The global skills and competency framework for the digital world

SFIA View: Skills for security professionals

Skills for security professionals


Information security SCTY


Defining and operating a framework of security controls and security management strategies.

Enterprise and business architecture STPL


Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models.

Governance GOVN


Defining and operating a framework for making decisions, managing stakeholder relationships, and identifying legitimate authority.

Risk management BURM


Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise.

Audit AUDT


Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation.

Information assurance INAS


Protecting against and managing risks related to the use, storage and transmission of data and information systems.

Continuity management COPL


Developing, implementing and testing a business continuity framework.

Incident management USUP


Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible.

Vulnerability research VURE


Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.

Threat intelligence THIN


Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation.

Security operations SCAD


Manages and administers security measures, leveraging tools and intelligence to protect assets, ensuring compliance and operational integrity.

Vulnerability assessment VUAS


Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.

Digital forensics DGFS


Recovering and investigating material found in digital devices.

Penetration testing PENT


Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers.

Research RSCH


Systematically creating new knowledge by data gathering, innovation, experimentation, evaluation and dissemination.

Personal data protection PEDP


Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.