QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL … · 2019. 9. 20. · Qualifications Pack –Cloud...

1

Fea``bora

Introduction Qualifications Pack –Cloud Security Analyst

Contents 1. Introduction and Contacts..…………………….…P.1

2. Qualifications Pack……….……........................P.2

3. Glossary of Key Terms …………………………...…P.3

4. NOS Units……………………..…….………………….…P.5

5. Annexure: Nomenclature for QP & NOS…..P.38

6. Assessment Criteria………………....................P.40

� NOS describe

what individuals need to do, know and understand in order to carry out a particular job role or function

� NOS are

performance standards that individuals must achieve when carrying out functions in the workplace, together with specifications of the underpinning knowledge and understanding

IT-ITeS SSC NASSCOM Plot No-7,8,9 & 10, Sector 126,Noida,UP, Noida -201303 Phone No:0120-4990172 E-mail: [email protected]

SECTOR: IT-ITeS

SUB-SECTOR: Future Skills

OCCUPATION: Cloud Computing

REFERENCE ID: SSC/Q8309

ALIGNED TO: NCO 2015/2522.0201

Brief Job Role Description: Individuals in this role, monitor the assets of the organizations to keep a check on security risks and threats. They manage and enforce security protocols and perform test to identify potential security threats. Personal Attributes: Cloud Security Analyst must work and collaborate with various stakeholders while ensuring security of systems deployed on cloud. They must be able to communicate and build relationships with others and continuously develop their technical knowledge and analytical abilities.

QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL STANDARDS FOR IT-BPM INDUSTRY

2

Job Role Cloud Security Analyst (Security Engineer, Security Operation Analyst, Security Analyst)

Description TBD NSQF Level 6 Minimum Educational Qualifications Maximum Educational Qualifications

Bachelor’s Degree in Engineering / Technology / Statistics / Mathematics / Computer Science/ Physical Sciences Not Applicable

Training (Suggested but not mandatory) Not Applicable

Minimum Job Entry Age 21 years (Recommended) Experience 0-6 months (Recommended)

Applicable National Occupational Standards (NOS)

Compulsory:

1. SSC/N8334 Detect and communicate occurrences of information security threats and risks

2. SSC/N8335 Respond to security threats and restore affected capabilities

3. SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization

4. SSC/N9005 Develop your knowledge, skills and competence

5. SSC/N9010 Convince others to take appropriate action in different situations

6. SSC/N9012 Manage and collaborate with stakeholders for project success

7. SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct

Performance Criteria As described in the relevant NOS units

Qualifications Pack Code SSC/Q8309

Job Role Cloud Security Analyst This job role is applicable both in national and international scenarios

Credits (NSQF) TBD Version number 1.0 Sector IT-ITeS Drafted on 11/04/2019 Sub-sector Future Skills Last reviewed on 29/05/2019 Occupation Cloud Computing Next review date 31/12/2020

NSQC Clearance on 22/08/2019 Job

Deta

ils

3

Keywords /Terms Description Sector Sector is a conglomeration of different business operations having similar

business and interests. It may also be defined as a distinct subset of the economy whose components share similar characteristics and interests.

Sub-sector Sub-sector is derived from a further breakdown based on the characteristics and interests of its components.

Occupation Occupation is a set of job roles, which perform similar/ related set of functions in an industry.

Job Role Job role defines a unique set of tasks that together form a unique employment opportunity in an organisation.

Occupational Standards (OS)

OS specify the standards of performance an individual must achieve when carrying out a function in the workplace, together with the knowledge and understanding they need to meet that standard consistently. Occupational Standards are applicable both in the Indian and global contexts.

Performance Criteria Performance criteria are statements that together specify the standard of performance required when carrying out a task.

National Occupational Standards (NOS)

NOS are occupational standards which apply uniquely in the Indian context.

Qualifications Pack (QP)

QP comprises the set of OSs, together with the educational, training and other criteria required to perform a job role. A QP is assigned a unique qualifications pack code.

Electives Electives are NOS/set of NOS that are identified by the sector as contributive to specialization in a job role. There may be multiple electives within a QP for each specialized job role. Trainees must select at least one elective for the successful completion of a QP with Electives.

Options Options are NOS/set of NOS that are identified by the sector as additional skills. There may be multiple options within a QP. It is not mandatory to select any of the options to complete a QP with Options.

