Information Technology Security Specialist

ahemcurrentΔίκτυα και Επικοινωνίες

21 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

129 εμφανίσεις


I T

SECURI TY

SPECI ALI ST















Page
1

of
8



DRAFT
I.
DESCRIPTION OF WORK


Positions in this banded class
plan, coordinate, and implement security measures
to protect
information
and information processing assets
. They
design and implement network control mechanisms to control access to computer netwo
rks
; manage vulnerabilities within the information
processi
ng infrastructure; manage threats and incidents impacting information resources; assure through policy the appropriate use of

information
resources; and educate users on their information security and privacy responsibilities.

They also implement applicat
ion access control
s

such as
password authentication

that
grant access to only
unauthorized users. They
employ the appropriate intrusion detection and prevention tools and
procedures to detect and prevent
against hackers, worms and other malware.

They may

be responsible for planning, developing, and managing
the p
hysical and
e
nvironmental
s
ecurity
required to

address the threats, vulnerabilities, and counter measures
required

to protect information assets
and the premises in which they reside.
Employees ar
e responsible for the strategic and tactical development and implementation of their
IT

risk
management, business continuity planning and disaster recovery plans

and with the collaboration of the agency’s/university’s departments in
implementation of depar
tmental plans Employees
may be responsible for developing
information
security
policies,
standards, best practices and
ensuring that

state and

federal information security

requirements are

implemented.


II.
ROLE D
ESCRIPTIONS BY COMPE
TENCY LEVEL

Contributing

Journey

Advanced




Page
2

of
8



Positions at this level scan networks and
systems
for their level of vulnerability to
threats.
They
also have to be involved in
identifying any emerging vulnerabilities of the
system. They will
produce reports for
management to identify potential risks.
Positions may meet with systems
administrators to identify security patches
available to minimize vulnerabilities and risks.
Positions at this level may serve as identify
management/password aut
hentication
administrators to control users access to
systems. They monitor reports of computer
viruses to determine when to update virus
protection systems.
Position communicates
procedures and one
-
time passwords to users
of the systems. This usually e
ntails keeping
up
-
to
-
date lists of users as well as helping
employees who have forgotten passwords
or
accidentally violated security procedures.
Positions may serve as disaster recovery
analysts who advise on the development,
documentation and maintena
nce of disaster
recovery plans. Work on information security
training and awareness campaigns. Evaluate
new threats and communicate to agency or
institution. Review risk assessments. Support
cyber incident response.

.


Positions at this level
may design, develop,
and maintain security regulations, procedures
and department wide rules for moderately
complex agencies or universities. They
analyze information obtained from intrusion
detection
and prevention
systems and work
with advanced security
protocols and
standards including recommended blocks to
apply.. They will evaluate and develop
approaches to security solutions. Position
proactively assesses potential items of risk
and opportunities of vulnerabilities in the
network. They may research

and help develop
security practices
. They analyze traffic trends
and systems logs and propose security policy
changes. Positions may also serve as disaster
recovery analysts who establish disaster
recovery programs and business continuity
planning acros
s multiple platforms. Create
request for proposal (RFP) and help evaluate
responses of RFP for information security
projects. Review new projects
, systems and
applications for

compliance to statewide or
institution policies. Create and maintain the
agen
cy or institution’s security training and
awareness effort. Create and conduct risk
,
system and application

assessments. Create
and maintain cyber security incident response
plan.

Positions at this level
establish security
enterprise regulations and proce
dures based
on federal and state laws and mandates. They
design and manage
security systems and
architectures

for possible enterprise
-
wide
implementation

(statewide or large complex
universities/agencies) that protect federally
mandated information such a
s tax records,
health information,

research data,

state
security records or student educational
records
.
They design security systems for
organizations with complex network systems,
major databases
, emerging technologies,

or
systems with
known
vulnerabilit
ies. Positions
may be
responsible for establishing and
maintaining an enterprise
-
wide information risk
management program to ensure that
information assets are adequately protected.
They will act as an advisor to the enterprise's
business units and should

have an
understanding of the latest security threats,
trends, technologies
, and regulatory
requirements
.

Some positions at this level
may serve as forensic experts
to recover
information from computers and data storage
devices. They often work alongside
law
enforcement officers helping to solve cyber
crimes or find electronic evidence of other
kinds of crime using forensic tools and
investigative methods to find specific electronic
data, including Internet use history, word
processing documents, images an
d other files.
They also transfer the evidence into a format
that can be used for legal purposes (i.e.
criminal trials) and often testify in court
themselves.
Serve as cyber incident response
leader.





