SFIA View: Skills which include security

Skills which include security

Many roles have some, Information Security specific, responsibilities which are part of their job. They have responsibilities beyond Security in their job, and they need much more than just a general awareness of security.

Solution architecture ARCH

The design and communication of high-level structures to enable and guide the design and development of integrated solutions that meet current and future business needs. In addition to technology components, solution architecture encompasses changes to service, process, organisation, and operating models. The provision of comprehensive guidance on the development of, and modifications to, solution components to ensure that they take account of relevant architectures, strategies, policies, standards and practices (including security) and that existing and planned solution components remain compatible.

Data management DATM

The management of practices and processes to ensure the security, quality, integrity, safety and availability of all forms of data and data structures that make up the organisation’s information. The management of data and information in all its forms and the analysis of information structure (including logical analysis of taxonomies, data and metadata). The development of innovative ways of managing the information assets of the organisation.

Systems development management DLMG

The planning, estimating and execution of programmes of systems development work to time, budget and quality targets. The identification of the resources needed for systems development and how this will be met with an effective supply capacity. The alignment of systems development activity and deliverables with agreed architectures and standards. The development of roadmaps to communicate future systems development plans. The adoption and adaptation of systems development lifecycle models based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.

Software design SWDN

The specification and design of software to meet defined requirements by following agreed design standards and principles. The definition of software, components, interfaces and related characteristics. The identification of concepts and patterns and the translation into a design which provides a basis for software construction and verification. The evaluation of alternative solutions and trade-offs. The facilitation of design decisions within the constraints of systems designs, design standards, quality, feasibility, extensibility and maintainability. The development and iteration of prototypes/simulations to enable informed decision-making. The adoption and adaptation of software design models, tools and techniques based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.

Programming/software development PROG

The planning, designing, creation, amending, verification, testing and documentation of new and amended software components in order to deliver agreed value to stakeholders. The identification, creation and application of agreed software development and security standards and processes. Adopting and adapting software development lifecycle models based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches.

Real-time/embedded systems development RESD

The architecture, design and development of reliable real time software, operating systems, tools and embedded systems. Embedding computer systems with a dedicated function within a larger mechanical or electronic system, often with real-time, safety, security, and reliability constraints. Typically includes interfacing with hardware, mechanical sensors and actuators for monitoring and control in applications such as industrial, automotive, aerospace and medical machinery, robots and equipment including IoT (Internet of Things) devices.

Network design NTDS

The production of network designs and design policies, strategies, architectures and documentation, covering voice, data, text, e-mail, facsimile and image, to support strategy and business requirements for connectivity, capacity, interfacing, security, resilience, recovery, access and remote access. This may incorporate all aspects of the communications infrastructure, internal and external, mobile, public and private, Internet, Intranet and call centres.

Testing TEST

The planning, design, management, execution and reporting of tests, using appropriate testing tools and techniques and conforming to agreed process standards and industry specific regulations. The purpose of testing is to ensure that new and amended systems, configurations, packages, or services, together with any interfaces, perform as specified (including security requirements) , and that the risks associated with deployment are adequately understood and documented. Testing includes the process of engineering, using and maintaining testware (test cases, test scripts, test reports, test plans, etc) to measure and improve the quality of the software being tested.

User experience design HCEV

The process of iterative design to enhance user satisfaction by improving the usability and accessibility provided when interacting with a system, product or service. The design of users’ digital and offline tasks, interactions and interfaces to meet usability and accessibility requirements. The refinement of designs in response to user-centred evaluation and feedback and communication of the design to those responsible for design, development and implementation.

Hardware design HWDE

The specification and design of computing and communications equipment (such as semiconductor processors, HPC architectures and DSP and graphics processor chips), typically for integration into, or connection to an IT infrastructure or network. The identification of concepts and their translation into implementable design. The selection and integration, or design and prototyping of components. The adherence to industry standards including compatibility, security and sustainability.

Asset management ASMG

The management of the lifecycle for all managed assets (hardware, software, intellectual property, licences, warranties etc) including security, inventory, compliance, usage and disposal, aiming to protect and secure the corporate assets portfolio, optimise the total cost of ownership and sustainability by minimising operating costs, improving investment decisions and capitalising on potential opportunities. Knowledge and use of international standards for asset management and close integration with security, change, and configuration management are examples of enhanced asset management development.

Change management CHMG

The management of change to the service infrastructure including service assets, configuration items and associated documentation. Change management uses requests for change (RFC) for standard or emergency changes, and changes due to incidents or problems to provide effective control and reduction of risk to the availability, performance, security and compliance of the business services impacted by the change.

Application support ASUP

The provision of application maintenance and support services, either directly to users of the systems or to service delivery functions. Support typically includes investigation and resolution of issues and may also include performance monitoring. Issues may be resolved by providing advice or training to users, by devising corrections (permanent or temporary) for faults, making general or site-specific modifications, updating documentation, manipulating data, or defining enhancements Support often involves close collaboration with the system's developers and/or with colleagues specialising in different areas, such as Database administration or Network support.

IT infrastructure ITOP

The operation and control of the IT infrastructure (comprising physical or virtual hardware, software, network services and data storage) either on-premises or provisioned as cloud services) that is required to deliver and support the information systems needs of a business. Includes preparation for new or changed services, operation of the change process, the maintenance of regulatory, legal and professional standards, the building and management of systems and components in virtualised and cloud computing environments and the monitoring of performance of systems and services in relation to their contribution to business performance, their security and their sustainability. The application of infrastructure management tools to automate the provisioning, testing, deployment and monitoring of infrastructure components.

Database administration DBAD

The installation, configuration, upgrade, administration, monitoring and maintenance of databases. Providing support for operational databases in production use and for internal or interim purposes such as iterative developments and testing. Improving the performance of databases and the tools and processes for database administration (including automation).

Storage management STMG

The planning, implementation, configuration and tuning of storage hardware and software covering online, offline, remote and offsite data storage (backup, archiving and recovery) and ensuring compliance with regulatory and security requirements.

Quality management QUMG

Quality management establishes within an organisation a culture of quality and a system of processes and working practices to deliver the organisation's quality objectives. This involves the application of techniques for the monitoring and improvement of the quality of any aspect of a function, processes, products, services or data. The achievement of, and maintenance of compliance to, national and international standards, as appropriate, and to internal policies, including those relating to quality, service, sustainability and security.

Sourcing SORC

The provision of policy, internal standards and advice on the procurement or commissioning of externally supplied and internally developed products and services. The provision of commercial governance, conformance to legislation and assurance of information security. The implementation of compliant procurement processes, taking full account of the issues and imperatives of both the commissioning and supplier sides. The identification and management of suppliers to ensure successful delivery of products and services required by the business.

Supplier management SUPP

The alignment of an organisation’s supplier performance objectives and activities with sourcing strategies and plans, balancing costs, efficiencies and service quality. The establishment of working relationships based on collaboration, trust, and open communication in order to encourage co-innovation and service improvement with suppliers. The proactive engagement of suppliers for mutual benefit to resolve operational incidents, problems, poor performance and other sources of conflict. The use of clear escalation paths for discussing and resolving issues. The management of performance and risks across multiple suppliers (internal and external) using a set of agreed metrics.