Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
IoT – Security Specialist
Model Curriculum
IoT – Security Specialist
SECTOR: SUB-SECTOR: OCCUPATION:
REF ID: NSQF LEVEL:
IT-ITeS FUTURE SKILLS INTERNET OF THINGS SSC/Q8207, V1.0 7
IoT – Security Specialist
Complying to the National occupation standards of
March 11th 2019
March 11th 2020
Job Role / Qualification Pack: ‘IoT – Security Specialist’ QP No. ‘SSC/Q8207 NSQF Level 7’
IoT – Security Specialist
TABLE OF CONTENTS
1. Curriculum 01
2. Trainer Prerequisites 12
3. Assessment Criteria 13
IoT – Security Specialist 1
IoT – Security Specialist
CURRICULUM / SYLLABUS
This program is aimed at training candidates for the job of a “IoT – Security Specialist”, in the “IT- ITeS” Sector/Industry and aims at building the following key competencies amongst the learner
Program Name IoT – Security Specialist
Qualification Pack Name and Reference ID.
SSC/Q8207, V1.0
Version No. 1.0 Version Update Date 11/03/2019
Pre-requisites to Training
Bachelor’s Degree in Engineering / Technology / Statistics /
Mathematics / Computer Science
Training Outcomes After completing this programme, participants will be able to:
• Explain the nature of work across the IT-ITeS sector, the various
sub sectors and their evolution.
• Elaborate the various occupations under the Future Skills sub sector and the impact of these on organizations and businesses.
• Discuss the evolution of IoT and evaluate the possible impact of IoT on businesses and society
• List common security and privacy risks that affect IoT solutions and methods that mitigate them
• Assess global standards and regulations for aspects of data administration and governance such as storage, security, privacy and monitoring.
• Apply different approaches such as encryption, threat and vulnerability analysis, or penetration testing to ensure security.
• Apply security design principles to IoT solutions
• Implement measures to secure data across IoT solutions
• Detect and monitor IoT security incidents
• Respond to IoT security incidents
• Create various types of technical documents
• Identify methods to develop knowledge, skills and competence
• Build professional relationships by establishing rapport, listening actively and appreciating colleagues
• Communicate persuasively by using evidences to support arguments, listening to people and finding common ground with them
• Build relationships with stakeholders by establishing rapport, listening actively and providing continuous updates
IoT – Security Specialist 2
This course encompasses 8 out of 8 National Occupational Standards (NOS) of “IoT – Security
Specialist” Qualification Pack issued by “IT-ITeS Sector Skills Council”.
Sr. No.
Module Key Learning Outcomes Equipment Required
1 IT-ITeS/BPM Industry – An Introduction Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 03:00 Corresponding NOS Code Bridge Module
• Explain the relevance of the
IT-ITeS sector
• State the various sub-
sectors in the IT-ITeS
sector
• Detail the nature of work
performed across the sub-
sectors
• List organizations in the
sector
• Discuss the evolution of the
sub sectors and the way
forward
• Explain the disruptions
happening across the IT-
ITeS sector
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
2 Future Skills – An Introduction Theory Duration (hh:mm) 01:00 Practical Duration (hh:mm) 01:00 Corresponding NOS Code Bridge Module
• Discuss the general
overview of the Future
Skills sub-sector
• Describe the profile of the
Future Skills sub-sector
• Explain the various
occupations under this sub-
sector
• List key trends across the
occupations in this sub-
sector
• List various roles in the
Future Skills sub-sector
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
3 Internet of Things - An Introduction Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 03:00 Corresponding NOS Code Bridge Module
• Define the term “Internet of
Things”
• Discuss the evolution of IoT
and the trends that have led
to it
• Evaluate the possible
impact of IoT on
businesses and society
• Analyze existing IoT use
cases and applications
across industries
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
IoT – Security Specialist 3
• List prospective IoT use
cases and applications
within your area of
expertise
4 IoT Security and Privacy Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 03:00 Corresponding NOS Code Bridge Module
• List common security and
