Cyber Security Operations | Nice Framework

Collection Operations (CLP)

Collection Operations Executes collection using appropriate strategies and within the priorities established through the collection management process.

Work Role Definition
Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership's intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.

Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)
Work Role Definition
Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of collection requirements. Evaluates performance of collection assets and collection operations.

Recommended SANS Training & GIAC Certification:
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)

Cyber Operational Planning (OPL)

Cyber Operational Planning Performs in-depth joint targeting and cybersecurity planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.

Work Role Definition:
Develops detailed intelligence plans to satisfy cyber operations requirements. Collaborates with cyber operations planners to identify, validate, and levy requirements for collection and analysis. Participates in targeting selection, validation, synchronization, and execution of cyber actions. Synchronizes intelligence activities to support organization objectives in cyberspace.

Recommended SANS Training & GIAC Certification
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC504: Hacker Tools, Techniques, and Incident Handling
  - Certification: GIAC Certified Incident Handler (GCIH)
Work Role Definition:
Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.
Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC542: Web App Penetration Testing and Ethical Hacking
  - Certification: GIAC Web Application Penetration Tester (GWAPT)
- SEC588: Cloud Penetration Testing
  - Certification: GIAC Cloud Penetration Tester (GCPN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  - Certification: GIAC Defending Advanced Threats (GDAT)
- SEC467: Social Engineering for Security Professionals
- SEC556: IoT Penetration Testing
Work Role Definition:

Works to advance cooperation across organizational or national borders between cyber operations partners. Aids the integration of partner cyber teams by providing guidance, resources, and collaboration to develop best practices and facilitate organizational support for achieving objectives in integrated cyber actions.

Recommended SANS Training & GIAC Certification
- SEC565: Red Team Operations and Adversary Emulation
- SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection
- SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  - Certification: GIAC Defending Advanced Threats (GDAT)
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)

Cyber Operations (OPS)

Cyber Operations performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.

Work Role Definition
Conducts collection, processing, and/or geolocation of systems in order to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executing on-net operations.

Recommended SANS Training & GIAC Certification
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  - Certification: GIAC Network Forensic Analyst (GNFA)
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- SEC560: Enterprise Penetration Testing
  - Certification: GIAC Penetration Tester (GPEN)
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
  - Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SEC556: IoT Penetration Testing
- SEC467: Social Engineering for Security Professionals
- SEC573: Automating Information Security with Python
  - Certification: GIAC Python Coder (GPYC)

Train and Certify

Manage Your Team

Security Awareness

Resources

Get Involved

About

Collect and Operate

Collection Operations (CLP)

Cyber Operational Planning (OPL)

Cyber Operations (OPS)