Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
XYZ Company
Participant:
Travis Grant
tag09@fsu.edu
Table of Contents
1.0 Introduction...........................................................................................................................................3
1.1 Background........................................................................................................................................3
1.2 Setting................................................................................................................................................4
1.1.1 Department Structure................................................................................................................4
1.1.2 Statements of Commitment.......................................................................................................4
2.0 Procedure..............................................................................................................................................6
2.1 Preparation........................................................................................................................................6
2.2 Interviews and Observations...........................................................................................................10
2.3 Analysis............................................................................................................................................10
3.0 Results of Job / Task Analysis...............................................................................................................11
3.1 Description of job position (in brief)................................................................................................11
3.2 Task Listing.......................................................................................................................................12
3.3 Requisite Skills and Knowledge........................................................................................................15
3.4 Requisite Qualifications...................................................................................................................17
3.5 Summary Finding.............................................................................................................................17
Appendix 1.................................................................................................................................................18
1.0 Introduction
1.1 Background
This document outlines a Job / Task Analysis performed for XYZ Company of London, UK. This analysis
has been performed on the Information Assurance Specialist (IA Specialists) position within the
Information Security Department (IS). The analysis was conduct on location at XYZ Company’s
headquarters located at: 8596 Tally Road, London, UK SW1P 1AE.
There are currently three occupied Information Assurance Specialist positions within the Information
Security Department.
The immediate supervisor to all three IA Specialist employees is the Information Systems Security Officer
(ISSO).
The three Information Assurance Specialists were interviewed and observed during the week of 12
October 2009. The ISSO was interviewed on 16 October 2009. This document represents an analysis of
the results of the four interviews and three observations, and it defines and classifies the major
functions, duties, and tasks the IA Specialists’ perform. In addition, the analysis was performed to
determine if reclassification of the position and its duties is necessary.
Note: Please see Chart 1 on the next page (p.4) for an organizational chart identifying the present
positioning of the IA Specialist position.
XYZ Company is in the process of developing an Information Security Program to provide a foundational
security direction for the company. Established in 1985, XYZ Company is a highly respected international
leader within the financial services industry. The company has a strong and well-developed customer
base that expects high-quality secure financial services with. A well-developed and maintained security
program will ensure that XYZ Company is successful in providing a foundation from which to build its
security infrastructure and maintain the security that its customers expect. In the process of developing
the Information Security Program it was determined that a job / task analysis was required to define and
classify the major functions, duties, and tasks of the IA Specialist position, and identify whether
reclassification of the position and its duties is necessary.
Note: Please see Appendix 1 for a current (as of 20 October 2009) job description of the Information
Assurance Specialist position.
1.2 Setting
The Information Security (IS) Department is composed of four personnel. The Information Systems
Security Officer is the head of IS Department and reports to the Chief Executive Officer. The ISSO
oversees a total of three personnel. These three personal all go by the same title, Information Assurance
Specialist. The Information Assurance Specialists report directly to the ISSO, and work closely with
leaders from each business department.
The Information Security Department of XYZ Company is dedicated to maintaining the confidentiality,
integrity, and availability of corporate assets and customer information. This is accomplished in-line with
the company’s Statements of Commitment. The following guiding principles reflect the commitments of
XY Company employees to all of the company’s stakeholders (customers, suppliers, employees,
shareholders, governments and society).
XYZ Company’s vision is to maintain its competitive advantage in the domestic and international
financial services industry by providing secure, valuable, and high quality services with expert employee
knowledge to our customers when they want them and where they want them.
XYZ Company understands the value of continuous improvement. Our unwavering focus and steadfast
passion is to provide the highest quality customer service and financial products while consistently
exceed customer expectations. Our employees are committed to understanding and meeting customers'
evolving needs, and our company and service offerings are able to adapt quickly to changing
environments and competitive pressures.
XYZ Company’s mission is to serve consumers and institutions with its well-established and unique
financial products and services.
XYZ Company’s use of technology is vital to its continued success. The technology mission of XYZ
Company’s security department is to maintain the confidentiality, integrity, and availability of
information assets and systems while delivering high quality, timely, and effective responses to
customer requirements (both internal and external) through technology and connectivity.
2.0 Procedure
The procedure utilized in this Job / Task Analysis follows from preparation to interviewing to analysis.
2.1 Preparation
1) Collect Information:
a) Corporate-wide
i) Statements of Commitment
ii) Business goals
iii) Organizational structure
b) Departmental (Information Security Department)
i) Statements of Commitment
ii) Business goals
iii) Organizational structure
c) Position under analysis (Information Assurance Specialist)
i) Job description on file (current and past)
ii) Expectations from supervisors
iii) Entry qualifications
iv) Responsibilities
v) Certifications
vi) Compensation
b) Sample Information:
i) Designation IA SPECIALIST #1
(1) Name: John Locke
(2) Gender: Male
(3) Current job title: Information Assurance Specialist
(4) Department/Company: Information Security / XYZ Company
(5) Job Location: London Office. London, UK
(6) Length of time in current position: 4 years
Note: Please see Item 1 on the following page (p.9) for an outline of the email sent to the IA
Specialist interviewees.
The three Information Assurance Specialists were interviewed and observed during the week of 12
October 2009. The ISSO was interviewed on 16 October 2009. The Job / Task Analysis was developed
during the week of 19 October 2009.
John Locke (IA SPECIALIST) – Interviewed on 12 October 2009 at 10:25. Observed on 12 October
2009 from 12:00 – 17:00.
Cathy Booker (IA SPECIALIST) - Interviewed on 13 October 2009 at 08:25. Observed on 12
October 2009 from 10:00 – 17:45.