Unit Code Unit code is a unique identifier for an Occupational Standard, which is denoted by an ‘N’

Unit Title Unit title gives a clear overall statement about what the incumbent should be able to do.

Description Description gives a short summary of the unit content. This would be helpful to anyone searching on a database to verify that this is the appropriate OS they are looking for.

Scope Scope is a set of statements specifying the range of variables that an individual may have to deal with in carrying out the function which have a critical impact on quality of performance required.

Knowledge and Understanding

Knowledge and understanding are statements which together specify the technical, generic, professional and organisational specific knowledge that an individual need to perform to the required standard.

Organisational Context Organisational context includes the way the organisation is structured and how it operates, including the extent of operative knowledge managers have of their relevant areas of responsibility.

Technical Knowledge Technical knowledge is the specific knowledge needed to accomplish specific designated responsibilities.

Defin

ition

s

4

Acro

nym

s

Keywords /Terms Description

NOS National Occupational Standard(s)

NSQF National Skills Qualifications Framework

QP Qualifications Pack

IT-ITeS Information Technology – Information Technology enabled Services

SPD Software Product Development

ERD Engineering and R&D

ITS Information Technology Services

BPM Business Process Management

SSC/N8334 Detect and communicate occurrences of information security threats and risk

5

Overview This unit is about detecting threats and anomalies, employing continuous security monitoring processes, maintaining threat detection processes and performing audits.

National Occupational Standard


6

Unit Code SSC/N8334 Unit Title (Task)

Detect and communicate occurrences of information security threats and risks

Description This unit is about detecting threats and anomalies, employing continuous security monitoring processes, maintaining threat detection processes and performing audits .

NSQF Level 6 Scope This unit/task covers the following:

• Historical analysis of security threats/ incidents • Vulnerability & threat detection • Security monitoring • Security audits

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Historical analysis of security threats/incidents

To be competent, the user/individual on the job must be able to: PC1. gather information on previous security incidents and how were they

managed by accessing the organization’s knowledge base

Vulnerability & threat detection

PC2. identify and implement automated security assessment tools to perform security assessments of cloud systems

PC3. perform vulnerability testing and risk analysis to identify security threats and vulnerabilities in the cloud solution

PC4. implement security controls to identify security anomalies in line with data security policies, procedures and guidelines

PC5. identify security anomalies and understand their potential impact to the organization

PC6. record, classify and prioritize security incidents using standard templates and tools

PC7. ensure anomalies and incidents related to cloud security are detected in a timely manner

PC8. perform regular review and maintenance of threat detection processes PC9. report security threats and vulnerabilities to relevant stakeholders

Security monitoring

PC10. develop KPIs for monitoring the security incidents and identifying the root cause

PC11. leverage analytics to predict and extrapolate attack trends ahead of their occurrence

Nat

iona

l Occ

upat

iona

l Sta

ndar

d


7

Security audits

PC12. identify requirements of audit and provide assistance in audit reviews, as required

PC13. liaise with appropriate people to gather data/information required for audits

PC14. carry out required audit tasks using standard tools and following established procedures/guidelines/checklists

PC15. report outcomes of the security audits to appropriate stakeholders

Knowledge and Understanding (K) A. Organizational

Context (Knowledge of the company/ organization and its processes)

The user/individual on the job needs to know and understand:

KA1. organizational policies, procedures and guidelines which relate to maintaining solution security

KA2. organizational policies and procedures for sharing data KA3. organizational policies for documenting and implementing security

procedures KA4. how to collaborate with stakeholders to define and execute security

processes KA5. the range of standard templates and tools available and how to use

them B. Technical Knowledge

The user/individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. how to identify and resolve security vulnerabilities and incidents KB3. common security issues and incidents that may require action and

who to report these to KB4. how to identify and resolve vulnerabilities in systems KB5. how to maintain records of monitoring activities KB6. how to obtain and validate information related to security issues KB7. how to prepare and submit security assessment reports and who to

share these with KB8. how to identify and refer anomalies in data KB9. different types of threat assessment tests KB10. different types of vulnerability assessment tests KB11. different types of security standards and protocols KB12. different types of compliance/regulatory standards KB13. how to conduct security audits KB14. how to define KPIs to monitor security threats KB15. how to create security safeguards to prevent security threats


