Skills for security professionals

Defining and operating a framework of security controls and security management strategies.

Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models.

Defining and operating a framework for making decisions, managing stakeholder relationships, and identifying legitimate authority.

Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise.

Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation.

Protecting against and managing risks related to the use, storage and transmission of data and information systems.

Developing, implementing and testing a business continuity framework.

Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible.

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.

Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation.

Delivering management, technical and administrative services to implement security controls and security management strategies.

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.

Recovering and investigating material found in digital devices.

Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers.

Systematically creating new knowledge by data gathering, innovation, experimentation, evaluation and dissemination.

Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.