Free Analyst Security Operations Centre Course (6Months)

Analyst Security Operations Centre:

Analyst Security Operations Centre (SOC): in the IT-ITeS Industry is also known as
Engineer SOC.

Brief Job Description: Individuals at this job are responsible for monitoring and
analyzing organizations traffic and logs for threats; notifying potential threats found;
responding to alarms raised; following-up for ticket closure with the client and any
enhancements to existing cyber security measures. The job also involves identifying
potential threats and performing enhancements to existing cyber security measures
as per specifications or policy guidelines. When a security incident is declared they
execute incident response process and document the same.

Personal Attributes: This job may require the individual to work in a team/shifts. The
individual should be result oriented and have a high attention for detail. The individual
should also be able to demonstrate good communication skills and logical thinking
with willingness to work in shifts.

Analyst Security Operations Centre

Monitor and log events and alarms of possible security threats:

Performance Criteria

PC1. verify the scope of information assets and system components to be
monitored with authorised persons
PC2. use specified monitoring and data collection methods and tools following
organisational procedures and policies

PC3. monitor organization’s traffic and logs originating from ICT systems using
various security technologies to detect security threats and health of the ICT
systems
PC4. monitor external data sources (e.g., computer network defence [CND] vendor
sites, Computer Emergency Response Teams, SANS, Security Focus)
PC5. determine security issues which may have an impact on the enterprise
PC6. perform telemetry monitoring to identify security platform issues
PC7. identify and gather information to enable the security of identified devices to
be assessed
PC8. collect logs from all types of ICT systems devices and applications as required
by organisation
PC9. collect data w.r.t to various types of security alerts /alarms through SIEM
PC10. characterize and analyze network traffic to identify anomalous activity and
potential threats to network resources
PC11. identify trends and patterns using SIEM tool
PC12. coordinate with enterprise-wide computer network defence (CND) staff to
validate network alerts
PC13. perform event correlation using information gathered to gain situational
awareness and determine the threat potential
PC14. perform analysis of logs for identifying risks
PC15. categorise the priority of identified risks by determining potential impact as
per organizational processes and policies
PC16. record and categorize the service request accurately as per organizational
processes and policies
PC17. raise incidents in ticketing tools if something is found suspicious during the
analysis
PC18. assign the ticket to the relevant persons as per the type of risk following
organisational procedures and policies
PC19. prioritize the service request according to organizational procedures and
policies
PC20. obtain help or advice from specialist if the problem is outside his/her area of
competence or experience
PC21. report the results of the monitoring, ticket raising and ticket closure activities
using standard documentation following organisational procedures
PC22. participate in 24//7 security operations centre shift schedule
PC23. receive shift handover alongwith relevant information, authorities and
instructions
PC24. comply with relevant legislation, standards, policies and procedures

PC25. maintain a knowledge-base of the known problems
PC26. use escalation matrix for unresolved tickets within agreed turnaround times

Organizational
Context

You need to know and understand:
KA1. your organization’s policies, procedures, standards and guidelines for managing information security
KA2. your organization’s knowledge base and how to access and update this
KA3. limits of your role and responsibilities and who to seek guidance from
KA4. the organizational systems, procedures and tasks/checklists within the domain and how to use these
KA5. how to engage with both internal and external specialists for support in order to resolve incidents and service requests
KA6. service request procedures, tools, and techniques
KA7. the operating procedures that are applicable to the system(s) being used
KA8. standard tools and templates available and how to use these

Technical
Knowledge

You need to know and understand:
KB1. basic cyber security concepts
KB2. Relevant networking concepts, devices and terminology
KB3. cyber security incident detection, prevention, management & response activities
KB4. event and Log analysis and packet analysis
KB5. frameworks and management system standards like NIST, ITIL, ISO IEC 20000, ISO 27001, etc.
KB6. operational processes such as report generation, verification, data analysis and correlation, etc.
KB7. common types of physical threats to ICT systems and data (hardware damage, loss and theft)
KB8. common types of electronic threats to ICT systems and data (e.g. denial of service, data theft or damage, unauthorized use)
KB9. the security vulnerabilities associated with remote access technologies
KB10. attack patterns
KB11. operating system interface with SIEM for gathering logs
KB12. types of logs, and how to read logs
KB13. typical response times and service times for problems
KB14. the importance of documenting, classifying, prioritizing service requests received over voice calls, email, incident management tools and incident reports