8

Skills (S) A. Core / Generic

Skills The user/individual on the job needs to know and understand how to: Reading Skills SA1. follow instructions, guidelines, procedures, rules and service level

agreements Listening and Speaking Skills SA2. ask for clarification and advice from appropriate people SA3. listen effectively and orally communicate accurate information

B. Professional

Skills

The user/individual on the job needs to know and understand how to: Decision Making SA4. follow rule-based decision making processes SA5. make decisions on suitable courses Plan and Organize SA6. plan and organize the work to achieve targets and deadlines Problem Solving SA7. refer anomalies to the supervisor SA8. seek clarification on problems from others Analytical Thinking SA9. analyze data and activities SA10. pass on relevant information to others Critical Thinking SA11. apply balanced judgments to different situations

Attention to Detail SA12. check the work is complete and free from errors Team Working SA13. contribute to the quality of team work


9

NOS Version Control

NOS Code SSC/N8334

Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019

Occupation Cloud Computing Next review date 31/12/2020

SSC/N8335 Respond to security threats and restore affected capabilities

10

Overview This unit is about responding to security incidents, preventing their expansion and ensuring timely restoration and recovery of affected capabilities.



11


Respond to security threats and restore affected capabilities

Description This unit is about responding to security incidents, preventing their expansion and ensuring timely restoration and recovery of affected capabilities.


• Adherence to security policies and standards • Escalation and reporting of security incidents • Recovery & restoration of affected systems

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Adherence to security policies and standards

To be competent, the user/individual on the job must be able to: PC1. plan timely response and wherever applicable automate responses

to detected security threats PC2. execute post-incident processes and procedures in line with security

policies, procedures and guidelines PC3. maintain and update checklist, runbooks and playbooks on security

incidents Escalation and reporting of security incidents

PC4. assign information security incidents promptly to appropriate people for investigation/action

PC5. track progress of investigations into information security incidents PC6. escalate security incidents to appropriate people where progress

does not comply with standards or service level agreements (SLAs) PC7. liaise with stakeholders to gather, validate and provide information

related to information security incidents, where required PC8. report to law enforcement agencies, if required PC9. prepare and submit accurate reports on information security

incidents using standard templates and tools Recovery & restoration of affected systems

PC10. prevent further expansion of the security incident PC11. carry out backups of security devices and applications in line with

security policies, procedures and guidelines, when required PC12. ensure timely restoration of cloud assets and systems affected by

security incidents PC13. update the organization’s knowledge base promptly and accurately

with information security incidents and how they were managed Knowledge and Understanding (K)

A. Organizational The user/individual on the job needs to know and understand:

N

atio

nal O

ccup

atio

nal S

tand

ard


12


KA1. organizational policies, procedures and guidelines which relate to

maintaining solution security KA2. organizational policies and procedures for sharing data KA3. organizational policies for documenting and implementing security

procedures KA4. how to collaborate with stakeholders to define and execute security

processes KA5. the range of standard templates and tools available and how to use

them B. Technical Knowledge

The user/individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. different stages of incident management and his/her role in relation

to these, including: identify; contain; cleanse; recover; close KB3. how to restore and recover systems after a security incident KB4. how to obtain and validate information related to security issues KB5. how to prepare and submit security reports and who to share these

with KB6. how to identify and refer anomalies in data KB7. different types of threat assessment tests KB8. different types of vulnerability assessment tests KB9. different types of security standards and protocols KB10. different types of compliance/regulatory standards KB11. how to maintain and update checklist, runbooks and playbooks on

security incidents KB12. how to create backup and secure data KB13. different types of security monitoring tools

Skills (S)

Core / Generic Skills

The user/individual on the job needs to know and understand how to: Reading Skills SA1. follow instructions, guidelines, procedures, rules and service level

agreements

Listening and Speaking Skills SA2. ask for clarification and advice from appropriate people SA3. listen effectively and orally communicate accurate information


13

Professional Skills

The user/individual on the job needs to know and understand how to: Decision Making SA4. follow rule-based decision making processes SA5. make decisions on suitable courses

Plan and Organize SA6. plan and organize the work to achieve targets and deadlines

Problem Solving SA7. refer anomalies to the supervisor SA8. seek clarification on problems from others

Analytical Thinking SA9. analyze data and activities SA10. pass on relevant information to others

Critical Thinking SA11. apply balanced judgments to different situations

Attention to Detail SA12. apply good attention to detail SA13. check the work is complete and free from errors

Team Working SA14. contribute to the quality of team work


14

NOS Version Control

NOS Code SSC/N8335



SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization

15

Overview This unit is about ensuring regulatory/compliance standards are implemented across the organization.



