KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
A1 Gather and document data/information assurance requirements |
- Relevant information and requirements are completely accurate and thoroughly documented
- Sources of information are trustworthy and current
- Requirements are attainable within applicable time, technology, and cost constraints
- Data/information requirements are reviewed and approved by relevant stakeholders
- Requirements meet applicable internal and external standards and practices
- Requirements are periodically reviewed against performance standards and emerging security specifications
|
- Knowledge of internal and external data/information assurance standards, recommendations, and practices
- Knowledge of trustworthy sources and relevant standards
- Knowledge of relevant and applicable technologies and business practices
- Ability to collect, analyze, interpret, and present security specifications in the data assurance
environment
|
- Ability to identify key sources of information
- Ability to analyze information for accuracy and consistency
- Ability to ask relevant questions
- Ability to accurately summarize and document information
|
A2 Develop data/information assurance plans and implementation strategies |
- Plans address critical confidentiality, integrity, and availability requirements
- Plans provide realistic methods to meet security specifications and data requirements
- Plans identify and prescribe appropriate training and implementation processes and methods
- Plans and strategies are consistent with relevant policies, practices, and standards
- Implementation strategies support customer requirements and business objectives
- Plans and strategies support current technologies and accommodate future technological development
- Plans and strategies are developed in the context of ethical and societal norms and expectations
|
- Knowledge of relevant policies, practices, and standards
- Ability to determine customer requirements in the context of business goals and risk analysis
- Knowledge of current and emerging security tools, technologies, and practices
- Knowledge of security-related ethical and societal norms and expectations
- Ability to interpret and present security data assurance plans and strategies in the data assurance
environment
|
- Ability to synthesize and organize information
- Ability to manage resources and timelines to maximize effectiveness
- Ability to assume responsibility for accomplishing team goals
- Ability to create detailed supporting documents
|
A3 Review and test plans and strategies for compliance with applicable regulations and
standards |
- Plans and strategies meet specifications of applicable regulations and standards
- Compliance is reviewed in the context of risk analysis, cost benefit analysis, and implementation
feasibility
- Appropriate recommendations follow review and testing processes
- Regulations and standards are regularly monitored for updates and revisions
|
- Knowledge of applicable business policies and analysis tools
- Knowledge of applicable security regulations and standards
- Ability to perform compliance reviews and analysis
- Ability to formulate and present security/data assurance plans, strategies, and recommendations
|
- Ability to generate/evaluate solutions
- Ability to compare multiple viewpoints and relate intent to desired results
- Ability to identify key sources of information
- Ability to pose critical questions
|
A4 Implement data/information assurance plans and strategies |
- Data/information assurance plans and strategies are implemented according to requirements, specifications,
timelines, and relevant decision points
- Implementation schedule and expectations are communicated to relevant stakeholders
- Implementation includes appropriate transition and contingency plans
- Plans and strategies are implemented with minimal disruptions
- Implementation includes applicable orientation and training
|
- Knowledge of implementation planning processes, procedures, and requirements
- Knowledge of security tools and technologies
- Knowledge of training processes and procedures
- Ability to develop and implement transition and contingency plans
|
- Ability to synthesize information
- Ability to create detailed supporting documentation
- Ability to organize and present information to users and analyze group/individual response
- Ability to create and develop new rules/principles
|
A5 Monitor performance to ensure integrity and confidentiality |
- Security data is collected, and documented and analyzed
- Security breaches are detected and reported according to applicable practices and procedures
- Security issues are quickly identified, escalated appropriately, and resolved
- Monitoring process includes routine and nonroutine self-tests and audits
|
- Knowledge of data collection and analysis practices and techniques
- Knowledge of detection tools and reporting practices
- Knowledge of security testing and security auditing methods
- Ability to gather, summarize, and present performance data
|
- Ability to establish rapport with co-workers and customers and modify actions to environment
- Ability to analyze organization of information
- Ability to compare and interpret multiple viewpoints
- Ability to pose critical questions
- Ability to read and follow written instructions
- Ability to recognize ethical issues
- Ability to maintain confidentiality
|
A6 Maintain and update data/information assurance plans and strategies as appropriate |
