SGC Job Analysis Questionnaire Part 1s - Intrusion Analyst
For the role of Intrusion Analyst in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Map activities observed in the network to systems to help establish the baseline. (Task ID: R3-9818)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Report security incident classification (category selected) to management and record in incident management system (Task ID: R3-9825)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Maintain professional credentials and networking relationships with professional organizations. (Task ID: R3-9777)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Identify impacts occurring from response actions and consider timeliness of response efforts (Task ID: R3-9688)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Communicate with business management to identify additional parties that should be included in communication and response plans (Task ID: R3-9694)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Communicate the boundary around impacted systems being contained (Task ID: R3-9668)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Report to security management and system owners when systems have been successfully contained (Task ID: R3-9672)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Maintain documented procedures for analyzing logs and handling log archive (Task ID: R3-9139)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Decide on a subjective and/or objective measure to determine the likelihood that an event is an incident. (i.e. a confidence factor.) (Task ID: R3-9204)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Document events that do not meet the criteria will be logged and no further action will be taken with the event (Task ID: R3-9656)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Document updates to incident response procedure/plan (Task ID: R3-9589)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Escalate breaches of contract by vendor to management and legal team (Task ID: R3-9814)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)
*
Develop working theories of the attack and look for correlated evidence to support or reject the working theories. (Task ID: R3-9181)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert (Master)