SGC Job Analysis Questionnaire Part 2s - Incident Response
For the role of Incident Response in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Maintain access control permissions to log files (Task ID: R2-9112)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Analyze security device and application configurations for technical impacts (e.g. network congestion) (Task ID: R2-9178)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Schedule implementation with impacted business owners and IT support staff (Task ID: R2-9545)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Analyze monitoring solution to determine if newer technology better accomplishes the mission (Task ID: R2-9173)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Understand the selected SEIM tool. (Task ID: R2-9150)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Develop procedure to respond to failed alerts (Task ID: R2-9568)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Convert (and parse) unknown asset log formats to compatible log format for given monitoring solution. (Task ID: R2-9618)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Develop standard communication procedure to use when writing rules (Task ID: R2-9580)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Review past incidents to determine if host security solutions and logs are providing data that can identify an event (Task ID: R2-9606)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Understand company policies and procedures for downloading and installing third-party software (Task ID: R2-9722)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Define repots on the current patch and update status of all security tools and identify any variances against vendor releases. (Task ID: R2-9750)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Schedule periodic reviews to determine when patches and updates are required (Task ID: R2-9756)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Coordinate with system owners to modify schedule based on work or operational evolutions that impact security scanning (Task ID: R2-9599)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)