Call Me Back

Page 1

Looking for more information?

Complete your details below and we'll call you back

Cyber Security Technician Level 3 Apprenticeship Standard


Cyber security is becoming an ever-increasing threat to businesses. Regardless of the industry, wherever information is held digitally, it is an asset that needs to be protected.

The broad purpose of the occupation is to provide first-line cyber security support. This requires individuals to:

  • Monitor and detect potential security threats and escalate as necessary
  • Support secure and uninterrupted business operations of an organisation through the implementation of cyber security mechanisms and the application of cyber security procedures and controls.
  • Contribute to the delivery of a security culture across an organisation, understanding vulnerabilities and threats and supporting the development of an organisation's cyber security maturity.
  • Apply procedures and controls to maintain security and control of an organisation, and process security requests ensuring confidentiality, integrity and availability of information stored digitally.

In their daily work, an employee in this occupation interacts with a wide range of stakeholders including colleagues, managers, customers and internal and external suppliers. They would typically work as a member of a team; this may be office based or virtual. The employee will interact with, and influence colleagues and will have working level contact with customers, suppliers and partners in their capacity as an individual contributor.

An employee in this occupation will be responsible for supporting a cyber security function (working under supervision). The employee will be conducting specific cyber security tasks to defined procedures and standards. Typical tasks may include patching software, installing software updates, implementing access control, configuring firewalls, security incident and event management tools (SIEM) tools and protection tools (Anti-virus, Anti­malware, Anti-spam).


Cyber Security Technician


Level 3

Typical duration

18 months



Maximum Funding Value


Delivery model

Delivery is flexible to suit the individual apprentice and their employer. The apprentice will have a minimum of one tutorial per month either in person within the workplace or remotely via an online meeting. Group sessions may be available on some programmes.

Entry requirements

  • The apprentice must achieve Level 2 English and Maths prior to completing the end point assessment (If the apprentice doesn’t already hold Level 2 English and Maths, this content will be blended into the study programme if it is required).
  • Apprentices must be employed to study for this qualification. Please see our Apprenticeship vacancies.
  • The apprentice must be at least 16 years of age.

Knowledge outcomes

  • Principles of organisational information security governance and the components of an organisation's cyber security technical infrastructure including hardware, operating systems, networks, software and cloud.
  • Cyber security policies and standards based on an Information Security Management System (ISMS).
  • Types of physical, procedural and technical controls.
  • Awareness of how current legislation relates to or impacts upon the occupation including Data Protection Act, Regulation of Investigatory Powers Act, Human Rights Act, Computer Misuse Act, Freedom of Information Act, Official Secrets Act, Payment Card Industry Data Security Standard (PCI­DSS), Wireless and Telegraphy Act, professional body codes of conduct, ethical use of information assets.
  • Cyber security awareness and components of an effective security culture, different organisational structures and cultures, the importance of maintaining privacy and confidentiality of an organisation's information and the impact of a poor security culture.
  • Principles of cyber security compliance and compliance monitoring techniques.
  • Core terminology of cyber security- confidentiality, integrity, availability (the CIA triad), assurance, authenticity, identification, authentication, authorisation, accountability, reliability, non-repudiation, access control.
  • Common security administrative operational tasks e.g. patching, software updates, access control, configuring a range of firewalls, security incident and event management tools (SIEM) and protection tools (Anti-virus, Anti-malware, Anti-spam).
  • Cryptography, certificates and use of certificate management tools.
  • Processes for detecting, reporting, assessing, responding to, dealing with and learning from information security events.
  • Principles of identity and access management - authentication, authorisation and federation - and the inter-relationship between privacy and access rights and access control, and the types of access control, access control mechanisms and application control.
  • Types of digital information assets used in a controlled environment and the need to maintain an inventory of information assets used in a controlled environment and the need for and practice of secure information asset disposal.
  • Disaster prevention and recovery methods and the need for continuity of service planning and how an organisation might implement basic disaster prevention and recovery practices using conventional and incremental secure backup and recovery techniques and tools both onsite and offsite including geographic considerations.
  • Categories of cyber security vulnerabilities and common vulnerability exposures -software misconfiguration, sensitive data exposure, injection vulnerabilities, using components with known vulnerabilities, insufficient logging and monitoring, broken access control and authentication, security misconfiguration, incorrect cross-site validation.
  • Components of a vulnerability assessment scope and techniques to evaluate the results of a vulnerability assessment and provide recommendations based upon the evidence provided by the vulnerability assessment tools. The impact that vulnerabilities might have on an organisation and common vulnerability assessment tools and their strengths and weaknesses.
  • Threat sources and threat identification and network reconnaissance techniques and the impact that threats might have on an organisation.
  • Types of information security events – brute force attack, malware activity, suspicious user behaviour, suspicious device behaviour, unauthorised system changes.
  • Computer forensic principles – the importance of ensuring that evidence is not contaminated and maintaining the continuity of evidence without compromising it.
  • Standard information security event incident, exception and management reporting requirements and how to document incident and event information as part of a chain or evidence.
  • Common information security policies - acceptable use, incident management, patching, anti­virus, BYOD, access control, social media, password, data handling and data classification, IT asset disposal.
  • Cyber security audit requirements, procedures and plans, need to obtain and document evidence in an appropriate form for an internal or external auditor to review.
  • The significance of customer issues, problems, business value, brand awareness, cultural awareness/ diversity, accessibility, internal/ external audience, level of technical knowledge and profile in a business context.
  • Evolving cyber security issues in the digital world including the application to critical national infrastructure, communications technologies, the need for information assurance and governance, control systems and internet of things devices.
  • The importance of maintaining privacy and confidentiality of an organisation’s information and the impact of a poor security culture.
  • Concepts of service desk delivery and how to respond to requests for assistance received by a service desk.
  • How to describe different methods of escalation, when to escalate to a higher level where necessary and how to communicate accurately and appropriately during an escalation.
  • Risk assessment, risk management and business impact analysis principles.
  • How the occupation fits into the wider digital landscape and any current or future regulatory requirements.
  • How to use data ethically and the implications for wider society, with respect to the use of data.
  • Roles within a multidisciplinary team and the interfaces with other areas of an organisation
  • Different learning techniques and the breadth and sources of knowledge and sources of verified information and data.