- Plans and strategies are regularly reviewed for update and revision
- Plans and strategies are evaluated against current and emerging security criteria, regulations, and
standards
- Revised plans and strategies are appropriately communicated and effectively integrated
- Security policies and requirements are regularly reviewed in the maintenance and upgrade process
|
- Knowledge of applicable security/data assurance regulations, standards, and practices
- Ability to analyze and recommend changes in security policies and practices
- Ability to organize and present technical data
|
- Ability to create detailed supporting documents
- Ability to create data gathering process
- Ability to create plan to monitor and correct system
- Ability to analyze client/user needs and evaluate effectiveness of solutions
- Ability to devise/implement plan of action
|
KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
B1. Gather data and analyze security requirements |
- Security data requirements include devices, topology, and intrusion detection
- Sources and methods for gathering requirements are trustworthy and current
- Data is gathered continuously in a cost-effective manner
- Security requirements reflect current and emerging data/information assurance standards, regulations, and
practices
- Requirements are analyzed relative to applicable time, technology, and cost constraints
|
- Knowledge of network architecture and applicable security products and practices
- Knowledge of security devices, topology, and intrusion detection
- Knowledge of information gathering methods, procedures, and practices
- Ability to analyze and apply security standards, regulations, and practices
|
- Ability to identify key sources of information
- Ability to ask relevant questions
- Ability to accurately summarize and document information
- Ability to recommend an ethical course of action
- Ability to pose critical questions
|
B2. Identify, analyze, and evaluate infrastructure and network vulnerabilities |
- Infrastructure and network devices and software are benchmarked against known limitations and
vulnerabilities
- Corrective plan is developed and implemented based on the benchmarking data
- Appropriate policies and procedures are developed for access control and authentication
- Physical security issues are identified and resolved
- Routine updates and upgrades are implemented per established procedures
- Relevant infrastructure, topology, and hardware information is appropriately logged and maintained
|
- Knowledge of network architecture, topology, devices, and software
- Knowledge of access control and authentication methods and protocols
- Ability to gather and evaluate technical data and maintain appropriate records
- Knowledge of applicable physical security requirements and practices
|
- Ability to analyze information for accuracy and consistency
- Ability to evaluate system configuration
- Ability to use prior training/experience to predict outcomes
- Ability to analyze, interpret and summarize information
- Ability to present complex ideas and information
|
B3. Develop critical situation contingency plans and disaster recovery plan |
- Plans appropriately prioritize criticality, time, cost and human resource requirements
- Plans reflect realistic scenarios for recovery and restoration
- Plans are effectively disseminated and continuously improved
|
- Knowledge of contingency and disaster recovery planning processes and practices
- Knowledge of network architecture and topology
- Ability to understand the IT mission and isolate critical performance elements
|
- Ability to predict outcomes/results based on prior knowledge
- Ability to create detailed supporting documentation and write technical documents for a variety of audiences
- Ability to analyze system configuration/stability
- Ability to analyze, interpret and summarize information
|
B4. Implement/ test contingency and backup plans and coordinate with stakeholders |
- Contingency and backup plans are validated through successful operational testing
- Contingency plans and procedures are routinely practiced, reviewed, and refined
- Contingency and backup plans are implemented with appropriate participation of, and minimal disruption to,
users
- Testing results in greater organizational awareness, readiness, and responsiveness
- Contingency and backup plans are effectively communicated to internal and external stakeholders
|
- Knowledge of contingency and backup plan development, testing, and implementation
- Knowledge of networking and general systems security
- Ability to analyze technical problems and develop appropriate solutions
- Knowledge of local and wide area networking environments
- Ability to develop and implement backup communication and coordination plans
|
- Ability to systematically organize information
- Ability to evaluate critically of problems, identify possible causes and propose solutions
- Ability to communicate effectively with clients/users
- Ability to document findings in detailed supporting documents
|
B5. Monitor, report, and resolve security problems |
- Security problems are detected quickly and reported accurately
- Monitoring includes all relevant devices, software, and points of access
- Security problems are resolved effectively and measures are taken to preclude recurrence
- Problem resolutions provide for improved detection and deterrence
|
- Knowledge of security detection and deterrence methods and strategies
- Knowledge of security monitoring practices and procedures
