QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL … · 2019. 9. 20. · Qualifications Pack –Cloud...
Transcript of QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL … · 2019. 9. 20. · Qualifications Pack –Cloud...
1
Fea``bora
Introduction Qualifications Pack –Cloud Security Analyst
Contents 1. Introduction and Contacts..…………………….…P.1
2. Qualifications Pack……….……........................P.2
3. Glossary of Key Terms …………………………...…P.3
4. NOS Units……………………..…….………………….…P.5
5. Annexure: Nomenclature for QP & NOS…..P.38
6. Assessment Criteria………………....................P.40
� NOS describe
what individuals need to do, know and understand in order to carry out a particular job role or function
� NOS are
performance standards that individuals must achieve when carrying out functions in the workplace, together with specifications of the underpinning knowledge and understanding
IT-ITeS SSC NASSCOM Plot No-7,8,9 & 10, Sector 126,Noida,UP, Noida -201303 Phone No:0120-4990172 E-mail: [email protected]
SECTOR: IT-ITeS
SUB-SECTOR: Future Skills
OCCUPATION: Cloud Computing
REFERENCE ID: SSC/Q8309
ALIGNED TO: NCO 2015/2522.0201
Brief Job Role Description: Individuals in this role, monitor the assets of the organizations to keep a check on security risks and threats. They manage and enforce security protocols and perform test to identify potential security threats. Personal Attributes: Cloud Security Analyst must work and collaborate with various stakeholders while ensuring security of systems deployed on cloud. They must be able to communicate and build relationships with others and continuously develop their technical knowledge and analytical abilities.
QUALIFICATIONS PACK -NATIONAL OCCUPATIONAL STANDARDS FOR IT-BPM INDUSTRY
2
Job Role Cloud Security Analyst (Security Engineer, Security Operation Analyst, Security Analyst)
Description TBD NSQF Level 6 Minimum Educational Qualifications Maximum Educational Qualifications
Bachelor’s Degree in Engineering / Technology / Statistics / Mathematics / Computer Science/ Physical Sciences Not Applicable
Training (Suggested but not mandatory) Not Applicable
Minimum Job Entry Age 21 years (Recommended) Experience 0-6 months (Recommended)
Applicable National Occupational Standards (NOS)
Compulsory:
1. SSC/N8334 Detect and communicate occurrences of information security threats and risks
2. SSC/N8335 Respond to security threats and restore affected capabilities
3. SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
4. SSC/N9005 Develop your knowledge, skills and competence
5. SSC/N9010 Convince others to take appropriate action in different situations
6. SSC/N9012 Manage and collaborate with stakeholders for project success
7. SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
Performance Criteria As described in the relevant NOS units
Qualifications Pack Code SSC/Q8309
Job Role Cloud Security Analyst This job role is applicable both in national and international scenarios
Credits (NSQF) TBD Version number 1.0 Sector IT-ITeS Drafted on 11/04/2019 Sub-sector Future Skills Last reviewed on 29/05/2019 Occupation Cloud Computing Next review date 31/12/2020
NSQC Clearance on 22/08/2019 Job
Deta
ils
3
Keywords /Terms Description Sector Sector is a conglomeration of different business operations having similar
business and interests. It may also be defined as a distinct subset of the economy whose components share similar characteristics and interests.
Sub-sector Sub-sector is derived from a further breakdown based on the characteristics and interests of its components.
Occupation Occupation is a set of job roles, which perform similar/ related set of functions in an industry.
Job Role Job role defines a unique set of tasks that together form a unique employment opportunity in an organisation.
Occupational Standards (OS)
OS specify the standards of performance an individual must achieve when carrying out a function in the workplace, together with the knowledge and understanding they need to meet that standard consistently. Occupational Standards are applicable both in the Indian and global contexts.
Performance Criteria Performance criteria are statements that together specify the standard of performance required when carrying out a task.
National Occupational Standards (NOS)
NOS are occupational standards which apply uniquely in the Indian context.
Qualifications Pack (QP)
QP comprises the set of OSs, together with the educational, training and other criteria required to perform a job role. A QP is assigned a unique qualifications pack code.
Electives Electives are NOS/set of NOS that are identified by the sector as contributive to specialization in a job role. There may be multiple electives within a QP for each specialized job role. Trainees must select at least one elective for the successful completion of a QP with Electives.
Options Options are NOS/set of NOS that are identified by the sector as additional skills. There may be multiple options within a QP. It is not mandatory to select any of the options to complete a QP with Options.
Unit Code Unit code is a unique identifier for an Occupational Standard, which is denoted by an ‘N’
Unit Title Unit title gives a clear overall statement about what the incumbent should be able to do.
Description Description gives a short summary of the unit content. This would be helpful to anyone searching on a database to verify that this is the appropriate OS they are looking for.