privacy risks that affect IoT
solutions
• Analyze instances of
security risks to real-world
IoT use cases
• List technologies and
methods that mitigate
security risks to IoT
solutions
• List privacy standards and
regulations that mitigate
security risks to IoT
solutions
• List social and privacy
impacts caused by
proliferation of IoT solutions
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
5 Global Regulations & Standards Theory Duration (hh:mm) 13:00 Practical Duration (hh:mm) 17:00 Corresponding NOS Code Bridge Module
• Assess global standards for
data storage, security,
privacy and monitoring
• Assess the variances in
standards for data storage,
security, privacy and
monitoring across different
industries
• Evaluate the implications of
standards and regulations
on data administration and
governance
• Comply with standards and
regulations in their field of
work
• Develop forecasts and
checks to accommodate
any changes in standards
or regulations
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
6 Administration Tools and Usage Theory Duration (hh:mm) 08:00
• Distinguish between the
pros and cons of different
data administration tools,
frameworks and
microservices
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
IoT – Security Specialist 4
Practical Duration (hh:mm) 12:00 Corresponding NOS Code Bridge Module
• Comprehend the basics of
different infrastructure
components such as
storage devices, networking
hardware, server-storage
connectivity, virtualization
technologies
• Analyze the applications
and limitations of different
computing platforms
• Analyze the applications
and limitations of different
microservices, frameworks,
libraries, packages
• Analyze the applications
and limitations of various
server authentication,
network security and virus
protection tools
• Analyze the applications
and limitations of various
tools for configuration
management, continuous
integration, development
and test automation
• Apply the functionalities of
different data administration
tools, frameworks and
microservices
• Chart paper and sketch pens
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
7 Security Design in IoT Theory Duration (hh:mm) 24:00 Practical Duration (hh:mm) 52:00
Corresponding NOS Code SSC/N8231
• Evaluate the basic
principles of security design
and architecture
• Discuss security design
principles to be
implemented across the IoT
stack such as the data,
connectivity, hardware,
cloud, application and
platform layers
• Implement minimum
security standards for all
devices and ensure that
these standards are
adhered to as part of the
manufacturing process
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
IoT – Security Specialist 5
• Ensure security is an
integral part of the product
development lifecycle so
that it is embedded into the
device and not as an
afterthought.
• Conduct a security review
of your devices to
determine any
vulnerabilities
• Evaluate measures to
manage access to IoT
assets and systems
• Apply measures to check
integrity and authenticity of
programs and devices
added to the IoT solution
• Ensure default passwords
and ideally default
usernames are to be
changed during initial setup
• Ensure password recovery
mechanisms are robust and
do not supply an attacker
with information indicating a
valid account
• Ensure web interface is not
susceptible application
vulnerabilities
• Ensure the device and all
its components properly
protect personal information
• Ensuring only authorized
individuals have access to
collected personal
information
• Identify root causes of
vulnerabilities in the IoT
solution
• Perform penetration testing
on IoT solution
• Apply risk management
frameworks to analyze risks
to the IoT solution
IoT – Security Specialist 6
• Generate public key private
key pairs to encrypt and
authenticate files
• Analyze public key
Infrastructure and how to
sign and verify certificates
• Discuss fallback
mechanisms such as
disaster recovery plans
8 Data Security in IoT Theory Duration (hh:mm) 25:00 Practical Duration (hh:mm) 50:00
Corresponding NOS Code SSC/N8231
• Ensure data is encrypted
using protocols such as
SSL and TLS while
transiting networks
• Ensure other industry
standard encryption
techniques are utilized to
protect data during
transport if SSL or TLS are
not available
• Ensure the ability to encrypt
data at rest
• Ensure only accepted
encryption standards are
used and avoid using
proprietary encryption
protocols.