Page
3

of
8



III. COMPETENCIES

Competency

Definition

Knowledge

-

Technical

K
nowledge

of

computers and related information technology services

and the ability to keep up with
current developments and trends in areas of expertise.

Technical Solution Development

Ability to demonstrate a methodical and logical
approach to addressing customer needs. Ability to
use innovative solutions and/or designs where appropriate.

Technical Support

Ability to understand internal/external customer technologies and problem resolution techniques.
Ability to communicate
effectively with customers. Ability to listen to symptom descriptions; to
analyze problems; to respond effectively and to provide constructive feedback to the client on
problem resolution.

Consulting/Advising

Ability to provide advice and counsel. Abili
ty to understand client programs, organization and culture.

Knowledge
-

Professional

Possession of a designated level of professional skill and/or knowledge in specific area(s) and to
keep current with developments and

trends in area(s) of expertise,
usually acquired through post
-
secondary education.



Note:
N
ot all competencies appl
y to every position/employee; e
valuate only those that apply. Competency
statements are progressive.






Page
4

of
8



IV. COMPETENCY STATEMENTS BY LEVEL

Knowledge



Technical

K
nowledge

of

computers and related information technology services

and the ability to keep up with current developments and trends in areas of
expertise.

Contributing

Journey

Advanced


Knowledge

in system technology security
testing (vulnerability scanning and penetration
testing)

Proficient use of various tools and
techniques, including risk, business impact,
control and vulnerability assessments, used to
identify business needs and determine c
ontrol
requirements

Knowledge of network infrastructure,
including routers, switches, firewalls and
associated network protocols and concepts

Understand the basic tenets (CIA) of security:

c
onfidentiality
,
i
ntegrity

and
a
vailability

Considerable knowledg
e of computer
equipment

and security software
.

Knowledge of
security
access control

techniques



Thorough u
nderstand
ing of the

basic tenets
(CIA) of security

in complex environments
:

Confidentiality


mr潴散ti湧 摡ta fr潭
畮慵t桯riz敤 慣捥獳

f湴敧rity


b湳nrin朠g桥
摡t愠楳⁡猠it w慳a 獨s畬搠扥d(i.攮 畮捨cng敤)

慮搠
Av慩l慢ility


b湳nri湧 獹獴敭eI 摡ta 慮搠
湥tw潲os 慲a 異 慮d r敤畮摡湴nw桥r攠湥敤敤
(i.攮 扡ck異s)
.

a整慩l敤 畮摥r獴慮摩n朠gf

IT controls
available to enforce the CIA tenets

Detailed
understanding of system technology
security testing (vulnerability scanning,
sensitive data scanning, and penetration
testing

Understanding of c
ryptography
: Understands
basic principles of Public Key Infrastructure
,
k
now
s

the importance of protecting passwords
with encryption and salt

and has the a
bility to
recognize and verify self
-
signed certificates
.

Substantial knowledge to perform information
security, application security, information
systems, physical security and n
etwork
security assessments.


Excellent technical knowledge of mainstream
operating systems (for example, Microsoft
Windows and
AIX UNIX
) and a wide range of
security technologies, such as network
security appliances, identity and access
management syst
ems,
cryptography,
anti
-
malware solutions, automated policy
compliance and desktop security tools
.

Substantial knowledge

in developing,
documenting and maintaining security policies,
processes, procedures and standards
.


Substantial knowledge in strategic
planning,
implementation and maintenance of
information security programs.

Detailed understanding of technical issues to
design architecture for new or emerging
technologies.

Detailed understanding of technical,
substantive, and methodological issues and
theories to direct technical staff.

S
ubstantial knowledge of other work
specialties
.


Technical Solution Development


Ability to demonstrate a methodical and logical approach to addressing customer needs. Ability to use innovative solutions an
d/or
designs where
appropriate.

Contributing

Journey

Advanced




Page
5

of
8



Understand the IT controls available to
enforce the CIA tenets

of a
uthentication &
a
uthorization
: p
rinciple of
l
east
p
rivilege

and
p
assword constructs and controls

Knowledge of network/systems
controls,
patching and migration of vulnerabilities.
logging and data backups

Ability to
determine and provide users
access/accounts with only privileges needed to
complete their assigned tasks.

Ability to a
ppl
y

standard and nonstandard
technology applicat
ions
,

and
to
explore and
adapt changing technologies.

Ability to apply
judgment
independently
to
technical work assignments to achieve desired
outcomes.


Ability to
understand the

available
methodologies of
authentication &
a
uthorization

and which is appropriate in
particular settings.

