Everyone has information security responsibilities
SFIA supports the need for individuals and organisations to embed secure working practices into everything they do.
This means that everyone needs to be aware of security and make it a generally accepted part of every-day working and management practices.
In SFIA - these generic (not role-specific) expectations are described in the Business skills dimension of SFIA's 7 levels of responsibility.
Security, privacy and ethics
All levels 1 to 7 - extract from Business skills generic attributes
Level 1 - Follow
Understands and complies with organisational standards.
Level 2 - Assist
Is fully aware of organisational standards. Uses appropriate working practices in own work.
Level 3 - Apply
Demonstrates appropriate working practices and knowledge in non-routine work. Appreciates how own role and others support appropriate working practices.
Level 4 - Enable
Fully understands the importance and application to own work and the operation of the organisation. Engages or works with specialists as necessary.
Level 5 - Ensure, advise
Proactively contributes to the implementation of appropriate working practices and culture.
Level 6 - Initiate, influence
Takes a leading role in promoting and ensuring appropriate working practices and culture throughout own area of accountability and collectively in the organisation.
Level 7 - Set strategy, inspire, mobilise
Provides clear direction and strategic leadership for the implementation of working practices and culture throughout the organisation.