- Knowledge of problem escalation and resolution methods
|
- Ability to integrate multiple items of data and synthesize information
- Ability to interpret information, prepare basic summaries/reports and select method of communication
- Ability to present results clearly and concisely
- Ability to probe for underlying issues and pose critical questions
- Ability to determine system components to be modified or improved
|
KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
C1. Perform research and analyze requirements |
- Sources and methods for gathering requirements are trustworthy and current
- Security requirements are consistent with all applicable standards, laws, and regulations
- Requirements are analyzed relative to applicable time, technology, and cost constraints
- Requirements include feasibility analysis and recommendations for implementation and enforcement
- Requirements are regularly researched, reviewed, updated, and approved by relevant stakeholders
|
- Knowledge of applicable standards, laws, and regulations
- Knowledge of information gathering methods, procedures, and practices
- Ability to collect, analyze, interpret, and present security requirements in the data assurance environment
- Knowledge of applicable conditions and limitations relative to security policy development
|
- Ability to identify key sources of information
- Ability to analyze information for accuracy and consistency
- Ability to work cooperatively with others and contribute ideas, suggestions and assistance
- Ability to pose critical questions
- Ability to accurately summarize and document information
|
C2. Develop, assess, and document security policies, practices, and procedures |
- Policies are developed and documented according to applicable practices and procedures
- Policies are assessed for feasibility of application and enforcement
- Policies reflect system and infrastructure capabilities
- Assessment includes accommodation for emerging trends and technologies
|
- Knowledge of policy development practices and methodology
- Knowledge of system and infrastructure architecture and capabilities
- Knowledge of emerging tools and technologies in security and data assurance
|
- Ability to create detailed supporting documents
- Ability to use prior training/experience to predict outcomes
- Ability to interpret data/information
- Ability to present complex information/ideas and analyze group/individual response
|
C3. Disseminate policies and implementation practices and procedures |
- Security policies and practices are clear, pertinent, and effectively communicated to all staff and
stakeholders
- Policy implementation includes opportunities for review, feedback, and revision
- Policy enforcement is visible, fair, and consistent with applicable laws, practices, and institutional
guidelines
|
- Knowledge of project planning and implementation
- Knowledge of cybersecurity policy enforcement methods and practices
- Ability to effectively communicate data assurance and information security concepts, procedures, and regulations
to a variety of audiences
- Knowledge of documentation dissemination, revision, and control techniques
|
- Ability to present security tradeoffs and risks and pose critical questions
- Ability to willingly help others and establish rapport with coworkers and customers
- Ability to identify and project resource needs
- Ability to create detailed supporting documents
|
C4. Implement, enforce, and monitor security policies, practices, and procedures |
- Security policies and procedures provide for performance audits and effectiveness reviews
- Stakeholders agree to follow security implementation guidelines and procedures
- Enforcement is visible, fair, and consistently follows applicable laws, practices, and regulations
- Security policies, practices, and procedures are routinely followed and upheld
- Data is continuously gathered on the performance and effectiveness of security plans and operations
|
- Knowledge of performance audit and policy review techniques
- Knowledge of system security processes and procedures
- Knowledge of organizational, legal, and regulatory issues surrounding security policy enforcement
- Knowledge of evaluation criteria relevant to information assurance and data systems security
- Ability to apply systems performance and audit data for policy compliance
|
- Ability to formulate plan of action and predict outcomes
- Ability to organize and present technical information to non-technical users and analyze group/individual
response
- Ability to assess and modify policies/procedures
- Ability to plan according to resource constraints and requirements
|
KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
D1. Identify and assess education and training requirements for all constituents |
- Requirements reflect immediate training and education needs
- Requirements include long term and strategic IT workforce development goals
- Requirements are periodically reviewed for currency and applicability
- Requirements include appropriate assessments and certifications
|
- Knowledge of training and professional development methods and practices
- Knowledge of industry and enterprise IT workforce development trends and needs
- Ability to develop and maintain education and training plans
- Knowledge of skill and competency assessment methods and tools
|
- Ability to analyze relationship between parts/whole
- Ability to create organized and detailed supporting documents
- Ability to assess and recommend training alternatives
