplomatic tools and initiatives to achieve a state's national interest in cyberspace. Referring to the EU initiative with the same name. Draft Council Conclusions on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities ("Cyber Diplomacy Toolbox") of 6 June 2017.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
Cyber-stability framework
For discussing cybersecurity in the context of international peace and security.
European Union (EU)
The European Union (EU) is a political and economic union of 27 member states that are located primarily in Europe.
Organization for Security and Co-operation in Europe (OSCE)
The Organization for Security and Co-operation in Europe (OSCE) is the world's largest security-oriented intergovernmental organization.
United Nations (UN)
The United Nations (UN) is an intergovernmental organization aiming to maintain international peace and security, develop friendly relations among nations, achieve international cooperation, and be a centre for harmonizing the actions of nations.
United Nations Group of Governmental Experts (UN GGE)
United Nations Group of Governmental Experts (UN GGE) on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security is a format for a set number (15-25) of UN Member States, aimed at resulting in a consensus report.
United Nations Open-Ended Working Group (OEWG)
United Nations Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security is an open format for all UN Member States, aimed at resulting in a consensus report.

The use of diplomatic tools and initiatives to achieve a state’s national interest in cyberspace.

Cyber Policy

Skillset: Cyber Policy

Skills

Available skills:
5G Toolbox
The EU policy response outlining EU's common approach to adopting 5G technologies.
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Cyber Competence Centre Network
Consists of the European Cybersecurity Competence Centre (ECCC), National Coordination Centres and the Cybersecurity Competence Community. The goal of the network is to help the EU retain and develop cybersecurity technological and industrial capacities.
Cyber diplomacy
The use of diplomatic tools and initiatives to achieve a state's national interest in cyberspace.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
EU cyber-related strategies
The system of strategic documents of the EU addressing cyber-related issues.
Information sharing
Best practices, tools and methods for effective dissemination of information to the desired audience.
Joint Cyber Unit
The Joint Cyber Unit is a new platform that aims to strengthen cooperation among EU Institutions, Agencies, Bodies and the authorities in the Member States, proposed under COMMISSION RECOMMENDATION of 23.6.2021 on building a Joint Cyber Unit.
National Cyber Security Strategy
A national cybersecurity strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. It is a high-level top-down approach to cybersecurity that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. (ENISA).
Vulnerability sharing policy
National or EU policies and practices relating to vulnerability disclosure.

Set of policies to achieve national or EU interests in cyberspace, intertwined with legal and strategic aspects. Skills may overlap to some extent with the EU legal domains and Cyber Diplomacy skillsets.

Cyber Threat Intelligence

Skillset: Cyber Threat Intelligence

Skills

Available skills:
Cyber operations
The employment of cyber capabilities to acieve objectives in or through cyberspace (Tallinn Manual definition).
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Data analysis
Process of inspecting, cleansing, transforming, and modelling data with the goal of discovering useful information, informing conclusions, and supporting decision-making.
Data correlation
Statistical measure that expresses the extent to which two variables are linearly related.
Data mining
Process of extracting and discovering patterns in large data sets involving methods at the intersection of machine learning, statistics, and database systems.
Information sharing
Best practices, tools and methods for effective dissemination of information to the desired audience.
Open source intelligence
Prevention
Proactive approach to mitigate risks.
Strategic reporting
Strategic reporting refers to a complex process of collecting the data about an organization's performance and the analysis of this data. Addressing progress, outcomes and performance with respect to specific goals.
Technical data collection
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.
Threat hunting and adversary tracking
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network.

Understanding the cyber threats facing an organization or nation.

Cyber and Information Risk Management

Skillset: Cyber and Information Risk Management

Skills

Available skills:
Asset vulnerabilities
A vulnerability is a weakness in an asset or group of assets. An asset's weakness could allow it to be exploited and harmed by one or more threats. (ISO 27001 definitions).
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
Cyber threat intelligence
Knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace.
Cybersecurity roles and responsibilities
Job responsibilities refer to the duties and tasks of their particular roles. This is sometimes referred to as the job description. Roles, however, refer to a person's position on a team. In Cybersecurity, the ere are technical, organisational, managerial, administrative, and governance roles.
Governance and risk management processes
Policies, procedures, and processes to manage and monitor the organization's regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. Governance and risk management processes address cybersecurity risks (NIST Cybersecurity Framework).
Infosec risk management
Legal and regulatory requirements
Organisational cybersecurity policy
Organisations should have their specific cybersecurity policy as basis for security measures.
Organisational risk tolerance
Threat assessment
A Threat Assessment is a process for evaluating and verifying perceived threats, including assessing their likelihood. In cybersecurity, a threat assessment is usually performed by security risk management and it precedes plans for mitigating threats against the enterprise.

