SGC Job Analysis Questionnaire Part 2s - Incident Response



For the role of Incident Response in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*Maintain access control permissions to log files (Task ID: R2-9112)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Analyze security device and application configurations for technical impacts (e.g. network congestion) (Task ID: R2-9178)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Schedule implementation with impacted business owners and IT support staff (Task ID: R2-9545)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Analyze monitoring solution to determine if newer technology better accomplishes the mission (Task ID: R2-9173)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Understand the selected SEIM tool. (Task ID: R2-9150)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Develop procedure to respond to failed alerts (Task ID: R2-9568)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Convert (and parse) unknown asset log formats to compatible log format for given monitoring solution. (Task ID: R2-9618)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Develop standard communication procedure to use when writing rules (Task ID: R2-9580)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Review past incidents to determine if host security solutions and logs are providing data that can identify an event (Task ID: R2-9606)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Understand company policies and procedures for downloading and installing third-party software (Task ID: R2-9722)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Define repots on the current patch and update status of all security tools and identify any variances against vendor releases. (Task ID: R2-9750)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Schedule periodic reviews to determine when patches and updates are required (Task ID: R2-9756)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)  
*Coordinate with system owners to modify schedule based on work or operational evolutions that impact security scanning (Task ID: R2-9599)
  Frequency   Importance
  Never Rarely Sometimes Often Always   Unimportant Low Moderately Very Extremely
Novice (Apprentice)  
Intermediate (Journeyman)  
Expert (Master)