SFIA 9 skills directory A–Z
Search for or browse the skills in SFIA 9.
Related search tools
- Interactive search - filter by levels, categories, subcategories and roles. Available when you login. You can register for free.
- Generic attributes, business skills and behavioural factors: also known as workplace skills, employability skills, 21st-century skills, transferable skills, transversal skills, durable skills, power skills, or soft skills
- SFIA 9 change tracker - full details of changes for SFIA 9
| Title | Skill code | Description | |
|---|---|---|---|
| Information security | SCTY | Defining and operating a framework of security controls and security management strategies. | |
| Security operations | SCAD | Manages and administers security measures, using tools and intelligence to protect assets, ensuring compliance and operational integrity. | |
| Information systems coordination | ISCO | Coordinating information and technology strategies where the adoption of a common approach would benefit the organisation. | |
| Cybercrime investigation | CRIM | Investigates cybercrimes, collects evidence, determines incident impacts and collaborates with legal teams to protect digital assets. | |
| Vulnerability assessment | VUAS | Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. | |
| Threat intelligence | THIN | Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation. | |
| Offensive cyber operations | OCOP | Plans, executes and manages offensive cybersecurity operations, including target selection, electronic target folders and post-operation analysis. | |
| Information assurance | INAS | Protecting against and managing risks related to the use, storage and transmission of data and information systems. | |
| Infrastructure operations | ITOP | Provisioning, deploying, configuring, operating and optimising technology infrastructure across physical, virtual and cloud-based environments. | |
| Vulnerability research | VURE | Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses. | |
| Penetration testing | PENT | Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers. | |
| Risk management | BURM | Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks. | |
| Digital forensics | DGFS | Recovering and investigating material found in digital devices. | |
| Identity and access management | IAMT | Manages identity verification and access permissions within organisational systems and environments. | |
| Incident management | USUP | Coordinating responses to a diverse range of incidents to minimise negative impacts and quickly restore services. |