SFIA 9 Multi-View

The global skills and competency framework for the digital world
Return to: SFIA Home | Browse the SFIA framework
Search Skills
↓ Scroll down to see all XXX SFIA skills in this view
Filters

Active Filters:
Cybersecurity strategy and architecture
Cybersecurity strategy and leadership
1
2
3
4
5
6
7
Creating and maintaining organisational-level strategies to align overall business plans, actions and resources with high-level business objectives.
Strategic planning
ITSP
4
5
6
7
Defining and operating a framework of security controls and security management strategies.
Information security
SCTY
2
3
4
5
6
7
Analysing and proactively managing business demand for new services or modifications to existing service features or volumes.
Demand management
DEMM
4
5
6
Systematically analysing, managing and influencing stakeholder relationships to achieve mutually beneficial outcomes through structured engagement.
Stakeholder relationship management
RLMT
4
5
6
7
Cybersecurity architecture
1
2
3
4
5
6
7
Managing requirements through the entire delivery and operational lifecycle.
Requirements definition and management
REQM
2
3
4
5
6
Aligning an organisation's technology strategy with its business mission, strategy and processes and documenting this using architectural models.
Enterprise and business architecture
STPL
5
6
7
Developing and communicating a multi-dimensional solution architecture to deliver agreed business outcomes.
Solution architecture
ARCH
4
5
6
Developing and implementing plans, policies and practices that control, protect and optimise the value and governance of data assets.
Data management
DATM
2
3
4
5
6
Cybersecurity governance, risk and compliance
1
2
3
4
5
6
7
Defining and operating frameworks for decision-making, risk management, stakeholder relationships and compliance with organisational and regulatory obligations.
Governance
GOVN
6
7
Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks.
Risk management
BURM
2
3
4
5
6
7
Delivering independent, risk-based assessments of the effectiveness of processes, the controls and the compliance environment of an organisation.
Audit
AUDT
2
3
4
5
6
7
Implementing and promoting compliance with information and data management legislation.
Information and data compliance
PEDP
4
5
6
Enabling the effective management and use of information assets.
Information management
IRMG
3
4
5
6
7
Protecting against and managing risks related to the use, storage and transmission of data and information systems.
Information assurance
INAS
2
3
4
5
6
7
Defining and operating a management framework of processes and working practices to deliver the organisation's quality objectives.
Quality management
QUMG
2
3
4
5
6
7
Developing and operating a measurement capability to support agreed organisational information needs.
Measurement
MEAS
2
3
4
5
6
Cybersecurity research, intelligence and advice
1
2
3
4
5
6
7
Providing advice and recommendations, based on expertise and experience, to address client needs.
Consultancy
CNSL
4
5
6
7
Systematically creating new knowledge by data gathering, innovation, experimentation, evaluation and dissemination.
Formal research
RSCH
2
3
4
5
6
Providing authoritative, professional advice and direction in a specialist area.
Specialist advice
TECH
4
5
6
Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses.
Vulnerability research
VURE
2
3
4
5
6
Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation.
Threat intelligence
THIN
2
3
4
5
6
Cybersecurity change programmes
Cybersecurity change programmes
1
2
3
4
5
6
7
Identifying, planning and coordinating a set of related projects and activities in support of specific business strategies and objectives.
Programme management
PGMG
6
7
Delivering agreed project outcomes by aligning appropriate management techniques, collaboration, leadership and governance to specific project and organisational contexts.
Project management
PRMG
4
5
6
7
Ensuring successful delivery of new or updated products and services through effective leadership and collaboration within defined delivery cycles.
Delivery management
DEMG
3
4
5
6
Planning, designing and implementing activities to transition the organisation and people to the required future state.
Organisational change management
CIPM
2
3
4
5
6
Facilitates cultural and behavioural change by enabling individuals and teams to embed new ways of working and adapt to changes.
Organisational change enablement
OCEN
4
5
6
Secure software and systems development
Secure development lifecycle management
1
2
3
4
5
6
7
Planning, estimating and executing systems development work to time, budget and quality targets.
Systems development management
DLMG
4
5
6
7
Establishing and deploying an environment for developing, continually improving and securely operating software and systems products and services.
Systems and software lifecycle engineering
SLEN
3
4
5
6
7
Secure design and architecture
1
2
3
4
5
6
7
Designing systems to meet specified requirements and agreed systems architectures.
Systems design
DESN
2
3
4
5
6
Designing technology infrastructure to meet business requirements, ensuring scalability, reliability, security and alignment with strategic objectives.
Infrastructure design
IFDN
2
3
4
5
6
Architecting and designing software to meet specified requirements, ensuring adherence to established standards and principles.
