#1302 Move Security component from the Business Skill generic change request pending

Security is addressed at all levels in the Business Skill generic attribute. It should be brought out as a generic attribute in its own right.

In SFIA7 security was explicitly addressed as part of the Business Skill Generic Atttribute at all levels - this complements the 5 Security skills and the 14 other skills which embrace security. To reflect the SFIA View that security is part of everyone's job it is recommended that Security is brought out as a Generic Attribut in its own right. The Business Skills Generic Attribute is overloaded as it is.

This has a number of advantages:

  1. It provides emphasis of the importance of security across all aspecgts of skills and competency
  2. It shows the SFIA View that security is part of every activite.
  3. It provides opportunity to raise the issue of security as not just relevant for security specialists but for all roles - something that is missing from the security specialists in general

Additionally such a security Generic Attribute could be extended to be Security and Privacy to reflect the close relationship and also to enable a clearer interface to emerging security initiatives.

Question do we use the encompassing "Security" term or the more fashionable "Cyber Security" term ... 

Current status of this request: pending

Ian Seward says:
Apr 27, 2020 01:05 PM

This is possible to be progressed at an early stage as the current security wording is already in the generics and actioning this change would nut affect other parts of the framework.
1) The starting point for wording is already there in the Business Skills generic
2) It could be separately reviewed by security specialists to ensure it has the right message.

Paul D Jagger says:
Jun 04, 2020 10:23 AM

I concur, Security spans the whole of SFIA and should be viewed as part of the DNA of a career in IT - not just as a specialism for a sub-set of IT. I am not in favour of the nebulous and populist phrase 'Cyber Security'... ditto 'Cyber Warfare', 'Cyber Crime' or any other headline grabbing phrase. Security is both a more catholic (small c) and impactful term - all of us has a responsibility for the security of our own data and that of our clients, colleagues, etc.