- Ability to understand constraints, generate alternatives, consider risks, evaluate options and formulate action
plans
- Ability to predict outcomes/results based on experience or prior knowledge
|
D2. Identify resources and support materials |
- Resources and source materials are current
- Resources and source materials are based on industry-derived standards
- Resources and source materials reflect acceptable quality of instructional design
- Resources and source materials support desired learner outcomes, competencies, skills assessments and
certifications
|
- Knowledge of sources of applicable training and educational resources and materials
- Ability to assess and determine quality and suitability of education and training resources and source
materials
- Knowledge of outcomes assessment and certification
|
- Ability to research additional information sources
- Ability to follow rules and procedures
- Ability to compile multiple viewpoints
- Ability to be creative in identifying and locating sources of information
|
D3. Design and develop education and training plans and strategies |
- Plans and strategies support enterprise skill development needs
- Plans and strategies reflect accepted industry practices and policies
- Plans and strategies result in consistent outcomes
- Plans and strategies support immediate IT workforce skill needs and future IT workforce development goals
|
- Knowledge of IT workforce professional development planning processes
- Ability to accurately determine current and future needs
- Knowledge of enterprise and business goals and strategies
- Knowledge IT and security policies, methods, practices and strategies
- Knowledge of budgetary and contractual aspects of workforce professional development
|
- Ability to analyze and respond to client/user needs
- Ability to work cooperatively with others and contribute ideas, suggestions and assistance
- Ability to compare multiple viewpoints and relate intent to desired results
- Ability to organize and present complex information to users
|
D4. Deliver education and training |
- Education and training programs are delivered in a timely manner
- Education and training programs are delivered within budget
- Education and training programs are convenient and accessible
- Education and training programs result in expected outcomes, skills, and knowledge gains
|
- Knowledge of education and training program development and delivery
- Knowledge of training program budgeting and accounting
- Knowledge of learner and environmental variability
- Knowledge of education and training program outcomes assessment
|
- Ability to gather, analyze and categorize information
- Ability to present complex ideas/information and analyze responses
- Ability to listen attentively and compare multiple viewpoints
- Ability to speak clearly and present well-organized presentations
- Ability to identify training needs and conduct task-specific training
|
D5. Assess results and determine followup requirements |
- Education and training programs result in appropriate or required credentials and / or certifications
- Education and training programs are routinely evaluated with regard to needs, outcomes, and cost
- Education and training program requirements are periodically reviewed with stakeholders and systematically
revised as needed
|
- Knowledge of applicability of appropriate degrees, certificates, and certifications
- Ability to comprehensively evaluate education and training programs
- Knowledge of IT education and training program development, delivery, and evaluation
- Ability to present and discuss IT workforce education, training and professional development programs to
non-technical audiences
|
- Ability to use logic to draw conclusions from available information
- Ability to analyze information and formulate proposals
- Ability to analyze goals/constraints and examine proposed modifications and improvements
- Ability to present recommendations in a clear, concise and persuasive manner
- Ability to evaluate/adjust plan of action
|
KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
E1. Identify and assess current and anticipated security risks and vulnerabilities |
- Security risks are assessed using appropriate standards and practices
- Security risks assessments include a variety of scenarios
- Assumptions are tested and verified
- Risk assessments include provisions for prevention as well as detection
|
- Knowledge of IT physical security standards and practices
- Ability to apply imagination and abstract reasoning to security problems
- Knowledge of theoretical and operational security systems performance and application
- Knowledge of prevention strategies and practices relating to IT systems
|
- Ability to recognize ethical issues
- Ability to use prior training/experience to predict outcomes
- Ability to troubleshoot system malfunction and/or failure
- Ability to distinguish trends in performance and diagnose performance deviations
- Ability to analyze possible cause of problems and recommend action plans for resolution
|
E2. Research and evaluate alternative current and emerging practices, tools, and
technologies |
- Appropriate literature is continuously reviewed to determine current and emerging practices, tools and
technologies
- Methods are developed and implemented to routinely share information with appropriate stakeholders
- Policies are developed and followed that ensure routine evaluation of currently used technologies and
practices
- Routine security audits are performed