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Cyber-Physical Systems and Industrial Control Systems

Skillset: Cyber-Physical Systems and Industrial Control Systems

Skills

Available skills:
Critical infrastructure protection
Critical information infrastructure protection is a set of activities aimed at ensuring the functionality, continuity and integrity of country's essential information and communication systems to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident.
Cyber-physical systems (CPS)
Cyber Physical System (CPS) is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment.
Operational technology design and operation
Operational technology is the use of hardware and software to monitor and control physical processes, devices, and infrastructure across a large range of asset-intensive sectors and industries, performing a wide variety of automation tasks.

Cyber-Physical system is a decentralized network of devices, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical environment. Industrial Automation and Control Systems refers to the collection of personnel, instrumentation, hardware, and software that can affect or influence the safe, secure, and reliable operation and automation of an industrial process.

Cybersecurity economics

Skillset: Cybersecurity economics

Skills

Available skills:
Business impact analysis
Business impact analysis is a tool to help plan for the inevitability of consequences and their cost. (projectmanager.com).
Cyber insurance
A risk management technique where selected cyber risks are transferred to the insurance provider in exchange for a fee. Cyber insurance should be used in concert with other risk management techniques.
Security economics
Use of theories, approaches, methods and tools of economic disciplines emphasizing the impact of security threats at the macroeconomic and microeconomic level. (cyber)security relevant studies in economics, tackling problems like cyber insurance and business impact analysis.

Cybersecurity-relevant studies in economics.

Cybersecurity education & training

Skillset: Cybersecurity education & training

Skills

Available skills:
Curriculum development
The process of creating and systematically improving courses or study programmes. Identification of the "mission" of a training, and the knowledge and skills that the training expects successful students to acquire. Definition of training objectives and preparation of training content.
Skill & knowledge assessment
Competences in assessing the level of skill or knowledge of the training audience, for example via standardised testing, technical challenges, etc. For the development of cybersecurity training, it is important to assess the training objectives according to knowledge, skills, and abilities (KSA) needed for a Cyber security role or function.
Teaching methods
Ways to enable learning of the desired skill or knowledge, usually under the direction of a teacher or instructor.
Training material development
Competences in creating or updating study aids, challenges, tests (etc.) that facilitate learning.

Cybersecurity-relevant education and training programs and solutions.

Cybersecurity exercises

Skillset: Cybersecurity exercises

Skills

Available skills:
Cyber crisis management
Set of procedures designed for handling a cyber crises, preferrably formally outlined by domestic frameworks. Readiness, response and recovery from cyber incident.
Cyber decision-making
Decision-making procedures in cyber security situations. Knowledge of policies, proccesses and procedures is important.
Cyber element in exercises
Exercises are used to train skills, evaluate processes and procedures, and certify teams on the maturity in their task. Even in non-technical exercises nowadays, cyber elements need to be trained, as all processes and procdures in complex environments are dependent on IT and cyber processes.
Cyber hygiene
Cyber hygiene, or cybersecurity hygiene, is a set of practices organizations and individuals perform regularly to maintain the health and security of users, devices, networks and data.
Cyber range
A cyber range is a controlled, interactive technology environment where IT architectures and systems run in virtual and scalable environment. In a cyber range all possible scenarios and attacks on IT infrastructure, networks, software platforms and applications can be simulated.
Cyber risk mapping
Risk mapping is a technique used to detect cyber risks.
Cyber situational awareness
Understanding the cyber environment and accurately predicting and responding to potential problems that might occur in cyberspace. Cyber situational awareness is the capability that helps security analysts and decision makers: Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment. Identify what infrastructure components are important to complete key functions.
Exercise planning
Process to design, draft and prepare an exercise.
Exercise types
Cyber exercises are conducted in various types: e. g. Table-top exercise, Capture-the flag, Red-blue-team exercise, simulation, etc.
Public-private partnership
Arrangement between private and public entities.
Scenario development
The process of creating and maintaining the storyline, background events, personas (etc.) that make up the exercise scenario. Scenario development for Cybersecurity exercises should support the training objectives and processes to be trained. The scenarios should allow measurable results.
Tactics, technics, procedures (TTP)
Whole-of-Government approach
Joint activities performed by diverse ministries, public administrations and public agencies in order to provide a common solution to particular problems or issues.

