SKILL BENCHMARK

Security Analyst to Security Architect Mastery (Expert Level)

  • 24m
  • 24 questions
Explore all Skills Benchmarks
Security Analyst to Security Architect Mastery benchmark measures whether a learner has expert exposure and practice with security analyst principles. A learner who scores high on this benchmark demonstrates that they have an advanced understanding of every area of modern security practices and analytics, can lead and drive all IT security discussions, and can work independently with no oversight.

Topics covered

  • describe best practices you should outline in the event that testing is successful or unsuccessful
  • describe client (IT staff) considerations such as client contact details and potential impacts on their working environment
  • describe elements that should be included in a final report such as actions taken, problems, and findings
  • describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders
  • describe incident handling best practices such as law enforcement contact, sensitive data/privacy, and encryption
  • describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
  • describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
  • discuss the Digital Privacy Act and breach response obligations and focus areas for the compliance plan
  • discuss the General Data Protection Regulation breach guidelines and stakeholder response obligations
  • discuss the Gramm Leach Bliley Act breach guidelines and stakeholder response obligations
  • discuss the HIPAA breach guidelines and stakeholder response obligations
  • identify acceptable methods for notifying affected parties of a data security breach
  • identify common types of security data breaches and how the notification process is different for each type
  • identify stakeholders that need to be notified during a security breach incident and best practices for notifying them
  • identify the best practice for creating a data privacy breach plan and notifying stakeholders
  • identify the individuals who need to be notified during a HIPAA data breach violation
  • identify the sections of the data breach response plan and why it is important to have one
  • list key logistical considerations such as testing tools, personnel, and test schedules
  • outline best practices to follow or consider when in possession of a company's data, such as encryption and data destruction
  • provide a general overview of the Rules of Engagement, how the ROE relates to business, and the potential consequences of not having the ROE in place
  • provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
  • recognize how to determine the appropriate scope of engagement
  • recognize the consequences of failing to comply with data breach notification regulations when a data breach occurs
  • recognize the legal and communication risks when notifying stakeholders of a data security breach