Analyst Security Operations Centre

Writing Skills
You need to know and understand how to:
SA1. complete accurate well written work with attention to detail
SA2. document call logs, reports, task lists, and schedules with co-workers
SA3. prepare status and progress reports
SA4. log calls and raise tickets in the SIEM tool, providing proper indicators and descriptions as required
SA5. write memos and e-mail to customers, co-workers, and vendors to provide them with work updates and to request appropriate information without English language errors regarding grammar or sentence construct and following professional etiquettes

Reading Skills
You need to know and understand how to:
SA6. read about new products and services with reference to the organization and also from external forums such as websites and blogs
SA7. keep abreast with the latest knowledge by reading brochures, pamphlets, and product information sheets
SA8. read comments, suggestions, and responses to Frequently Asked Questions (FAQs) posted on the helpdesk portal
SA9. read policy manual, standard operating procedures and service level agreements relevant to work area
SA10. read emails received from own team, across team and external vendors and clients

Oral Communication (Listening and Speaking skills)
You need to know and understand how to:
SA11. discuss task lists, schedules, and work-loads with co-workers
SA12. give clear instructions to specialists/vendors/users/clients as required
SA13. keep stakeholders informed about progress
SA14. avoid using jargon, slang or acronyms when communicating with a customer, unless it is required
SA15. receive and make phone calls, including call forward, call hold, and call mute

Professional Skills

Decision Making
You need to know and understand how to:
SB1. follow rule-based decision-making processes
SB2. make a decision on a suitable course of action

Plan and Organize
You need to know and understand how to:
SB3. plan and organize your work to achieve targets and deadlines

Customer Centricity
You need to know and understand how to:
SB4. Identify internal or external customer requirement and priorities clearly with respect to work at hand
SB5. carry out rule-based transactions in line with customer-specific guidelines, procedures, rules and service level agreements
SB6. check that your own and/or your peers work meets customer requirements

Problem Solving
You need to know and understand how to:
SB7. apply problem-solving approaches in different situations
SB8. seek clarification on problems from others

Analytical Thinking
You need to know and understand how to:
SB9. analyze data and activities
SB10. configure data and disseminate relevant information to others
SB11. pass on relevant information to others

Critical Thinking
You need to know and understand how to:
SB12. provide opinions on work in a detailed and constructive way
SB13. apply balanced judgments to different situations

Attention to Detail
You need to know and understand how to:
SB14. check your work is complete and free from errors

Team Working
You need to know and understand how to:
SB15. work effectively in a team environment
SB16. work independently and collaboratively

Technical Skills
You need to know and understand how to:
SC1. operate the console of security information and event management tools (SIEM)
SC2. read coded scripts and modify and debug programs
SC3. develop custom parsers to parse logs from different sources including firewalls, operating systems, applications, etc.
SC4. work on various operating systems and plat
SC5. work with word processors, spreadsheets and presentations

Analyst Security Operations Centre

Investigate and respond to events and alarms that could be security threats:

Performance Criteria
To be competent, you must be able to:
PC1. receive and analyse alarms and alerts from various sources within the enterprise and determine possible causes of such alerts
PC2. interpret and incorporate data from multiple tool sources
PC3. validate Intrusion Detection and Prevention System (IDPS) alerts against network traffic using packet analysis tools
PC4. perform deep packet analysis to identify DDoS/DoS attack vectors and security threats and mitigation strategy
PC5. verify the scope of detected incidents with relevant persons
PC6. distinguish these incidents and events from benign activities
PC7. identify the information assets and system components that may be impacted by detected incidents
PC8. analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
PC9. perform analysis of log files from a variety of sources to identify possible threats to network security
PC10. perform computer network defence (CND) incident triage, to include determining scope, urgency, and potential impact;
PC11. correlate data by researching logs, analysing graphs and packet inspection to provide detailed reports
PC12. correlate and analyse events using Security Information and Event Management (SIEM) tool to detect IT security incidents.
PC13. obtain and preserve evidence relating to detected incidents
PC14. examine how access to the affected information assets and system components was obtained
PC15. identify and categorize types of vulnerabilities and associated attacks