Scope Scope is a set of statements specifying the range of variables that an individual may have to deal with in carrying out the function which have a critical impact on quality of performance required.
Knowledge and Understanding
Knowledge and understanding are statements which together specify the technical, generic, professional and organisational specific knowledge that an individual need to perform to the required standard.
Organisational Context Organisational context includes the way the organisation is structured and how it operates, including the extent of operative knowledge managers have of their relevant areas of responsibility.
Technical Knowledge Technical knowledge is the specific knowledge needed to accomplish specific designated responsibilities.
Defin
ition
s
4
Acro
nym
s
Keywords /Terms Description
NOS National Occupational Standard(s)
NSQF National Skills Qualifications Framework
QP Qualifications Pack
IT-ITeS Information Technology – Information Technology enabled Services
SPD Software Product Development
ERD Engineering and R&D
ITS Information Technology Services
BPM Business Process Management
SSC/N8334 Detect and communicate occurrences of information security threats and risk
5
Overview This unit is about detecting threats and anomalies, employing continuous security monitoring processes, maintaining threat detection processes and performing audits.
National Occupational Standard
SSC/N8334 Detect and communicate occurrences of information security threats and risk
6
Unit Code SSC/N8334 Unit Title (Task)
Detect and communicate occurrences of information security threats and risks
Description This unit is about detecting threats and anomalies, employing continuous security monitoring processes, maintaining threat detection processes and performing audits .
NSQF Level 6 Scope This unit/task covers the following:
• Historical analysis of security threats/ incidents • Vulnerability & threat detection • Security monitoring • Security audits
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Historical analysis of security threats/incidents
To be competent, the user/individual on the job must be able to: PC1. gather information on previous security incidents and how were they
managed by accessing the organization’s knowledge base
Vulnerability & threat detection
PC2. identify and implement automated security assessment tools to perform security assessments of cloud systems
PC3. perform vulnerability testing and risk analysis to identify security threats and vulnerabilities in the cloud solution
PC4. implement security controls to identify security anomalies in line with data security policies, procedures and guidelines
PC5. identify security anomalies and understand their potential impact to the organization
PC6. record, classify and prioritize security incidents using standard templates and tools
PC7. ensure anomalies and incidents related to cloud security are detected in a timely manner
PC8. perform regular review and maintenance of threat detection processes PC9. report security threats and vulnerabilities to relevant stakeholders
Security monitoring
PC10. develop KPIs for monitoring the security incidents and identifying the root cause
PC11. leverage analytics to predict and extrapolate attack trends ahead of their occurrence
Nat
iona
l Occ
upat
iona
l Sta
ndar
d
SSC/N8334 Detect and communicate occurrences of information security threats and risk
7
Security audits
PC12. identify requirements of audit and provide assistance in audit reviews, as required
PC13. liaise with appropriate people to gather data/information required for audits
PC14. carry out required audit tasks using standard tools and following established procedures/guidelines/checklists
PC15. report outcomes of the security audits to appropriate stakeholders
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization and its processes)
The user/individual on the job needs to know and understand:
KA1. organizational policies, procedures and guidelines which relate to maintaining solution security
KA2. organizational policies and procedures for sharing data KA3. organizational policies for documenting and implementing security
procedures KA4. how to collaborate with stakeholders to define and execute security
processes KA5. the range of standard templates and tools available and how to use
them B. Technical Knowledge
The user/individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. how to identify and resolve security vulnerabilities and incidents KB3. common security issues and incidents that may require action and
who to report these to KB4. how to identify and resolve vulnerabilities in systems KB5. how to maintain records of monitoring activities KB6. how to obtain and validate information related to security issues KB7. how to prepare and submit security assessment reports and who to
share these with KB8. how to identify and refer anomalies in data KB9. different types of threat assessment tests KB10. different types of vulnerability assessment tests KB11. different types of security standards and protocols KB12. different types of compliance/regulatory standards KB13. how to conduct security audits KB14. how to define KPIs to monitor security threats KB15. how to create security safeguards to prevent security threats
SSC/N8334 Detect and communicate occurrences of information security threats and risk
8
Skills (S) A. Core / Generic
Skills The user/individual on the job needs to know and understand how to: Reading Skills SA1. follow instructions, guidelines, procedures, rules and service level
agreements Listening and Speaking Skills SA2. ask for clarification and advice from appropriate people SA3. listen effectively and orally communicate accurate information
B. Professional
Skills
The user/individual on the job needs to know and understand how to: Decision Making SA4. follow rule-based decision making processes SA5. make decisions on suitable courses Plan and Organize SA6. plan and organize the work to achieve targets and deadlines Problem Solving SA7. refer anomalies to the supervisor SA8. seek clarification on problems from others Analytical Thinking SA9. analyze data and activities SA10. pass on relevant information to others Critical Thinking SA11. apply balanced judgments to different situations
Attention to Detail SA12. check the work is complete and free from errors Team Working SA13. contribute to the quality of team work
SSC/N8334 Detect and communicate occurrences of information security threats and risk
9
NOS Version Control
NOS Code SSC/N8334
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N8335 Respond to security threats and restore affected capabilities
10
Overview This unit is about responding to security incidents, preventing their expansion and ensuring timely restoration and recovery of affected capabilities.
