Model Curriculum. Analyst Security Operations Centre SECTOR: IT-ITeS SUB-SECTOR: IT Services OCCUPATION: Information/Cyber Security SSC/Q0909 REF ID:

Similar documents
Model Curriculum. Analyst Application Security SECTOR: IT-ITeS SUB-SECTOR: IT Services OCCUPATION: Information/Cyber Security SSC/Q0903 REF ID:

Model Curriculum. Consultant Network Security SECTOR: IT-ITeS SUB-SECTOR: IT Services OCCUPATION: Information/Cyber Security SSC/Q0917 REF ID:

Model Curriculum Aerospace Software Testing Engineer

Model Curriculum. Field Technician (Computing and Peripherals) SECTOR: SUB-SECTOR: OCCUPATION: REF. ID: NSQF LEVEL:

Model Curriculum. Handset Repair Engineer (Level II) TELECOM HANDSET CUSTOMER SERVICE TEL/Q2201, V1.0 4

Model Curriculum. Telecom Terminal Equipment Application Developer (Android)

Model Curriculum GRTP SECTOR: TELECOM SUB-SECTOR: NETWORK MANAGED SERVICES OCCUPATION: OPERATION & MAINTENANCE REF ID: TEL/Q6207 NSQF LEVEL: 4

Model Curriculum. Telecom Embedded Hardware Developer SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

Model Curriculum. Community Service Provider SECTOR: SUB-SECTOR: OCCUPATION:

Model Curriculum. Telecom -In-Store Promoter TELECOM HANDSET SALES TEL/Q2101, V1.0 4 SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

Model Curriculum. Broadband Technician SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

Model Curriculum. Equity Dealer. Equity Dealer SECTOR: SUB-SECTOR: OCCUPATION: REFERENCE ID: NSQF LEVEL:

Model Curriculum. Installation Technician-Computing and. Peripherals SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

Model Curriculum. Telecom Terminal Equipment Application Developer (Native) SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Position Description IT Auditor

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Model Curriculum. 1. Animator SECTOR: SUB-SECTOR: OCCUPATION: REF ID: NSQF LEVEL:

QUALIFICATIONS PACK - OCCUPATIONAL STANDARDS FOR TELECOM INDUSTRY. SUB-SECTOR: Handset (Terminal Applications)

The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

Furniture and Fittings Skill Council (FFSC) Summative Assessment Framework

NEN The Education Network

CCISO Blueprint v1. EC-Council

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

Pearson BTEC Level 4 Diploma in Information Security Professional Competence

Model Curriculum. Field Technician Computing and Peripherals

CompTIA Cybersecurity Analyst+

CCNA Cybersecurity Operations. Program Overview

Information Security Controls Policy

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BIIAB Level 2 Certificate in Libraries, Archives and Information Services (QCF)

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Qualification Specification

External Supplier Control Obligations. Cyber Security

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

Unit 3 Cyber security

Apprenticeships CYBER SECURITY HIGHER APPRENTICESHIP FROM IT TECHNICIAN TO SKILLED INFORMATION SECURITY PROFESSIONAL

New Zealand Certificate in Contact Centres (Level 3)

Security Incident Management in Microsoft Dynamics 365

Work-ready skills in Business, Administration and IT

i. ClearQuest ii. JIRA Query Language

ROLE DESCRIPTION IT SPECIALIST

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Instrumentation, Control and Automation

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

POSITION DESCRIPTION

BUILDING AND MAINTAINING SOC

Threat and Vulnerability Assessment Tool

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Qualification Specification. IT User Skills (ITQ) Entry 3 Level 1 Level 2

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

POSITION DESCRIPTION

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Apprenticeships CYBER SECURITY ADVANCED TO TECHNICAL MODERN APPRENTICESHIP FROM NQ-LEVEL TO SKILLED SECURITY ENGINEER

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

BIIAB ICT Systems and Principles for IT Practitioners and Professionals Qualifications Handbook

BCS Specialist Certificate in Change Management Syllabus

CND Exam Blueprint v2.0

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Qualification Manual. Level 3 Diploma in NGINEERING. Fabrication and Welding. Engineering Technology. Qualification Code: 501/1131/0. Issue 2.