- Security audit findings and outcomes result in appropriate action
|
- Knowledge of relevant IT security information resources
- Knowledge of security systems evaluation and assessment
- Ability to develop, monitor, and implement IT physical security policies and plans
- Knowledge of applicable business practices
- Knowledge of enterprise risks, vulnerabilities, and budgets
|
- Ability to formulate approaches and generate unique solutions
- Ability to compose well-organized presentations and debate issues
- Ability to adapt principles to new applications and judge logical consistency
|
E3. Select and apply relevant tools to meet security goals and requirements |
- Alternative technologies and methods are explored for effectiveness, benefits, and cost
- Alternative tools are evaluated completely and accurately
- New tools and technologies are evaluated for compatibility with applicable existing systems and practices
- All stakeholders agree to selection criteria and selection process
|
- Knowledge of sources of information on emerging IT and physical security technologies, tools, and methods
- Ability to perform cost/benefit, ROI, and technical evaluations
- Knowledge of options for technology use
- Knowledge of enterprise IT and physical security systems
- Ability to present IT physical and systems security information to diverse stakeholders
|
- Ability to compare multiple viewpoints
- Ability to demonstrate honesty and trustworthiness
- Ability to analyze information and formulate proposals
- Ability to communicate/present in a clear and concise manner
- Ability to critically investigate various security tools
|
E4. Monitor, evaluate, and test security conditions and environment |
- Policies are developed and implemented that allow detection of ordinary and non-ordinary occurrences
- Policies are developed and disseminated that effectively communicate deterrence and detection practices and
procedures
- Normal conditions are monitored with minimal intrusion
- Periodic tests are conducted to determine effectiveness of monitoring and deterrence practices
- Routine environmental scans are conducted to expose need for changes to security practices and procedures
|
- Knowledge of development and implementation effective security deterrence and detection policies
-
- Ability to effectively and unobtrusively monitor and enforce IT physical and system security
- Knowledge of physical security systems testing and evaluation
- Ability to effectively communicate plans and implement procedures across organizational boundaries
|
- Ability to devise and implement plan of action
- Ability to create plan to monitor and correct system
- Ability to responsibly challenge unethical practices/decision
- Ability to monitor and interpret trends in technology and industry
- Ability to evaluate and interpret data
|
E5. Implement, extend, and refine physical security plans and practices |
- Physical security plans are implemented with minimal intrusion
- Data regarding effectiveness of physical security practices is routinely gathers from all stakeholders
- Physical security plans are regularly reviewed and evaluated against emerging trends and practices
- Physical security plans and practices are regularly updated and improved
|
- Knowledge of security plan development, implementation, and extension practices and methods
- Ability to gather and present user and stakeholder data
- Knowledge of information resources relevant to IT physical security practices and trends
- Ability to develop, implement, and maintain continuous improvement plans for physical security
|
- Ability to analyze security problems and recommend solutions
- Ability to implement and evaluate/adjust plan of action
- Ability to use previous training/experiences to predict outcomes
- Ability to organize and clearly present complex information
|
KEY ACTIVITY |
Performance Indicator How do we know when the key activity is performed well? |
Technical Knowledge Skills, Abilities, Tools |
Employabilty Skills SCANS Skills and Foundational Abilities |
F1. Define current systems-level requirements, and forecast future needs and trends |
- Current systems level security requirements are defined according to industry standard terms and metrics
- Current systems level requirements accurately reflect organizational needs and current operational
conditions
- Current systems level requirements are complete and accurate and can serve as the foundation for forecasting
future needs
- Forecasts of future systems level needs and trends reflect enterprise goals and requirements
- Forecasts of future systems level needs and trends include applicable emerging technologies and practices
- Forecasts of future systems level needs and trends embrace changing legal, agency, or policy considerations
|
- Knowledge of relevant industry terminology and metrics
- Knowledge of business rules, budgets, and operations
- Ability to develop and present systems level security planning forecasts
- Knowledge of relevant resources regarding applicable legal, agency, and policy developments and
recommendations
- Knowledge of relevant resources regarding emerging systems level IT security technology and trends
- Ability to develop and present IT security information to diverse and non-technical stakeholders
|
- Ability to follow policies, procedures, and regulations, pay attention to detail and follow up on assigned
tasks
- Ability to compare multiple viewpoints
- Ability to examine information for relevance and accuracy and adapt principles/rules to new applications