National Occupational Standard
SSC/N8335 Respond to security threats and restore affected capabilities
11
Unit Code SSC/N8335 Unit Title (Task)
Respond to security threats and restore affected capabilities
Description This unit is about responding to security incidents, preventing their expansion and ensuring timely restoration and recovery of affected capabilities.
NSQF Level 6 Scope This unit/task covers the following:
• Adherence to security policies and standards • Escalation and reporting of security incidents • Recovery & restoration of affected systems
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Adherence to security policies and standards
To be competent, the user/individual on the job must be able to: PC1. plan timely response and wherever applicable automate responses
to detected security threats PC2. execute post-incident processes and procedures in line with security
policies, procedures and guidelines PC3. maintain and update checklist, runbooks and playbooks on security
incidents Escalation and reporting of security incidents
PC4. assign information security incidents promptly to appropriate people for investigation/action
PC5. track progress of investigations into information security incidents PC6. escalate security incidents to appropriate people where progress
does not comply with standards or service level agreements (SLAs) PC7. liaise with stakeholders to gather, validate and provide information
related to information security incidents, where required PC8. report to law enforcement agencies, if required PC9. prepare and submit accurate reports on information security
incidents using standard templates and tools Recovery & restoration of affected systems
PC10. prevent further expansion of the security incident PC11. carry out backups of security devices and applications in line with
security policies, procedures and guidelines, when required PC12. ensure timely restoration of cloud assets and systems affected by
security incidents PC13. update the organization’s knowledge base promptly and accurately
with information security incidents and how they were managed Knowledge and Understanding (K)
A. Organizational The user/individual on the job needs to know and understand:
N
atio
nal O
ccup
atio
nal S
tand
ard
SSC/N8335 Respond to security threats and restore affected capabilities
12
Context (Knowledge of the company/ organization and its processes)
KA1. organizational policies, procedures and guidelines which relate to
maintaining solution security KA2. organizational policies and procedures for sharing data KA3. organizational policies for documenting and implementing security
procedures KA4. how to collaborate with stakeholders to define and execute security
processes KA5. the range of standard templates and tools available and how to use
them B. Technical Knowledge
The user/individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. different stages of incident management and his/her role in relation
to these, including: identify; contain; cleanse; recover; close KB3. how to restore and recover systems after a security incident KB4. how to obtain and validate information related to security issues KB5. how to prepare and submit security reports and who to share these
with KB6. how to identify and refer anomalies in data KB7. different types of threat assessment tests KB8. different types of vulnerability assessment tests KB9. different types of security standards and protocols KB10. different types of compliance/regulatory standards KB11. how to maintain and update checklist, runbooks and playbooks on
security incidents KB12. how to create backup and secure data KB13. different types of security monitoring tools
Skills (S)
Core / Generic Skills
The user/individual on the job needs to know and understand how to: Reading Skills SA1. follow instructions, guidelines, procedures, rules and service level
agreements
Listening and Speaking Skills SA2. ask for clarification and advice from appropriate people SA3. listen effectively and orally communicate accurate information
SSC/N8335 Respond to security threats and restore affected capabilities
13
Professional Skills
The user/individual on the job needs to know and understand how to: Decision Making SA4. follow rule-based decision making processes SA5. make decisions on suitable courses
Plan and Organize SA6. plan and organize the work to achieve targets and deadlines
Problem Solving SA7. refer anomalies to the supervisor SA8. seek clarification on problems from others
Analytical Thinking SA9. analyze data and activities SA10. pass on relevant information to others
Critical Thinking SA11. apply balanced judgments to different situations
Attention to Detail SA12. apply good attention to detail SA13. check the work is complete and free from errors
Team Working SA14. contribute to the quality of team work
SSC/N8335 Respond to security threats and restore affected capabilities
14
NOS Version Control
NOS Code SSC/N8335
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
15
Overview This unit is about ensuring regulatory/compliance standards are implemented across the organization.
National Occupational Standard
SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
16
Unit Code SSC/N8337 Unit Title (Task)
Monitor and maintain regulatory/ compliance standards across the organization
Description This unit is about ensuring regulatory/compliance standards are implemented across the organization.