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)

Model Curriculum. CCTV Installation Technician

Bachelor of Information Technology (Network Security)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Position Title: IT Security Specialist

Vocational Qualifications (QCF, NVQ, NQF) ICT Professional Competence. OCR Report to Centres

Progression from this unit could be to J0HB 34 Penetration Testing to test the effectiveness of the firewall and its configuration.

ICT30310 Certificate III in Telecommunications Cabling Qualification Notes

April Appendix 3. IA System Security. Sida 1 (8)

Advanced Manufacturing. and Engineering. Machining (Development Knowledge) Level 3 Diploma in. Qualification Specification

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

VOCATIONAL QUALIFICATIONS ENTRY CODES 2017/18. ocr.org.uk

ITC Level 3 Award in Teaching and Assessing First Aid Qualifications G50.T. Qualification Specification Guidance for Centres

External Assessment Specifications Document Curriculum. NQF Qualification Title Code

ICT30110 Certificate III in Broadband and Wireless Networks Technology

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Cybersecurity Auditing in an Unsecure World

Work-ready skills in Business, Administration and IT

Frequently Asked Questions (FAQs) for Trainer

Cambridge TECHNICALS LEVEL 3

ICT30610 Certificate III in Broadband and Wireless Networks Qualification Notes

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Security Information & Event Management (SIEM)

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

To use centralised systems for remote control of computers and deployment of software, system images and security updates.

A practical guide to IT security

Continuous protection to reduce risk and maintain production availability

How AlienVault ICS SIEM Supports Compliance with CFATS

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Qualification Manual. EAL Level 2 Certificate in Metals Industries Processes QUALIFICATION CODE: 500/7998/0 ISSUE: 2. Page 1 of 14

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Model Curriculum. Assistant Technician: Street Light Installation & Maintenance SECTOR: SUB-SECTOR: OCCUPATION: POWER DISTRIBUTION

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Systems and Principles Unit Syllabus

Transcription:

Model Curriculum Analyst Security Operations Centre SECTOR: SUB-SECTOR: IT-ITeS IT Services OCCUPATION: REF ID: NSQF LEVEL: Information/Cyber Security SSC/Q0909 7

TABLE OF CONTENTS 1. Curriculum... 01 2. Trainer Prerequisites. 07 3. Annexure: Assessment Criteria 08

Analyst Security Operations Centre CURRICULUM / SYLLABUS This program is aimed at training candidates for the job of a Analyst Security Operations Centre, in the IT-Services Sector/Industry and aims at building the following key competencies amongst the learner Program Name Qualification Pack Name & Reference ID. ID Analyst Security Operations Centre Analyst Security Operations Centre SSC/Q0909 Version No. 1.0 Version Update Date Pre-requisites to Training Diploma in Engineering or any graduate course Certification in Information systems or related fields, Basic soft skills training 0-2 years of work experience/internship in security Minimum Job Entry Age 21 years Training Outcomes After completing this programme, participants will be able to: 1. SSC/N0906 (Monitor and log events and alarms of possible security threats) 2. SSC/N0907 (Investigate and respond to events and alarms that could be security threats) 3. SSC/N9001 (Manage your work to meet requirements) 4. SSC/N9002 (Work effectively with colleagues) 5. SSC/N9003 (Maintain a healthy, safe and secure working environment) 6. SSC/N9004 (Provide data/information in standard formats) 7. SSC/N9005 (Develop your knowledge, skills and competence) Analyst Security Operations Centre 1

This course encompasses 3 out of 3 National Occupational Standards (NOS) of Analyst Security Operations Centre Qualification Pack issued by IT-ITeS SSC. Sr. No. 1 IT-ITES/BPM Industry An Introduction Module Key Learning Outcomes Equipment Required 02:00 01:00 The introduction is not based on any NOS, however is important in order to understand the context of the course and the role. 2 IT Services An Introduction 02:00 01:00 The introduction is not based on any NOS, however is important in order to understand the context of the course and the role. 3 Information/Cyber Security An Introduction Explain relevance of the IT-ITES industry State the various sub-sectors in the IT-ITES sector Explain the relevance of IT services sector A General Overview of the IT BPM Industry The organisations within IT BPM Industry The sub sectors within the IT BPM Industry State the various occupations and tracks in the IT-ITES sector General Overview of the IT Services Sub Sector Profile of the IT Services Sub Sector Key Trends in the IT Services Sub Sector Roles in the IT Services Sub Sector Explain the relevance of cyber security in the society Qualification Pack - Analyst Security Operations Centre List the range of skills and behavior, expected from Analyst Lab equipped with the following: PCs/Laptops Internet with WiFi (Min 2 Mbps Dedicated) Networking Equipment Routers & Switches Chart paper and sketch pens Lab equipped with the following: PCs/Laptops Internet with WiFi (Min 2 Mbps Dedicated) Lab equipped with the following: PCs/Laptops Internet with WiFi (Min 2 Mbps Dedicated) Analyst Security Operations Centre 2

