Explore KSACs by Pathway

Explore Knowledge, Skills, Abilities, and Credentials (KSACs) by IT Pathway.

5. Incidence Response

Label KSAC Description Bloom's Taxonomy Level Cross-Cutting
a Understand the concept of Cybersecurity Operations Center (CSOC). knowledge 2
b Understand how network security is implemented in a Cybersecurity Operations Center (CSOC). knowledge 2
c Understand log filtering and aggregation. knowledge 2
d Understand SIEM technology. knowledge 2
e Understand the role of alert signatures. knowledge 2
f Run queries on event data. ability 3
g Understand forensics and chain of custody. knowledge 2
h Apply procedures and workflow of ticketing. skill 3
i Apply Situational awareness skill 3
j Apply Incident Response procedures (e.g. Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach). skill 3
k Construct a timeline of cybersecurity incident. ability 3
l Implement a recovery procedure. skill 3
m Conduct periodic cybersecurity training exercises. skill 3
n Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard). knowledge 4
o Create, edit and use roles and system management tools. ability 3
p Implement endpoint security. skill 3
q Implement Access Control Lists (ACL). skill 3
r Deploy a server hardening plan. skill 3
s Implement a Network Access Control (NAC) plan. skill 3
t Interpret alarms and alert trends. knowledge 2
u Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box). knowledge 4



  1. Security+
  2. Network+
  3. Cloud+
  4. CEH
  5. GSEC
  6. CAP


  1. CCNA
  2. CYSA+


  1. CASP
  2. CISSP
  3. CISA
  4. CISM
  5. CRISC
  6. CCSP