NSQF Level 6 Scope This unit/task covers the following:
• Monitoring regulatory/compliances using tools • Resolving issues related to non-compliance
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Monitoring regulatory/compliances using tools
To be competent, the individual working on the job must be able to: PC1. identify and implement compatible tools and automated solutions
for monitoring compliance of regulatory standards PC2. monitor the configurations of the infrastructure to ensure that it
adheres to security and regulatory/compliance best practices PC3. ensure that existing compliance related processes and procedures
are being followed, with enough documentary evidence PC4. collect data about cloud services and continuously perform checks
against predetermined security best practices and regulatory/ compliance guidelines
PC5. provide timely feedback related to information security on contracts and agreements to be issued or entered into by the organization
PC6. drive security initiatives in the organization to ensure compliance to security and regulatory standards
Resolving issues related to non-compliance
PC7. undertake corrective actions or implement auto-remediation workflows and security controls to correct cases of non-compliance
PC8. perform an analysis to determine level of risk exposure of the discovered misconfigurations
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization and its
The individual on the job needs to have knowledge of: KA1. organizational policies, procedures and guidelines which relate to
maintaining solution security KA2. organizational policies and procedures for sharing data
N
atio
nal O
ccup
atio
nal S
tand
ard
SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
17
processes) KA3. organizational policies for documenting and implementing security procedures
KA4. how to collaborate with stakeholders to define and execute security processes
KA5. the range of standard templates and tools available and how to use them
B. Technical Knowledge
The individual on the job needs to know and understand: KB1. fundamentals of enterprise security KB2. how to manage security configuration KB3. different types of security standards to check for security threats KB4. different types of regulatory/compliance standards KB5. how to monitor implementation of regulatory/compliance
standards KB6. how to evaluate systems for wrong security configuration KB7. how to automate the security monitoring processes KB8. different types of tools for monitoring compliance/regulatory
standards in the organization
Skills (S) A. Core / Generic Skills The user/individual on the job needs to know and understand how to:
Listening and Speaking Skills SA1. ask for clarification and advice from appropriate people SA2. listen effectively and orally communicate accurate information
Team Working SA3. work independently and collaboratively
Writing Skills SA4. communicate with others in writing
B. Professional Skills Analytical Thinking SA5. analyze architecture related decisions on business and
organization SA6. pass on relevant information to others
Attention to Detail SA7. check the work is complete and free from errors
SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
18
Customer Centricity SA8. work effectively in a customer facing environment
Plan and Organize SA9. plan and organize the work to achieve targets and deadlines
SSC/N8337 Monitor and maintain regulatory/ compliance standards across the organization
19
NOS Version Control
NOS Code SSC/N SSC/N8337 8210 SSC/
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N9005 Develop your knowledge, skills and competence
20
Overview This unit is about taking action to ensure you have the knowledge and skills you need to perform competently in your current job role and to take on new responsibilities, where required. Competence is defined as: the application of knowledge and skills to perform to the standards required.
National Occupational Standard
SSC/N9005 Develop your knowledge, skills and competence
21
Unit Code SSC/N9005 Unit Title (Task)
Develop your knowledge, skills and competence
Description This unit is about taking action to ensure you have the knowledge and skills you need to perform competently in your current job role and to take on new responsibilities, where required. Competence is defined as: the application of knowledge and skills to perform to the standards required.
NSQF Level 6 Scope This unit/task covers the following:
• Develop knowledge • Apply knowledge
Learning and Development Activities Formal education and training programs, leading to certification, non-formal activities (such as private study, learning from colleagues, project work), designed to meet learning and development objectives but without certification Appropriate Action Undertaking further learning and development activities, finding further opportunities to apply your knowledge and skills
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Develop knowledge
To be competent, the individual working on the job must be able to:
PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence
PC2. identify accurately the knowledge and skills you need for your job role PC3. identify accurately your current level of knowledge, skills and
competence and any learning and development needs PC4. agree with appropriate people a plan of learning and development
activities to address your learning needs PC5. undertake learning and development activities in line with your plan
Apply knowledge
PC6. apply your new knowledge and skills in the workplace, under supervision
PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them
N
atio
nal O
ccup
atio
nal S
tand
ard
SSC/N9005 Develop your knowledge, skills and competence
22
PC8. review your knowledge, skills and competence regularly and take appropriate action
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization and its processes)
The individual on the job needs to have knowledge of: KA1. your organization’s procedures and guidelines for developing your
knowledge, skills and competence and your role and responsibilities in relation to this
KA2. the importance of developing your knowledge, skills and competence to you and your organization
KA3. different methods used by your organization to review skills and knowledge including: training need analysis skills need analysis performance appraisals
