The global skills and competency framework for the digital world

#1330 PENT - Penetration testing - add level 2 and 3 skill level description change request accepted

From review of SFIA in the context of information and cyber security and the US government NIST cybersecurity framework.

wording to cover ....

Level 3 - Undertakes moderate-complexity vulnerability assessments using more sophisticated techniques and tools.
Level 2 - Undertakes low-complexity routine vulnerability assessments using automated and semi-automated tools.

Proposed change applies to Penetration testing

Current status of this request: accepted

What we decided

Include in review of information and cyber security skills for SFIA 8

Carol Long
Mar 08, 2021 01:10 PM

New PENT 2 and PENT 3 must be sufficiently different from CORE 3, TEST 3, TEST 2, and TEST 1. Especially if these levels may be paraphrased as "undertake predefined tests, collect evidence, and review and report results"