PC16. determine appropriate course of action in response to identified and analysed anomalous activity
PC17. make recommendations for specific actions to be taken to respond to incidents
PC18. perform health check of the security solution
PC19. Use external information sources for incident investigation
PC20. report any incidents which cannot be resolved or mitigated to the relevant persons following organisational procedures
PC21. follow organisational procedures for the closure of incidents
PC22. report on incident management activities using standard documentation following organisational procedures
PC23. track and document incidents from initial detection through final resolution using SIEM tool
PC24. integrate the assets with the SIEM solution for log analysis

Organizational
Context
You need to know and understand:
KA1. your organization’s policies, procedures, standards, guidelines and service level agreements for responding to information security incidents
KA2. the day-to-day operations, procedures and tasks relating to your area of work your organization’s knowledge base and how to access and update this
KA3. organization’s knowledge base and how to access and update this
KA4. limits of your role and responsibilities and who to seek guidance from
KA5. the organizational systems, procedures and tasks/checklists within the domain and how to use these
KA6. how to engage with both internal and external specialists for support in order to resolve incidents and service requests
KA7. service request procedures, tools, and techniques
KA8. the operating procedures that are applicable to the system(s) being used
KA9. computer network defense (CND) policies, procedures, and regulations
KA10. standard tools and templates available and how to use these
. Technical
Knowledge
You need to know and understand:
KB1. Basic cyber security concepts
KB2. computer security incident detection & response activities
KB3. types of addresses used on networks and why they are used
KB4. frameworks and management system standards like ITIL, COBIT, ISO IEC 27001, etc.
KB5. operational processes such as report generation, verification, data correlation, etc.

KB6. common application/system vulnerabilities, threat actors and mitigations
KB7. common types of electronic threats to ICT systems and data
KB8. the security vulnerabilities associated with remote access technologies
KB9. event and Log analysis and packet analysis
KB10. typical response times and service times for problems
KB11. the importance of documenting, classifying, prioritizing service requests received over voice calls, email or internet and incident reports
KB12. what constitutes a network attack and the relationship to both threats and vulnerabilities
KB13. the basic functionalities of the applications, hardware and/or access rights that are used by the customers
KB14. various tool for protocol/packet analysis and debugging of operating system issues
KB15. basic of cloud
KB16. Basics of IdAM (authorization & authentication)
KB17. network analysis tools to identify vulnerabilities
KB18. operational processes such as report generation, verification, data correlation, etc.
KB19. how to conduct vulnerability scans and recognizing vulnerabilities in security systems
KB20. data backup, types of backups (e.g., full, incremental), and recovery concepts and tools
KB21. incident response and handling methodologies
KB22. defense-in-depth principles
KB23. unix command line and windows command line
KB24. how to collect data from a variety of computer network defense resources
KB25. how to troubleshoot basic systems and identify operating systems-related issues
KB26. general attack stages
KB27. how to read and interpret signatures and signature implementation impact
KB28. Internet ports, protocols and services and their usefulness
KB29. Common Cyber security solutions like Firewall, IDS/IPS, web security gateways, email security, content management, etc.
KB30. Importance of learning domain specific cyber security requirements that are relevant to the role
KB31. Introduction to possible domain specific requirements such as specific regulations, systems, etc.

Writing Skills
The user/ individual on the job needs to know and understand how to:
SA1. document call logs, reports, task lists, and schedules with co-workers
SA2. prepare status and progress reports
SA3. log calls and raise tickets in the SIEM tool, providing proper indicators and descriptions as required
SA4. write e-mails to customers, co-workers, and vendors to provide them with work updates and to request appropriate information without English language errors regarding grammar or sentence construct and following professional etiquettes

Reading Skills
The user/individual on the job needs to know and understand how to:
SA5. read about new products and services with reference to the organization and also from external forums such as websites and blogs
SA6. keep abreast with the latest knowledge by reading brochures, pamphlets, and product information sheets
SA7. read comments, suggestions, and responses to Frequently Asked Questions (FAQs) posted on the helpdesk portal
SA8. read policy manual, standard operating procedures and service level agreements relevant to work area
SA9. read emails received from own team, across team and external vendors and clients

Oral Communication (Listening and Speaking skills)
You need to know and understand how to:
SA10. listen effectively and orally communicate information accurately
SA11. ask for clarification and advice from others

Analyst Security Operations Centre

Professional Skills

Decision Making
You need to know and understand how to:
SB1. follow rule-based decision-making processes
SB2. make a decision on a suitable course of action

Plan and Organize
You need to know and understand how to:
SB3. plan and organize your work to achieve targets and deadlines

