Information Security Management

Knowledge and ability to ensure there are adequate technical and organisational safeguards to protect the continuity of IT infrastructure services by the implementation of IT security principles, methods, practices, policies and tools that are used in securing IT resources including information and operations security, physical security, business continuity/disaster recovery planning, methods to deal with security breaches and security assessment in a technical environment.

Proficiency Level

Level 1 (Follow)

N/A

Level 2 (Assist)

  • Demonstrate awareness of security requirements.
  • Demonstrate awareness of certification policies.
  • Demonstrate awareness of privacy requirements and standards.
  • Understand concepts of IT security and its application to computer systems architecture.

Level 3 (Apply)

  • Execute security test plans.
  • Deal with low impact threats.
  • Act to protect integrity of system data at operation level (e.g., single key incident).
  • Perform security certifications.
  • Provide advice on disaster recovery planning.
  • Participate in disaster recovery tests.
  • Recommend security safeguards.
  • Execute standards.

Level 4 (Ensure)

  • Demonstrate a broad understanding or very detailed area of expertise in security subject(s).
  • Demonstrate a broad knowledge of security policies and interprets policies.
  • Understand a specific security application or tool and how it works.
  • Conduct risk assessments.
  • Assess security safeguards.
  • Deal with threats and serious incidents.
  • Deal with intrusions at a high threat level.

Level 5 (Strategise)

  • Demonstrate an expert understanding or very detailed area of expertise in multiple security subject(s).
  • Demonstrate expert knowledge of law, regulation, and policies, and interpret policies and standards.
  • Expert in multiple security applications and tools.
  • Lead risk and security safeguards assessments.
  • Mitigate threats and serious security incidents at the enterprise level.
  • Consult on security issues and recommend corporate strategies.
  • Lead the development of enterprise policies and standards.
  • Direct employees and consultants and provide mentorship to others.