SGC Job Analysis Questionnaire - R3G01 - Intrusion Analyst
You have completed 0% of this survey
0%
100%
For the role of Intrusion Analyst in the Smartgrid Cybersecurity environment, please indicate how frequently each task below would be performed by a person at the listed level of expertise, and how important is it that this task be completed by a person with the listed level of expertise.
*
Collect all data necessary to support incident analysis and response (Task ID: R3-9638)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Map activities observed in the network to systems to help establish the baseline. (Task ID: R3-9818)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Convert collected behavioral data and flow information to a usable baseline. (Task ID: R3-9824)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Review event correlation; e.g. looking in baseline data to determine the type and frequency of the event during normal operations. (Task ID: R3-9186)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze the intrusion looking for the initial activity and all follow-on actions of the attacker (Task ID: R3-9640)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Assign an incident response manager for all incidents (Task ID: R3-9637)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Collect images of impacted system for further analysis before returning the system to a known good and operational state (Task ID: R3-9641)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Communicate incident information and updates to impacted users, administrators, and security staff and request additional information that may support analysis and response actions (Task ID: R3-9639)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Establish a repository for all incident related information that is indexed and cataloged with assigned incident numbers for easy retrevial (Task ID: R3-9642)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Test incident storage repository to make sure it functioning properly and can only be accessed by authorized personnel (Task ID: R3-9643)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Verify incident or case files are complete and manage properly by the assigned incident manager (Task ID: R3-9644)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze individual threat activity by correlating with other sources to identify trends (Task ID: R3-9137)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Analyze the security incident and identify defining attriubtes (Task ID: R3-9819)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)
*
Decide the best category for the security incident based on its attributes (Task ID: R3-9821)
Frequency
Importance
Never
Rarely
Sometimes
Often
Always
Unimportant
Low
Moderately
Very
Extremely
Novice (Apprentice)
Intermediate (Journeyman)
Expert
(Master)