Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /var/www/html/includes/init.inc.php on line 48
SFIA Mapping Form Generator

Category: Strategy and architecture

Subcategory: Security and privacy


Vulnerability research - VURE

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.

Levels:

Level 2:
Description: Assists with vulnerability research tasks under routine supervision. Helps document and report findings from vulnerability research activities.


Level 3:
Description: Applies standard techniques and tools for vulnerability research. Uses available resources to update knowledge of relevant specialism. Participates in research communities. Analyses and reports on activities and results.


Level 4:
Description: Designs and executes complex vulnerability research activities. Specifies requirements for environment, data, resources and tools to perform assessments. Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions. Advises on deception methods by exploiting identified patterns. Makes an active contribution to research communities.


Level 5:
Description: Plans and manages vulnerability research activities. Maintains a strong external network for vulnerability research. Gathers information on new and emerging threats and vulnerabilities. Assesses and documents the impacts and threats to the organisation. Creates reports and shares knowledge and insights with stakeholders. Provides expert advice and guidance to support the adoption of tools and techniques for vulnerability research. Contributes to the development of organisational policies, standards and guidelines for vulnerability research and assessment.


Level 6:
Description: Plans and leads the organisation's approach to vulnerability research. Identifies new and emerging threats and vulnerabilities. Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering and set the scope of research work. Engages with and influences relevant stakeholders to communicate results of research and the required response. Develops organisational policies and guidelines for monitoring emerging threats and vulnerabilities.