Secure Operations is the management of an organisation’s information systems operations in accordance with the agreed Security Policy.
Secure Operations manages systems and networks to ensure they deliver the expected services to their users and other systems by following formal secure operating procedures and monitoring security controls.
Wherever users interact with systems to read or process data, the controls which authenticate them and authorise their access need to work properly. When there are updates to existing systems or new ones to install, the implementation needs to be planned carefully to minimise disruption to existing services and assure that changes will not create new vulnerabilities or disrupt services.
Secure Operations is mostly guided by agreed standards and procedures. However, if there is a confirmed incident, then Secure Operations supports incident response by closing access to some parts of the system or network, to ensure that any failure in controls is addressed. This may also involve quickly reconfiguring parts of the network to isolate it for deeper investigation by colleagues in digital forensics.
This is technical work, so there needs to be a good understanding of server-level software such as operating systems, system processes and directories. If systems are running in the cloud, there will be a good understanding of the cloud platforms in use. If there is also substantial local hardware, Secure Operations knows how to monitor its operation and manage maintenance, upgrades, and repairs. The primary responsibility is to keep the services operation reliably and securely, by understanding the relationship between systems and their roles within an organisation.
Depending on the size of the organisation and the extent to which information systems and cyber security services are run in-house, there may either be a structured secure operations team or one person solely responsible for this. In either case, this work patterns may be shifts across or long day or working at any time if there is a technical problem or a suspected security incident.
Given how much technology Secure Operations is responsible for, it is important to stay on top of changes, assessing new technologies and exploring whether they could make changes to current systems more effective, efficient, or secure.
Secure Operations involves managing an organisation’s information systems, networks and processes according to security standards and requirements, to protect against attacks and accidental security incidents.
In this specialism, you may:
With more experience, you may also:
Job Titles
For Secure Operations roles, job titles include:
For senior Secure Operations roles, job titles include:
Salaries
A Secure Operations role might earn between £36,000 and £49,000 a year.
A senior Secure Operations role might earn between £45,000 and £90,000.
These ranges are calculated from a survey of online job vacancies advertisements in March 2021. Most of these advertisements did not include salary figures, so the sample size is small and may not be representative of the salaries for such roles in all sectors or all regions.
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
Security Operations & Incident Management
The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.
Authentication, Authorisation & Accountability
All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems.
Related knowledge – you will need a solid understanding of these areas
Operating Systems and Virtualisation Security
Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multiuser systems, secure virtualisation, and security in database systems.
Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security. And, if the responsibilities include Industrial Control Systems:
Cyber-Physical Systems Security
Security challenges in cyber-physical systems, such as the Internet of Things and Industrial Control Systems, attacker models, safe-secure designs, and security of large-scale infrastructures.
Wider knowledge – these areas will help to provide context for your work
Security mechanisms relating to larger-scale coordinated distributed systems, including aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multi-tenant data centres and distributed ledgers.
Usable security, social and behavioural factors impacting security, security culture and awareness as well as the impact of security controls on user behaviours.
Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security.
The collection, analysis and reporting of digital evidence in support of incidents or criminal events.
Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
Skills
Personal attributes
Specialist skills
For senior professional:
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs).
E1 – Secure Operations Management
Principles:
E2 – Secure Operations & Service Delivery
Principles:
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Experience
A Secure Operations professional may start their career as a system operator or administrator, with a fairly narrow set of responsibilities of which maintaining the security of the system is one. This makes it a good entry point into a cyber security career.
With additional training in cyber security, previous roles in the operational management and supervision of other kinds of technological systems can also provide useful transferable skills for starting in this specialism. Such roles include:
Linked Specialisms
Moving On
From a role in Secure Operations, you might move into one of these cyber security specialisms:
Alternatively, you might progress into a more senior role in Secure Operations.
Our certification framework can be accessed here. This framework allows you to see which certifications may be useful to you, within the different specialisms and at which point of your career.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below:
Rob works for BT Group and told us more about what it's like to work in the Secure Operations specialism in this recorded webinar.