Thorough knowledge of
federated m
odels
,
local s
ystem
s,
enterprise d
irec
tory s
ervices
,
and
Third
-
party API’s

Extensive knowledge of the p
rinciple of
l
east
p
rivilege

and the ability to recognize and report
wh
en a user’s privilege exceeds what is
needed to
complete their work.

Ability to design password con
s
tructs and
control policies determining the complexity
requirements based on regulatory laws, the
change intervals times needed and r
ecovery
methodologies

A
bility to i
nvestigate, research and implement
new technologies in
security issues and new
innovations.

Ability to p
rovide technical leadership on
complex projects.

A
bility to integrate knowledge
of other work
specialties to

achieve solutions to problems of
high complexity.

Ability to

secure

highly complex information
technology systems.

Ability to r
ecommend information technology
security
and privacy
solutions
to address
complex and emerging information security and
pr
ivacy issuesAbility to plan, implement and
maintain strategic information security program
inclusive of information security policies,
regulations, standards and procedures.

Where patching of vulnerabilities can not

be
applied, must be able to develop migration
control to protect IT asset.


Technical Support


Ability to understand internal/external customer technologies and problem resolution techniques. Ability to communicate effec
tively with customers.
Ability to

listen to symptom descriptions; to analyze problems; to respond effectively and to provide constructive feedback to the clien
t on problem
resolution.

Contributing

Journey

Advanced

Ability to r
ecognize security incidents and
report them to the
appropriate

security
management

Assist the
higher level
security
offic
e
r
s

with
incident response by

p
roviding logs
, r
emoving
the system from the network
, and p
roviding
expertise on the specifics of the system
.


Ability to detect vulnerabilities that may have
occurred

as a result of misconfiguration.

Ability to maintain logs for expected
timeframe under state record retention
rules.

Ability to ensure backups of data and
Ability to serve

as a technical resource in
solving
security
problems of high complexity.

Ability to recognize and e
liminate unneeded
processes from systems that may expose the
system to undue risk

Understands
that only

the network ports
needed for the system to fulfill its desired
function should be open
.

Extensive understanding of logging systems
in order to ensure systems are configured to
log appropriate security events.

Strong understanding of the restore process
Proficiency in forensic response and reverse
engineering.

Insightfulness to discover the latest exploit
meth
odologies.

Ability to d
evelop solutions that impact
multiple customers/applications or are used at
the enterprise level
.


Ability to work with n
etwork/system controls
by understanding network architecture tiers
and incorporate these principles into
proposed
system designs

Able to leverage monitoring services to



Page
6

of
8



systems are
performed

on a routine schedule.

in order to test the usability of the backup
including application testing using the
restored
data.

Ability to research and develop the proper
backup media and storage security protections
as dictated by the type of data contained.

detect potential security threats and incidents.


Ability to provide information security
solutions to reduce information security and
privacy risks.

Ability to provide security best practice
recommendations as required by federal and
s
tate regulatory requirements.


Consulting/Advising


Ability to provide advice and counsel. Ability to understand client programs, organization and culture.

Contributing

Journey

Advanced

Ability to work with teams to
prioritize

security
needs and to effectively get
cooperation

from
IT professionals to get those security controls
in place.

Strong conflict management skills in order to
work with senior management to ensure
security and data
protection rules and
regulations are in place on protected private
information (PPI).

Knowledge of
the
security

industry and
regulations
that have an impact on the
customer's business

and data protection
issues

and the ability to provide appropriate
soluti
on set to address the business needs
.

Ability to c
onsult with senior level decision
-
makers, on an on
-
going basis, to develop long
-
range strategic
security
alternatives.

Ability to build

client support of ITS
objectives.

Ability to work with agency and uni
versity
security personnel to develop appropriate risk
migration policies.

Ability to consult with legal, risk management,
audit, compliance and external entities on
information security issues.

A
bility to advise security personnel and
senior level manage
ment on best practices of
business continuity and disaster recovery
planning.

