Sphere of Activity 2: Developing, installing, testing and administering cybersecurity and data protection Competences
Professional Competences

Professional Competences

Common professional competences in developing, installing, testing and ad-ministering cybersecurity and data protection in Germany, Italy, Serbia and Spain consist of:

Security architectures and technologies

  • Development of security architectures for multi-cloud environments (e.g. AWS, Azure)
  • Integration of security technologies (e.g. SIEM, IDS/IPS)
  • Mastery of securing the network infrastructure, including firewalls, intrusion detection/prevention sy tems (IDS/IPS) and virtual private networks (VPN)
  • Knowledge of security technologies and monitoring tools such as SIEM, IDS/IPS and network analysers
  • Develop detailed plans for the implementation of cyber security measures
  • Creating comprehensive security architecture designs, including network and application security

Security management and processes

  • Inform security management
  • Manage IT infrastructure integration, maintenance and security
  • Manage database integration, security and performance
  • Assess the level of IT security of the developed system
  • Continuous monitoring of security systems and management of incidents or breaches
  • Conducting regular security audits to identify vulnerabilities
  • Detailed documentation of all security processes and measures

Risk management and assessment

  • Ability to identify, assess and prioritise risks and implement appropriate mitigation strategies
  • Expert advice on appropriate cyber security solutions
  • Ability to conduct a thorough analysis of the client’s security needs
  • Ability to report on the recommendation and implementation of remediation strategies to address identified security vulnerabilities

Legal and regulatory requirements

  • Knowledge of relevant laws, regulations and standards (e.g. GDPR, ISO/IEC 27001, HIPAA) and ability to ensure organisational compliance
  • Ensure that all security measures comply with relevant laws and regulations
  • Understanding of governance frameworks and ensuring legal and regulatory requirements in relation to cybersecurity

Security incidents and response

  • Skills in detecting, responding to and recovering from security breaches and incidents
  • Knowledge of recognising and responding to attack scenarios
  • Knowledge of detecting, containing and mitigating security incidents and data breaches
  • Ability to monitor security events, analyse logs and respond to security alerts using security information and event management (SIEM) tools
  • Ability to set up real-time alerts for suspicious activities and potential security incidents

Data protection and encryption

  • Implement advanced data protection controls
  • Knowledge of handling personal data and data protection management
  • Knowledge of encryption algorithms, secure key management and the implementation of cryptographic protocols
  • Understanding of data protection principles, data encryption and privacy enhancing technologies
  • Knowledge of securing cloud environments and services, including data protection, access controls and regulatory compliance

This is a selection of professional competencies. The list does not claim to be exhaustive.