Skills for security professionals

Defining and operating a framework of security controls and security management strategies.

Aligning an organisation's technology strategy with its business mission, strategy and processes and documenting this using architectural models.

Defining and operating frameworks for decision-making, risk management, stakeholder relationships and compliance with organisational and regulatory obligations.

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks.

Delivering independent, risk-based assessments of the effectiveness of processes, the controls and the compliance environment of an organisation.

Protecting against and managing risks related to the use, storage and transmission of data and information systems.

Developing, implementing and testing a business continuity framework.

Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services.

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.

Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation.

Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity.

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.

Recovering and investigating material found in digital devices.

Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers.

Systematically creating new knowledge by data gathering, innovation, experimentation, evaluation and dissemination.

Implementing and promoting compliance with information and data management legislation.