• Ensure that retention limits
are set for collected data
• Ensure only data critical to
the functionality of the
device is collected
• Ensure that any data
collected is of a less
sensitive nature (i.e. try not
to collect sensitive data)
• Ensure that any data
collected is de-identified or
anonymized
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
Internet with Wi-Fi (Min 2 Mbps
Dedicated)
9 Incident Detection and Monitoring Theory Duration (hh:mm) 15:00 Practical Duration
• Describe what constitutes a
security incident and
differentiate between
categories of incidents
• Evaluate the technologies
that are available to detect
security incidents
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
IoT – Security Specialist 7
(hh:mm) 30:00
Corresponding NOS Code SSC/N8232
• Analyze instances of cyber-
attacks and discuss design
principles that could have
prevented them
• Demonstrate how to use
automated security
assessment tools to perform
security assessments of IoT
solution components
• Evaluate methods to predict
and extrapolate attacks
ahead of their occurrence
• Evaluate the differences
between signature-based
and anomaly-based
intrusions
• Discuss how to assess and
improve upon detection
processes
• Demonstrate how to
perform threat and
vulnerability assessments
• Demonstrate how to
prepare for both internal
and external audits
• Monitor continuously for any
incidents or threats across
the IoT stack
• Perform back-up of security
devices and applications
based on standard
procedures as and when
required
10 Incident Response Theory Duration (hh:mm) 15:00 Practical Duration (hh:mm) 30:00
Corresponding NOS Code SSC/N8233
• Demonstrate how to
develop response plans
according to the incident
category
• Discuss processes that
enable effective response to
security incidents
• Develop incident response
action plans
• Assess the impact and
scope of the incident
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
IoT – Security Specialist 8
• Demonstrate how to
preserve forensic evidence
• Evaluate scenarios where it
is necessary to report to law
enforcement agencies
• Discuss methods to prevent
further expansion of the
security incident
• Discuss methods to
neutralize the effects of the
incident and restore fully
operational system
capability after it
11 Technical Documentation Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 15:00
Corresponding NOS Code SSC/N8238
• Comprehend the
significance of technical
documentation
• Assess the needs of the
audience for which
documentation is to be
created
• List the principles of
technical writing
• Identify methods that
ensure documentation is
clear and concise
• Demonstrate how to create
various types of technical
documents such as online
configuration manuals, user
helps, solution information,
installation guides, etc.
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Lab equipped with the following:
• PCs/Laptops
• Internet with Wi-Fi (Min 2
Mbps Dedicated)
12 Develop Knowledge, Skills and Competence Theory Duration (hh:mm) 06:00 Practical Duration (hh:mm) 19:00
Corresponding NOS Code SSC/N9005
• Recognize the importance
of self-development
• Identify knowledge and
skills required for the job
• Identify avenues for self-
development
• Create plans for self-
development
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Provision for online research in the
lab
IoT – Security Specialist 9
13 Build and Maintain Relationships at the Workplace Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 15:00
Corresponding NOS Code SSC/N9006
• Recognize the importance
of open and effective
communication
• Discuss methods that build
rapport such as
remembering names, being
empathetic, mirroring, etc.
