SFIA View: Skills for security professionals

Skills for security professionals

Information security SCTY

Defining and operating a framework of security controls and security management strategies.

Enterprise and business architecture STPL

Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models.

Governance GOVN

Defining and operating a framework for making decisions, managing stakeholder relationships, and identifying legitimate authority.

Risk management BURM

Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise.

Audit AUDT

Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation.

Information assurance INAS

Protecting against and managing risks related to the use, storage and transmission of data and information systems.

Continuity management COPL

Developing, implementing and testing a business continuity framework.

Incident management USUP

Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible.

Vulnerability research VURE

Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.

Threat intelligence THIN

Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation.

Security operations SCAD

Delivering management, technical and administrative services to implement security controls and security management strategies.

Vulnerability assessment VUAS

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.

Digital forensics DGFS

Recovering and investigating material found in digital devices.

Penetration testing PENT

Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers.

Research RSCH

Systematically creating new knowledge by data gathering, innovation, experimentation, evaluation and dissemination.

Personal data protection PEDP

Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.