Information security (SCTY)
The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Level 3 Applies and maintains specific security controls as required by organisational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems. Determines when security issues should be escalated to a higher level. Demonstrates effective communication of security issues to business managers and others.
Level 4 Conducts security risk assessments for defined business applications or IT installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls (e.g. the key controls defined in BS7799).
Level 5 Conducts security risk assessments for business applications and computer installations; provides authoritative advice and guidance on security strategies to manage the identified risk. Investigates breaches of security and recommends appropriate control improvements. Interprets security policy and contributes to development of standards and guidelines that comply with this.
Level 6 Develops a corporate information security policy, standards and guidelines. Prepares and maintains organisational strategies that address the evolving business risk and information control requirements. Operates as a focus for IT security expertise for the organisation, working effectively with strategic organisational functions such as legal experts and technical support to provide authoritative advice and guidance on the requirements for security controls.