• Meet colleagues/clients and
build new professional
relationships with them
• Discuss the importance of
active listening
• Apply different approaches
for conflict management
• Apply different approaches
to recognize and motivate
others
• Show appreciation to
colleagues and swiftly
address their concerns
• Discuss methods for
becoming a supportive
team player
• Discuss methods to
maintain relationships with
colleagues/clients
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Provision to write emails and send
in the lab
• Lab with provision for internet,
email, word processor and
presentation software
• Chart paper, markers, picture
magazines and old newspapers
14 Persuasive Communication
Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 15:00
Corresponding
NOS Code SSC/N9010
• Evaluate the principles of
persuasive communication,
credibility and trust
• Discuss the differences
between persuasion and
manipulation
• Discuss the importance of
listening to people in order
to persuade them
• Evaluate visual and verbal
communication techniques
to influence perspectives
and change behaviors
• Demonstrate how to use
evidences to support
arguments
• Discuss methods to
persuade groups of people
to build consensus
• Frame goals by finding
common ground with those
to be persuaded
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Provision to write emails and send
in the lab
• Lab with provision for internet,
email, word processor and
presentation software
Chart paper, markers, picture
magazines and old newspapers
IoT – Security Specialist 10
15 Stakeholder Management
Theory Duration (hh:mm) 10:00 Practical Duration (hh:mm) 15:00 Corresponding
NOS Code SSC/N9012
• Define the needs and
perspectives of the
stakeholders in order to
build consensus
• Employ active listening
behaviors while
communicating with
stakeholders
• Build rapport and
collaborate with the
stakeholders
• Manage the expectations of
the stakeholders, including
quality and performance
expectations
• Provide continuous updates
on project/activity status
and changes in timelines
• Evaluate the fundamentals
of negotiations such as
negotiating positions,
BATNA (Best Alternative to
a Negotiated Agreement)
and integrative and
distributive negotiations
• Identify causes of conflict
and methods to resolve
conflict
• Whiteboard and Markers
• LCD Projector and Laptop for
presentations
• Provision to write emails and send
in the lab
• Lab with provision for internet,
email, word processor and
presentation software
• Chart paper, markers, picture
magazines and old newspapers
Total Duration:
Theory Duration
165:00 Practical Duration
280:00
Unique Equipment Required
• Whiteboard and Markers
• LCD Projector and Laptop for presentations
• Chart paper, markers, picture magazines and old newspapers
• Lab equipped with the following: -
• PCs/Laptops
• Internet with Wi-Fi (Min 2 Mbps Dedicated)
• Provision for internet, email, word processor and presentation
software
• Chart paper and sketch pens
Popular Software Tools
(At least one of the tools listed across each of the four tool categories
is required)
Server authentication software: Diameter, RADIUS
IoT – Security Specialist 11
Network security software: Juniper NetScreen Security Manager, ISS
RealSecure, Websense Data Loss Prevention
Virus protection software: McAfee VirusScan, Symantec Endpoint
Protection
IoT Platforms: Watson IoT, GE Predix, PTC Thingworx, AWS IoT,
Azure IoT, Eclipse IoT, DeviceHub, Arduino, Raspberry Pi
Grand Total Course Duration: 445 Hours, 0 Minutes
(This syllabus/ curriculum has been approved by SSC: IT- ITeS Sector Skills Council NASSCOM)
IoT – Security Specialist 12
Trainer Prerequisites for Job role: “IoT – Security Specialist” mapped to Qualification Pack: “SSC/Q8207, V1.0”
Sr. No. Area Details
1 Description To deliver accredited training service, mapping to the curriculum detailed above, in accordance with the Qualification Pack SSC/Q8207, V1.0
2 Personal Attributes
This job may require the individual to work independently and take decisions for his/her own area of work. The individual should have a high level of analytical thinking ability, passion for Internet of Things, and attention for detail, should be ethical, compliance and result oriented, should also be able to demonstrate interpersonal skills, along with willingness to undertake desk-based job with long working hours.
3 Minimum Educational Qualifications
Graduate in any discipline preferably Science/Computer Science/Electronics and Engineering /Information Technology
4a Domain Certification
Certified for Job Role: “IoT – Security Specialist” mapped to QP: “SSC/Q8207, V1.0”. Minimum accepted score is 80%
4b Platform Certification
Recommended that the trainer is certified for the Job role “Trainer” mapped to the Qualification Pack “MEP/Q2601”. Minimum accepted score is 80% aggregate
5 Experience 5+ years of work experience/internship in DevOps Engineer or related roles
IoT – Security Specialist 13
Criteria For Assessment Of Trainees
Job Role IoT – Security Specialist
Qualification Pack SSC/Q8207, V1.0
Sector Skill Council IT-ITeS
Guidelines for Assessment
1. Criteria for assessment for each Qualification Pack will be created by the Sector Skill Council. Each Performance Criteria (PC) will be assigned marks proportional to its importance in NOS. SSC will also lay down proportion of marks for Theory and Skills Practical for each PC.
