SGC Job Analysis Questionnaire - R3G08 - Intrusion Analyst
You have completed 0% of this survey
0%
100%
For the role of Intrusion Analyst in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Maintain a set of packaged scenarios with injects and data to exercise the response process (Task ID: R3-9405)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Maintain documented procedures for analyzing logs and handling log archive (Task ID: R3-9139)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Maintain technical competence using industry tools for attacks (i.e. backtrack) (Task ID: R3-9343)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Report internal and external incident stakeholders involved during and after incident response. (Task ID: R3-9408)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Report status to maagement at defined stages of response per procedure. (Task ID: R3-9403)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Understand incident response process and initiate incident according to policies and procedures. (Task ID: R3-9116)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Understand incident response, notification and log handling requirements of business (Task ID: R3-9191)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Develop attack scenarios that might be used to intrude upon systems and networks and use table top excercises to guage how personnel might respond in these situations. (Task ID: R3-9239)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze logs by correlating all suspect systems (Task ID: R3-9106)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze system configuration (for systems under attack') by correlating with the alerts generated to determine if the alert is real or if the IDS box is gone fishing. (Task ID: R3-9354)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Report what was analyzed and the list of flagged events, key findings, issues, actions taken (Task ID: R3-9134)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Review logs, network captures, and traces. (Task ID: R3-9351)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Update security tools (SEIM, IDS/IPS, Firewalls) with information pertinent to net tools or attacks. (Task ID: R3-9240)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Configure alerts to monitor for old signatures and failed updates (Task ID: R3-9565)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)