16


Monitor and maintain regulatory/ compliance standards across the organization

Description This unit is about ensuring regulatory/compliance standards are implemented across the organization.


• Monitoring regulatory/compliances using tools • Resolving issues related to non-compliance

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Monitoring regulatory/compliances using tools

To be competent, the individual working on the job must be able to: PC1. identify and implement compatible tools and automated solutions

for monitoring compliance of regulatory standards PC2. monitor the configurations of the infrastructure to ensure that it

adheres to security and regulatory/compliance best practices PC3. ensure that existing compliance related processes and procedures

are being followed, with enough documentary evidence PC4. collect data about cloud services and continuously perform checks

against predetermined security best practices and regulatory/ compliance guidelines

PC5. provide timely feedback related to information security on contracts and agreements to be issued or entered into by the organization

PC6. drive security initiatives in the organization to ensure compliance to security and regulatory standards

Resolving issues related to non-compliance

PC7. undertake corrective actions or implement auto-remediation workflows and security controls to correct cases of non-compliance

PC8. perform an analysis to determine level of risk exposure of the discovered misconfigurations


Context (Knowledge of the company/ organization and its

The individual on the job needs to have knowledge of: KA1. organizational policies, procedures and guidelines which relate to

maintaining solution security KA2. organizational policies and procedures for sharing data

N

atio

nal O

ccup

atio

nal S

tand

ard


17

processes) KA3. organizational policies for documenting and implementing security procedures

KA4. how to collaborate with stakeholders to define and execute security processes

KA5. the range of standard templates and tools available and how to use them

B. Technical Knowledge

The individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. how to manage security configuration KB3. different types of security standards to check for security threats KB4. different types of regulatory/compliance standards KB5. how to monitor implementation of regulatory/compliance

standards KB6. how to evaluate systems for wrong security configuration KB7. how to automate the security monitoring processes KB8. different types of tools for monitoring compliance/regulatory

standards in the organization

Skills (S) A. Core / Generic Skills The user/individual on the job needs to know and understand how to:

Listening and Speaking Skills SA1. ask for clarification and advice from appropriate people SA2. listen effectively and orally communicate accurate information

Team Working SA3. work independently and collaboratively

Writing Skills SA4. communicate with others in writing

B. Professional Skills Analytical Thinking SA5. analyze architecture related decisions on business and

organization SA6. pass on relevant information to others

Attention to Detail SA7. check the work is complete and free from errors


18

Customer Centricity SA8. work effectively in a customer facing environment

Plan and Organize SA9. plan and organize the work to achieve targets and deadlines


19

NOS Version Control

NOS Code SSC/N SSC/N8337 8210 SSC/



SSC/N9005 Develop your knowledge, skills and competence

20

Overview This unit is about taking action to ensure you have the knowledge and skills you need to perform competently in your current job role and to take on new responsibilities, where required. Competence is defined as: the application of knowledge and skills to perform to the standards required.



21


Develop your knowledge, skills and competence

Description This unit is about taking action to ensure you have the knowledge and skills you need to perform competently in your current job role and to take on new responsibilities, where required. Competence is defined as: the application of knowledge and skills to perform to the standards required.


• Develop knowledge • Apply knowledge

Learning and Development Activities Formal education and training programs, leading to certification, non-formal activities (such as private study, learning from colleagues, project work), designed to meet learning and development objectives but without certification Appropriate Action Undertaking further learning and development activities, finding further opportunities to apply your knowledge and skills

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Develop knowledge

To be competent, the individual working on the job must be able to:

PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence

PC2. identify accurately the knowledge and skills you need for your job role PC3. identify accurately your current level of knowledge, skills and

competence and any learning and development needs PC4. agree with appropriate people a plan of learning and development

activities to address your learning needs PC5. undertake learning and development activities in line with your plan

Apply knowledge

PC6. apply your new knowledge and skills in the workplace, under supervision

PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them

N

atio

nal O

ccup

atio

nal S

tand

ard


22

PC8. review your knowledge, skills and competence regularly and take appropriate action