2. The assessment for the theory part will be based on knowledge bank of questions created by the SSC.
3. Assessment will be conducted for all compulsory NOS, and where applicable, on the selected elective/option NOS/set of NOS.
4. Individual assessment agencies will create unique question papers for theory part for each candidate at each examination/training center (as per assessment criteria below).
5. Individual assessment agencies will create unique evaluations for skill practical for every student at each examination/training center based on this criterion.
6. To pass a QP, a trainee should score an average of 70% across generic NOS’ and a minimum of 70% for each technical NOS
7. In case of unsuccessful completion, the trainee may seek reassessment on the Qualification Pack.
IoT – Security Specialist 14
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
1. SSC/N8231
Design
processes to
manage
security threats
and incidents
across multiple
technology
layers
PC1.manage access to IoT
assets and systems based on
Identity Access and
Management tools and
frameworks
100
10 3 7
PC2.evalute criticality and
security threat levels of IoT
assets and systems while
managing their access 1 0.3 0.7
PC3.define security parameters
for data stored in cloud
platforms, open source or in-
memory databases 5 1.5 3.5
PC4.maintain accurate daily
records/logs of data security
performance parameters using
standard templates and tools 5 1.5 3.5
PC5.analyze data security
performance metrics to highlight
variances and issues for action
by appropriate people 5 1.5 3.5
PC6.develop encryption
standards and access controls
for data stored in cloud
platforms, open source or in-
memory databases 5 1.5 3.5
PC7.explore threats and
vulnerabilities to data entry, exit
and perimeter security in data
assets such as databases, data
lakes data pipelines, or
streaming analytics packets 5 1.5 3.5
PC8.develop security
assessment related data
analytics models (both
supervised and unsupervised) in
coordination with data scientists
for pattern detection of unknown
issues and real time prediction of
known issues. 5 1.5 3.5
IoT – Security Specialist 15
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC9.conduct penetration testing
using automatic scanning
technologies, "black box testing",
as well as manual tests that use
human intelligence to guide the
steps 1 0.3 0.7
PC10.protect the IoT network
and IoT devices from
unauthorized access or
malicious intent 1 0.3 0.7
PC11.configure and troubleshoot
security hardware switches,
routers, firewalls, WLAN, and
Virtual Private Networks 1 0.3 0.7
PC12.ensure sufficient security
levels are in place from device
manufacture, initial installation,
remote control and device
disposal 5 1.5 3.5
PC13.maintain and continuously
update inventory of physical
assets of the organization 5 1.5 3.5
PC14.secure the perimeter of the
IoT network 1 0.3 0.7
PC15.classify IoT components
into segments based on their
functions and sensitivity of data 1 0.3 0.7
PC16.employ network monitoring
tools to defend network 5 1.5 3.5
PC17.design logs that gather
data from as many sources as
possible 5 1.5 3.5
PC18.ensure only authorized
devices should be able to
connect to the network 5 1.5 3.5
PC19.ensure that solution
architecture implements, 5 1.5 3.5
IoT – Security Specialist 16
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
operates and controls prescribed
security processes
PC20.ensure that security
policies and standards are
followed at all times 5 1.5 3.5
PC21.ensure that solution
architecture performs day-to-day
security processes such as
threat and vulnerability
management 5 1.5 3.5
PC22.encrypt both data in transit
and data at rest (information
stored in the cloud) 1 0.3 0.7
PC23.verify the integrity of cloud
platforms 1 0.3 0.7
PC24.verify the integrity of third
party applications and software
that communicate with cloud
services 1 0.3 0.7
PC25.implement regular security
patches across devices to
strengthen resistance against
attack 1 0.3 0.7