Customer Centricity
You need to know and understand how to:
SB4. build and maintain positive and effective relationships with customers
SB5. check that your own work meets customer requirements

Problem Solving

You need to know and understand how to:
SB6. apply problem solving approaches in different situations
SB7. seek clarification on problems from others
SB8. refer anomalies to the line manager

Analytical Thinking
You need to know and understand how to:
SB9. analyze data and activities
SB10. configure data and disseminate relevant information to others
SB11. pass on relevant information to others

Critical Thinking
You need to know and understand how to:
SB12. provide opinions on work in a detailed and constructive way
SB13. apply balanced judgments to different situations

Attention to Detail
You need to know and understand how to:
SB14. apply good attention to details
SB15. check your work is complete and free from errors

Team Working
You need to know and understand how to:
SB16. work effectively in a team environment
SB17. contribute to the quality of team working
SB18. work independently and collaboratively

Technical Skills
You need to know and understand how to:
SC1. use information technology effectively to input and/or extract data accurately
SC2. identify and refer anomalies in data
SC3. store and retrieve information
SC4. agree objectives and work requirements
SC5. keep up to date with changes, procedures and practices in your role

Manage your work to meet requirements:

Performance Criteria
To be competent on the job, you must be able to:
PC1. establish and agree your work requirements with appropriate people
PC2. keep your immediate work area clean and tidy
PC3. utilize your time effectively
PC4. use resources correctly and efficiently
PC5. treat confidential information correctly
PC6. work in line with your organization’s policies and procedures
PC7. work within the limits of your job role
PC8. obtain guidance from appropriate people, where necessary
PC9. ensure your work meets the agreed requirements

Organizational
Context
KA1. your organization’s policies, procedures and priorities for your area of work and your role and responsibilities in carrying out your work

KA2. limits of your responsibilities and when to involve others
KA3. your specific work requirements and who these must be agreed with
KA4. the importance of having a tidy work area and how to do this
KA5. how to prioritize your workload according to urgency and importance and the benefits of this
KA6. your organization’s policies and procedures for dealing with confidential information and the importance of complying with these
KA7. the purpose of keeping others updated with the progress of your work
KA8. who to obtain guidance from and the typical circumstances when this may be required
KA9. the purpose and value of being flexible and adapting work plans to reflect change
B. Technical
Knowledge You need to know and understand:
KB1. the importance of completing work accurately and how to do this
KB2. appropriate timescales for completing your work and the implications of not meeting these for you and the organization
KB3. resources needed for your work and how to obtain and use these


Writing Skills
You need to know and understand how to:
SA1. complete accurate work with attention to detail

Reading Skills
You need to know and understand how to:
SA2. read instructions, guidelines, procedures, rules and service level agreements

Oral Communication (Listening and Speaking skills)
You need to know and understand how to:
SA3. ask for clarification and advice from line managers
SA4. communicate orally with colleagues

Professional Skills

Decision Making
You need to know and understand how to:
SB1. make a decision on a suitable course of action

Plan and Organize
You need to know and understand how to:
SB2. plan and organize your work to achieve targets and deadlines
SB3. agree objectives and work requirements

Customer Centricity
You need to know and understand how to:
SB4. deliver consistent and reliable service to customers
SB5. check that your own work meets customer requirements

Problem Solving
You need to know and understand how to:
SB6. refer anomalies to the line manager
SB7. seek clarification on problems from others

Analytical Thinking
You need to know and understand how to:
SB8. provide relevant information to others
SB9. analyze needs, requirements and dependencies in order to meet your work requirements

Critical Thinking
You need to know and understand how to:
SB10. apply judgments to different situations

Attention to Detail
You need to know and understand how to:
SB11. check your work is complete and free from errors
SB12. get your work checked by peers

Team Working
You need to know and understand how to:
SB13. work effectively in a team environment

Technical Skills
You need to know and understand how to:
SC1. use information technology effectively, to input and/or extract data accurately
SC2. identify and refer anomalies in data
SC3. store and retrieve information
SC4. keep up to date with changes, procedures and practices in your role

Guidelines for Assessment:

  1. Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS.
  2. The assessment will be conducted online through assessment providers authorised by SSC.
  3. Format of questions will include a variety of styles suitable to the PC being tested such as multiple choice questions, fill in the blanks, situational judgment test, simulation and programming test.
  4. To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%.