SGC Job Analysis Questionnaire - R3G06 - Intrusion Analyst

 

 

You have completed 0% of this survey
0%
100%

For the role of Intrusion Analyst in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*Assign response team members to touch systems within the containment boundary and collect data for analysis (Task ID: R3-9670)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Communicate the boundary around impacted systems being contained (Task ID: R3-9668)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Coordinate help desk to identify user complaints that may be related to the investigated event (Task ID: R3-9187)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Coordinate with outside parties to determine if containment efforts are successful (for example, call FBI confirm the C&C channel has been closed) (Task ID: R3-9680)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Coordinate with system owners when contained systems and determine impact of proposed actions (Task ID: R3-9673)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Decide if the incident needs to be re-rated and revaluate the response plan based on containment efforts (Task ID: R3-9675)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Define the boundary around suspect systems to minimize the spread and impact of an identified security incident (Task ID: R3-9667)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Document all actions taken to contain systems (Task ID: R3-9674)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Document all external communications (Task ID: R3-9683)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Ensure contained systems are being monitor or cannot communicate to systems outside of the boundary to minimize spread of the incident (Task ID: R3-9669)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Establish boundaries or shut down infected systems (Task ID: R3-9671)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Identify appropriate parties to participate in the response to include legal, communications, and others (Task ID: R3-9679)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Maintain asset management information during containment process (Task ID: R3-9682)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Monitor performance of incident response staff (Task ID: R3-9681)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)