PC26.employ digital certificates
for identification and
authentication 5 1.5 3.5
PC27.implement fallback
mechanisms such as disaster
recovery plans 5 1.5 3.5
100 30 70
2. SSC/N8232
Detect
occurrences of
security
incidents to IoT
solutions
PC1.record, classify and
prioritize information security
incidents using standard
templates and tools 100
5 1.5 3.5
PC2.access their organization’s
knowledge base for information
on previous information security 5 1.5 3.5
IoT – Security Specialist 17
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
incidents and how these were
managed
PC3.participate in audit reviews,
as required 5 1.5 3.5
PC4.identify the requirements of
audits and prepare for audits in
advance 10 3 7
PC5.liaise with appropriate
people to gather data/information
required for audits 5 1.5 3.5
PC6.provide immediate support
to auditors to carry out audit
tasks 5 1.5 3.5
PC7.carry out required audit
tasks using standard tools and
following established
procedures/guidelines/checklists 5 1.5 3.5
PC8. evaluate the impact of
potential anomalies 5 1.5 3.5
PC9. ensure both signature-
based and anomaly-based
intrusions are detected in a
timely manner 5 1.5 3.5
PC10.perform regular
maintenance of detection
processes 5 1.5 3.5
PC11.ensure readiness of
maintenance processes to
reliable detect incidents 10 3 7
PC12.apply security controls to
IoT solutions in line with data
security policies, procedures and
guidelines 5 1.5 3.5
PC13.perform security
assessments of gateway / edge
devices systems using
automated security assessment
tools 10 3 7
IoT – Security Specialist 18
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC14.design and develop
dashboards/KPIs for monitoring
the incidents, the root cause and
detection to resolution corrective
actions using standard
Commercial off-the-shelf based
Investigation Management tool 5 1.5 3.5
PC15.search for critical security
threats and vulnerabilities across
all layers of the IoT solution 5 1.5 3.5
PC16.predict and extrapolate
attack trends ahead of their
occurrence 5 1.5 3.5
PC17.carry out backups of
security devices and applications
in line with security policies,
procedures and guidelines,
where required 5 1.5 3.5
Total 100 30 70
3. SSC/N8233
Respond to
detected
security
incidents and
restore affected
capabilities
PC1.plan timely response to
detected security incidents
100
10 3 7
PC2.execute post-incident
processes and procedures in line
with security policies, procedures
and guidelines 5 1.5 3.5
PC3.automate responses to
detected security threats and
incidents 10 3 7
PC4.assign information security
incidents promptly to appropriate
people for investigation/action 10 3 7
PC5.track progress of
investigations into information
security incidents and escalate to
appropriate people where
progress does not comply with
standards or service level
agreements (SLAs) 5 1.5 3.5
IoT – Security Specialist 19
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC6.liaise with stakeholders to
gather, validate and provide
information related to information
security incidents, where
required 5 1.5 3.5
PC7.report to law enforcement
agencies, if required 10 3 7
PC8.prepare accurate
preliminary reports on
information security incidents
using standard templates and
tools 5 1.5 3.5
PC9.submit preliminary reports
promptly to appropriate people
for action 5 1.5 3.5
PC10.neutralize the effects of
the security incident or mitigate it 10 3 7
PC11.prevent further expansion
of the security incident 5 1.5 3.5
PC12.ensure timely restoration
of IoT assets and systems
affected by security incident 10 3 7
PC13.incorporate lessons
learned to prevent future security
incidents 5 1.5 3.5
PC14.update the organization’s
knowledge base promptly and
accurately with information
security incidents and how they
were managed 5 1.5 3.5
Total 100 30 70
4. SSC/N8238
Create
technical
documents and
manuals
affected
capabilities
PC1.identify the purpose and the
scope of the activity for which
technical documentation is to be
produced 100 20 6 14
PC2.obtain information for the