Software design
SWDN
2
3
4
5
6
Designing communication networks to meet business requirements, ensuring scalability, reliability, security and alignment with strategic objectives.
Network design
NTDS
2
3
4
5
6
Specifying and designing hardware systems and components to meet defined requirements by following agreed design principles and standards.
Hardware design
HWDE
2
3
4
5
6
Secure development and implementation
1
2
3
4
5
6
7
Developing software components to deliver value to stakeholders.
Programming/software development
PROG
2
3
4
5
6
Planning, implementing and controlling activities to integrate system elements, subsystems and interfaces to create operational systems, products or services.
Systems integration and build
SINT
2
3
4
5
6
Designing and developing reliable real-time software typically within embedded systems.
Real-time/embedded systems development
RESD
2
3
4
5
6
Security testing and validation
1
2
3
4
5
6
7
Assessing specified or unspecified functional requirements and characteristics of products, systems and services through investigation and testing.
Functional testing
TEST
1
2
3
4
5
6
Assessing systems and services to evaluate performance, security, scalability and other non-functional qualities against requirements or expected standards.
Non-functional testing
NFTS
1
2
3
4
5
6
Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers.
Penetration testing
PENT
2
3
4
5
6
Cybersecurity capability development
Cybersecurity talent management
1
2
3
4
5
6
7
Improving organisational performance by developing the performance of individuals and workgroups to meet agreed objectives with measurable results.
Performance management
PEMT
4
5
6
Enhancing employee engagement and ways of working, empowering employees and supporting their health and wellbeing.
Employee experience
EEXP
4
5
6
Facilitating the professional development of individuals in line with their career goals and organisational requirements.
Professional development
PDSV
4
5
6
Strategically projecting the demand for people and skills and proactively planning the workforce supply to meet organisational needs.
Workforce planning
WFPL
4
5
6
Acquiring, deploying and onboarding resources.
Resourcing
RESC
2
3
4
5
6
Cybersecurity education and training
1
2
3
4
5
6
7
Systematically capturing, developing and leveraging vital knowledge to create value and enhance organisational performance.
Knowledge management
KNOW
2
3
4
5
6
7
Delivering management, advisory and administrative services to support the development of knowledge, skills and competencies.
Learning and development management
ETMG
2
3
4
5
6
7
Designing, developing and operating certification schemes, accreditations and credentials, including digital credentials or badges.
Certification scheme operation
CSOP
2
3
4
5
6
Delivering and assessing curricula in a structured and systematic education environment.
Teaching
TEAC
2
3
4
5
6
7
Specifying, designing and developing curricula within a structured and systematic education environment.
Subject formation
SUBF
4
5
6
7
Cybersecurity operations and resilience
Cybersecurity data and analytics
1
2
3
4
5
6
7
Designing, building, operationalising, securing and monitoring data pipelines, stores and real-time processing systems for scalable and reliable data management.
Data engineering
DENG
2
3
4
5
6
Enabling data-driven decision making by extracting, analysing and communicating insights from structured and unstructured data.
Data analytics
DAAN
2
3
4
5
6
7
Applying mathematics, statistics, data mining and predictive modelling techniques to gain insights, predict behaviours and generate value from data.
Data science
DATS
2
3
4
5
6
Developing, producing and delivering regular and one-off management information to provide insights and aid decision-making.
Business intelligence
BINT
2
3
4
5
Secure infrastructure management
1
2
3
4
5
6
7
Managing the provision of technology-based services to meet defined organisational needs.
Technology service management
ITMG
5
6
7
Provisioning, deploying, configuring, operating and optimising technology infrastructure across physical, virtual and cloud-based environments.
Infrastructure operations
ITOP
1
2
3
4
5
Providing maintenance and support services for communications networks.
Network support
NTAS
1
2
3
4
5
Installing, configuring, monitoring, maintaining databases and data stores, ensuring performance and security and adapting to evolving technologies.
Database administration
DBAD
2
3
4
5
Managing the release of new and updated services into production, ensuring alignment with business objectives and compliance standards.
Release management
RELM
2
3
4
5
6
Transitioning software from development to live usage, managing risks and ensuring it works as intended.
Deployment
DEPL
2
3
4
5
6
Provisioning, configuring and optimising on-premises and cloud-based storage solutions, ensuring data availability, security and alignment with business objectives.
Storage management
STMG
2
3
4
5
6
Installing, managing and maintaining operating systems, data management, office automation and utility software across various infrastructure environments.
System software administration
SYSP
2
3
4
5
Cybersecurity resilience
1
2
3
4
5
6
7
Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity.
