Security Strategy
Establish the organisation's security vision, strategy and initiatives to ensure adequate protection of assets. This involves the planning, implementation and review of enterprise-wide security controls which includes policies, processes, physical infrastructure, software and hardware functions to govern and preserve the privacy, security and confidentiality of the organisation's information and assets
Type
Domain
Competency Area
Strategy Planning and Implementation
Levels
Assess security risks, threats and vulnerabilities, and recommend security initiatives to mitigate them
Security risks, threats and vulnerabilities
Linkage of business processes to security systems
Techniques and considerations in security programme design
Application of information security and assurance architectures
Existing internal and external security standards
Establish security goals and objectives
Undertake goal setting and objectives of organisation security
Can use the best practices in information security policies and draw up immediate implementable lessons
Can conduct gap analysis in organisation security and the iplications and impact of security gaps impact
Develop a detailed action plan for a security programme, making periodic updates with technological or regulatory changes
Deliver advice and guidance to facilitate adoption of information security and assurance architectures
Monitor the effectiveness of security initiatives, against internal and external standards
Create an overarching information security strategy and frameworks
Vision and strategy development for organisational security
Key principles of information security and assurance
Industry standards, frameworks and best practice in information classification and permissions
Business impact projection and analysis
Industry best practices and benchmarks or standards in organisational security
Emerging security risks, threats and vulnerabilities security management benchmarks
Establish standards and practices to protect the integrity, authenticity and confidentiality of information
Manage compliance with information security guidelines and classification or permission rules
Lead communication of security goals and objectives to the organisation
Review existing security controls against current and future costs / risks to the business
Develop strategies and plans to resolve security gaps
Drive organisation-wide security initiatives in line with internal and external standards