SGC Job Analysis Questionnaire - R1G03 - Security Operations
You have completed 0% of this survey
0%
100%
For the role of Security Operations in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Maintain analytical resource POC information (Task ID: R1-9773)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Maintain professional credentials and networking relationships with professional organizations. (Task ID: R1-9777)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Prioritize alerting after analysis into pre-defined buckets. (Task ID: R1-9122)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Recognize dissenting analytical opinions (Task ID: R1-9778)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Select a team of internal experts that should be consulted (Task ID: R1-9769)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Test the incident response program / plan. (Task ID: R1-9775)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Train staff on the incident response program / plan. (Task ID: R1-9774)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Update the incident response program / plan based on feedback from testing. (Task ID: R1-9776)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Identify source of all infections or successful attacks (Task ID: R1-9706)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Monitor all systems that were suspect or confirmed during an intrusion/incident (Task ID: R1-9701)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Report eradication status and success to include confidence to management (Task ID: R1-9704)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Review running processes to determine if clean up efforts removed suspect software/code (Task ID: R1-9703)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Train users if they were an unwitting party in a successful attack (Task ID: R1-9707)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze response actions and performance of response team members against the plan (Task ID: R1-9686)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)