Sr. No. Module Key Learning Outcomes Equipment Required 02:00 01:00 The introduction is not based on any NOS, however is important in order to understand the context of the course and the role. 4 Fundamental Concepts 35:00 30:00 SSC/N0906 5 Monitoring and Data collection 30:00 Security Operations Centre List the responsibilities of an Analyst Security Operations Centre State the growth opportunities for an Analyst Security Operations Centre General Overview of Information/cyber security and its Roles Career Map for Information/cyber security Computer fundamentals including but not limited to hard drives, networking, and encryption Internet ports, protocols and services and their usefulness System architecture and design Basic cyber security concepts Common cyber security solutions Types of electronic evidence, devices containing electronic evidence and external connections to such devices Possible electronic evidence sources relevant networking concepts, devices and terminologies Intrusion Detection Systems Vs Intrusion Prevention Systems use specified monitoring and data collection methods and tools monitor traffic and logs originating using Security Information and Event Whiteboard and markers LCD projector and laptop for Lab equipped with the following: PCs/ laptops o Internet with Wi Fi (min 2 Mbps dedicated) LCD projector and laptop for Chart paper and sketch pens Whiteboard and markers LCD projector and laptop for presentation Lab with: o key devices, software and hardware in a large network o application of multiple networking topology; use of various network protocols; bandwidth management tools; application of host network access controls; hubs; switches; routers; bridges; servers; transmission media IDS/IPS; application of SSL, VPN, 2FA, encryption, etc. provision for software development work in the lab including software and tools Lab with access to organisations for company visits and provision for online research. Analyst Security Operations Centre 3

Sr. No. Module Key Learning Outcomes Equipment Required 20:00 SSC/N0906 6 Basic Analysis 25:00 15:00 SSC/N0906 7 Responding to Alerts and Events Management (SIEM) tool collect logs from all types of ICT systems devices and applications as required by organisation monitor multiple security technologies, such as monitor external data sources perform telemetry monitoring to identify security platform issues Determine security issues which may have an impact on the enterprise Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources Identify trends and patterns as per standard guidelines for the same coordinate with enterprise-wide computer network defense (CND) staff to validate network alerts Perform analysis of logs for identifying risks Categorise the priority of identified risks by determining potential impact as per organizational processes and policies Describe operational processes such as data analysis and correlation, etc. Explain event and Log analysis and packet analysis record and categorize the service request as per organizational processes and policies prioritize the service request according to organizational Samples of the tools/templates and checklists used for data collection. Lab with Standard Equipment plus access to SIEM tool and other software for log management, event and log analysis. Lab with access to internet for online research Application security Monitoring SOPs of a few organisations Access to spreadsheet software for all students. Provision for online research for all learners Lab with access to SIEM tool and other software s for log management, event and log analysis, packet analysis Lab with 1 event correlation tool Analyst Security Operations Centre 4

Sr. No. Module Key Learning Outcomes Equipment Required 25:00 20:00 SSC/N0906 8 Introduction to Investigation procedures and policies raise incidents in ticketing tools if something is found suspicious during the analysis assign the ticket to the relevant persons as per the type of risk following organisational procedures and policies obtain help or advice from specialist if the problem is outside his/her area of competence or experience follow-up with the relevant personnel for actioning of the tickets within agreed timelines use escalation matrix for unresolved tickets within agreed turnaround times report the results of the monitoring, ticket raising and ticket closure activities using standard documentation following organisational procedures comply with relevant legislation, standards, policies and procedures describe operational processes such as report generation state typical response times and service times for problems maintain a knowledge-base of the known problems explain the importance of documenting, classifying, prioritizing service requests received over voice calls, email, incident management tools and incident reports receive and analyse alarms and alerts from various sources within Sample with charts/diagrams on different organisation s different types of Escalation matrix. Lab with internet for online research. Cases for report writing w.r.t recording of requirement, gathering of information and examples of previous reporting documents. Analyst Security Operations Centre 5