KA4. how to review your knowledge and skills against your job role using different methods and analysis
KA5. different types of learning and development activities available for your job role and how to access these
KA6. how to produce a plan to address your learning and development needs, who to agree it with and the importance of undertaking the planned activities
KA7. different types of support available to help you plan and undertake learning and development activities and how to access these
KA8. why it is important to maintain records of your learning and development
KA9. methods of obtaining and accepting feedback from appropriate people on your knowledge skills and competence
KA10. how to use feedback to develop in your job role B. Technical Knowledge
The individual on the job needs to know and understand: KB1. the knowledge and skills required in your job role KB2. your current learning and development needs in relation to your job
role KB3. different types of learning styles and methods including those that help
you learn best KB4. the importance of taking responsibility for your own learning and
development KB5. to the importance of learning and practicing new concepts, theory and
how to apply these in the work environment or on samples. KB6. how to explore sample problems and apply solutions KB7. how to use information technology effectively to input and/or extract
data accurately
SSC/N9005 Develop your knowledge, skills and competence
23
KB8. how to agree objectives and work requirements KB9. how to keep up to date with changes, procedures and practices in your
role
Skills (S) A. Core / Generic
Skills The user/individual on the job needs to know and understand how to: Writing Skills SA1. complete accurate well written work with attention to detail Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level
agreements Listening and Speaking Skills SA3. ask for clarification and advice from line managers Decision Making SA4. make decisions on suitable courses Plan and Organize SA5. plan and organize the work to achieve targets and deadlines Customer Centricity SA6. check that own/peers’ work meets customer requirements Problem Solving SA7. refer anomalies to the line manager Analytical Thinking SA8. analyze data and activities Critical Thinking SA9. apply balanced judgments to different situations Attention to Detail SA10. check the work is complete and free from errors SA11. get the work checked by others Team Working
SSC/N9005 Develop your knowledge, skills and competence
24
NOS Version Control
SA12. work effectively in a team environment
NOS Code SSC/N9005
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N9010 Convince others to take appropriate action in different situations
25
Overview This unit is about convincing others to take appropriate action in different situations.
National Occupational Standard
SSC/N9010 Convince others to take appropriate action in different situations
26
Unit Code SSC/N9010 Unit Title (Task)
Convince others to take appropriate action in different situations
Description This unit is about convincing others to take appropriate action in different situations
NSQF Level 6 Scope This unit/task covers the following:
• Define needs • Persuade others
Appropriate People line manager, members of the team / department, members from other teams / departments
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Define needs
To be competent, the individual working on the job must be able to: PC1. gather needs of concerned people PC2. adapt arguments to consider diverse needs
Persuade others
PC3. use small wins as milestones to gain support for ideas PC4. persuade with the help of concrete examples or evidences PC5. take defined steps to reach a consensus on the course of action
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization and its processes)
The individual on the job needs to know and understand: KA1. organizational policies and procedures for persuading people and their
role and responsibilities in relation to this
B. Technical Knowledge
The individual on the job needs to know and understand: KB1. different types of information that people might need and the
importance of providing this information when it is required KB2. different methods of communication and the circumstances in which it
is appropriate to use these
Nat
iona
l Occ
upat
iona
l Sta
ndar
d
SSC/N9010 Convince others to take appropriate action in different situations
27
Skills (S) A. Core / Generic
Skills The user/individual on the job needs to know and understand how to: Listening and Speaking Skills SA1. ask for clarification and advice from appropriate people SA2. listen effectively and orally communicate accurately information
Decision Making SA3. make decisions on suitable courses
Critical Thinking SA4. apply balanced judgments to different situations
SSC/N9010 Convince others to take appropriate action in different situations
28
NOS Version Control
NOS Code SSC/N9010
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N9012 Manage and collaborate with stakeholders for project success
29
Overview This unit is about managing and communicating effectively with stakeholders to ensure that project requirements are met.
National Occupational Standard
SSC/N9012 Manage and collaborate with stakeholders for project success
30
Unit Code SSC/N9012 Unit Title (Task)
Manage and collaborate with stakeholders for project success
Description This unit is about managing and communicating effectively with stakeholders to ensure that project requirements are met.
NSQF Level 6 Scope This unit/task covers the following:
• Define stakeholder requirements • Communicate with stakeholders • Ensure stakeholder satisfaction
Stakeholders
• Internal • External
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Define stakeholder requirements
To be competent, the individual working on the job must be able to:
PC1. identify the larger business and organizational context behind the requirements of the stakeholder
PC2. manage fluctuating stakeholder priorities and expectations PC3. consult stakeholders early in critical organization-wide decisions
Collaborate with stakeholders
PC4. use formal communication methods to collaborate with stakeholders (such as meetings, conference calls, emails etc.)
