Skip to content
English
  • There are no suggestions because the search field is empty.

Cyber Security

Developing and implementing policies, tools, and safeguards to protect the organization’s network, systems, applications, and data from attack, damage, and unauthorized access.
Level 1 . Demonstrates introductory understanding, directing people to the appropriate source for further information.

BEHAVIORS

  • Describes the organization’s cyber security strategy in general terms and how it can be applied in common work scenarios.
  • Identifies the right sources for guidance on cyber security practices.
  • Describes key cyber security principles and common forms of threats.
  • Participates in ongoing cyber security training initiatives to gain up-to-date knowledge of organizational policies and practices.

QUESTIONS

  • Describe a situation where you were required to explain an organization’s cyber security strategy and how it related to that organization’s security objectives.

Probing Questions

* What was the situation?

* Why were you asked to explain this linkage?

* What did you do?

* What was the outcome?

  • Describe a situation where you were required to explain key cyber security principles and common forms of threats.

Probing Questions

* What was the situation?

* What was your role and responsibilities?

* What did you do?

* What was the end result?

Level 2. Applies the competency in common situations that present limited difficulties, working with a moderate level of guidance.

BEHAVIORS

  • Describes cyber security priorities that are aligned with the organization’s overall security strategy.
  • Assists in the delivery of cyber security training and awareness programs to promote awareness across the organization.
  • Collects performance data to inform the evaluation of the cyber security strategy.
  • Participates in simple threat and risk analyses for cyber security analyses.
  • Compares and contrast inside threats versus external threats pertaining to the industry.

QUESTIONS

  • Describe a situation where you were asked to participate in the delivery of cyber-security awareness training or awareness programs.

Probing Questions

* What was the situation?

* What were the requirements?

* What was your role and responsibilities?

* What did you do?

* What was the end result?

  • Describe a situation where you had to perform a simple threat and risk analysis.

Probing Questions

* What was the situation?

* What was your role?

* What extent of guidance did you receive?

* What did you do?

* What were the end results?

Level 3. Applies the competency in the full range of typical situations, requiring guidance in only the most complex or new situations.

BEHAVIORS

  • Performs complete threat and risk and privacy impact assessments on new and upgraded systems.
  • Provides guidance to others on cyber security policies and best practices, including delivering training and awareness programs to non-technical staff.
  • Reviews existing controls and countermeasures to assess vulnerabilities and risks.
  • Investigates security incidents, recommending improvements in security controls.
  • Produces regular status reports on cyber security compliance.
  • Identifies metrics and tools used to measure compliance with the cyber security strategy.

QUESTIONS

  • Describe a situation where you had to conduct a complete threat and risk analysis and privacy assessment for a new or upgraded system.

Probing Questions

* What was the situation?

* What was your role and responsibilities?

* What did you do?

* What was the end result?

  • Describe a situation where you had to identify the metrics and tools needed to measure compliance with the cyber security strategy.

Probing Questions

* What was the situation?

* What was your role?

* What did you need to accomplish?

* What was the outcome?

Level 4. Applies the competency in new or complex situations and advises others.

BEHAVIORS

  • Coordinates the effort in responding to major security breaches, which may require the input from multiple areas in the organization.
  • Implements changes to security policies, procedures, controls, and countermeasures in anticipation of new threats.
  • Advises others on complex issues in the area of information security.
  • Directs security risk assessments on complex systems to identify vulnerabilities and potential threats.
  • Reviews business processes and documents (e.g., vendor contracts) to ensure security requirements are addressed.

QUESTIONS

  • Describe a situation where you had to coordinate the response to a major security event.

Probing Questions

* What was the situation?

* What was your role and responsibilities?

* What did you do?

* What was the outcome?

  • Describe a situation when you needed to implement changes to security policies, procedures, and controls in anticipation of a new threat.

Probing Questions

* What was the situation?

* What did you need to accomplish?

* What did you do?

* What was the outcome?

Level 5. Develops new approaches and methods in the area. Is recognized as an expert within the organization.

BEHAVIORS

  • Develops cyber security strategies, policies, standards, and processes to support the organization’s overall business objectives.
  • Monitors industry and regulatory trends to ensure the organization’s cyber security practices are adequate and up-to-date.
  • Builds consensus among stakeholders across the organization to support the integration and implementation of cyber security strategies.
  • Oversees the implementation of information security strategies, ensuring that resource and technology requirements are met.
  • Uses findings from the evaluation of the cyber security strategy to inform the cyber security roadmap.
  • Consults with senior management to increase awareness of cyber security and to ensure executive support for security policies and strategies.

QUESTIONS

  • Describe a situation where you had to develop cyber security strategies to support the organization’s overall business objectives.

Probing Questions

* What was the situation?

* What did you need to accomplish?

* What did you do?

* What was the outcome?

  • Describe a situation where you had to gain organizational support for the implementation or modification of an enterprise-wide cyber security strategy.

Probing Questions

* What was the situation?

* What did you need to accomplish?

* What did you do?

* What was the end result?