Cybersecurity exercises for training, experimentation, skill & readiness assessment.

Cybersecurity management

Skillset: Cybersecurity management

Skills

Available skills:
Business continuity
Capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident.
Cost modelling
A tool used to understand the value derived from proposed activity, acquisition or investment.
Decision-making exercises
A form of training modeling and testing preparedness of an organisation' preparedness for various cyber incidents.
Impact analysis
Assessment of consequences of decision, e.g. in the context of a cyber security incident on the reputation, business processes or security posture etc.
Reporting
Strategic communications and public relations

Managerial-level cybersecurity issues are concerned by the leadership of organization. Executive cybersecurity issues are those which may interfere with the organizational goals, strategic planning development and overall decision making in the organization.

Data Protection

Skillset: Data Protection

Skills

Available skills:
Data retention of telecommunications data
Retention of traffic and location data for the purpose of preventing, investigating, detecting or prosecuting crimes and safeguarding natinal security.
Directive on privacy and electronic communications
ePrivacy Directive 2002/58/EC
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.
General Data Protection Regulation (GDPR)
General Data Protection Regulation 2016/679.
Police Directive 2016/680

Set of processes to regulate the processing of data and to prevent misuse of data.

Digital Forensics

Skillset: Digital Forensics

Skills

Available skills:
Chain of custody
A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.
Digital artefact acquisition and analysis
Forensic digital analysis is the in-depth analysis and examination of electronically stored data and artefacts, with the purpose of identifying information that may support or contest matters in an investigation or court proceeding.
Digital evidence acquisition procedures
Data acquisition in digital forensics encompasses all the procedures involved in gathering digital evidence including cloning and copying evidence from any electronic source.
Internet service investigation
Internet service investigation is the process of identifying, accessing, collecting and surveiling the use of internet-based and cloud services in the context of digital forensic investigation.

Digital forensics is the application of computer science and investigative procedures involving the acquisition and examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.

Digital Identity & Trust Services

Skillset: Digital Identity & Trust Services

Skills

Available skills:
Authentication technologies and services
Advanced authentication mechanisms like multi factor authentication, single-sign-on, or zero trust authentication support the secure use of IT-systems, networks and applications.
Biometrics and digital identity
A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity". The selection of a particular biometric for use in a specific application involves a weighting of several factors, e.g. for use in biometric authentication.
Digital identity service certification and compliance audit
A compliance audit is a series of checks performed externally to make sure that the digital identity services and certificates are meeting the regulatory standards.
electronic IDentification, Authentication and trust Services (eIDAS)
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

Electronic identification and trust services can be used by citizens, businesses and public administrations, to access online services or manage electronic transactions.

EU legal domains

Skillset: EU legal domains

Skills

Available skills:
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
Cyber Security Act
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).
Digital Services Act (DSA)
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC COM/2020/825 final. The Digital Services Act and Digital Markets Act aim to create a safer digital space where the fundamental rights of users are protected and to establish a level playing field for businesses.
Directive on Attacks against Information Systems
Electronic Communications Code (ECC)
Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast). This directive established a harmonised framework for the regulation of electronic communications networks, electronic communications services, associated facilities and associated services, and certain aspects of terminal equipment.
electronic IDentification, Authentication and trust Services (eIDAS)
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Electronic/digital evidence
Information in electronic/digital format with (potential) evidentiary value. Also electronically stored information (ESI) may be used interchangeably with the term electronic evidence. Also 'digital evidence' is used freqently.
ePrivacy
The ePrivacy Regulation aims to simplify the rules regarding cookies and streamline cookie consent in a more 'user-friendly' way.
EU AI regulation proposal
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT) AND AMENDING CERTAIN UNION LEGISLATIVE ACTS COM/2021/206 final.
EU cyber defence
Legal aspects related to activities falling within the scope of the Cyber Defence Policy Framework of the EU.
EU cybersecurity crisis management
Including, but not limited to: COMMISSION RECOMMENDATION (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises; COUNCIL IMPLEMENTING DECISION (EU) 2018/1993 of 11 December 2018 on the EU Integrated Political Crisis Response Arrangements; COMMISSION RECOMMENDATION of 23.6.2021 on building a Joint Cyber Unit.
General Data Protection Regulation (GDPR)
General Data Protection Regulation 2016/679.
Human rights in cyberspace
Here: legal protection of human rights relevant in the context of cyberspace, including the right to privacy, freedom of thought and conscience, freedom of expression, and guarantee of due process.
Legal frameworks for information sharing
Legal tools for the sharing of information between national authorities (e.g. national CSIRT/CERT) and also law enforcement authorities.
NIS Directive
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Network and Information Security Directive provides legal measures to boost the overall level of cybersecurity in the EU.
Payment Services Directive (PSD2)
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

Different EU legal domains related to cyber security.

Exploit and Malware Analysis

Skillset: Exploit and Malware Analysis

Skills

Available skills:
Exploit mitigation techniques
Memory exploit mitigation is a set of mitigation techniques at various levels, such as, computer firmware, operating system, compiler, and run-time envrionment to mitigate risk of memory corruption attempts.
Exploit reverse engineering and analysis
Malware reverse engineering is a process of studying the functions and information flow of a malicious code to understand the functionality, behavior, potential impact, and crate tools for mitigation.
Exploitation techniques
Memory exploitation is a set of techniques allowing the identification of vulnerabilities or security flaws and circumvention of memory exploitation protection safe-guards to permit an arbitrary code delivery, injection and execution.

Memory corruption exploit development is a process, which identifies and produces a code to take advantage of a software vulnerability or security flaw allowing an unsanctioned targeted or automated activity execution against a vulnerable system through the use of exploit code or malware. Malware analysis is the process of analyzing the behavior and purpose of the exploit code to aid in the detection and mitigation of the potential threat.

General IT Systems Security

Skillset: General IT Systems Security

Skills

Available skills:
Active cyber defense (ACD)
Active Cyber Defence (ACD) seeks to reduce the harm from commodity cyber attacks by providing tools and services that protect from a range of attacks.
Penetration testing and cyber red teaming
System design and administration security
Is a multi-tiered risk-management-based approach towards information system design and secure administration from the perspecives of management device trust, administrative interface protection, administrative role management, and auditing of administrative activities.

IT systems security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

IT Security Assessment

Skillset: IT Security Assessment

Skills

Available skills:
Network assessment
A network assessment is a type of audit that involves using a process or script to scan a network to uncover any risks or anomalies.
Processes and procedures
Security analysis
Security analysis is the process to find, define, and rate the threats and vulnerabilities in an IT system or network.
Security audit
A security audit is the high-level description of the many ways organizations can test and assess their overall security posture, including cybersecurity.
Security review
Regular review of security measures and controls in an IT system or network.
Vulnerability assessment
process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

The goal of a IT security assessment, is to ensure that necessary security controls are integrated into the design and implementation of an IT project. A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.

Incident Management

Skillset: Incident Management

Skills

Available skills:
Incident analysis
Incident management services
Services that are vital in helping constituents during an attack or incident. (FIRST CSIRT Services Framework 2.1.0).
Incident response coordination
Incident response on site
Incident Response Organisation
Organisational structure or setup of an CSIRT, including processes e.g IR lifecycle (detect - triage - analyze - respond).
Incident response support
SIM3

Process to handle life cycle of an incident: detect and identify; triage and analyze; resolve, including prevent reoccurrence.

Information Operations

Skillset: Information Operations

Skills

Available skills:
Information campaign
Integrated operations
Integrated operations ((IO) refers to the integration of people, disciplines, organizations, work processes and information and communication technology to make smarter decisions.).
Synthetic identities theft/fraud
Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity. The real information used in this fraud is usually stolen.

Information operations includes the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent. It may be part of hybrid warfare.

Information Security Standards

Skillset: Information Security Standards

Skills

Available skills:
Certification
Certification is the formal attestation or confirmation of certain characteristics of an object, person, or organization.
CIIP Governance
Experience of governing Critical Information Infrastructure Protection (CIIP) from public authority perspective.
CIS controls
Formerly the SANS Critical Security Controls (SANS Top 20).
COBIT 5
Framework to help organisations meet business cahllenges in regulatory compliance, risk management and aligning IT strategy with organisational goals.
Developing standards
Experience regarding drafting standards or in standardization.
Implementing standards
Experience regarding implementing standards.
Information Technology Infrastructure Library (ITIL)
Information Technology Infrastructure Library ITIL) is set of detailed practices for IT service management and IT asset management.
ISO 27000 series
Information security standards published Jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO 31000:2018
Guidelines on managing risk faced by organizations.
IT-Grundschutz
German baseline protection system.
Mandatory information security standards
Information security standards which compliance has been made mandatory by e. g. national law, international law.
NIST 800 series
Supervision over implementation of standards
Experience regarding supervision over implementation of standards.
Voluntary information security standards
Volnutary guidelines set out to establish a common language and improve security of information technology.

Published specification that establishes a common language. Goal of a information security standard is to improve the security of information technology.

International Cooperation Frameworks

Skillset: International Cooperation Frameworks

Skills

Available skills:
African Network Information Centre (AFRINIC)
The African Network Information Centre (AFRINIC) is the regional internet registry for Africa.
American Registry for Internet Numbers (ARIN)
American Registry for Internet Numbers (ARIN) is the regional Internet registry for Canada, United States and many Caribbean and North Atlantic islands.
Asia Pacific Network Information Centre (APNIC)
The Asia Pacific Network Information Centre (APNIC) is the regional Internet registry for Asia-Pacific.
Budapest Convention 24/7 POCs
24/7 Network under Art 35 of the Budapest Convention.
European Union Agency for Criminal Justice Cooperation (Eurojust)
EU agency for judicial cooperation in criminal matters.
European Union Agency for Law Enforcement Cooperation (EUROPOL)
European Union Agency for Law Enforcement Cooperation (EUROPOL) is law enforcement agency of EU; deals with serious international organised crime, including cybercrime and terrorism.
Forum of Incident Response and Security Teams (FIRST)
The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams.
Internet Corporation for Assigned Names and Numbers (ICANN)
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-based not-for-profit public-benefit corporation whose role is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and to ensure the stable and secure operation of these systems.
Latin American and Caribbean Internet Addresses Registry (LACNIC)
Latin America and Caribbean Network Information Centre (LACNIC) is the regional Internet registry for Larin America and the Caribbean.
Mutual Legal Assistance
Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the regional Internet registry for Europe, Middle East and parts of Central Asia.
The International Criminal Police Organization (INTERPOL)
International Criminal Police Organization (INTERPOL) is inter-governmental organization for law enforcement collaboration, including information sharing and investigative support.

Cross-border arrangements and agreements by states and other entities to adjust their behaviour to the actual preferences in pursuit of cybersecurity.

International Law Applicable in Cyberspace

Skillset: International Law Applicable in Cyberspace

Skills

Available skills:
Armed conflict
An armed conflict arises whenever there is fighting between States or protracted armed violence between government authorities and organized armed groups or just between organized armed groups.
Attribution
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
Cyber conflict
Cyber conflict is the use of cyber attacks, causing comparable harm to actual warfare and/or disrupting vital computer systems.
Cyber Norms
Norms of responsible state behaviour are voluntary legally non-binding agreements between states, originally agreed upon in the 2015 UN GGE report, and later adopted by the UN GA.
Cyber operations
The employment of cyber capabilities to acieve objectives in or through cyberspace (Tallinn Manual definition).
Cyber sanctions
Economic and financial measures intended to change the behavior of perpetrators who have carried out malicious cyber activities and/or intrusions.
International humanitarian law
International Humanitarian Law (IHL) is a set of rules that seek to limit the effects of armed conflict.
State positions
Tallinn Manual
An academic effort in compiling an overview of the the current status of the interpretation of international law in cyberspace.
United Nations Group of Governmental Experts (UN GGE)
United Nations Group of Governmental Experts (UN GGE) on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security is a format for a set number (15-25) of UN Member States, aimed at resulting in a consensus report.
United Nations Open-Ended Working Group (OEWG)
United Nations Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security is an open format for all UN Member States, aimed at resulting in a consensus report.

International law governing cyber operations.

International Organisations in Cyber

Skillset: International Organisations in Cyber

Skills

Available skills:
African Union (AU)
The African Union (AU) is a continental union consisting of 55 member states located on the continent of Africa.
Organization for Security and Co-operation in Europe (OSCE)
The Organization for Security and Co-operation in Europe (OSCE) is the world's largest security-oriented intergovernmental organization.
Association of Southeast Asian Nations (ASEAN)
The Association of Southeast Asian Nations (ASEAN) is a regional grouping that promotes economic, political, and security cooperation among its ten members: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.
Council of Europe (CoE)
The Council of Europe is the continent's leading human rights organisation. It includes 47 member states, 27 of which are members of the European Union.
European Union (EU)
The European Union (EU) is a political and economic union of 27 member states that are located primarily in Europe.
International Telecommunications Union (ITU)
The International Telecommunication Union is a specialized agency of the United Nations responsible for many matters related to information and communication technologies.
North Atlantic Treaty Organisation (NATO)
The North Atlantic Treaty Organization (NATO) also called the North Atlantic Alliance, is an intergovernmental military alliance between 28 European countries, 2 North American countries, and 1 Asian country.
Organization of American States (OAS)
Today, the OAS brings together all 35 independent states of the Americas and constitutes the main political, juridical, and social governmental forum in the Hemisphere.
United Nations (UN)
The United Nations (UN) is an intergovernmental organization aiming to maintain international peace and security, develop friendly relations among nations, achieve international cooperation, and be a centre for harmonizing the actions of nations.

International organisations which focus on issues related on cyber security.

Internet Governance

Skillset: Internet Governance

Skills

Available skills:
Domain Name System (DNS)
The Domain Name System (DNS) is the Internet's system for mapping alphabetic names to numeric Internet Protocol (IP) addresses like a phone book maps a person's name to a phone number.
Internet Corporation for Assigned Names and Numbers (ICANN)
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-based not-for-profit public-benefit corporation whose role is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and to ensure the stable and secure operation of these systems.
Internet Governance Forum (IGF)
The Internet Governance Forum (IGF) is a multistakeholder governance group for policy dialogue on issues of Internet governance.
Net neutrality
Network neutrality, most commonly called net neutrality, is the principle that Internet service providers (ISPs) must treat all Internet communications equally, and not discriminate or charge differently based on user, content, website, platform, application, type of equipment, source address, destination address, or method of communication.

A multistakeholder process which refers to the rules, policies, standards and practices that coordinate and shape global cyberspace.

Internet of Things

Skillset: Internet of Things

Skills

Available skills:
Embedded sensor technology
A sensor is a device that produces an output signal for the purpose of sensing of a physical phenomenon. IoT devices use embedded sensors (e.g. camera, thermometer, gyrometer, motion sensor, etc.) to collect data and transmit them to the processing unit.).
IoT data connectivity
IoT devices are regularly connected via wireless communication, e.g. Bluetooth, WiFi, mobile networks. For security reasons, these connections must be secured.
IoT enabled technologies
IoT utilizes existing and emerging technology for sensing, networking, and robotics. IoT devices are implemented in a wide range of equipment from CCTV to unmanned vehicles.
IoT security and certification
IoT security is a subsect of cybersecurity that focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — or the network of connected devices that gather, store and share data via the internet. IoT devices should be secured and tested on official regulations or industry standards.

The Internet of things (IoT) describes physical objects (or groups of such objects) that are embedded with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks.

Law enforcement

Skillset: Law enforcement

Skills

Available skills:
Cybercrime
Cyber crime refers to a set of offenses which include technology as a means to fulfil illegal intent.
Digital Forensics
A branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime.
Investigation
A careful examination or search in order to discover facts or gain information.
Investigative techniques
In cybercrime investigations must be tamperproof. This includes seamless documentation and proof of the chain of custody. Investigative techniques should follow these principles.

Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term encompasses police, courts, and corrections. Here specific to cyber related crime.

Monitoring and threat detection

Skillset: Monitoring and threat detection

Skills

Available skills:
Intrusion detection and prevention
Intrusion detection is a process of parsing and monitoring collected data from network and network nodes for suspicious activity and producing alerts or taking automated preveniton measures, when such activity is discovered.
Monitoring data and threat visualization
Visual representation of data and information in a structured and systematic manner allowing easier interpretation and analysis.
System log and event collection and analysis
System log analysis is a scientific process of collecting, parsing, reviewing, and interpreting time-sequenced event messages generated by network nodes to gain insight into system state and identify possible anomalies.
Threat hunting and adversary tracking
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network.