Security operations
SCAD
1
2
3
4
5
6
Manages identity verification and access permissions within organisational systems and environments.
Identity and access management
IAMT
1
2
3
4
5
6
Developing, implementing and testing a business continuity framework.
Continuity management
COPL
2
3
4
5
6
Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services.
Incident management
USUP
1
2
3
4
5
6
Managing the lifecycle of all problems that have occurred or could occur in delivering a service.
Problem management
PBMG
2
3
4
5
Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated.
Change control
CHMG
2
3
4
5
6
Managing the full lifecycle of assets from acquisition, operation, maintenance to disposal.
Asset management
ASMG
2
3
4
5
6
Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.
Vulnerability assessment
VUAS
2
3
4
5
Recovering and investigating material found in digital devices.
Digital forensics
DGFS
2
3
4
5
6
Investigates cybercrimes, collects evidence, determines incident impacts and collaborates with legal teams to protect digital assets.
Cybercrime investigation
CRIM
2
3
4
5
6
Plans, executes and manages offensive cybersecurity operations, including target selection, electronic target folders and post-operation analysis.
Offensive cyber operations
OCOP
2
3
4
5
6
Supply chain
Secure supply chain
1
2
3
4
5
6
7
Managing, or providing advice on, the procurement or commissioning of products and services.
Sourcing
SORC
2
3
4
5
6
7
Managing and operating formal contracts, addressing supplier and client needs in product and service provision.
Contract management
ITCM
2
3
4
5
6
7
Aligning the organisation’s supplier performance objectives and activities with sourcing strategies and plans, balancing costs, efficiencies and service quality.
Supplier management
SUPP
2
3
4
5
6
7
Generic attributes
Attributes
1
2
3
4
5
6
7
No description available.
Autonomy
AUTO
1
2
3
4
5
6
7
No description available.
Complexity
COMP
1
2
3
4
5
6
7
No description available.
Influence
INFL
1
2
3
4
5
6
7
No description available.
Knowledge
KNGE
1
2
3
4
5
6
7
Business skills/Behavioural factors
1
2
3
4
5
6
7
No description available.
Collaboration
COLL
1
2
3
4
5
6
7
No description available.
Communication
COMM
1
2
3
4
5
6
7
No description available.
Improvement mindset
IMPM
1
2
3
4
5
6
7
No description available.
Creativity
CRTY
1
2
3
4
5
6
7
No description available.
Decision-making
DECM
1
2
3
4
5
6
7
No description available.
Digital mindset
DIGI
1
2
3
4
5
6
7
No description available.
Leadership
LEAD
1
2
3
4
5
6
7
No description available.
Learning and development
LADV
1
2
3
4
5
6
7
No description available.
Planning
PLAN
1
2
3
4
5
6
7
No description available.
Problem-solving
PROB
1
2
3
4
5
6
7
No description available.
Adaptability
ADAP
1
2
3
4
5
6
7
No description available.
Security, privacy and ethics
SCPE
1
2
3
4
5
6
7
SFIA Levels of responsibility


SFIA's attributes of Autonomy, Influence and Complexity are the key to determining level of impact, responsibility and accountability. Click the SFIA level to find the details.
SFIA Level 1
Follow		 SFIA Level 2
Assist		 SFIA Level 3
Apply		 SFIA Level 4
Enable		 SFIA Level 5
Ensure, advise		 SFIA Level 6
Initiate, influence		 SFIA Level 7
Set strategy, inspire, mobilise
Performs routine tasks under close supervision, follows instructions, and requires guidance to complete their work. Learns and applies basic skills and knowledge. Provides assistance to others, works under routine supervision, and uses their discretion to address routine problems. Actively learns through training and on-the-job experiences. Performs varied tasks, sometimes complex and non-routine, using standard methods and procedures. Works under general direction, exercises discretion, and manages own work within deadlines. Proactively enhances skills and impact in the workplace. Performs diverse complex activities, supports and guides others, delegates tasks when appropriate, works autonomously under general direction, and contributes expertise to deliver team objectives. Provides authoritative guidance in their field and works under broad direction. Accountable for delivering significant work outcomes, from analysis through execution to evaluation. Influences the organisation significantly, makes high-level decisions, shapes policies, demonstrates thought leadership, fosters collaboration, and accepts accountability for strategic initiatives and outcomes. Operates at the highest organisational level, determines overall organisational vision and strategy, and assumes accountability for overall success.
The SFIA Foundation is the global not-for-profit organisation which owns the Skills Framework for the Information Age. SFIA® is a registered trademark of the SFIA Foundation. © copyright SFIA Foundation 2024.
www.sfia-online.org