SGC Job Analysis Questionnaire Part 1s - Security Operations
For the role of Security Operations in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Map activities observed in the network to systems to help establish the baseline. (Task ID: R1-9818)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Report security incident classification (category selected) to management and record in incident management system (Task ID: R1-9825)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Maintain professional credentials and networking relationships with professional organizations. (Task ID: R1-9777)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Identify impacts occurring from response actions and consider timeliness of response efforts (Task ID: R1-9688)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Communicate with business management to identify additional parties that should be included in communication and response plans (Task ID: R1-9694)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Communicate the boundary around impacted systems being contained (Task ID: R1-9668)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Report to security management and system owners when systems have been successfully contained (Task ID: R1-9672)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Maintain documented procedures for analyzing logs and handling log archive (Task ID: R1-9139)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Decide on a subjective and/or objective measure to determine the likelihood that an event is an incident. (i.e. a confidence factor.) (Task ID: R1-9204)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Document events that do not meet the criteria will be logged and no further action will be taken with the event (Task ID: R1-9656)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Document updates to incident response procedure/plan (Task ID: R1-9589)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Escalate breaches of contract by vendor to management and legal team (Task ID: R1-9814)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Develop working theories of the attack and look for correlated evidence to support or reject the working theories. (Task ID: R1-9181)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)