ICT security administrator

ICT security administrators plan and carry out security measures to protect information and data from unauthorised access, deliberate attack, theft and corruption.

The following job titles also refer to ICT security administrator:

system security administrator
network security administrator
ICT security administrators
IT security administrator

Bachelor’s degree is generally required to work as ICT security administrator. However, this requirement may differ in some countries.

ISCO skill level is defined as a function of the complexity and range of tasks and duties to be performed in an occupation. It is measured on a scale from 1 to 4, with 1 the lowest level and 4 the highest, by considering:

• the nature of the work performed in an occupation in relation to the characteristic tasks and duties
• the level of formal education required for competent performance of the tasks and duties involved and
• the amount of informal on-the-job training and/or previous experience in a related occupation required for competent performance of these tasks and duties.

ICT security administrator is a Skill level 4 occupation.

These occupations, although different, require a lot of knowledge and skills similar to ICT security administrator.

ethical hacker
ICT security manager
ICT security consultant
ICT resilience manager
ICT disaster recovery analyst

These occupations require some skills and knowledge of ICT security administrator. They also require other skills and knowledge, but at a higher ISCO skill level, meaning these occupations are accessible from a position of ICT security administrator with a significant experience and/or extensive training.

This knowledge should be acquired through learning to fulfill the role of ICT security administrator.

Ict network security risks: The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.
System backup best practice: The procedures related to preparing for recovery or continuation of technology infrastructure vital to an organisation.
Internet governance: The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.
Cyber attack counter-measures: The strategies, techniques and tools that can be used to detect and avert malicious attacks against organisations’ information systems, infrastructures or networks.
Organisational resilience: The strategies, methods and techniques that increase the organisation’s capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.
Database development tools: The methodologies and tools used for creating logical and physical structure of databases, such as logical data structures, diagrams, modelling methodologies and entity-relationships.
Quality assurance methodologies: Quality assurance principles, standard requirements, and the set of processes and activities used for measuring, controlling and ensuring the quality of products and processes.
Mobile device management: The methods for managing the use of mobile devices within an organisation, while ensuring security.
Internet of things: The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).

These skills are necessary for the role of ICT security administrator.

Manage it security compliances: Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
Apply company policies: Apply the principles and rules that govern the activities and processes of an organisation.
Perform ict troubleshooting: Identify problems with servers, desktops, printers, networks, and remote access, and perform actions which solve the problems.
Attend to ict systems quality: Ensure correct operations which comply fully with specific needs and outcomes in terms of the development, integration, security and overall management of ICT systems.
Interpret technical texts: Read and understand technical texts that provide information on how to perform a task, usually explained in steps.
Solve ict system problems: Identify potential component malfunctions. Monitor, document and communicate about incidents. Deploy appropriate resources with minimal outage and deploy appropriate diagnostic tools.
Maintain ict identity management: Administer identification, authentication and authorisation of individuals within a system and control their access to resources by associating user rights and restrictions with the established identity.
Ensure proper document management: Guarantee that the tracking and recording standards and rules for document management are followed, such as ensuring that changes are identified, that documents remain readable and that obsoleted documents are not used.
Identify ict system weaknesses: Analyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks.
Maintain database security: Master a wide variety of information security controls in order to pursue maximal database protection.

This knowledge is sometimes, but not always, required for the role of ICT security administrator. However, mastering this knowledge allows you to have more opportunities for career development.

Computer forensics: The process of examining and recovering digital data from sources for legal evidence and crime investigation.
Information security strategy: The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
Ict security standards: The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.
Ict security legislation: The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.
Cyber security: The methods that protect ICT systems, networks, computers, devices, services, digital information and people against illegal or unauthorised use.
Web application security threats: The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP (Open Web Application Security Project).

Information confidentiality: The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.
Ict infrastructure: The system, network, hardware and software applications and components, as well as devices and processes that are used in order to develop, test, deliver, monitor, control or support ICT services.
Ict encryption: The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).

These skills and competences are sometimes, but not always, required for the role of ICT security administrator. However, mastering these skills and competences allows you to have more opportunities for career development.

Assess ict knowledge: Evaluate the implicit mastery of skilled experts in an ICT system to make it explicit for further analysis and usage.
Manage database: Apply database design schemes and models, define data dependencies, use query languages and database management systems (DBMS) to develop and manage databases.
Use scripting programming: Utilise specialised ICT tools to create computer code that is interpreted by the corresponding run-time environments in order to extend applications and automate common computer operations. Use programming languages which support this method such as Unix Shell scripts, JavaScript, Python and Ruby.
Execute ict audits: Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.
Execute software tests: Perform tests to ensure that a software product will perform flawlessly under the specified customer requirements, using specialised software tools. Apply software testing techniques and tools in order to identify software defects (bugs) and malfunctions.
Manage ict virtualisation machines: Oversee tools, such as VMware, kvm and Xen, used to enable a virtual machine environment which runs on top of other software environments.
Address problems critically: Identify the strengths and weaknesses of various abstract, rational concepts, such as issues, opinions, and approaches related to a specific problematic situation in order to formulate solutions and alternative methods of tackling the situation.
Perform backups: Implement backup procedures to backup data and systems to ensure permanent and reliable system operation. Execute data backups in order to secure information by copying and archiving to ensure integrity during system integration and after data loss occurrence.
Build business relationships: Establish a positive, long-term relationship between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.
Lead disaster recovery exercises: Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.
Train employees: Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.

2529 – Database and network professionals not elsewhere classified

 

 

---

 

 

References

1. ICT security administrator – ESCO