Sr. No. Module Key Learning Outcomes Equipment Required 30:00 20:00 SSC/N0907 9 Analysis Tools 35:00 25:00 the enterprise and determine possible causes of such alerts Interpret and incorporate data from multiple tool sources Verify the scope of detected incidents with relevant persons Distinguish these incidents and events from benign activities Perform computer network defense (CND) incident triage, to include determining scope, urgency, and potential impact; Correlate data by researching logs, analysing graphs and packet inspection Perform deep packet analysis to identify DDoS/DoS attack vectors and security threats and mitigation strategy Identify information assets and system components that may be impacted by detected incidents Analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information Perform analysis of log files from a variety of sources to identify possible threats to network Perform health check of the security solution validate Intrusion Prevention System (IPS) alerts against network traffic using packet analysis tools correlate and analyse events using Security Information and Event Management (SIEM) tool to detect IT security incidents. track and document incidents Lab with access to at least one popular open source and one popular paid vulnerability assessment tool along with their tutorials or user manuals in the lab. Such that the learners can download, install and practice on the same. Provide to database and samples of the tools/templates and checklists used for application vulnerability assessment and penetration testing. Lab with 1 event correlation tool Application of firewall, IDPS tool, web security gateways, email security and content management on the Analyst Security Operations Centre 6

Sr. No. Module Key Learning Outcomes Equipment Required SSC/N0907 10 Incident Management 25:00 20:00 from initial detection through final resolution using SIEM tool integrate the assets with the SIEM solution for log analysis configure application securely across the environments for minimum exposure and weaknesses Configuration Management Secure configuration of applications network. Access to SIEM tool and other software for log management, event and log analysis, packet Lab with Application of firewall, IDPS tool, web security gateways, email security and content management on the network. SSC/N0907 11 Data Backup 25:00 20:00 Carry out backups of security devices and applications in line with information security policies, procedures and guidelines, where required Explain different types of backups for security devices and applications and how to carry out backups Provide to database and samples of the tools/templates and checklists used for application back up process. SSC/N0907 31 Manage your work to meet requirements 50:00 Understanding scope of work and working within limits of authority Work and work environment Maintaining Confidentiality Training organization s confidentiality policy 00:00 Analyst Security Operations Centre 7

Sr. No. Module Key Learning Outcomes Equipment Required SSC/N9001 32 Work effectively with colleagues Effective Communication Working Effectively 40:00 Provision to write emails and send in the lab Lab with provision for 10:00 internet, email, word processor and presentation software SSC/N9002 Chart paper, markers, picture magazines and old newspapers 33 Maintain a healthy, safe and secure working environment Need for Health and Safety at Work Analyst s Role Emergency Situations The training organization s 18:00 Skills for Maintaining Health and Safety at Work current health, safety and security policies and procedures 07:00 Provision for online research in the Lab A sample health and safety policy document SSC/N9003 Emergency broadcast system and mock emergency signage in the appropriate areas of the training institute 34 Provide data/information in standard formats 38:00 Information and Knowledge Management How to manage data/ information effectively Skills required to manage data and information effectively LCD Projector and Laptop for Provision for online research in the lab 12:00 Analyst Security Operations Centre 8

Sr. No. Module Key Learning Outcomes Equipment Required SSC/N9004 35 Develop knowledge, skills and competence 21:00 04:00 Importance of self-development Knowledge and Skills required for the job Avenues for Self-Development Planning for Self-Development Soft copy of QP NOS Provision for online access to all students in the lab Questionnaire and key for Honey and Mumford learning styles SSC/N9005 Grand Total Course Duration: 600 Hours, 0 Minutes (This syllabus/ curriculum has been approved by IT- ITeS Sector Skills Council) Analyst Security Operations Centre 9

Trainer Prerequisites for Job role: Analyst Security Operations Centre mapped to Qualification Pack: SSC/Q0909 v1.0 Sr. Area No. 1 Description 2 Personal Attributes 3 Minimum Educational Qualifications 4a Domain Certification 4b Platform Certification 5 Experience Details Analyst Security Operations Centre 10

Annexure: Assessment Criteria Assessment Criteria Job Role Analyst Security Operations Centre Qualification Pack SSC/Q909, v1.0 Sector Skill Council IT-ITeS Guidelines for Assessment: 1. Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS. 2. The assessment will be conducted online through assessment providers authorised by SSC. 3. Format of questions will include a variety of styles suitable to the PC being tested such as multiple choice questions, fill in the blanks, situational judgment test, simulation and programming test. 4. To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%. 5. For latest details on the assessment criteria, please visit www.sscnasscom.com. 6. In case of successfully passing only certain number of NOS's, the trainee is eligible to take subsequent assessment on the balance NOS's to pass the Qualification Pack. Mark Allocation Assessment Outcomes Assessment Criteria for Outcomes Total Marks Out of Theory Skills Practical 1. SSC/N0906 (Monitor and log events and alarms of possible security threats) PC1. verify the scope of information assets and system components to be monitored with authorised persons PC2. use specified monitoring and data collection methods and tools following organisational procedures and policies PC3. monitor organization s traffic and logs originating from ICT systems using various security technologies to detect security threats and health of the ICT systems PC4. monitor external data sources (e.g., computer network defense [CND] vendor sites, Computer Emergency Response Teams, SANS, Security Focus) PC5. determine security issues which may have an impact on the enterprise PC6. perform telemetry monitoring to identify security platform issues PC7. identify and gather information to enable the security of identified devices to be assessed PC8. collect logs from all types of ICT systems devices and applications as required by organisation 100 5 2 3 5 2 3 5 2 3 6 2 4 Analyst Security Operations Centre 11

PC9. collect data w.r.t to various types of security alerts /alarms through SIEM PC10. characterize and analyze network traffic to identify anomalous activity and potential threats to network resources 6 2 4 PC11. identify trends and patterns using SIEM tool PC12. coordinate with enterprise wide computer network defense (CND) staff to validate network alerts PC13. perform event correlation using information gathered to gain situational awareness and determine the threat potential PC14. perform analysis of logs for identifying risks PC15. categorise the priority of identified risks by determining potential impact as per organizational processes and policies PC16. record and categorize the service request accurately as per organizational processes and policies PC17. raise incidents in ticketing tools if something is found suspicious during the analysis PC18. assign the ticket to the relevant persons as per the type of risk following organisational procedures and policies PC19. prioritize the service request according to organizational procedures and policies PC20. obtain help or advice from specialist if the problem is outside his/her area of competence or experience PC21. report the results of the monitoring, ticket raising and ticket closure activities using standard documentation following organisational procedures PC22. participate in 24/7 security operations center shift schedule PC23. receive shift handover alongwith relevant information, authorities and instructions PC24. comply with relevant legislation, standards, policies and procedures PC25. maintain a knowledge base of the known problems Analyst Security Operations Centre 12

2. SSC/N0907 (Investigate and respond to events and alarms that could be security threats) PC26. use escalation matrix for unresolved tickets within agreed turn around times PC1. receive and analyse alarms and alerts from various sources within the enterprise and determine possible causes of such alerts PC2. interpret and incorporate data from multiple tool sources PC3. validate Intrusion Detection System (IDS)/ IPS alerts against network traffic using packet analysis tools PC4. perform deep packet analysis to identify DDoS/DoS attack vectors and security threats and mitigation strategy PC5. verify the scope of detected incidents with relevant persons PC6. distinguish these incidents and events from benign activities PC7. identify the information assets and system components that may be impacted by detected incidents PC8. analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information PC9. perform analysis of log files from a variety of sources to identify possible threats to network security PC10. perform computer network defense (CND) incident triage, to include determining scope, urgency, and potential impact; PC11. correlate data by researching logs, analysing graphs and packet inspection to provide detailed reports PC12. correlate and analyse events using Security Information and Event Management (SIEM) tool to detect IT security incidents PC13. obtain and preserve evidence relating to detected incidents PC14. examine how access to the affected information assets and system components was obtained Total 100 31 69 5 2 3 6 2 4 100 6 2 4 5 1 4 5 1 4 6 2 4 6 2 4 4 2 2 Analyst Security Operations Centre 13

4. SSC/N9001 (Manage your work to meet requirements) 5. SSC/N9002 (Work effectively with colleagues) PC15. identify and categorize types of vulnerabilities and associated attacks PC16. determine appropriate course of action in response to identified and analysed anomalous activity PC17. make recommendations for specific actions to be taken to respond to incidents PC18. perform health check of the security solution PC19. use external information sources for incident investigation PC20. report any incidents which cannot be resolved or mitigated to the relevant persons following organisational procedures PC21. follow organisational procedures for the closure of incidents PC22. report on incident management activities using standard documentation following organisational procedures PC23. track and document incidents from initial detection through final resolution using SIEM tool PC24. integrate the assets with the SIEM solution for log analysis PC1. establish and agree your work requirements with appropriate people PC2. tidy keep your immediate work area clean and 4 2 2 4 2 2 Total 100 32 68 7 0 7 12 6 6 PC3. utilize your time effectively 12 6 6 PC4. use resources correctly and efficiently 19 6 13 PC5. treat confidential information correctly 7 1 6 100 PC6. work in line with your organization s 12 0 12 policies and procedures PC7. work within the limits of your job role 6 0 6 PC8. obtain guidance from appropriate people, where necessary PC9. ensure your work meets the agreed requirements PC1. communicate with colleagues clearly, concisely and accurately PC2. work with colleagues to integrate your work effectively with theirs 6 0 6 19 6 13 Total 100 25 75 100 20 0 20 Analyst Security Operations Centre 14

6. SSC/N9003 (Maintain a healthy, safe and secure working environment) 7. SSC/N9004 (Provide data/information in standard formats) PC3. pass on essential information to colleagues in line with organizational requirements 10 10 0 PC4. work in ways that show respect for colleagues 20 0 20 PC5. carry out commitments you have made to colleagues PC6. let colleagues know in good time if you cannot carry out your commitments, explaining the reasons PC7. identify any problems you have working with colleagues and take the initiative to solve these problems PC8. follow the organization s policies and procedures for working with colleagues PC1. comply with your organization s current health, safety and security policies and procedures PC2. report any identified breaches in health, safety, and security policies and procedures to the designated person PC3. identify and correct any hazards that you can deal with safely, competently and within the limits of your authority PC4. report any hazards that you are not competent to deal with to the relevant person in line with organizational procedures and warn other people who may be affected PC5. follow your organization s emergency procedures promptly, calmly, and efficiently PC6. identify and recommend opportunities for improving health, safety, and security to the designated person PC7. complete any health and safety records legibly and accurately PC1. establish and agree with appropriate people the data/information you need to provide, the formats in which you need to provide it, and when you need to provide it PC2. obtain the data/information from reliable sources PC3. check that the data/information is accurate, complete and up to date 10 10 0 Total 100 20 80 100 20 10 10 20 10 10 20 10 10 Total 100 30 70 100 13 13 0 13 0 13 12 6 6 Analyst Security Operations Centre 15

8. SSC/N9005 (Develop your knowledge, skills and competence) PC4. obtain advice or guidance from appropriate people where there are problems with the data/information PC5. carry out rule based analysis of the data/information, if required PC6. insert the data/information into the agreed formats PC7. check the accuracy of your work, involving colleagues where required PC8. report any unresolved anomalies in the data/information to appropriate people PC9. provide complete, accurate and up to date data/information to the appropriate people in the required formats on time PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence PC2. identify accurately the knowledge and skills you need for your job role PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs PC4. agree with appropriate people a plan of learning and development activities to address your learning needs PC5. undertake learning and development activities in line with your plan PC6. apply your new knowledge and skills in the workplace, under supervision PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them PC8. review your knowledge, skills and competence regularly and take appropriate action 6 0 6 25 0 25 13 0 13 6 0 6 6 6 0 6 0 6 Total 100 25 75 20 10 10 100 20 10 10 Total 100 20 80 Analyst Security Operations Centre 16

Analyst Security Operations Centre 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback