Everyone has information security responsibilities

SFIA supports the need for individuals and organisations to embed secure working practices into everything they do.

This means that everyone needs to be aware of security and make it a generally accepted part of every-day working and management practices.

In SFIA - these generic (i.e not role-specific) expectations are described in the Business skills dimension of SFIA's 7 levels of responsibility.

SFIA Level Information security attributes in SFIA's Levels of Responsibility
1 - Follow

Understands and applies basic personal security practice.

2 - Assist

Is fully aware of and complies with essential organisational security practices expected of the individual.

3 - Apply Understands how own role impacts security and demonstrates routine security practice and knowledge required for own work.
4 - Enable

Fully understands the importance of security to own work and the operation of the organisation. Seeks specialist security knowledge or advice when required to support own work or work of immediate colleagues.

5- Ensure, Advise

Proactively ensures security is appropriately addressed within their area by self and others. Engages or works with security specialists as necessary. Contributes to the security culture of the organisation.

6 - Initiate, Influence Takes a leading role in promoting security throughout own area of responsibilities and collectively in the organisations.
7 - Set Strategy, Inspire, Mobilise Champions security within own area of wor