PC5. keep stakeholders updated on changes in project requirements PC6. define the frequency of communication with all the stakeholders PC7. use suitable tools to represent numbers and pictures to present details
Ensure stakeholder satisfaction
PC8. respond to requests in a timely and accurate manner PC9. take feedbacks from stakeholders regularly PC10. continuously improve work deliverables/service based on stakeholder
feedback PC11. plan deliverables based on stakeholder needs
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization
The individual on the job needs to know and understand: KA1. organizational policies and procedures for working with stakeholders
and their role and responsibilities in relation to this
Nat
iona
l Occ
upat
iona
l Sta
ndar
d
SSC/N9012 Manage and collaborate with stakeholders for project success
31
and its processes)
B. Technical Knowledge
The individual on the job needs to know and understand: KB1. the importance of effective communication and establishing good
working relationships with relevant stakeholders KB2. different methods of communication and the circumstances in which it
is appropriate to use these KB3. different types of information that stakeholders might need and the
importance of providing this information when it is required
Skills (S) A. Core / Generic
Skills The user/individual on the job needs to know and understand how to: Writing Skills SA1. communicate effectively with stakeholders in writing Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level
agreements Customer Centricity SA3. check that own/peers’ work meets customer requirements SA4. deliver consistent and reliable service to customers Critical Thinking SA5. apply balanced judgments to different situations
SSC/N9012 Manage and collaborate with stakeholders for project success
32
NOS Version Control
NOS Code SSC/N9012
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
33
Overview This unit is about adopting a positive attitude towards work while following organizational code of conduct.
National Occupational Standard
SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
34
Unit Code SSC/N9013 Unit Title (Task)
Inculcate strong work ethic in line with organizational code of conduct
Description This unit is about adopting a positive attitude towards work while following organizational code of conduct.
NSQF Level 5 Scope This unit/task covers the following:
• Code of Conduct • Work Ethic
Performance Criteria (PC) w.r.t. the Scope Element Performance Criteria Code of Conduct
To be competent, the user/individual on the job must be able to: PC1. treat your colleagues with respect PC2. work in line with your company's guidelines and policies PC3. follow dress code as defined by the organization PC4. do not disclose company's confidential data outside the organization PC5. be sensitive and respectful to other cultures in your workspace PC6. refrain from using your position in the organization to gain personal
benefits PC7. utilize company's resources efficiently PC8. refrain from getting into a conflict of interest scenario PC9. adopt meritocratic approaches towards work and refrain from
nepotism or favouritism PC10. treat fellow colleagues equally PC11. keep your immediate area clean and tidy
Work Ethic
PC12. utilize your time efficiently PC13. take ownership for the activities assigned to you PC14. adapt to changes in work plans and be flexible without compromising
on delivery quality PC15. assess the broader picture while performing the activities assigned to
you PC16. meet deadlines without giving up quality PC17. consistently report on time to work PC18. analyze and review your work on a regular basis to increase your
performance PC19. be cooperative with other employees PC20. prudently take risks where required
Nat
iona
l Occ
upat
iona
l Sta
ndar
d
SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
35
PC21. have an open mindset to new ideas from others
Knowledge and Understanding (K) A. Organizational
Context (Knowledge of the company/ organization and its processes)
The user/individual on the job needs to know and understand: KA1. knowledge of companies policies and internal regulations KA2. knowledge of local issues where the organization is based in KA3. knowledge of the external environment of the organization, including
geopolitical and industry issues KA4. awareness of organizational culture
B. Technical Knowledge
KB1. how to identify and refer anomalies in data KB2. how to help reach agreements with colleagues KB3. how to keep up to date with changes, procedures and practices in your
role
Skills (S)
A. Core / Generic Skills
The user/individual on the job needs to know and understand how to: Writing Skills SA1. complete accurate well written work with attention to detail
Reading Skills SA2. follow instructions, guidelines, procedures, rules and service level
agreements
Listening and Speaking Skills SA3. listen effectively and orally communicate accurate information
Decision Making SA4. make decisions on suitable courses
Plan and Organize SA5. plan and organize the work to meet health, safety and security
requirements
Customer Centricity SA6. build and maintain positive and effective relationships with customers
Problem Solving SA7. apply problem solving approaches in different situations
SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
36
Analytical Thinking SA8. analyze data and activities
Critical Thinking SA9. apply balanced judgments to different situations
