FSU - Analysis JobTask Analysis

8/8/2019 FSU - Analysis JobTask Analysis

1/19

JOB TASK ANALYSIS

Document Number: ISD57

Page 1 of 19 Confidential Internal Use Only Version 1.0

XYZ Company

Job / Task Analysis:

Information Assurance Specialist

Creation Date: 19 October 2009Last Update: 27 October 2009

Participant:

Travis [email protected]

Introduction to Instructional SystemsEME5601

Professor Keller

This document is the work of ABC IDS Contractors of Surrey, U.K.,

and is the sole property of XYZ Company of London, U.K.


2/19

JOB TASK ANALYSIS



Table of Contents

1.0 Introduction ..................................................................................... .................................................. 3

1.1 Background ....................................................................................... ............................................. 31.2 Setting ........................................................................................................................................... 4

1.1.1 Department Structure ............................................................................................................. 4

1.1.2 Statements of Commitment .................................................................................................... 4

2.0 Procedure .......................................................................................................................................... 6

2.1 Preparation ...................................................................................... .............................................. 6

2.2 Interviews and Observations ........................................................................................................ 10

2.3 Analysis ........................................................................................................................................ 10

3.0 Results of Job / Task Analysis ........................................................................................................... 11

3.1 Description of job position (in brief) ............................................................................................. 11

3.2 Task Listing................................................................................................................................... 12

3.3 Requisite Skills and Knowledge ..................................................................................................... 15

3.4 Requisite Qualifications ................................................................................................................ 17

3.5 Summary Finding ......................................................................................................................... 17

Appendix 1 ............................................................................................................................................ 18


3/19

JOB TASK ANALYSIS



1.0 Introduction

1.1 Background

This document outlines a Job / Task Analysis performed for XYZ Company of London, UK. This analysis

has been performed on the Information Assurance Specialist (IA Specialists) position within the

Information Security Department (IS). The analysis was conduct on location at XYZ Companys

headquarters located at: 8596 Tally Road, London, UK SW1P 1AE.

There are currently three occupied Information Assurance Specialist positions within the Information

Security Department.

y John Locke, IA SPECIALIST

y Cathy Booker, IA SPECIALIST

y

Terry Chatworth, IA SPECIALIST

The immediate supervisor to all three IA Specialist employees is the Information Systems Security

Officer (ISSO).

y Kevin Tanner, ISSO

The three Information Assurance Specialists were interviewed and observed during the week of 12

October 2009. The ISSO was interviewed on 16 October 2009. This document represents an analysis of

the results of the four interviews and three observations, and it defines and classifies the major

functions, duties, and tasks the IA Specialists perform. In addition, the analysis was performed to

determine if reclassification of the position and its duties is necessary.

Note: Please see Chart 1 on the next page (p.4) for an organizational chart identifying the present

positioning of the IA Specialist position.

XYZ Company is in the process of developing an Information Security Program to provide a foundational

security direction for the company. Established in 1985, XYZ Company is a highly respected international

leader within the financial services industry. The company has a strong and well-developed customer

base that expects high-quality secure financial services with. A well-developed and maintained security

program will ensure that XYZ Company is successful in providing a foundation from which to build its

security infrastructure and maintain the security that its customers expect. In the process of developing

the Information Security Program it was determined that a job / task analysis was required to define and

classify the major functions, duties, and tasks of the IA Specialist position, and identify whether

reclassification of the position and its duties is necessary.

Note: Please see Appendix 1 for a current (as of 20 October 2009) job description of the Information

Assurance Specialist position.


4/19

JOB TASK ANALYSIS



1.2 Setting

1.1.1 Department Structure

The Information Security (IS) Department is composed of four personnel. The Information Systems

Security Officer is the head of IS Department and reports to the Chief Executive Officer. The ISSO

oversees a total of three personnel. These three personal all go by the same title, Information Assurance

Specialist. The Information Assurance Specialists report directly to the ISSO, and work closely with

leaders from each business department.

Chart 1: Organizational chart identifying present positioning of the ISA position.

1.1.2 Statements of Commitment

The Information Security Department of XYZ Company is dedicated to maintaining the confidentiality,

integrity, and availability of corporate assets and customer information. This is accomplished in-line with

the companys Statements of Commitment. The following guiding principles reflect the commitments ofXY Company employees to all of the companys stakeholders (customers, suppliers, employees,

shareholders, governments and society).