Terry Chatworth (IA SPECIALIST) - Interviewed on 14 October 2009 at 09:00. Observed on 15
October 2009 from 8:00 – 17:00 and 16 October 2009 from 8:00 – 14:25.
Kevin Tanner (ISSO) - Interviewed on 16 October 2009 at 14:45.
2.3 Analysis
Extensive notes were taken during the four interviews and three observation sessions. The notes were
first checked for potential inaccuracies, and then, consolidated. The consolidated notes were translated
into a hierarchical list of functions, duties, and tasks as deemed necessary to perform the job. Required
skills and knowledge for some frequently performed tasks were also identified.
The results of the analysis are a short description of the Information Assurance Specialist job position as
it was so described, the prerequisites that an IA Specialists should posses at XYZ Company, a list of
functions, duties, and tasks that are necessary to perform the job, and required skills and knowledge for
frequently performed tasks.
The IA Specialists work both independently and as part of the Information Security Department team
under the leadership of the ISSO. The IA Specialists report directly to the ISSO as seen in Chart 1 (p.4). In
addition, IA Specialists work closely with leaders in other key business departments to ensure the
confidentiality, integrity, and availability of information assets and systems. IA Specialists are expected
to deliver high-quality, timely and effective responses to customer requirements (both internal and
external) through technology, connectivity, and communication.
Of note, the current job description on file matched with a high degree of accuracy the job
responsibilities and qualifications detailed by the ISSO and the IA Specialists.
To be successful as an IA Specialist, the following knowledge elements and capabilities have been
identified:
Ability to develop and maintain security policies, standards, procedures and guidelines where
appropriate.
Ability to develop security assessments, and develop and maintain security plans.
Ability to participate in security investigations, incident response, and disaster recovery.
Ability to develop and analyze the systems security.
Knowledge of how to develop additional systems security documentation.
Knowledge of how to develop and implement security policies, standards, procedures and
guidelines.
Knowledge of security regulations and standards.
Knowledge of technical and administrative information assurance issues.
Technical and administrative skills for implementing security mechanisms and controls.
There are five major functions for the IA Specialist position at XYZ Company: protect; monitor; analyze;
detect; and respond. Functions provide a means of distinguishing between different levels of work. The
functional level indicates the roles that employees perform.
1.6.2 Identify
updates to
mechanisms and
controls
1.6.3 Apply updates
1.6.4 Reconfigure
2.0 Monitor 2.1 Monitor security 2.1.1 Identify
mechanisms and controls suspicious
5 High
information asset
activities
3.0 Analyze 3.1 Analyze information 3.1.1 Show
security requirements knowledge of
organization
3.1.2 Show
3 Low
knowledge of
security best
practices, standards,
and regulations
3.2 Analyze security 3.2.1 Show
mechanism and control knowledge of
reports analysis procedures
5 High
3.2.2 Show
knowledge of alarms
and alerts
4.0 Detect 4.1 Identify information 4.1.1 Show
security threats knowledge of
security mechanism
and control alerts
5 Moderate
4.1.2 Identify
suspicious IT and
network systems
activity
4.2 Identify physical 4.2.1 Show
security threats knowledge of alarm
and surveillance
systems 4 Low
4.2.2 Identify
suspicious people
and activities
5.0 Respond 5.1 Participate in security 5.1.1 Respond to 5 Low
investigations incident
5.1.2 Aid in recovery
from incident
5.1.3 Restore
systems after
incident
5.1.4 Prepare
systems in case of
incident
5.1.5 Conduct
exercises to ensure
preparation
5.2 Participate in incident 5.2.1 Respond to
response incident
5.2.2 Aid in recovery
from incident
5.2.3 Restore
systems after
incident 5 Moderate
5.2.4 Prepare
systems in case of
incident
5.2.5 Conduct
exercises to ensure
preparation
5.3 Participate in disaster 5.3.1 Respond to
recovery incident
5.3.2 Aid in recovery
from incident
5.3.3 Restore
systems after
incident 5 Low
5.3.4 Prepare
systems in case of
incident
5.3.5 Conduct
exercises to ensure
preparation
This section identifies some of the requisite skills and knowledge required to perform the tasks
identified as “High Frequency” in the Task Listing.
This section identifies the requisite qualifications essentially needed to perform the functions, duties,
and tasks identified in the Task Listing.
At this time it is not believed that a reclassification of the ISSO position and its duties is necessary.
Appendix 1
XYZ Company is seeking an Information Assurance Specialist (IA SPECIALIST) to work in London, UK. The
IA SPECIALIST will work closely with other IA SPECIALIST employees, the ISSO, and leaders in Information
Technology, Human Resources and other departments to oversee and coordinate corporate information
security operations across 1 UK and 1 overseas office. The IA SPECIALIST will report directly to the CSO.
Aside from the qualifications listed below, the IA SPECIALIST must also have an in-depth understand of
the XYZ Company's business environment and have a strong background in information assurance. The
responsibilities of this position include but are not limited to the following:
Responsibilities:
Develop and maintain security policies, standards, procedures and guidelines where
appropriate. Enforce established security policies, standards, procedures and guidelines.
Perform IT security assessments, and develop and maintain security plans.
Develop additional systems security documentation.
Participate in secure systems development and analysis.
Provide technical and administrative direction on information assurance issues.
Provide technical and administrative guidance on implementing and monitoring security
mechanisms and controls.
Identify regulations and standards and support company compliance.
Support a security awareness-training program.
Participate in security investigations, incident response, and disaster recovery.
Other duties as assigned.
Qualifications:
Compensation: