SGC Job Analysis Questionnaire - R1G32 - Security Operations
You have completed 0% of this survey
0%
100%
For the role of Security Operations in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Analyze market options for SIEM tools. (Task ID: R1-9141)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Develop relationships with vendor partners who specialize in this testing. (Task ID: R1-9761)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Define scope of an independent review and budget necessary resources (Task ID: R1-9758)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Collect information about the security tools employed by the organization (Task ID: R1-9647)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Review security operations staff performance in the execution of their duties (Task ID: R1-9646)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Scan systems to establish baseline (Task ID: R1-9817)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Identify training material and information sources regarding cyber attacks and techniques (Task ID: R1-9410)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Identify training opporunities that teach methodologies associated with current attack tools such as CEH training and select personnel involved in incident response to take such training. (Task ID: R1-9220)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Ensure all attack vectors have been analyzed, closed, and cleaned appropriately (Task ID: R1-9705)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze attacker Tactics, Techniques, and Procedures (TTPs) and deconstruct in order to evaluate the effectiveness of your protective measures, detection capability, and inform staff through awareness and exercises (Task ID: R1-9810)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Collect observed attacker tactics, techniques, and procedures (TTPs) from available sources to include ISACs, peer utilities, government sources (Task ID: R1-9809)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Collect the most recent (or predicted future) threats into comprehensive list to disseminate to all employees (Task ID: R1-9306)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Collect vendor KBs and DOE and DHS generated testing reports of known vulnerabilities to specific smart grid components. Supplement that information with open source reporting and internal red teaming or table top assessments. (Task ID: R1-9305)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Develop a heat map to illustrate current security posture at a high-level for executive consumption. (Task ID: R1-9820)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)