Threat Analysis and Defence

Enable and conduct analysis of malicious threats, to examine their characteristics, behaviours, capabilities, intent and interactions with the environment as well as the development of defence and mitigation strategies and techniques to effectively combat such threats

Type

Domain

Competency Area

Operations and User Support

Levels

Perform static, dynamic or behavioural analysis on malicious codes and threats

Create a safe hostile- code analysis environment

Correlate stages, actions or malicious commands in an attack

Perform static and dynamic analysis of malicious code and

executables

Utilise behavioural analysis tools to understand the nature of the threat

Debug malware with debuggers and monitoring tools to gather information on malware

Document specimen's attack capabilities, propagation characteristics and threat signatures

Draft recommendations to mitigate malware, exploit kits and attacks

Use anti-malware and threat gateways to thwart malicious attacks

Examine malicious threat and recommend techniques to block malicious code and attacks

Use a combination of dynamic analysis techniques and reverse engineering techniques to determine threat characteristics and capabilities

Identify emerging and complex threats from malicious software and codes

Conduct in-depth examination of malicious threats to understand the behaviour, capabilities, intent and interactions with the environment

Apply countermeasures to circumvent or subvert anti-analysis mechanisms

Unpack protected malicious executables

Recommend proactive steps to combat and mitigate malicious code, threats and attacks

Modify existing techniques or develop new ways to block malicious code and

attacks

Establish an enterprise threat defence and mitigation strategy

Establish alliances with broader communities to keep updated on new and emerging threats, attacks and anti- detection mechanisms

Verify threat analysis outcomes and reports

Establish the organisation threat protection and defence strategy, balancing protection, capability, cost and performance

Re-define analysis and defence strategies

Chart direction to anticipate evolution of cybersecurity threats and attacks in the operating environment

Employ new methods or tools to analyse malicious software and attacks

Re-define threat defence techniques to combat emerging or new kinds of attacks