5/19

JOB TASK ANALYSIS



Vision Statement (Global)

XYZ Companys vision is to maintain its competitive advantage in the domestic and international

financial services industry by providing secure, valuable, and high quality services with expert employee

knowledge to our customers when they want them and where they want them.

Quality Statement (Global)

XYZ Company understands the value of continuous improvement. Our unwavering focus and steadfast

passion is to provide the highest quality customer service and financial products while consistently

exceed customer expectations. Our employees are committed to understanding and meeting customers'

evolving needs, and our company and service offerings are able to adapt quickly to changing

environments and competitive pressures.

Mission Statement (Global)

XYZ Companys mission is to serve consumers and institutions with its well-established and uniquefinancial products and services.

Technology Statement (IS Department Specific)

XYZ Companys use of technology is vital to its continued success. The technology mission of XYZ

Companys security department is to maintain the confidentiality, integrity, and availability of

information assets and systems while delivering high quality, timely, and effective responses to

customer requirements (both internal and external) through technology and connectivity.


6/19

JOB TASK ANALYSIS



2.0 Procedure

The procedure utilized in this Job / Task Analysis follows from preparation to interviewing to analysis.

2.1 Preparation

1) Collect Information:

a) Corporate-wide

i) Statements of Commitment

ii) Business goals

iii) Organizational structure

b) Departmental (Information Security Department)

i) Statements of Commitment

ii) Business goalsiii) Organizational structure

c) Position under analysis (Information Assurance Specialist)

i) Job description on file (current and past)

ii) Expectations from supervisors

iii) Entry qualifications

iv) Responsibilities

v) Certifications

vi) Compensation

2) Select the Sample for Interviewa) Sample Size

i) Four persons (more than one person must always be included in the sample)

(1) 3 IA SPECIALIST employees

(2) 1 supervisor (ISSO)

b) Sample Information:

i) Designation IA SPECIALIST #1

(1) Name: John Locke

(2) Gender: Male

(3) Current job title: Information Assurance Specialist(4) Department/Company: Information Security / XYZ Company

(5) Job Location: London Office. London, UK

(6) Length of time in current position: 4 years

(7) Education: B.S. in IT, Stanford University, Stanford, CA, USA

(a) M.S. in IA, Rockfurn University, UK

(8) Certifications: CISSP


7/19

JOB TASK ANALYSIS



ii) Designation IA SPECIALIST #2

(1) Name: Cathy Booker

(2) Gender: Female

(3) Current job title: Information Assurance Specialist

(4) Department/Company: Information Security / XYZ Company



(7) Education: B.S. in IM, Stopwidth University, UK

(a) M.S. in IS, Blackburn University, UK


iii) Designation IA SPECIALIST #3

(1) Name: Terry Chatworth

(2) Gender: Male

(3) Current job title: Information Assurance Specialist



(6) Length of time in current position: 1.5 years

(7) Education: B.S. in IT, Warick University, UK

(a) M.S. in IS, Blackburn University, UK


iv) Designation ISSO #1

(1) Name: Kevin Tanner

(2) Gender: Male(3) Current job title: Information Systems Security Officer




(7) Education: B.S. in IT, Stanford University, Stanford, CA

(a) M.S. in IS, Cambridge, UK


3) Ensure appropriate permissions

a) Ensure that supervisor also contacts the intervieweesb) Ensure appropriate documentation (signed letter on company paper head) in hard and soft copy

notifying employees that you have been given permission to conduct the interviews and

observations


8/19

JOB TASK ANALYSIS



4) Contact personnel to interview and observe

a) John Locke (IA SPECIALIST #1) Contacted by phone call. Purpose of analysis explained during

call. Introduction to plan of analysis explained. Requested assistance by means of interview and

observation. Approval given. Scheduled interview and observation.

i) Follow up: Sent email providing purpose of analysis, introduction to plan of analysis,

notification that approval was given, interview and observation times.

b) Cathy Booker (IA SPECIALIST #2) - Contacted by phone call. Purpose of analysis explained during

call. Introduction to plan of analysis explained. Requested assistance by means of interview and

observation. Approval given. Scheduled interview and observation.



c) Terry Chatworth (IA SPECIALIST #3) - Contacted by phone call. Purpose of analysis explained

during call. Introduction to plan of analysis explained. Requested assistance by means of

interview and observation. Approval given. Scheduled interview and observation.



d) Kevin Tanner (ISSO #1) Contacted in person. ISSO provided hard and soft copy of signed

permissions letter. Introduction to plan of analysis explained. Requested interview. Scheduled

interview.


notification that approval was given, interview time.

Note: Please see Item 1 on the following page (p.9) for an outline of the email sent to the IA

Specialist interviewees.


9/19

JOB TASK ANALYSIS



Item 1: Outline of email sent to IA Specialist interviewees

1. The goal of the Job / Task Analysis

2. The purpose of the interview

3. The expected results of the analysisa. Functions, duties, tasks, and subtasks (if necessary)

b. Knowledge and skills required to conduct certain complex tasks

c. List of qualifications necessary to perform will in the position

4. The scheduled time and date of the interview

5. Sample of questions that shall be asked during the interview

a. Questions about the work setting:

i. The mission, business goals and organizational structure of

XYZ Company

ii. The mission, business goals and organizational structure of

XYZ Companyiii. What business are you in? Yes, a financial services business,

but please be more specific.

b. Questions about your job

i. Would you please provide a general introduction to your

current job?

ii. What functions are required to perform your job?

iii. What duties are necessary to perform each function?

iv. Would you kindly breakdown complicated duties into a series

of tasks?

v. What is the most frequently performed function/duty/task?vi. At what frequency are the remainder of the

functions/duties/tasks performed?

vii. What are the difficulties you encounter on your job?

viii. What kind of knowledge and skills are needed to perform

these tasks?

ix. What inputs are available to perform the job?

x. What results are being achieved by performing your job?

xi. Do you have any job performance standards?


10/19

JOB TASK ANALYSIS



2.2 Interviews and Observations

The three Information Assurance Specialists were interviewed and observed during the week of 12

October 2009. The ISSO was interviewed on 16 October 2009. The Job / Task Analysis was developed

during the week of 19 October 2009.

y John Locke (IA SPECIALIST) Interviewedon 12 October 2009 at 10:25. Observedon 12 October

2009 from 12:00 17:00.

y Cathy Booker (IA SPECIALIST) - Interviewed on 13 October 2009 at 08:25. Observed on 12

October 2009 from 10:00 17:45.

y Terry Chatworth (IA SPECIALIST) - Interviewed on 14 October 2009 at 09:00. Observed on 15

October 2009 from 8:00 17:00 and 16 October 2009 from 8:00 14:25.

y Kevin Tanner (ISSO) - Interviewedon 16 October 2009 at 14:45.

2.3 Analysis

Extensive notes were taken during the four interviews and three observation sessions. The notes were

first checked for potential inaccuracies, and then, consolidated. The consolidated notes were translated

into a hierarchical list of functions, duties, and tasks as deemed necessary to perform the job. Required

skills and knowledge for some frequently performed tasks were also identified.


11/19

JOB TASK ANALYSIS



3.0 Results of Job / Task Analysis

The results of the analysis are a short description of the Information Assurance Specialist job position as

it was so described, the prerequisites that an IA Specialists should posses at XYZ Company, a list of

functions, duties, and tasks that are necessary to perform the job, and required skills and knowledge for

frequently performed tasks.

3.1 Description of job position (in brief)

The IA Specialists work both independently and as part of the Information Security Department team

under the leadership of the ISSO. The IA Specialists report directly to the ISSO as seen in Chart 1 (p.4). In

addition, IA Specialists work closely with leaders in other key business departments to ensure the

confidentiality, integrity, and availability of information assets and systems. IA Specialists are expected

to deliver high-quality, timely and effective responses to customer requirements (both internal andexternal) through technology, connectivity, and communication.

Of note, the current job description on file matched with a high degree of accuracy the job

responsibilities and qualifications detailed by the ISSO and the IA Specialists.

To be successful as an IA Specialist, the following knowledge elements and capabilities have been

identified:

y Ability to develop and maintain security policies, standards, procedures and guidelines where

appropriate.

y Ability to develop security assessments, and develop and maintain security plans.y Ability to participate in security investigations, incident response, and disaster recovery.

y Ability to develop and analyze the systems security.

y Knowledge of how to develop additional systems security documentation.

y Knowledge of how to develop and implement security policies, standards, procedures and

guidelines.

y Knowledge of security regulations and standards.

y Knowledge of technical and administrative information assurance issues.

y Technical and administrative skills for implementing security mechanisms and controls.


12/19

JOB TASK ANALYSIS



3.2 Task Listing

There are five major functions for the IA Specialist position at XYZ Company: protect; monitor; analyze;

detect; and respond. Functions provide a means of distinguishing between different levels of work. The

functional level indicates the roles that employees perform.

Functions Duties Tasks Criticality(1=Low / 5 = High)

Frequency(Low / Moderate / High)

1.0 Protect 1.1 Develop security

policies, standards,

procedures and guidelines

1.1.1 Identify

security

requirements, goals,

and functions

3 Low1.1.2 Identify

relevant security

regulations andstandards

1.1.3 Write security

documentation

1.2 Maintain security

policies, standards,

procedures and guidelines

1.2.1 Identify

changes to security

environment3 Low

1.2.2 Update

security

documentation

1.3 Develop systems

security documentation

1.3.1 Identify

security practices of

systems 3 Low1.3.2 Write security

documentation

1.4 Maintain systems

security documentation

1.4.1 Identify

changes to systems

4 Moderate1.4.2 Update

security

documentation

1.5 Implement security

mechanisms and controls

1.5.1 Show

knowledge of

security mechanisms

and control

4 Moderate

1.5.2 Deploy

security mechanisms

and controls

1.5.3 Configure

security mechanisms

and controls

1.6 Maintain security


1.6.1 Identify

changes to

environment

4 High


13/19

JOB TASK ANALYSIS



1.6.2 Identify

updates to

mechanisms and

controls

1.6.3 Apply updates

1.6.4 Reconfigure

2.0 Monitor 2.1 Monitor security


2.1.1 Identify

suspicious

information asset

activities

5 High

3.0 Analyze 3.1 Analyze information

security requirements

3.1.1 Show

knowledge of

organization

3 Low3.1.2 Show

knowledge of

security best

practices, standards,

and regulations

3.2 Analyze securitymechanism and control

reports

3.2.1 Showknowledge of

analysis procedures5 High

3.2.2 Show

knowledge of alarms

and alerts

4.0 Detect 4.1 Identify information

security threats

4.1.1 Show

knowledge of

security mechanism

and control alerts5 Moderate

4.1.2 Identify

suspicious IT and

network systemsactivity

4.2 Identify physical

security threats

4.2.1 Show

knowledge of alarm

and surveillance

systems 4 Low

4.2.2 Identify

suspicious people

and activities

5.0 Respond 5.1 Participate in security

investigations

5.1.1 Respond to

incident

5 Low

5.1.2 Aid in recovery

from incident

5.1.3 Restore

systems after

incident

5.1.4 Prepare

systems in case of

incident

5.1.5 Conduct

exercises to ensure


14/19

JOB TASK ANALYSIS



preparation

5.2 Participate in incident

response

5.2.1 Respond to

incident

5 Moderate


from incident

5.2.3 Restore

systems after

incident

5.2.4 Prepare

systems in case of

incident

5.2.5 Conduct

exercises to ensure

preparation

5.3 Participate in disaster

recovery

5.3.1 Respond to

incident

5 Low


from incident

5.3.3 Restoresystems after

incident

5.3.4 Prepare

systems in case of

incident

5.3.5 Conduct

exercises to ensure

preparation


15/19

JOB TASK ANALYSIS



3.3 Requisite Skills and Knowledge

This section identifies some of the requisite skills and knowledge required to perform the tasks

identified as High Frequency in the Task Listing.

Function: 1.0 Protect

Duty: 1.6 Maintain security mechanisms and controls

Task(s): 1.6.1 1.6.4

y 1.6.1 Identify changes to environment

y 1.6.2 Identify updates to mechanisms and controls

y

1.6.3 Apply updatesy 1.6.4 Reconfigure

Task(s) Skills and Knowledge

1.6.1 Identify changes to environment a) Ability to gather data about Internet-wide

security environment

b) Ability to gather data about corporate-wide

security environment

1.6.2 Identify updates to mechanisms and controls a) Ability to gather data about updates to


b) Knowledge of best practices of mechanisms and

controls

1.6.3 Apply updates a) Working knowledge of mechanisms and controls

b) Ability to apply updates

1.6.4 Reconfigure a) Ability to configure mechanisms and controls

b) Ability to test configurations of mechanisms and

controls

c) Configuration knowledge of mechanisms and

controls


16/19

JOB TASK ANALYSIS



Function: 2.0 Monitor

Duty: 2.1 Monitor security mechanisms and controls

Task(s): 2.1.1 Identify suspicious activity


2.1.1 Identify suspicious information asset

activities

a) Ability to gather data on information assets

b) Ability to read and comprehend gathered data

c) Knowledge of what constitutes suspicious

activity

d) Knowledge of intrusion techniques and

defenses

Function: 3.0 Analyze

Duty: 3.2 Analyze security mechanism and control reports

Task(s): 3.2.1 3.2.2

y 3.2.1 Show knowledge of analysis procedures

y 3.2.2 Show knowledge of alarms and alerts


3.2.1 Show knowledge of analysis procedures a) Knowledge of application specific analysis

procedures

b) knowledge of corporate security analysis

procedures

3.2.2 Show knowledge of alarms and alerts a) Knowledge of information alarm sensor

locations

b) Knowledge of alarm triggers

c) Knowledge of how to activate an alarm

d) Knowledge of how to deactivate an alarm

d) Knowledge of what constitutes a false positive

e) Knowledge of what constitutes a false negative

f) Knowledge of how to verify an incident


17/19

JOB TASK ANALYSIS



3.4 Requisite Qualifications

This section identifies the requisite qualifications essentially needed to perform the functions, duties,

and tasks identified in the Task Listing.

y A thorough knowledge of IA processes to include but not limited to certification and

accreditation, computer network defense, and vulnerability assessments. Must be able to work

with changing and evolving requirements.

y A high-level security certification (CISSP, GSE, SCNA, or CISA) is required.

y Strong research and analysis skills as well as strong verbal/written communication skills.

3.5 Summary Finding

At this time it is not believed that a reclassification of the ISSO position and its duties is necessary.


18/19

JOB TASK ANALYSIS



Appendix 1

Job Description: Information Assurance Specialist

Last revised: 07 September 2009

XYZ Company is seeking an Information Assurance Specialist (IA SPECIALIST) to work in London, UK. The

IA SPECIALIST will work closely with other IA SPECIALIST employees, the ISSO, and leaders in Information

Technology, Human Resources and other departments to oversee and coordinate corporate information

security operations across 1 UK and 1 overseas office. The IA SPECIALIST will report directly to the CSO.

Aside from the qualifications listed below, the IA SPECIALIST must also have an in-depth understand of

the XYZ Company's business environment and have a strong background in information assurance. The

responsibilities of this position include but are not limited to the following:

Responsibilities:

y Develop and maintain security policies, standards, procedures and guidelines where

appropriate. Enforce established security policies, standards, procedures and guidelines.

y Perform IT security assessments, and develop and maintain security plans.

y Develop additional systems security documentation.

y Participate in secure systems development and analysis.

y Provide technical and administrative direction on information assurance issues.

y Provide technical and administrative guidance on implementing and monitoring security

mechanisms and controls.

y Identify regulations and standards and support company compliance.

y Support a security awareness-training program.

y Participate in security investigations, incident response, and disaster recovery.y Other duties as assigned.

Qualifications:

y A bachelors degree is required in a related field. A masters degree in a related field is

preferable.

y 5+ years of experience in IT, IT Audit, or combined Information Assurance.

y Must have a thorough knowledge of IA processes to include but not limited to certification and

accreditation, computer network defense, and vulnerability assessments. Must be able to work

with changing and evolving requirements.

y A high-level security certification (CISSP or equivalent) is required.y Must have strong research and analysis skills as well as verbal/written communication skills.

y Excellent oral and written communication skills.

y Project management skills preferred.


19/19

JOB TASK ANALYSIS



Compensation:

y Annual salary of $80,000 US dollars.

y Full health care package.

y Starting 20 days of accrued vacation time.

y 401k Plan.

Documents

FSU - Analysis JobTask Analysis