Information Security (Cybersecurity)

The competence "Information Security (Cybersecurity)" is a multidisciplinary field of knowledge and skills in the field of information technology and information security. Specialists with this competence are responsible for ensuring the confidentiality, integrity and availability of data during their transmission, processing and storage at all stages of the design and operation of information systems and/or information infrastructure of the enterprise within their field of specialization.

Content of the competence

Team work

Competence Team

Competence-based work is a team effort.
The contest task is performed by the team and the score is given to the team.

Team composition

2 participants + 1 expert

Expert team

Expert Mentor

List of participants

Information Security Specialist
Information Security Specialist

Completing and evaluating a task

Team members complete a technical task:

~ 18 hours

3 = days by

Module A — 3 hours and 30 minutes.
Module B — 3 hours and 30 minutes.
Module C — 7 hours
Module D — 3 hours and 30 minutes.

The results are evaluated after each working day of the corresponding module. Modules are executed sequentially from A to D

Composition of the competition task

Module A

Issues in CTF (Defense-Only)format

Module B

IT Infrastructure Security Terms of Reference

Module C

Enterprise infrastructure that needs to be analyzed and vulnerabilities identified

Module D

Materials for incident investigation using digital forensics tools

Structure of the competition task

100%

35 Security analysis
35 Protecting your IT infrastructure
20 Operation and maintenance of the IT infrastructure
7 Organization and planning of working hours
3 Communication and teamwork skills

Materials to download

Technical documentation

Competitive task for 2024

Evaluation

Checking the level

Each specialist is tested for the level of proficiency in two groups of knowledge and skills

Knowledge and skill groups

Professional skillsspecializations of the participant

Skills in managing, developing and integrating security mechanisms into information systems
Skills in analyzing events in the IT infrastructure
Vulnerability detection skills
Computer threat forecasting skills

General professional skills that are universal for the team

Skills in developing documentation for the enterprise's IT infrastructure
Team interaction and communication
Skills in finding and collecting information.
Critical thinking and deduction skills.
Understand and fulfill the requirements for both the result and the work process

Evaluating skills

Skills are evaluated through the quality and effectiveness of work actions.

Labor action groups

Criterion A
Development of documentation
Criterion B
Performing vulnerability detection activities
Criterion C
Critical thinking and deduction skills
Criterion D
Working with computer forensics tools
Criterion E
Technical justification of the selected solutions
Criterion F
Work on upgrading the IT infrastructure

Ad platform rules

Mandatory registration on the site
Work on the site strictly according to the plan of work on the site
There should be no foreign objects on the participant's desk: flash drives, notebooks, headphones, smart watches, cases, bags, etc.
On the table of the participant is allowed: fountain pen, pencil, paper, medicines.

Rules of communication on the site

Remote and post-championship interaction

Interaction is conducted in the Telegram channel and chats:

AS2024 IS (CyberSecurity)

Rules of communication on the site

Participants can ask a question while completing the task. At this point, the Main Expert must approach the participant, as well as two expert mentors from other participants.
Each question is asked publicly – the answer is also public.
The answers cannot reveal the specifics of the task solution or directly indicate the participant's mistakes. The answer is allowed in general terms for clarity.

Site operation plan

The site's work plan is published, indicating the time and location
The plan contains all the important information for Experts and Participants
We start and finish on time, "Seven don't wait for one" is our principle

Participant's workplace

The participant's workplace is equipped in accordance with the infrastructure sheet.
A description of the workplace structure, the toolbox, and its contents is described in the volume.

Data, software, and CAD formats

Format for providing source data and results in modules where documentation is required	Software for completing competitive tasks	Other tools
Docx, pdf.	Vmware WorkStation, Kali Linux	Participants are allowed to install the actual software on the preparatory day of the championship, provided that it does not violate Russian legislation and is open source software.

*the software must ensure that the tasks set out in the competition task are completed and meet the requirements described in the technical description of the Competence

STRICTLY PROHIBITED BY THE RULES

During the competition days from C1 to C3, bring to the workplace and/or remove from the workplace any information in electronic, printed or handwritten form
Use communication tools on the site: smartphones, tablets, etc.
Perform attempts and / or data transfers from on-site and off-site workstations by any means other than those permitted by the Contest Task
During the contest task, communicate with anyone without the permission of the Chief Expert, except for the members of your team

In order to ensure information security and avoid violations of competence by participants on the site, special StaffCop software is used, information about which is communicated to participants on the C-1 day with the preparation of an appropriate protocol against signature.

Your Expert

Mokshantsev Mikhail Aleksandrovich
Chief Expert of the Information Security competence

+7 912 288 70 01
mokshantsev-ma@rosenergoatom.ru
Telegram - @bupbep