Attention to Detail SA10. check the work is complete and free from errors SA11. get the work checked by others
Team Working SA12. work effectively in a team environment
SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
37
NOS Version Control
NOS Code SSC/N9013
Credits (NSQF) TBD Version number 1.0 Industry IT-ITeS Drafted on 11/04/2019 Industry Sub-sector Future Skills Last reviewed on 29/05/2019
Occupation Cloud Computing Next review date 31/12/2020
38
Annexure
Nomenclature for QP and NOS
Qualifications Pack
SSC/ Q 0101
National Occupational Standard
SSC/ N 0101
Q denoting Qualifications Pack Occupation (2 numbers)
QP number (2 numbers)
9 characters
N denoting National Occupational Standard Occupation (2 numbers)
NOS number (2 numbers)
9 characters
Back to top…
SSC denoting Software & Services Companies (IT-ITeS industry)
SSC denoting Software & Services Companies (IT-ITeS industry)
Qualifications Pack For Cloud Security Analyst
39
The following acronyms/codes have been used in the nomenclature above:
Sequence Description Example
Three letters Industry name (Software & Services Companies)
SSC
Slash / /
Next letter Whether QP or NOS N
Next two numbers Occupation code 01
Next two numbers OS number 01
Qualifications Pack For Cloud Security Analyst
40
Criteria For Assessment Of Trainees Job Role Cloud Security Analyst
Qualification Pack SSC/Q8309
Sector Skill Council IT-ITeS Guidelines for Assessment 1. Criteria for assessment for each Qualification Pack will be created by the Sector Skill Council. Each Performance Criteria (PC) will be assigned marks proportional to its importance in NOS. SSC will also lay down proportion of marks for Theory and Skills Practical for each PC. 2. The assessment for the theory part will be based on knowledge bank of questions created by the SSC. 3. Assessment will be conducted for all compulsory NOS, and where applicable, on the selected elective/option NOS/set of NOS. 4. Individual assessment agencies will create unique question papers for theory part for each candidate at each examination/training center (as per assessment criteria below). 5. Individual assessment agencies will create unique evaluations for skill practical for every student at each examination/training center based on this criterion. 6. To pass a QP, a trainee should score an average of 70% across generic NOS’ and a minimum of 70% for each technical NOS 7. In case of unsuccessful completion, the trainee may seek reassessment on the Qualification Pack.
Compulsory NOS Marks Allocation
Total Marks: 700
Assessment outcomes Assessment Criteria for outcomes Total Marks Out Of Theory Skills
Practical
1. SSC/N8334 Detect and communicate occurrences of security threats and risks to cloud assets
PC1. gather information on previous security incidents and how were they managed by accessing the organization’s knowledge base
100
8 2 6
PC2. identify and implement automated security assessment tools to perform security assessments of cloud systems
8 2 6
PC3. perform vulnerability testing and risk analysis to identify security threats and vulnerabilities in the cloud solution
8 2 6
PC4. implement security controls to identify security anomalies in line with data security policies, procedures and guidelines
5 1 4
PC5. identify security anomalies and understand their potential impact to the organization
8 2 6
Qualifications Pack For Cloud Security Analyst
41
PC6. record, classify and prioritize security incidents using standard templates and tools
8 3 5
PC7. ensure anomalies and incidents related to cloud security are detected in a timely manner
8 3 5
PC8. perform regular review and maintenance of threat detection processes
8 3 5
PC9. report security threats and vulnerabilities to relevant stakeholders
5 1 4
PC10. develop KPIs for monitoring the security incidents and identifying the root cause
8 3 5
PC11. leverage analytics to predict and extrapolate attack trends ahead of their occurrence
6 1 5
PC12. identify requirements of audit and provide assistance in audit reviews, as required
5 1 4
PC13. liaise with appropriate people to gather data/information required for audits
5 1 4
PC14. carry out required audit tasks using standard tools and following established procedures/guidelines/checklists
5 1 4
PC15. report outcomes of the security audits to appropriate stakeholders 5 1 4
Total 100 27 73 2. SSC/N8335 Respond to security threats and restore affected capabilities
PC1. plan timely response and wherever applicable automate responses to detected security threats
100
9 3 6
PC2. execute post-incident processes and procedures in line with security policies, procedures and guidelines
6 2 4
PC3. maintain and update checklist, runbooks and playbooks on security incidents
9 3 6
PC4. assign information security incidents promptly to appropriate people for investigation/action
6 2 4
PC5. track progress of investigations into information security incidents
6 2 4
PC6. escalate security incidents to appropriate people where progress does not comply with standards or service level agreements (SLAs)
6 2 4
PC7. liaise with stakeholders to gather, validate and provide information
6 2 4
Qualifications Pack For Cloud Security Analyst
42
related to information security incidents, where required
PC8. report to law enforcement agencies, if required
9 3 6
PC9. prepare and submit accurate reports on information security incidents using standard templates and tools
8 3 5
PC10. prevent further expansion of the security incident
9 2 7