Knowledge of best
security
practices of
business continuity planning and risk
m
anagement

needed to consult with senior
level management and IT specialists in
ensuring their agency/university’s business
h湯wl敤g攠ef
t桥
fT 獥s畲楴u
m慲步k 慮搠
i湤畳瑲y

慮搠f敤敲慬 慮d 獴慴a reg畬慴楯湳

t桡t
桡v攠慮eim灡捴 潮 t桥 獴慴攧s t散en潬潧i捡c
扵獩湥獳s

A扩lity t漠
pr潶i摥
獥捵rity
數灥rti獥⁡湤
捯c獵sti湧 to 捯mmitt敥sI 扯ar摳⁡湤 l潷敲e
l敶el

t散e湩捡c 慮慬y獴/獰散e慬i獴 潮 愠
reg畬慲
扡獩献

A扩lity t漠汥慤 inform慴楯渠獥捵nity
捯浭itt敥s 慮搠dr潶i摥 獴rategi挠摩r散ti潮 潮
m慪or inform慴楯渠獥捵rity i湩ti
a
t
i
v敳e

A扩lity t漠or潶i摥 g畩摡湣攠eo l敧慬I ris欠
m慮ag敭敮tI 慵摩tI 捯m灬i慮捥Ⱐ慮搠數t敲湡e
敮titi敳e t桥 r敳eluti潮 of i
nformati潮
獥捵rity i獳略献

mr潶i摥 r敳e畲捥 慳獩獴a湣n i渠n桥
im灬敭敮eati潮 of 獥捵rity
扥獴 灲p捴i捥c
for
扵獩湥獳s捯cti湵ity 灬慮湩湧
I

ris欠
m慮agem敮t
慮搠摩獡獴sr 灬慮湩湧

t漠
獥si潲ol敶敬
m慮ag敭敮t 慮d fT 獰s捩慬i獴猠
to 慳獩獴
agency/university’s

摥d
敬潰m敮t 慮搠
m慩湴

慮捥 of 慰灲潰ri慴攠

扵獩湥獳s
捯cti湵ity
I ris欠m慮agem敮t

慮d 摩獡獴sr
灬慮s
.


A扩lity t漠摥獩g渠楮f潲m慴a潮 獥捵rity



Page
7

of
8



continuity and disaster plans are in place.

Ability to
develop
and deliver

information
security and awareness training to

users.

awareness training programs.



Knowledge
-

Professional


Possession of a designated level of professional skill and/or knowledge in specific area(s) and to keep current with developm
ents and trends in
area(s) of expertise, usually acquired through post
-
secondary education.

Contributing

Journey

Advanced

Holds and maintains basic security
certifications, such as
Security + (where
applicable)

or
National Security Agency


fnformati潮 A獳敳sm敮t M整桯摯l潧i敳
NpA
-
fAM)


e潬摳⁡湤慩nt慩湳nm潲攠捯e灬數
捥牴ifi捡ti潮猠獵捨 慳
pANp dl潢慬 fnf潲m慴楯n
A獳畲慮捥

Certifi捡ti潮猠(lr pimil慲


數.
C慲湥aie
-
M敬l潮 CboT)

p散erity b獳敮ti慬猠
C敲eifi捡瑩cn (dpbC)

fnf潲oati潮 py獴敭
p散erity C敲eifi捡ti潮 Co湳nrti畭 (fpC)2
; or
py獴敭猠p散erity C敲eifi敤 mr慣titi潮敲e(ppCm)


C敲eifi敤 fnformati潮 py獴敭 A畤it潲 (CfpA)

e
潬摳⁡湤慩nt慩湳⁴桥 m潳o 捯m灬數 慮搠
摩ffi捵ct 捥rti

捡ti潮猠慶慩l慢l攠楮 fT 獥捵rity
獵捨 慳:




S灥捩慬iz敤 SANS Gl潢慬 Informati潮
A獳畲慮捥⁃srtifi捡ti潮猠扡獥s 潮 fi敬d of
w潲o


C敲eifi敤 I湣n摥湴 H慮摬敲


C敲eifi敤 I湴r畳u潮 A湡ly獴


P敮整e慴楯n Te
獴er/We戠A灰li捡瑩c渠
P敮整e慴楯n T敳瑥r


C敲eifi敤 䙯r敮獩挠A湡ly獴/E慭楮敲



Informati潮 Sy獴敭 S散畲楴u C敲eifi捡ti潮
C潮獯牴i畭 (ISC)2


C敲eifi敤 Informati潮 Sy獴敭e S散erity
Prof敳獩潮慬 (CISSP)



V敮摯r 慮搠G潶敲em敮t C敲eifi捡ti潮s


S敩z敤 C潭灵o敲e
Evi摥湣n R散ev敲e
S灥捩慬i獴 (䙥摥r慬 䱡w E湦or捥m敮t
Tr慩湩ng C敮t敲)


E湃慳a C敲eifi敤 E慭楮敲e
C敲eifi捡瑩cn (E湃E)


A捣敳獄慴愠Certifi敤 E慭楮敲e(ACE)




Page
8

of
8




Certified Ethical Hacker (CEH)



Certified Information Security
Manager (CISM)