| Competency Cluster |
Competency Definition |
CLAS Core Competency |
| 1. INFOSEC EXPERTISE |
1.1 Acquiring and Maintaining Knowledge |
Maintains currency of knowledge of organisational
requirements for baseline measures and recommended practices.
Maintains broad practical security expertise extending beyond
own work area; maintains awareness of Infosec implications of
business activities |
| |
1.2 Implementation of HMG baseline requirements
and compliance with relevant legislation |
Ensures security policy addresses organisational and legislative
requirements consistently and remains commensurate with the
risk across the organisation. Formally accredits or ensures
the accreditation of systems. Interfaces with appropriate bodies
(professional, academic etc.) to implement robust Infosec e.g.
best practices from professional bodies such as BS7799
|
| |
1.3 Using Technical Security Measures |
Has broad knowledge of technical security issues, understands
the principal security issues of IT platforms and applications;
develops requirements for technical Infosec measures within
own business area |
|
| 2. BUSINESS MANAGEMENT |
2.1 Business Focus |
Understands business aims and objectives and establishes,
develops and advises onInfosec policy/local working standards
that manage the risk to both protect and enable these. Provides
guidance on security in consultation with central organisational
authorities and promotes business benefits of security awareness
and Information Security.
|
| |
2.2 Planning |
Contributes to and advises on the strategic application of
Infosec policy is consistent with business requirements. Examples
may include appropriate business plans and contingency measures. |
| |
2.3 Delivering Results |
Influences, contributes to, or advises on the strategic direction
taken on Infosec within their sphere of activity - for example,
the organisation; utilises appropriate mechanisms to achieve
organsiational security guidance. Examples include incident
reporting procedures and training programmes to review security
and maintain awareness. |
| |
2.4 Managing Resources & Value for Money
(VFM) |
Seeks VFM in the application of Infosec measures within own
sphere of activity - for example, by judging the relative cost-effectiveness
of technical and non-technical countermeasures in protective
security strategies. |
| |
2.5 Dealing With Change |
Promotes and initiates change, with due regard for Infosec
applications, and motivates others to co-operate and contribute
towards change in security procedures in own area, to meet its
business requirements. |
|
| 3. DEALING WITH PEOPLE |
3.1 Infosec Teamwork |
Leads or materially participates within own work area in
compliance with Infosec standards and baseline requirements;
may monitor and specify local security standards and/or procedures
|
| |
3.2 Communicating and Influencing Infosec Issues |
Can adapt the expression of Infosec issues and requirements
to a variety of audiences both within and outside the organisation
such that the message is clearly understood. Is persuasive in
championing the current Infosec issues across the organisation
and/or a body of related organsiations. |
Competency
Framework for new entrants to CLAS
