Reference and guide to SFIA version 7. Framework status: Requirements.

#74 Incident Investigation: change request pending

Abbreviated version of SCTY407 needed in SCTY3

SCTY407 "Investigates suspected attacks and manages security incidents."

There is a requirement for an equivalent investigation task without the management aspect in the SCTY Level 3 role. This caused problems in the creation of a "Cyber Defence Analyst" role within a BCS Role Model-using organisation, based around ITOP and SCTY Level 3 roles.

I would suggest something along the lines of "Investigates suspected attacks under the direction of the security incident manager".

Attached to Information security