- Ability to develop forecasts and evaluate scenarios
|
F2. Evaluate current and emerging tools and technologies |
- Current tools and technologies are evaluated according to industry standard benchmarks and metrics
- Current tools and technologies adequately meet organizational needs and current operational conditions
- Current tools and technologies provide organizational framework for the implementation of emerging technologies
and tools
- Emerging tools and technologies are evaluated according to industry standard benchmarks and metrics
- Evaluation of emerging technologies provides basis for implementation plan
|
- Knowledge of relevant industry benchmarks and metrics
- Knowledge of business rules, budgets, and operations
- Knowledge of relevant resources regarding emerging IT security tools and technologies
- Ability to develop evaluation rationale and develop implementation recommendations or plans
|
- Ability to examine data for relevance/accuracy and present complex ideas/information
- Ability to analyze and understand system organization and configuration
- Ability to use logic to draw conclusions from available information and make recommendations
- Ability to stay current on cutting edge tools and technologies
- Ability to clarify, interpret, and influence communication
|
F3. Evaluate organization¦s security strategies |
- Security strategies reflect relevant technology, tools, and practices
- Security strategies support organization goals and mission
- Security strategies include clearly stated outcomes and evaluation criteria
- Security strategies allow for response to unforeseen events
- Security strategies conform to applicable laws, agency regulations, relevant recommendations and applicable
evaluation criteria
|
- Knowledge of IT security technology, tools, and practices
- Knowledge of business rules and practices
- Knowledge of criteria used to develop and evaluate IT security strategic plans
- Knowledge of security laws, agency regulations, and bureaucratic recommendations
|
- Ability to compare multiple viewpoints and relate intent to desired results
- Ability to interpret and analyze information
- Ability to adapt rules/principles to new applications
- Ability to evaluate and communicate security strategies
- Ability to generate unique solutions, formulate new ideas, and recommend new directions and processes
|
F4. Make recommendations regarding organization¦s investment in security |
- Security recommendations are complete and accurately reflect organizational requirements and goals
- Recommendations are communicated appropriately
- Recommendations include risk assessment and cost/benefit analysis
- Security recommendations are compatible with operational systems and technology strategic plans
|
- Knowledge of business rules and practices
- Knowledge of IT strategic planning
- Ability to assess, categorize, and rank risks, benefits, and costs
- Knowledge of systems and enterprise level IT systems operation and technology
|
- Ability to analyze goals/constraints and examine proposed modifications and improvements
- Ability to pose critical questions, formulate proposals, and create original documents
- Ability to adapt technology for complex alternative uses and evaluate application of technology
- Ability to forecast future security needs
|
F5. Coordinate systems testing and integration |
- Tests are appropriately designed and accurately measure required operational characteristics
- Testers are properly identified and trained
- Test results are documented in accordance with applicable procedures
- Test results are appropriately disseminated and reviewed
|
- Knowledge of IT security systems testing tools, processes and procedures
- Knowledge of system operational characteristics and measurement
- Ability to identify and train qualified testers
- Knowledge of test documentation practices
|
- Ability to understand continuous improvement process and analyze goals/constraints
- Ability to summarize and translate mathematical data
- Ability to detect underlying issues and resolve technical conflicts
- Ability to analyze systems operation, monitor systems, distinguish trends in performance, and evaluate systems
performance
- Ability to create detailed supporting documents
|
F6. Audit and maintain systems performance and ensure future readiness |
- Systems audits are conducted in accordance with organizational procedures
- Systems audits reflect applicable industry practices and recommendations
- Systems audits are reviewed and acted upon by appropriate stakeholders
- Systems readiness plans reflect anticipated growth
- Systems readiness considerations are included in IT strategic plans
- Readiness plans include all human and capital resource requirements
|
- Knowledge of systems performance and readiness audit procedures and techniques
- Knowledge of applicable industry performance audit standards and practices
- Ability to assess and determine anticipated systems growth needs
- Knowledge of IT strategic planning and organizational and enterprise level IT issues and trends
- Knowledge of business forecasting processes, tools, and techniques
- Knowledge of applicable information resources for IT and information assurance strategic planning
|
- Ability to analyze and adjust goals
- Ability to integrated multiple items of data and contrast conflicting data
- Ability to align resources with testing and integration needs
- Ability to solicit and accept feedback
- Ability to plan and communicate effectively
|