SFIA View: Other security related skills

Other security related skills

In addition, there are other skills which are relevant and often included in the Job Descriptions for Information and Cyber Security professionals which don’t mention the word ‘security’ specifically, as it is just one of the areas that might be covered by the skill.

Enterprise IT governance GOVN

The establishment and oversight of an organisation's approach to the use of Information systems and digital services, and associated technology, in line with the needs of the principal stakeholders of the organisation and overall organisational corporate governance requirements. The determination and accountability for evaluation of current and future needs; directing the planning for both supply and demand of these services; the quality, characteristics, and level of IT services; and for monitoring the conformance to obligations (including regulatory, legislation, control, and other standards) to ensure positive contribution of IT to the organisation's goals and objectives.

Consultancy CNSL

The provision of advice and recommendations, based on expertise and experience, to address client needs. May deal with one specialist subject area, or can be wide ranging and address strategic business issues. May also include support for the implementation of any agreed solutions.

Specialist advice TECH

The development and exploitation of expertise in any specific area of information or communications technology, digital working, specific techniques, methodologies, products or application areas, for the purposes of providing specialist advice.

IT management ITMG

The management of the IT infrastructure and resources required to plan for, develop, deliver and support IT services and products to meet the needs of a business. The preparation for new or changed services, management of the change process and the maintenance of regulatory, legal and professional standards. The management of performance of systems and services in terms of their contribution to business performance and their financial costs and sustainability. The management of bought-in services. The development of continual service improvement plans to ensure the IT infrastructure adequately supports business needs.

Enterprise and business architecture STPL

The creation, iteration, and maintenance of structures such as enterprise and business architectures embodying the key principles, methods and models that describe the organisation's future state, and that enable its evolution. This typically involves the interpretation of business goals and drivers; the translation of business strategy and objectives into an “operating model”; the strategic assessment of current capabilities; the identification of required changes in capabilities; and the description of inter-relationships between people, organisation, service, process, data, information, technology and the external environment. The architecture development process supports the formation of the constraints, standards and guiding principles necessary to define, assure and govern the required evolution; this facilitates change in the organisation's structure, business processes, systems and infrastructure in order to achieve predictable transition to the intended state.

Strategic planning ITSP

The creation, iteration and maintenance of a strategy in order to align organisational actions, plans and resources with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities and monitoring of progress.

Learning design and development TMCR

The specification, design, creation, packaging and maintenance of materials and resources for use in learning and development in the workplace or in compulsory, further or higher education. Typically involves the assimilation of information from existing sources, selection and re-presentation in a form suitable to the intended purpose and audience. Includes instructional design, content development, configuration and testing of learning environments, and use of appropriate current technologies such as audio, video, simulation and assessment. May include third party accreditation.

Learning delivery ETDL

The transfer of business and/or technical skills and knowledge and the promotion of professional attitudes in order to facilitate learning and development. Uses a range of techniques, resources and media (which might include eLearning, on-line virtual environments, self-assessment, peer-assisted learning, simulation, and other current methods).