|
Information security (SCTY)
The management of, and provision of expert advice on, the selection,
design, justification, implementation and operation of information security
controls and management strategies to maintain the confidentiality,
integrity, availability, accountability and relevant compliance of information
systems.
Level 3
Applies and maintains specific security controls as required by organisational
policy and local risk assessments to maintain confidentiality, integrity
and availability of business information systems. Determines when security
issues should be escalated to a higher level. Demonstrates effective
communication of security issues to business managers and others.
Level 4
Conducts security risk assessments for defined business applications
or IT installations in defined areas and provides advice and guidance
on the application and operation of elementary physical, procedural
and technical security controls (e.g. the key controls defined in BS7799).
Level 5
Conducts security risk assessments for business applications and computer
installations; provides authoritative advice and guidance on security
strategies to manage the identified risk. Investigates breaches of security
and recommends appropriate control improvements. Interprets security
policy and contributes to development of standards and guidelines that
comply with this.
Browse extended SFIAplus detail for this
Task 
Level 6
Develops a corporate information security policy, standards and guidelines.
Prepares and maintains organisational strategies that address the evolving
business risk and information control requirements. Operates as a focus
for IT security expertise for the organisation, working effectively
with strategic organisational functions such as legal experts and technical
support to provide authoritative advice and guidance on the requirements
for security controls.
|