The individual on the job needs to have knowledge of: KA1. your organization’s procedures and guidelines for developing your

knowledge, skills and competence and your role and responsibilities in relation to this

KA2. the importance of developing your knowledge, skills and competence to you and your organization

KA3. different methods used by your organization to review skills and knowledge including: training need analysis skills need analysis performance appraisals

KA4. how to review your knowledge and skills against your job role using different methods and analysis

KA5. different types of learning and development activities available for your job role and how to access these

KA6. how to produce a plan to address your learning and development needs, who to agree it with and the importance of undertaking the planned activities

KA7. different types of support available to help you plan and undertake learning and development activities and how to access these

KA8. why it is important to maintain records of your learning and development

KA9. methods of obtaining and accepting feedback from appropriate people on your knowledge skills and competence

KA10. how to use feedback to develop in your job role B. Technical Knowledge

The individual on the job needs to know and understand: KB1. the knowledge and skills required in your job role KB2. your current learning and development needs in relation to your job

role KB3. different types of learning styles and methods including those that help

you learn best KB4. the importance of taking responsibility for your own learning and

development KB5. to the importance of learning and practicing new concepts, theory and

how to apply these in the work environment or on samples. KB6. how to explore sample problems and apply solutions KB7. how to use information technology effectively to input and/or extract

data accurately


23

KB8. how to agree objectives and work requirements KB9. how to keep up to date with changes, procedures and practices in your

role


Skills The user/individual on the job needs to know and understand how to: Writing Skills SA1. complete accurate well written work with attention to detail Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level

agreements Listening and Speaking Skills SA3. ask for clarification and advice from line managers Decision Making SA4. make decisions on suitable courses Plan and Organize SA5. plan and organize the work to achieve targets and deadlines Customer Centricity SA6. check that own/peers’ work meets customer requirements Problem Solving SA7. refer anomalies to the line manager Analytical Thinking SA8. analyze data and activities Critical Thinking SA9. apply balanced judgments to different situations Attention to Detail SA10. check the work is complete and free from errors SA11. get the work checked by others Team Working


24

NOS Version Control

SA12. work effectively in a team environment

NOS Code SSC/N9005



SSC/N9010 Convince others to take appropriate action in different situations

25

Overview This unit is about convincing others to take appropriate action in different situations.



26


Convince others to take appropriate action in different situations

Description This unit is about convincing others to take appropriate action in different situations


• Define needs • Persuade others

Appropriate People line manager, members of the team / department, members from other teams / departments

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Define needs

To be competent, the individual working on the job must be able to: PC1. gather needs of concerned people PC2. adapt arguments to consider diverse needs

Persuade others

PC3. use small wins as milestones to gain support for ideas PC4. persuade with the help of concrete examples or evidences PC5. take defined steps to reach a consensus on the course of action



The individual on the job needs to know and understand: KA1. organizational policies and procedures for persuading people and their

role and responsibilities in relation to this


The individual on the job needs to know and understand: KB1. different types of information that people might need and the

importance of providing this information when it is required KB2. different methods of communication and the circumstances in which it

is appropriate to use these

Nat

iona

l Occ

upat

iona

l Sta

ndar

d


27


Skills The user/individual on the job needs to know and understand how to: Listening and Speaking Skills SA1. ask for clarification and advice from appropriate people SA2. listen effectively and orally communicate accurately information

Decision Making SA3. make decisions on suitable courses



28

NOS Version Control

NOS Code SSC/N9010



SSC/N9012 Manage and collaborate with stakeholders for project success

29

Overview This unit is about managing and communicating effectively with stakeholders to ensure that project requirements are met.



30


Manage and collaborate with stakeholders for project success

Description This unit is about managing and communicating effectively with stakeholders to ensure that project requirements are met.


• Define stakeholder requirements • Communicate with stakeholders • Ensure stakeholder satisfaction

Stakeholders

• Internal • External

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Define stakeholder requirements

To be competent, the individual working on the job must be able to:

PC1. identify the larger business and organizational context behind the requirements of the stakeholder

PC2. manage fluctuating stakeholder priorities and expectations PC3. consult stakeholders early in critical organization-wide decisions

Collaborate with stakeholders

PC4. use formal communication methods to collaborate with stakeholders (such as meetings, conference calls, emails etc.)

PC5. keep stakeholders updated on changes in project requirements PC6. define the frequency of communication with all the stakeholders PC7. use suitable tools to represent numbers and pictures to present details

Ensure stakeholder satisfaction

PC8. respond to requests in a timely and accurate manner PC9. take feedbacks from stakeholders regularly PC10. continuously improve work deliverables/service based on stakeholder

feedback PC11. plan deliverables based on stakeholder needs


Context (Knowledge of the company/ organization

The individual on the job needs to know and understand: KA1. organizational policies and procedures for working with stakeholders

and their role and responsibilities in relation to this

Nat

iona

l Occ

upat

iona

l Sta

ndar

d


31

and its processes)


The individual on the job needs to know and understand: KB1. the importance of effective communication and establishing good

working relationships with relevant stakeholders KB2. different methods of communication and the circumstances in which it

is appropriate to use these KB3. different types of information that stakeholders might need and the

importance of providing this information when it is required


Skills The user/individual on the job needs to know and understand how to: Writing Skills SA1. communicate effectively with stakeholders in writing Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level

agreements Customer Centricity SA3. check that own/peers’ work meets customer requirements SA4. deliver consistent and reliable service to customers Critical Thinking SA5. apply balanced judgments to different situations


32

NOS Version Control

NOS Code SSC/N9012



SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct

33

Overview This unit is about adopting a positive attitude towards work while following organizational code of conduct.



34


Inculcate strong work ethic in line with organizational code of conduct

Description This unit is about adopting a positive attitude towards work while following organizational code of conduct.


• Code of Conduct • Work Ethic

Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Code of Conduct

To be competent, the user/individual on the job must be able to: PC1. treat your colleagues with respect PC2. work in line with your company's guidelines and policies PC3. follow dress code as defined by the organization PC4. do not disclose company's confidential data outside the organization PC5. be sensitive and respectful to other cultures in your workspace PC6. refrain from using your position in the organization to gain personal

benefits PC7. utilize company's resources efficiently PC8. refrain from getting into a conflict of interest scenario PC9. adopt meritocratic approaches towards work and refrain from

nepotism or favouritism PC10. treat fellow colleagues equally PC11. keep your immediate area clean and tidy

Work Ethic

PC12. utilize your time efficiently PC13. take ownership for the activities assigned to you PC14. adapt to changes in work plans and be flexible without compromising

on delivery quality PC15. assess the broader picture while performing the activities assigned to

you PC16. meet deadlines without giving up quality PC17. consistently report on time to work PC18. analyze and review your work on a regular basis to increase your

performance PC19. be cooperative with other employees PC20. prudently take risks where required

Nat

iona

l Occ

upat

iona

l Sta

ndar

d


35

PC21. have an open mindset to new ideas from others



The user/individual on the job needs to know and understand: KA1. knowledge of companies policies and internal regulations KA2. knowledge of local issues where the organization is based in KA3. knowledge of the external environment of the organization, including

geopolitical and industry issues KA4. awareness of organizational culture


KB1. how to identify and refer anomalies in data KB2. how to help reach agreements with colleagues KB3. how to keep up to date with changes, procedures and practices in your

role

Skills (S)

A. Core / Generic Skills

The user/individual on the job needs to know and understand how to: Writing Skills SA1. complete accurate well written work with attention to detail

Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level

agreements

Listening and Speaking Skills SA3. listen effectively and orally communicate accurate information

Decision Making SA4. make decisions on suitable courses

Plan and Organize SA5. plan and organize the work to meet health, safety and security

requirements

Customer Centricity SA6. build and maintain positive and effective relationships with customers

Problem Solving SA7. apply problem solving approaches in different situations


36

Analytical Thinking SA8. analyze data and activities


Attention to Detail SA10. check the work is complete and free from errors SA11. get the work checked by others

Team Working SA12. work effectively in a team environment


37

NOS Version Control

NOS Code SSC/N9013



38

Annexure

Nomenclature for QP and NOS

Qualifications Pack

SSC/ Q 0101


SSC/ N 0101

Q denoting Qualifications Pack Occupation (2 numbers)

QP number (2 numbers)

9 characters

N denoting National Occupational Standard Occupation (2 numbers)

NOS number (2 numbers)

9 characters

Back to top…

SSC denoting Software & Services Companies (IT-ITeS industry)

SSC denoting Software & Services Companies (IT-ITeS industry)