Security monitoring is a collection of processes and technologies, which involves collecting and analysing information produced by network nodes and their interaction to detect anomalies or suspicious behavior, triggering alerts, and taking applicable action on alerts.

Secure system architecture and software development

Skillset: Secure system architecture and software development

Skills

Available skills:
Secure development and operations (DevOps)
DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from the Agile methodology.
Secure system implementation life-cycle
The system development life cycle is the overall process of developing, implementing, and retiring information systems through a multistep process from initiation, analysis, design, implementation, and maintenance to disposal. The secure implementation of a software or system is part of the overall SDLC.
Security requirement definition and risk analysis
When devolping software, beside functional requirements, also security requirements must be defined from the beginning. This should include e.g. access control mechanisms, authentication, information flow, integrity, availability, confidentiality, etc. The requirements should base on a risk assessment.
Software development paradigms
Secure software devolpment follows various methodologies. Independent from the methodology, security should be included from the beginning of the development process.

Security architecture is defined as the architectural design that includes all the threats and potential risks which can be present in the environment or that particular scenario. A software development life cycle (SDLC) is a formal or informal methodology for designing, creating, and maintaining software (which includes code built into hardware).

Security testing

Skillset: Security testing

Skills

Available skills:
Red-teaming and adversary emulation
Adversary emulation is a form of cybersecurity assessment, which implements the behaviour of threat actor groups based on real-world threat intelligence and tactics, techniques, and procedures.
Security testing approaches
Security testing is a collection of testing methods and approaches aimed at attempting to identify all possible vulnerabilities, threats, and risks towards organization assets to prevent malicious attacks.
Security testing standards and frameworks
Security testing standards are aimed at defining a set of common approaches and best practices in a structured and methodological manner.
Software testing approaches
Software testing is the process of evaluating and verifying that a software product or application does what it is supposed to do. The benefits of testing include preventing bugs, reducing development costs and improving performance.

Security testing is a methodological process for gaining security assurance, which tests and validates the extent of effective implementation to which a system, device, software, or process resists active attempts to compromise its security.

Technology Governance

Skillset: Technology Governance

Skills

Available skills:
5G
Fifth generation technology standard for broadband cellular networks.
Artificial Intelligence (AI)
Artificial intelligence (AI) refers to systems that display intelligent behaviour by analysing their environment and taking actions – with some degree of autonomy – to achieve specific goals.
Blockchain
A blockchain is a type of distributed ledger technology (DLT) that consists of growing list of records, called blocks, that are securely linked together using cryptography. (Wikipedia).
Cloud services and providers
Cloud services refer to a wide range of services delivered on demand to customers over the internet. These services are designed to provide easy access to applications and resources, without the need for internal infrastructure or hardware. Some of the well-known cloud service providers include, such as, Amazon Web Services, Microsoft Azure, and Google Cloud.
Digital government
Provision of government services online.
Digital transformation
Societal-level policies and processes concerning adoption of digital technology.
Edge computing
Distributed computing model where the computation and data storage happens close to data source.
Internet of Things (IoT)
The Internet of Things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks.
Machine Learning (ML)
A branch of artificial intelligence; the study of computer algorithms that can adapt (improve, learn) based on interactions with the environment or new data.
Maritime cybersecurity
Cybersecurity in the maritime domain (for example, ship systems, maritime navigation and communication systems, port systems, etc.).
Quantum computing
Type of computation that harnesses the collective properties of quantum states (Wikipedia).
Research and development (R&D)
Research and development (R&D) includes activities that companies undertake to innovate and introduce new products and services.
Space cybersecurity
Cybersecurity in the space domain (ground stations, transmission systems, satellites, etc.).
Strategic risk management
Management of risks that may threaten the overall health and ability of organizations to achieve its goals.
Supply chain security
Cybersecurity throughout the supply chain, including (key) personnel, manufacturing process, software dependencies, etc.
Technological sovereignty
Capability to define and carry out autonomous policy regarding use of technologies.
Technology ethics
Study of the ethical problems associated with technology.

Technology governance can be defined as the process of exercising political, economic and administrative authority in the development, diffusion and operation of technology in societies.