All the latest news on the Cyber EPQ

Are you an Advisor?

Posted on

Working closely with a Chief Information Security Officer (CISO), an Advisor will have a strong blend of technical ability, communication skills and cyber security experience. An advisor supports the risk identification and management process across all aspects of Information Technology for a business, government agency or educational institution. Responsibilities include assessing the current adequacy of the security strategy, business continuity /disaster recovery plans, threats to the systems, and then calculating the impact of potential adverse events. Audits and assessments must be continual, as the threat profiles change constantly.

The Advisor will keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect their systems or cover potential losses.

To continually improve the quality of the risk management, some advisors collect lessons learned information and metrics from security events and integrate the knowledge gathered into future protection strategies. This may involve reviewing logs, network traces and other evidence from computers, networks and data storage devices.

Senior Advisors use their knowledge and experience to examine systems and procedures to identify potential adverse events, including hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.

Analysis will include a clear description of the risk and its likelihood. For those considered significant, an assessment of the impact, in dollars or business disruption will be developed. From this, mitigation plans must be developed and presented to management for approval and funding.

Links with CyberEPQ Modules

What does an Advisor do?

The advisor’s role is to identify risks which might occur thus making it essential for advisors to stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks. Advisors will continuously evaluate communication security, data vulnerability, business continuity and compliance risks whilst identifying vulnerabilities or weaknesses in systems. Part of their role will also be to examine employee compliance with security controls and deficiencies as well as evaluating security policy, processes and procedures for completeness.

It is essential that advisors also ensure that controls are adequate to protect sensitive information systems and report to management on IT system vulnerability and protection against malware and hackers. This will need to be clearly documented with defined risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk.

Advisors will also provide mitigation/ damage reduction proposals with cost justification as well as assist in identifying breaches in a firm’s security or tracking the source of an unauthorized intrusion. Resulting in Advisors identifying defensive steps to take, including necessary firewalls, security software and data encryption as well as recommend all infrastructure and applications patching and remediation that may need to be done. The advisor will also communicate recommended business continuity preparations and controls, including deficiencies, to business units and recommend improvements in network security, identity management and logging.

Cameron MacLean, Cyber Risk Consultant at Deloitte

What are companies looking for?

UK Earning Potential

Upwards of £40,000 depending on geography, experience and definition *

* source: Indeed March 2020

Learn more about the Seven Personae of Cyber

Find us on social media, and start your own conversation with #cyberepq

Our partners, sponsors and supporters

Immersive Labs
Heart of Worcestershire College
University Technical Colleges
City and Guilds
The National Museum of Computing

Sign up to our mailing list for news and updates

Your data will only be used by CIISec to send you relevant news. Your data will never be shared with third parties unless you provide your consent for us to do so. Your data will be held securely and monitored under EU data protection law. You may unsubscribe at any time using the options provided in-email or by proactively contacting our administration team at [email protected]

© Chartered Institute of Information Security. Privacy Policy Refund Policy Site by Dgtl