Skip to content
English
  • There are no suggestions because the search field is empty.

Information and Application Protection

Knowledge and ability to ensure there are adequate technical and organizational safeguards to protect the continuity of IT infrastructure services by implementing IT security principles, methods, practices, policies, and tools.
Level 1 Introductory: Demonstrates introductory understanding and ability and, with guidance, applies the competency in a few, simple situations. Can direct people to the appropriate source for further information.

BEHAVIORS

  • Explains security requirements at a basic level.
  • Exhibits awareness of certification policies.
  • Works with an awareness of privacy requirements and standards.

QUESTIONS

  • Describe how you have used your understanding of security principles and practices to control access to sensitive systems.

Probing Questions

* What are the systems and the actions you took?

* What types of information needed to be controlled?

* Why was it necessary to control access to that system?

* How do you know that it was properly controlled?

  • Describe a situation where you needed to be concerned about the privacy of personal information.

Probing Questions

* Why was this a concern?

* What did you do to deal with this concern?

* Where did you go to find the requirements and standards?

* How was the information protected?

Level 2 Basic: Demonstrates basic knowledge and ability and, with guidance, can apply the competency in common situations that present limited difficulties.

BEHAVIORS

  • Works with basic concepts of IT security and its application to computer systems architecture.
  • Participates in disaster recovery tests.
  • Monitors systems.
  • Reports breaches following established guidelines.

QUESTIONS

  • Outline a time when you were involved with disaster recovery testing.

Probing Questions

* What was your role?

* How did you participate in or run test cases/scenarios?

* How did you participate in the evaluation of the tests?

* What were the results?

  • Describe a time when you needed to ensure appropriate security measures were included in your work product.

Probing Questions

* What type of work were you involved with?

* What security considerations did you factor into what you were doing?

* How did you go about doing this?

* What did you do to ensure that your work product met the appropriate security requirements?

  • Talk about a time when you had to monitor access and traffic to identify security breaches.

Probing Questions

* How did you go about performing this work?

* Which tools did you use for the monitoring and reporting activities?

* How did you know you were successful in your task?

* How did you know you were following the appropriate processes and procedures?

Level 3 Intermediate: Demonstrates solid knowledge and ability, and can apply the competency, with minimal or no guidance, in the full range of typical situations. Would require guidance to handle novel or more complex situations.

BEHAVIORS

  • Executes prepared security test plans and provides appropriate feedback.
  • Resolves low impact threats.
  • Implement steps to protect system data from intentional or unintentional access at operational level.
  • Performs security certifications.
  • Contributes to disaster recovery planning.
  • Recommends security safeguards in own area of expertise.
  • Implement approved standards.
  • Works effectively with a specific security application or tool.

QUESTIONS

  • Information and application security is about balancing and managing the risks involved. Describe a specific risk system or situation you encountered.

Probing Questions

* What were the circumstances surrounding this situation?

* How did you assess the degree of risk?

* What risk management strategy did you employ?

* What was the impact of using your strategy?

  • Describe a situation where there was an actual or perceived security risk or breach of security?

Probing Questions

* What was your role in resolving the issues?

* What actions did you take?

* Why did you take those particular actions?

* Was the situation resolved as a direct result of your actions?

  • Describe the work situation where you have been able to use your understanding of the principles, practices, methods and tools to ensure that information and applications are properly protected.

Probing Questions

* What were the circumstances surrounding this situation?

* What actions did you take to ensure that the information was adequately protected?

* How did you deal with other people and things involved with this situation?

* What would you do differently, if faced with the same circumstances?

  • Outline a time when you were involved with disaster recovery planning.

Probing Questions

* What was your role?

* How did you contribute to the overall plan?

* How did you ensure that the disaster recovery plan was viable?

* What was the result?

Level 4 Advanced: Demonstrates advanced knowledge and ability and can apply the competency in new or complex situations. Guides other professionals.

BEHAVIORS

  • Delivers work that shows a broad understanding of general system security issues or a very detailed area of expertise in security subject(s).
  • Interprets policies based on accepted guidelines and best practices.
  • Conducts comprehensive threat/risk assessments.
  • Provides input on the revisions to and augmentation of security safeguards.
  • Responds to security threats with threats and serious incidents. Recommends changes to prevent future threats of the same nature.
  • Mentors individuals and teams.

QUESTIONS

  • Outline a scenario where you were responsible for information and application protection from a broad perspective dealing with more than one aspect of security.

Probing Questions

* What was your role and what security aspects were you responsible for during this project?

* How did you influence the work?

* What processes did you carry out or have carried out to assess the various risk elements?

* What was the outcome?

  • Describe an occurrence or time when you were forced to deal with a significant security threat in a system or application that was particularly difficult or sensitive.

Probing Questions

* What was the threat or intrusion?

* How did you determine the potential impact of this threat?

* What actions did you take to ensure that the proper people were adequately informed of the threat and the resolution plan?

* How did the actions you took serve to mitigate the risk and identify ways to ensure similar threats would not occur?

  • Describe a time when you were responsible for developing a threat and risk assessment as well as a privacy impact assessment on a complex system.

Probing Questions

* What were the situation and the system involved?

* How did you approach the task?

* What problems and obstacles did you encounter?

* What was the end result? How successful were your assessments with the clients?

Level 5 Expert: Demonstrates expert knowledge and ability, and can apply the competency in the most complex situations. Develops new approaches, methods or policies in the area. Is recognized as an expert, internally and/or externally.

BEHAVIORS

  • Delivers work that shows an expert understanding or very detailed area of expertise in multiple security subject(s).
  • Translates security legislation and regulation, into sound policies