Occupational Standard - SSC/N0901 | SSC

Occupational Standard - SSC/N0901

Occupational Standard - SSC/N0901
Code SSC/N0901
Version 0.1
Industry Sub-Sector IT-ITeS/IT Services
Title Contribute to managing information security
Description This unit is about carrying out specified tasks as part of a team working to ensure information security.
Scope

Scope

This unit/task covers the following:

Information security includes:

·     Identify and Access Management (IdAM)

·     physical security

·     networks (wired and wireless)

·     devices

·     endpoints/edge devices

·     storage devices

·     servers

·     software

·     applications security

·     content management

·     messaging

·     web security

·     security of infrastructure

·     infrastructure devices (eg routers, firewall services)

·     computer assets, server s and storage networks

·     messaging

·     intrusion detection/prevention

·     security incident management

·     third party security management

·     personnel security requirements

Backups includes:

·     validation

·     tracking

·     consolidation

·     replication

·     configuration

·     logs

·     devices

·     applications

·     software

Appropriate people:

·     line manager

·     members of the security team

·     subject matter experts

Performance Criteria

Performance Criteria (PC) w.r.t. the Scope

 

To be competent, you  must be able to:

PC1.      Establish your role and responsibilities in contributing to managing information security

PC2.      Monitor systems and apply controls in line with information security policies, procedures and guidelines

PC3.      Carry out security assessment of information security systems using automated tools

PC4.      Carry out configuration reviews of information security systems using automated tools, where required

PC5.      Carry out backups of security devices and applications in line with information security policies, procedures and guidelines, where required

PC6.      Maintain accurate daily records/logs of information security performance parameters using standard templates and tools

PC7.      Analyze information security performance metrics to highlight variances and issues for action by appropriate people

PC8.      Provide inputs to root cause analysis and the resolution of information security issues, where required

PC9.      Update your organization’s knowledge base promptly and accurately with information security issues and their resolution

PC10.    Obtain advice and guidance on information security issues from appropriate people, where required

PC11.    Comply with your organization’s policies, standards, procedures and guidelines when contributing to managing information security

Knowledge

Knowledge and Understanding (K)

A.   Organizational

Context (Knowledge of the company/  organization and  its processes)

You need to know and understand:

KA1.    Your organization’s policies, procedures, standards and guidelines for managing information security

KA2.    Your organization’s knowledge base and how to access and update this

KA3.    Limits of your role and responsibilities and who to seek guidance from

KA4.    The organizational systems, procedures and tasks/checklists within the domain and how to use these

KA5.     How to analyze root causes of information security issues

KA6.     How to carry out information security assessments

KA7.     How to carry out configuration reviews

KA8.     How to correlate devices and logs

KA9.     Different  types of automation tools and how to use these

KA10.    How to access and analyze information security performance metrics

KA11.    who to involve when managing information security

KA12.    Your organization’s information security systems and tools and how to access and maintain these

KA13.    Standard tools and templates available and how to use these

B. Technical  

     Knowledge

You need to know and understand:

KB1.    Fundamentals of information security and how to apply these, including:

·         networks

·         communication

·         application security

KB2.    Different types of backups for security devices and applications and how to carry out backups

KB3.    Common issues and variances of performance metrics that require action and who to report these to

KB4.    How to identify and resolve information security vulnerabilities and issues

Skills

A.      Core Skills/ Generic Skills

Writing Skills

You need to know and understand how to:

SA1.    Complete accurate well written work with attention to detail

SA2.    Communicate with others in writing

Reading Skills

You need to know and understand how to:

SA3.    Follow guidelines, procedures, rules and service level agreements

Oral Communication (Listening and Speaking skills)

You need to know and understand how to:

SA4.    Listen effectively and orally communicate information accurately

SA5.    Ask for clarification and advice from others

B.      Professional Skills

 

 

Decision Making

You need to know and understand how to:

SB1.    Follow rule-based decision-making processes

SB2.    Make decisions on suitable courses of action

Plan and Organize

You need to know and understand how to:

SB3.    Plan and organize your work to achieve targets and deadlines

CustomerCentricity

You need to know and understand how to:

SB4.    Carry out rule-based transactions in line with customer-specific guidelines, procedures, rules and service level agreements

SB5.    Check your own and/or your peers work meets customer requirements

Problem Solving

You need to know and understand how to:

SB6.    Apply problem-solving approaches in different situations

SB7.    Seek clarification on problems from others

Analytical Thinking

You need to know and understand how to:

SB8.    Analyze data and activities

SB9.    Configure data and disseminate relevant information to others

SB10.    Pass on relevant information to others

Critical Thinking

You need to know and understand how to:

SB11.    Provide opinions on work in a detailed and constructive way

SB12.    Apply balanced judgments to different situations

Attention to Detail

You need to know and understand how to:

SB13.    check your work is complete and free from errors

Team Working

You need to know and understand how to:

SB14.    work effectively in a team environment

SB15.    work independently and collaboratively

C.      Technical Skills

You need to know and understand how to:

SC1.    Use information technology effectively to input and/or extract data accurately

SC2.    Store and retrieve information

SC3.    Identify and refer anomalies in data

SC4.    Keep up to date with changes, procedures and practices in your field of expertise

Attachment os_attachments/SSC_N0901_V0.1.pdf
Last Review On June 23, 2015, 2:54 p.m.
Next Review On

Connect with us

Recent News

   Adobe partners with SSC NASSCOM in Skill Development
Post date: Sept. 13, 2017, 8:17 p.m.
   CANADIAN EMBASSY
Post date: April 29, 2017, 11:32 p.m.
   Gramoday Mela - Chitrakoot
Post date: March 1, 2017, 10:37 a.m.
View All

Student Readiness

Training Providers Employability Assessments

Training Providers

Training Providers

IT-BPM Industry Members

Companies

Academic Institutions

Acedmia
Go to top