Qualifications Pack For Cloud Security Analyst

39

The following acronyms/codes have been used in the nomenclature above:

Sequence Description Example

Three letters Industry name (Software & Services Companies)

SSC

Slash / /

Next letter Whether QP or NOS N

Next two numbers Occupation code 01

Next two numbers OS number 01


40

Criteria For Assessment Of Trainees Job Role Cloud Security Analyst

Qualification Pack SSC/Q8309

Sector Skill Council IT-ITeS Guidelines for Assessment 1. Criteria for assessment for each Qualification Pack will be created by the Sector Skill Council. Each Performance Criteria (PC) will be assigned marks proportional to its importance in NOS. SSC will also lay down proportion of marks for Theory and Skills Practical for each PC. 2. The assessment for the theory part will be based on knowledge bank of questions created by the SSC. 3. Assessment will be conducted for all compulsory NOS, and where applicable, on the selected elective/option NOS/set of NOS. 4. Individual assessment agencies will create unique question papers for theory part for each candidate at each examination/training center (as per assessment criteria below). 5. Individual assessment agencies will create unique evaluations for skill practical for every student at each examination/training center based on this criterion. 6. To pass a QP, a trainee should score an average of 70% across generic NOS’ and a minimum of 70% for each technical NOS 7. In case of unsuccessful completion, the trainee may seek reassessment on the Qualification Pack.

Compulsory NOS Marks Allocation

Total Marks: 700

Assessment outcomes Assessment Criteria for outcomes Total Marks Out Of Theory Skills

Practical

1. SSC/N8334 Detect and communicate occurrences of security threats and risks to cloud assets

PC1. gather information on previous security incidents and how were they managed by accessing the organization’s knowledge base

100

8 2 6

PC2. identify and implement automated security assessment tools to perform security assessments of cloud systems

8 2 6

PC3. perform vulnerability testing and risk analysis to identify security threats and vulnerabilities in the cloud solution

8 2 6

PC4. implement security controls to identify security anomalies in line with data security policies, procedures and guidelines

5 1 4

PC5. identify security anomalies and understand their potential impact to the organization

8 2 6


41

PC6. record, classify and prioritize security incidents using standard templates and tools

8 3 5

PC7. ensure anomalies and incidents related to cloud security are detected in a timely manner

8 3 5

PC8. perform regular review and maintenance of threat detection processes

8 3 5

PC9. report security threats and vulnerabilities to relevant stakeholders

5 1 4

PC10. develop KPIs for monitoring the security incidents and identifying the root cause

8 3 5

PC11. leverage analytics to predict and extrapolate attack trends ahead of their occurrence

6 1 5

PC12. identify requirements of audit and provide assistance in audit reviews, as required

5 1 4

PC13. liaise with appropriate people to gather data/information required for audits

5 1 4

PC14. carry out required audit tasks using standard tools and following established procedures/guidelines/checklists

5 1 4

PC15. report outcomes of the security audits to appropriate stakeholders 5 1 4

Total 100 27 73 2. SSC/N8335 Respond to security threats and restore affected capabilities

PC1. plan timely response and wherever applicable automate responses to detected security threats

100

9 3 6

PC2. execute post-incident processes and procedures in line with security policies, procedures and guidelines

6 2 4

PC3. maintain and update checklist, runbooks and playbooks on security incidents

9 3 6

PC4. assign information security incidents promptly to appropriate people for investigation/action

6 2 4

PC5. track progress of investigations into information security incidents

6 2 4

PC6. escalate security incidents to appropriate people where progress does not comply with standards or service level agreements (SLAs)

6 2 4

PC7. liaise with stakeholders to gather, validate and provide information

6 2 4


42

related to information security incidents, where required

PC8. report to law enforcement agencies, if required

9 3 6

PC9. prepare and submit accurate reports on information security incidents using standard templates and tools

8 3 5

PC10. prevent further expansion of the security incident

9 2 7

PC11. carry out backups of security devices and applications in line with security policies, procedures and guidelines, when required

9 2 7

PC12. ensure timely restoration of cloud assets and systems affected by security incidents

8 3 5

PC13. update the organization’s knowledge base promptly and accurately with information security incidents and how they were managed

9 2 7

Total 100 31 69 3. SSC/N8337 Continuously monitor and maintain regulatory/ compliance standards across the organization

PC1. identify and implement compatible tools and automated solutions for monitoring compliance of regulatory standards

100

12 4 8

PC2. monitor the configurations of the infrastructure to ensure that it adheres to security and regulatory/compliance best practices

20 6 14

PC3. ensure that existing compliance related processes and procedures are being followed, with enough documentary evidence

20 6 14

PC4. collect data about cloud services and continuously perform checks against predetermined security best practices and regulatory/ compliance guidelines

20 6 14

PC5. provide timely feedback related to information security on contracts and agreements to be issued or entered into by the organization

4 1 3

PC6. drive security initiatives in the organization to ensure compliance to security and regulatory standards

4 1 3

PC7. undertake corrective actions or implement auto-remediation workflows and security controls to correct cases of non-compliance

10 3 7


43

PC8. perform an analysis to determine level of risk exposure of the discovered misconfigurations

10 3 7

Total 100 30 70 4. SSC/N9005 Develop your knowledge, skills and competence

PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence

10 0 10

PC2. identify accurately the knowledge and skills you need for your job role

10 0 10

PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs

20 10 10

PC4. agree with appropriate people a plan of learning and development activities to address your learning needs

10 0 10

PC5. undertake learning and development activities in line with your plan

100

20 10 10

PC6. apply your new knowledge and skills in the workplace, under supervision

10 0 10

PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them

10 0 10

PC8. review your knowledge, skills and competence regularly and take appropriate action

10 0 10

Total 100 20 80 5. SSC/N9010 Convince others to take appropriate action in different situations

PC1. gather needs of concerned people

100

10 0 10

PC2. adapt arguments to consider diverse needs

15 0 15

PC3. use small wins as milestones to gain support for ideas

25 10 15

PC4. persuade with the help of concrete examples or evidences

25 10 15

PC5. take defined steps to reach a consensus on the course of action

25 10 15

Total 100 30 70 6. SSC/N9012 Manage and collaborate with stakeholders for project success

PC1. identify the larger business and organizational context behind the requirements of the stakeholder

100

10 3 7

PC2. manage fluctuating stakeholder priorities and expectations

5 1 4


44

PC3. consult stakeholders early in critical organization-wide decisions

10 3 7

PC4. use formal communication methods to collaborate with stakeholders (such as meetings, conference calls, emails etc.)

5 1 4

PC5. keep stakeholders updated on changes in project requirements

10 3 7

PC6. define the frequency of communication with all the stakeholders

10 3 7

PC7. use suitable tools to represent numbers and pictures to present details

10 3 7

PC8. respond to requests in a timely and accurate manner

10 3 7

PC9. take feedbacks from stakeholders regularly

5 1 4

PC10. continuously improve work deliverables/service based on stakeholder feedback

15 5 10

PC11. plan deliverables based on stakeholder needs

10 3 7

Total 100 29 71 7. SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct

PC1. treat your colleagues with respect

100

1 1 0

PC2. work in line with your company's guidelines and policies

1 1 0

PC3. follow dress code as defined by the organization

1 1 0

PC4. do not disclose company's confidential data outside the organization

10 3 7

PC5. be sensitive and respectful to other cultures in your workspace

10 3 7

PC6. refrain from using your position in the organization to gain personal benefits

1 1 0

PC7. utilize company's resources efficiently

10 3 7

PC8. refrain from getting into a conflict of interest scenario

1 1 0

PC9. adopt meritocratic approaches towards work and refrain from nepotism or favouritism

5 1 4

PC10. treat fellow colleagues equally 10 3 7

PC11 keep your immediate area clean and tidy

1 1 0

PC12. utilize your time efficiently 10 3 7


45

PC13. take ownership for the activities assigned to you

10 3 7

PC14. adapt to changes in work plans and be flexible without compromising on delivery quality

5 1 4

PC15. assess the broader picture while performing the activities assigned to you

1 1 0

PC16. meet deadlines without giving up quality

5 1 4

PC17. consistently report on time to work

5 1 4

PC18. analyze and review your work on a regular basis to increase your performance

1 1 0

PC19. be cooperative with other employees

10 3 7

PC20. prudently take risks where required

1 0 1

PC21. have an open mindset to new ideas from others

1 0 1

Total 100 33 67

QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL … · 2019. 9. 20. · Qualifications Pack –Cloud...

Documents

Transcript of QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL … · 2019. 9. 20. · Qualifications Pack –Cloud...