PC11. carry out backups of security devices and applications in line with security policies, procedures and guidelines, when required
9 2 7
PC12. ensure timely restoration of cloud assets and systems affected by security incidents
8 3 5
PC13. update the organization’s knowledge base promptly and accurately with information security incidents and how they were managed
9 2 7
Total 100 31 69 3. SSC/N8337 Continuously monitor and maintain regulatory/ compliance standards across the organization
PC1. identify and implement compatible tools and automated solutions for monitoring compliance of regulatory standards
100
12 4 8
PC2. monitor the configurations of the infrastructure to ensure that it adheres to security and regulatory/compliance best practices
20 6 14
PC3. ensure that existing compliance related processes and procedures are being followed, with enough documentary evidence
20 6 14
PC4. collect data about cloud services and continuously perform checks against predetermined security best practices and regulatory/ compliance guidelines
20 6 14
PC5. provide timely feedback related to information security on contracts and agreements to be issued or entered into by the organization
4 1 3
PC6. drive security initiatives in the organization to ensure compliance to security and regulatory standards
4 1 3
PC7. undertake corrective actions or implement auto-remediation workflows and security controls to correct cases of non-compliance
10 3 7
Qualifications Pack For Cloud Security Analyst
43
PC8. perform an analysis to determine level of risk exposure of the discovered misconfigurations
10 3 7
Total 100 30 70 4. SSC/N9005 Develop your knowledge, skills and competence
PC1. obtain advice and guidance from appropriate people to develop your knowledge, skills and competence
10 0 10
PC2. identify accurately the knowledge and skills you need for your job role
10 0 10
PC3. identify accurately your current level of knowledge, skills and competence and any learning and development needs
20 10 10
PC4. agree with appropriate people a plan of learning and development activities to address your learning needs
10 0 10
PC5. undertake learning and development activities in line with your plan
100
20 10 10
PC6. apply your new knowledge and skills in the workplace, under supervision
10 0 10
PC7. obtain feedback from appropriate people on your knowledge and skills and how effectively you apply them
10 0 10
PC8. review your knowledge, skills and competence regularly and take appropriate action
10 0 10
Total 100 20 80 5. SSC/N9010 Convince others to take appropriate action in different situations
PC1. gather needs of concerned people
100
10 0 10
PC2. adapt arguments to consider diverse needs
15 0 15
PC3. use small wins as milestones to gain support for ideas
25 10 15
PC4. persuade with the help of concrete examples or evidences
25 10 15
PC5. take defined steps to reach a consensus on the course of action
25 10 15
Total 100 30 70 6. SSC/N9012 Manage and collaborate with stakeholders for project success
PC1. identify the larger business and organizational context behind the requirements of the stakeholder
100
10 3 7
PC2. manage fluctuating stakeholder priorities and expectations
5 1 4
Qualifications Pack For Cloud Security Analyst
44
PC3. consult stakeholders early in critical organization-wide decisions
10 3 7
PC4. use formal communication methods to collaborate with stakeholders (such as meetings, conference calls, emails etc.)
5 1 4
PC5. keep stakeholders updated on changes in project requirements
10 3 7
PC6. define the frequency of communication with all the stakeholders
10 3 7
PC7. use suitable tools to represent numbers and pictures to present details
10 3 7
PC8. respond to requests in a timely and accurate manner
10 3 7
PC9. take feedbacks from stakeholders regularly
5 1 4
PC10. continuously improve work deliverables/service based on stakeholder feedback
15 5 10
PC11. plan deliverables based on stakeholder needs
10 3 7
Total 100 29 71 7. SSC/N9013 Inculcate strong work ethic in line with organizational code of conduct
PC1. treat your colleagues with respect
100
1 1 0
PC2. work in line with your company's guidelines and policies
1 1 0
PC3. follow dress code as defined by the organization
1 1 0
PC4. do not disclose company's confidential data outside the organization
10 3 7
PC5. be sensitive and respectful to other cultures in your workspace
10 3 7
PC6. refrain from using your position in the organization to gain personal benefits
1 1 0
PC7. utilize company's resources efficiently
10 3 7
PC8. refrain from getting into a conflict of interest scenario
1 1 0
PC9. adopt meritocratic approaches towards work and refrain from nepotism or favouritism
5 1 4
PC10. treat fellow colleagues equally 10 3 7
PC11 keep your immediate area clean and tidy
1 1 0
PC12. utilize your time efficiently 10 3 7
Qualifications Pack For Cloud Security Analyst
45
PC13. take ownership for the activities assigned to you
10 3 7
PC14. adapt to changes in work plans and be flexible without compromising on delivery quality
5 1 4
PC15. assess the broader picture while performing the activities assigned to you
1 1 0
PC16. meet deadlines without giving up quality
5 1 4
PC17. consistently report on time to work
5 1 4
PC18. analyze and review your work on a regular basis to increase your performance
1 1 0
PC19. be cooperative with other employees
10 3 7
PC20. prudently take risks where required
1 0 1
PC21. have an open mindset to new ideas from others
1 0 1
Total 100 33 67