Skills Outcomes

  • Follow information security procedures.
  • Maintain information security controls.
  • Develop information security training and awareness resources.
  • Monitor the effectiveness of information security training and awareness.
  • Handle and assess the validity of security requests from a range of internal and external stakeholders.
  • Follow technical procedures to install and maintain technical security controls.
  • Monitor and report information security events.
  • Recognise when and how to escalate information security events in accordance with relevant procedures and standards.
  • Review and modify access rights to digital information systems, services, devices or data.
  • Maintain an inventory of digital information systems, services, devices and data storage
  • Scopes cyber security vulnerability assessments.
  • Evaluate the results of a cyber security vulnerability assessment.
  • Perform routine threat intelligence gathering tasks through consulting external sources.
  • Undertake digital information risk assessments.
  • Identify and categorise threats, vulnerabilities and risks in preparation for response or escalation.
  • Document cyber security event information whilst preserving evidence.
  • Draft information management reports using standard formats appropriate to the recipients.
  • Review and comment upon cyber security policies, procedures, standards and guidelines
  • Perform cyber security compliance checks.
  • Translate audit requirements and collate relevant information from log files, incident reports and other data sources.
  • Communication skills to co-operate as part of a multi-functional, multi-disciplinary team using a range of technical and non-technical language to provide an effective interface between internal or external users and suppliers.
  • Keep up-to-date with legislation and industry standards related to the implementation of cyber security in an organisation.

Behaviour outcomes

  • Manage own time to meet deadlines and manage stakeholder expectations.
  • Work independently and take responsibility for own actions within the occupation.
  • Use own initiative.
  • A structured approach to the prioritisation of tasks.
  • Treat colleagues and external stakeholders fairly and with respect without bias or discrimination.
  • Act in accordance with occupation specific laws, regulations and professional standards and not accept instruction that is incompatible with any of these.
  • Review own development needs in order to keep up to date with evolution in technologies, trends and innovation using a range of sources.

External qualifications

This apprenticeship does not feature any additional external qualifications.

End Point Assessment

Assessment is a mixture of practical demonstrations, creation of a portfolio of work, discussion and successful completion of an End Point Assessment.

For more information about this course please contact us.

Queens Court Regent Street Barnsley South Yorkshire S70 2EG
Tel: 01226 216760 | Email: |

These course details were downloaded on 20/04/2024

Enquire Now