technical document from relevant
sources and stakeholders 15 4.5 10.5
IoT – Security Specialist 20
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC3.draft technical document
ensuring that content is concise,
complete and easy to consume 15 4.5 10.5
PC4.review technical document
content with relevant
stakeholders and document
owners 10 3 7
PC5.ensure that technical
document is formatted and
designed as per specifications 10 3 7
PC6.transfer technical document
to relevant stakeholders for sign-
off and publishing 10 3 7
PC7.continuously review and
update technical document 20 6 14
Total 100 30 70
5. SSC/N9005
Develop your
knowledge,
skills and
competence
PC1. obtain advice and guidance
from appropriate people to
develop your knowledge, skills
and competence
100
10 0 10
PC2. identify accurately the
knowledge and skills you need
for your job role
10 0 10
PC3. identify accurately your
current level of knowledge, skills
and competence and any
learning and development needs
20 10 10
PC4. agree with appropriate
people a plan of learning and
development activities to
address your learning needs
10 0 10
PC5. undertake learning and
development activities in line
with your plan
20 10 10
PC6. apply your new knowledge
and skills in the workplace, under
supervision
10 0 10
IoT – Security Specialist 21
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC7. obtain feedback from
appropriate people on your
knowledge and skills and how
effectively you apply them
10 0 10
PC8. review your knowledge,
skills and competence regularly
and take appropriate action
10 0 10
Total 100 20 80
6. SSC/N9006
Build and
maintain
relationships at
the workplace
PC1. build rapport with
appropriate people at the
workplace
100
10 3 7
PC2. develop new professional
relationships 10 3 7
PC3. build alliances to establish
mutually beneficial working
arrangements
10 3 7
PC4. foster an environment
where others feel respected 10 4 6
PC5. identify and engage a
diverse range of influential
contacts
10 4 6
PC6. obtain guidance from
appropriate people, where
necessary
10 3 7
PC7. attentively listen to ideas
and give constructive feedback 10 3 7
PC8. promptly resolve conflicts
between team members 10 2 8
PC9. work with colleagues to
deliver shared goals 10 2 8
PC10. recognize the
contributions made by your
colleagues
10 3 7
Total 100 30 70
7. SSC/N9010
Convince
PC1. gather needs of concerned
people 100 10 0 10
IoT – Security Specialist 22
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
others to take
appropriate
action in
different
situations
PC2. adapt arguments to
consider diverse needs 15 0 15
PC3. use small wins as
milestones to gain support for
ideas
25 10 15
PC4. persuade with the help of
concrete examples or evidences 25 10 15
PC5. take defined steps to reach
a consensus on the course of
action
25 10 15
Total 100 30 70
8. SSC/N9012
Manage and
collaborate with
stakeholders
for project
success
PC1. identify the larger business
and organizational context
behind the requirements of the
stakeholder
100
10 3 7
PC2. manage fluctuating
stakeholder priorities and
expectations
5 1.5 3.5
PC3. consult stakeholders early
in critical organization-wide
decisions
10 3 7
PC4. use formal communication
methods to collaborate with
stakeholders (such as meetings,
conference calls, emails etc.)
5 1.5 3.5
PC5. keep stakeholders updated
on changes in project
requirements
10 3 7
PC6. define the frequency of
communication with all the
stakeholders
10 3 7
PC7. use suitable tools to
represent numbers and pictures
to present details
10 3 7
PC8. respond to requests in a
timely and accurate manner
10 3 7
IoT – Security Specialist 23
Compulsory NOS
Total Marks: 800 Marks Allocation
Assessment
outcomes
Assessment Criteria for
outcomes Total Marks Out Of Theory
Skills
Practical
PC9. take feedbacks from
stakeholders regularly
5 1.5 3.5
PC10. continuously improve
work deliverables/service based
on stakeholder feedback
15 5 10
PC11. plan deliverables based
on stakeholder needs
10 3 7
Total 100 30 70