SGC Job Analysis Questionnaire - R1G32 - Security Operations

 

 

You have completed 0% of this survey
0%
100%

For the role of Security Operations in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*Analyze market options for SIEM tools. (Task ID: R1-9141)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Develop relationships with vendor partners who specialize in this testing. (Task ID: R1-9761)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Define scope of an independent review and budget necessary resources (Task ID: R1-9758)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Collect information about the security tools employed by the organization (Task ID: R1-9647)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Review security operations staff performance in the execution of their duties (Task ID: R1-9646)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Scan systems to establish baseline (Task ID: R1-9817)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Identify training material and information sources regarding cyber attacks and techniques (Task ID: R1-9410)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Identify training opporunities that teach methodologies associated with current attack tools such as CEH training and select personnel involved in incident response to take such training. (Task ID: R1-9220)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Ensure all attack vectors have been analyzed, closed, and cleaned appropriately (Task ID: R1-9705)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Analyze attacker Tactics, Techniques, and Procedures (TTPs) and deconstruct in order to evaluate the effectiveness of your protective measures, detection capability, and inform staff through awareness and exercises (Task ID: R1-9810)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Collect observed attacker tactics, techniques, and procedures (TTPs) from available sources to include ISACs, peer utilities, government sources (Task ID: R1-9809)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Collect the most recent (or predicted future) threats into comprehensive list to disseminate to all employees (Task ID: R1-9306)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Collect vendor KBs and DOE and DHS generated testing reports of known vulnerabilities to specific smart grid components. Supplement that information with open source reporting and internal red teaming or table top assessments. (Task ID: R1-9305)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)
 
*Develop a heat map to illustrate current security posture at a high-level for executive consumption. (Task ID: R1-9820)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert
(Master)